Internal Controls and Risk Management Quiz

Questions and Answers

Which of the following describes segregation of duties in a manual system?

• Separating authorization from processing a transaction. (correct)
• Limitations on access to an asset.
• Allowing a single person to handle all aspects of a transaction.
• Combining processing and recordkeeping of the same asset.

Which is NOT a type of physical control?

• Approval processes (correct)
• Access controls
• Supervision
• Accounting records

What is the purpose of independent verification in control activities?

• To isolate incompatible tasks in program development.
• To review the accuracy of data processing. (correct)
• To enforce strict data access.
• To approve all transactions before processing.

In a computerized system, what is essential regarding segregation of duties?

Separating program development from program operations. (D)

What is a major challenge in supervision within a computerized internal control environment?

Increased technical knowledge requirements complicating evaluation. (C)

Which control activity helps ensure that only authorized transactions are executed?

Transaction authorization (B)

How do accounting records function as a control activity?

They provide an audit trail for transactions. (D)

What overarching risk is associated with inadequate access control in a computerized system?

Exposure to computer fraud and potential losses. (B)

What is a potential limitation of internal controls?

Management override (B)

Which of the following is NOT one of the five internal control components?

Process evaluation (C)

What does effective risk assessment in internal controls include?

Identifying and analyzing risks relevant to financial reporting (D)

Which aspect is crucial for the control environment within internal controls?

Integrity and ethics of management (D)

What is a common exposure due to weak internal controls?

Failure to comply with regulations (A)

The effectiveness of internal controls can be monitored through which method?

Ongoing monitoring procedures (A)

Which of the following best describes the purpose of control activities?

To ensure appropriate responses to identified risks (B)

What effect does a stronger internal control structure have on the assessed level of risk?

Reduces the assessed level of risk (A)

Which factor is NOT considered when assessing the control environment?

Use of modern technology (C)

What type of internal control helps identify and record all valid transactions?

Information and communication (D)

What is the primary risk during the data collection phase of a system?

Changing data as it is being entered into the system (B)

What does the term 'GIGO' stand for in the context of information processing?

Garbage in, garbage out (A)

What type of fraud involves altering programs to manipulate data files?

Program fraud (B)

What is often a motivation behind database management fraud?

Disgruntled or ex-employees (C)

Which of the following is an objective of internal control?

Ensure reliability of accounting records (D)

How should management balance the objectives of internal control with its costs?

By ensuring benefits outweigh costs (C)

What type of fraud involves stealing or misusing computer output?

Information generation fraud (C)

What is a common method of scamming listed in the content?

Searching through discarded output from computers (D)

Flashcards

Segregation of Duties

Separation of duties aims to prevent fraud and errors by splitting tasks across different individuals, so that no single person has complete control over a transaction or process.

Authorization Controls

Authorization controls ensure that only legitimate transactions are processed. General authorization covers everyday procedures; specific authorization is required for non-routine transactions.

Physical Controls

Physical controls aim to protect assets by restricting access and safeguarding resources. These controls include physical security measures and environmental controls.

Accounting Records

Accounting records provide a detailed trace of transactions and activities, creating an audit trail to verify information and detect discrepancies.

Independent Verification

Independent verification involves a review process where someone who is not involved in the transaction or task checks accuracy and verifies compliance with procedures.

Access Control

Access control aims to limit access to computer systems and data based on authorization levels, ensuring proper security and data integrity.

Supervision

Supervision compensates for a lack of segregation of duties, providing oversight to prevent errors or fraud. This can be built into automated systems or done by assigned staff.

Transaction Authorization in CBIS

Transaction authorization in computer-based systems is often embedded in programs. This ensures consistent and automatic compliance with rules and regulations.

Control Environment

The environment within a company that influences its internal control practices. It encompasses the company's ethics, organizational structure, management philosophy, and human resource policies.

Risk Assessment

The process of identifying, analyzing, and managing risks that could affect the accuracy of financial reporting.

Information and Communication

The system of capturing, processing, and reporting financial information. It also includes the controls that ensure the accuracy and reliability of this information.

Monitoring

The ongoing monitoring and assessment of the effectiveness of internal controls.

Control Activities

Specific procedures and policies designed to mitigate identified risks. These activities aim to prevent, detect, or correct errors or irregularities.

Possibility of Honest Errors

Honest mistakes made by employees in the execution of their duties.

Circumvention via Collusion

When two or more individuals collude to bypass internal controls and commit fraud.

Management Override

When management intentionally overrides internal controls to achieve desired financial results or hide illegal activities.

Exposures of Weak Internal Controls (Risk)

The potential consequences that could result from weaknesses in internal controls.

The Internal Controls Shield

Internal controls are designed to safeguard the organization's assets, ensure the accuracy of financial records, and prevent fraud.

Computer Fraud

A type of fraud that involves altering computer data to steal, misuse, or misappropriate assets.

Data Collection Fraud

Fraud that occurs when someone enters incorrect data into the system, leading to inaccurate outputs.

Program Fraud

Altering programs to illegally access or manipulate data files, or destroying programs with a virus.

Operations Fraud

Fraud involving the misuse of company computer resources for personal purposes.

Database Management Fraud

This involves altering, deleting, corrupting, destroying, or stealing an organization's data.

