Chapter 4: Internal Control System

25 July 2022
4.7 (114 reviews)
23 test answers

Unlock all answers in this set

Unlock answers (19)
question
Internal control define
answer
Help organisations counter risks, maintain the quality of financial reporting and comply with laws and regulations. Enhance the likelihood that established objectives and goals will be achieved
question
The process of control
answer
Setting targets, Measuring achievements/outputs, Comparing achievements with targets, Identifying and Implementing corrective action
question
Purposes of control systems
answer
1. Facilitate its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the company's objectives. This includes the safeguarding of assets from inappropriate use or from loss and fraud and ensuring that liabilities are identified and managed 2. Help ensure the quality of internal and external reporting. This requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from within and outside the organisation 3. Help ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of businesses
question
Characteristics of internal control system
answer
- Be embedded in the operations of the company and form part of its culture - Be capable of responding quickly to evolving risks within the business - Include procedures for reporting immediately to management significant control failings and weaknesses together with control action being taken
question
Fundamental risk
answer
Fundamental risks are those that affect society in general, or broad groups of people, and are beyond the control of any one individual. For example, there is the risk of atmospheric pollution which can affect the health of a whole community but which may be quite beyond the power of an individual within it to control.
question
Particular risks
answer
Particular risks are risks over which an individual may have some measure of control. For example, there is a risk attached to smoking and we can mitigate that risk by refraining from smoking.
question
Speculative risks
answer
Speculative risks are those from which either good or harm may result. A business venture, for example, presents a speculative risk because either a profit or loss can result.
question
Pure risks
answer
Pure risks are those whose only possible outcome is harmful. The risk of loss of data in computer systems caused by fire is a pure risk because no gain can result from it.
question
Benefits of risk management
answer
- Predictability of cash flows - Limitation of the impact of potentially bankrupting events - Increased confidence of shareholders and other investors
question
Links between risk, director's remuneration and shareholders
answer
Director's remuneration link with profits and turnover achieved but doesn't link with risk therefore directors may not pay enough attention to risk management. => This may be undesirable for shareholders
question
Internal control framework
answer
Comprises of: + The control environment: the overall context of control, in particular the culture, infrastructure and architecture of control and attitude of directors and managers towards control (discussed in Chapter 5) + Control procedures: the detailed controls in place (discussed in Chapter 7)
question
Purposes of internal control framework
answer
(a) Achieving orderly conduct of business: Internal controls should ensure the organisation's operations are conducted effectively and efficiently. In particular they should enable the organisation to respond appropriately to business, operational, financial, compliance and other risks to achieving its objectives. (b) Adherence to internal policies and laws: Controls should ensure that the organisation and its staff comply with applicable laws and regulations, and that staff comply with internal policies with respect to the conduct of the business. (c) Safeguarding assets: Controls should ensure that assets are optimally utilized and stop assets being used inappropriately. They should prevent the organisation losing assets through theft or poor maintenance. (d) Prevention and detection of fraud: Controls should include measures designed to prevent fraud, such as segregation of duties and checking references when staff are recruited. The information that systems provide should highlight unusual transactions or trends that may be signs of fraud. (e) Accuracy and completeness of accounting records: Controls should ensure that records and processes are kept that generate a flow of timely, relevant and reliable information that aids management decision-making. (f) Timely preparation of reliable financial information: They should ensure that published accounts give a true and fair view, and other published information is reliable and meets the requirements of those stakeholders to whom it is addressed.
question
Factors needed to considered in order to set up a sound system of IR
answer
- The nature and extent of risks facing the company - The extent and categories of risk which it regards as acceptable for the company to bear - The likelihood of the risks concerned materializing - The company's ability to reduce the incidence and impact on the business of risks that do materialize - The costs of operating particular controls relative to the benefits obtained in managing the related risks
question
Challenges in developing internal control
answer
- Insufficient staff resources to maintain segregation of duties - Domination of activities by management, with significant opportunities for management override of controls. This arises from smaller companies having fewer levels of management with wider spans of control and their managers having significant ownership interests or rights - Inability to recruit directors with the requisite financial reporting or other expertise - Inability to recruit and retain staff with sufficient knowledge of, and experience in, financial reporting - Management having a wide range of responsibilities and thus having insufficient time to focus on accounting and financial reporting - Control over computer information systems with limited in-house technical expertise
question
Limitations of internal controls
answer
- The costs of control not outweighing their benefits; sometimes setting up an elaborate system of controls will be too costly when compared with the financial losses those controls may prevent - Poor judgement in decision-making - The potential for human error or fraud - Collusion between employees - The possibility of controls being bypassed or overridden by management or employees - Controls being designed to cope with routine and not non-routine transactions - Controls being unable to cope with unforeseen circumstances - Controls depending on the method of data processing - they should be independent of the method of data processing - Controls not being updated over time
question
COSO's framework
answer
COSO's enterprise risk management framework provides a coherent framework for organisations to deal with risk, based on the following components. Control environment Risk assessment Control activities Information and communications Monitoring activities
question
Enterprise risk management
answer
Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
question
Enterprise risk management's characteristics
answer
(a) It is a process, a means to an end, which should ideally be intertwined with existing operations and exist for fundamental business reasons. (b) It is operated by people at every level of the organisation and is not just paperwork. It provides a mechanism for helping people to understand risk, their responsibilities and levels of authority. (c) It is applied in strategy setting, with management considering the risks in alternative strategies. (d) It is applied across the enterprise. This means it takes into account activities at all levels of the organisation, from enterprise-level activities such as strategic planning and resource allocation, to business unit activities and business processes. It includes taking an entity-level portfolio view of risk. Each unit manager assesses the risk for their unit. Senior management ultimately consider these unit risks and also interrelated risks. Ultimately they will assess whether the overall risk portfolio is consistent with the organisation's risk appetite. (e) It is designed to identify events potentially affecting the entity and manage risk within its risk appetite, the amount of risk it is prepared to accept in pursuit of value. The risk appetite should be aligned with the desired return from a strategy. (f) It provides reasonable assurance to an entity's management and board. Assurance can at best be reasonable since risk relates to the uncertain future. (g) It is geared to the achievement of objectives in a number of categories, including supporting the organisation's mission, making effective and efficient use of the organisation's resources, ensuring reporting is reliable, and complying with applicable laws and regulations.
question
Framework of enterprise risk management
answer
- Control environment - Risk assessment - Control activities - Information and communication - Monitoring activities
question
Benefit of enterprise risk management
answer
- Alignment of risk appetite and strategy - Link growth, risk and return - Choose best risk response - Minimise surprises and losses - Identify and manage risks across the organisation - Provide responses to multiple risks - Seize opportunities - Rationalise capital
question
Criticism of enterprise risk management
answer
- Internal focus - Risk identification - Risk assessment - Stakeholder
question
The COCO framework
answer
see text 151
question
Factors to be considered when evaluating control systems
answer
- Principles or rules - Assessment of control system + Objectives + Links with risks + Control system compatibility + Mix of controls + Human resources issues + Control environment + Review of controls + Information resources + Feedback and response + Costs and benefits