Information Generation Fraud

Fraud that involves stealing, misdirecting, or misusing computer output.

Scavenging

The practice of searching through trash for discarded computer output (which should be shredded).

Internal Control Objectives

The primary goal of internal controls is to ensure that an organization's assets are safe, its financial records are accurate, and its operations are efficient.

Study Notes

Ethics, Fraud, and Internal Control

• Ethics in business are needed when conflicts arise, requiring choices.
• Conflicts in business arise between management and stakeholders, as well as employees.
• Litigation can result from ethical conflicts
• Business ethics can be categorized into four main areas: equity, rights, honesty, and corporate power.
• Executive salaries, comparable worth, product pricing, corporate due process, employee health screening, and sexual harassment fall under these categories.
• Other issues include diversity, equal employment opportunity, whistle-blowing, and conflicts of interest.
• Key elements of fraud include false representation, material fact, intent to deceive, justifiable reliance, and injury or loss.
• Studying fraud reveals that in 2002, fraud losses were estimated at 6% of revenue, approximately $600 billion.
• Fraud loss percentages vary by position in a company, with higher losses among managers and more experienced employees.
• Types of fraud include financial statement fraud, misappropriation of assets, concealment of material facts, illegal acts, bribery, conflicts of interest, and breach of fiduciary duty.
• Employee fraud typically involves non-management personnel taking company assets for personal gain.
• Management fraud involves higher levels of management using financial statements to mislead on the health and prosperity of an entity.

Moral Development

• Ethical principle orientation, social contract orientation, and authority orientation are key stages of moral development.
• Stages of behavioural moral development exhibit different behaviours in response to moral situations.

Computer Ethics

• Computer ethics concerns the social impact of computer technology including hardware, software, and telecommunications.
• Key computer ethics issues include privacy, security and accuracy, ownership of property, environmental issues, equity in access, artificial intelligence, unemployment and displacement, and computer misuse.

Internal Control Objectives

• Safeguarding assets, ensuring accuracy and reliability of accounting records, promoting efficiency of operations, and measuring compliance with policies are key internal control objectives.

Modifying Assumptions

• Management is responsible for establishing and maintaining a system of internal control.
• The cost of achieving internal control objectives should not outweigh the benefits.
• Internal control methods vary with different types of technology

Limitations of Internal Controls

• Internal controls are not foolproof because of honest errors, collusion, management overrides, and changing conditions.
• Colluding employees can bypass even the most robust controls.
• Cost-benefit analyses are often crucial in establishing internal controls.

Exposures of Weak Internal Controls (Risk)

• Weaknesses in internal controls expose organizations to risks such as destruction of assets, theft of assets, information corruption, and system disruption.

Weak Internal Controls Increasing Risk

• System breakdowns, erroneous management decisions, fraud, embezzlement, legal violations, substantial costs (higher expenses), and asset loss can arise from weak internal controls.

Internal Control Shield

• Internal control is a shield against undesirable events, including access, fraud, errors, and mischief.

Preventive, Detective, and Corrective Controls

• Internal controls operate on multiple levels: preventive, detective, and corrective, to minimize undesirable outcomes.

Auditing Standards

• Auditors adhere to Philippine Standards on Auditing (PSAs).

Relationship Between Internal Control, Auditor's Assessment, and Audit Procedures

• The internal control structure significantly influences the auditor's assessment of risk and, subsequently, the design of audit procedures.
• A weaker internal control structure results in a higher level of assessed risk, leading to increased audit procedures.

Five Internal Control Components

• The five components of internal control are: control environment, risk assessment, information and communication, monitoring, and control activities.

Control Environment

• Integrity and ethical values of management, organizational structure, role of the board of directors and audit committee, management policies, delegation of responsibilities, performance evaluation, external influences, and human resource policies and practices are key elements of the control environment.

Risk Assessment

• Identifying, analyzing, and managing risks relevant to financial reporting is vital. This includes changes in the external environment, risky foreign markets, significant growth, new product lines, restructuring, downsizing, and accounting policy changes.

Information and Communication

• The AIS produces high-quality information by identifying and recording valid transactions, providing timely information, classifying transactions properly, and measuring financial transaction value accurately.

Monitoring

• The process of assessing the quality of internal control design, feedback on quality, and separate procedures for internal auditors to test controls are necessary actions.

Control Activities

• Policies and procedures for appropriate actions in response to identified risks include performance reviews, information processing (general and application controls), segregation of duties, and physical controls.

Segregation of Duties

• Segregation is fundamental for both manual and computerized systems, preventing single-point failures and reducing fraud opportunities.

Physical Controls

• Physical controls like authorization, supervision, accounting records, access controls, and independent verification are crucial security protocols.

Internal Controls in CBIS

• Transaction authorization, segregation of duties, supervision, and accounting records are critical aspects of internal controls implemented in Computer-Based Information Systems (CBIS).
• Access controls are essential in environments with extensive data consolidation.
• Effective internal controls are not only about preventing but also about detecting and correcting any irregularities in a computer-based system.

Description

Test your knowledge on internal control systems, including segregation of duties, physical controls, and risk assessment. This quiz covers key concepts and challenges associated with both manual and computerized internal control environments. Perfect for students and professionals interested in accounting and auditing practices.