Internal Controls and Risk Management Quiz

Questions and Answers

Which of the following describes segregation of duties in a manual system?

Separating authorization from processing a transaction. (correct)

Limitations on access to an asset.

Allowing a single person to handle all aspects of a transaction.

Combining processing and recordkeeping of the same asset.

Which is NOT a type of physical control?

Approval processes (correct)

Access controls

Supervision

Accounting records

What is the purpose of independent verification in control activities?

To isolate incompatible tasks in program development.

To review the accuracy of data processing. (correct)

To enforce strict data access.

To approve all transactions before processing.

In a computerized system, what is essential regarding segregation of duties?

Separating program development from program operations.

What is a major challenge in supervision within a computerized internal control environment?

Increased technical knowledge requirements complicating evaluation.

Which control activity helps ensure that only authorized transactions are executed?

Transaction authorization

How do accounting records function as a control activity?

They provide an audit trail for transactions.

What overarching risk is associated with inadequate access control in a computerized system?

Exposure to computer fraud and potential losses.

What is a potential limitation of internal controls?

Management override

Which of the following is NOT one of the five internal control components?

Process evaluation

What does effective risk assessment in internal controls include?

Identifying and analyzing risks relevant to financial reporting

Which aspect is crucial for the control environment within internal controls?

Integrity and ethics of management

What is a common exposure due to weak internal controls?

Failure to comply with regulations

The effectiveness of internal controls can be monitored through which method?

Ongoing monitoring procedures

Which of the following best describes the purpose of control activities?

To ensure appropriate responses to identified risks

What effect does a stronger internal control structure have on the assessed level of risk?

Reduces the assessed level of risk

Which factor is NOT considered when assessing the control environment?

Use of modern technology

What type of internal control helps identify and record all valid transactions?

Information and communication

What is the primary risk during the data collection phase of a system?

Changing data as it is being entered into the system

What does the term 'GIGO' stand for in the context of information processing?

Garbage in, garbage out

What type of fraud involves altering programs to manipulate data files?

Program fraud

What is often a motivation behind database management fraud?

Disgruntled or ex-employees

Which of the following is an objective of internal control?

Ensure reliability of accounting records

How should management balance the objectives of internal control with its costs?

By ensuring benefits outweigh costs

What type of fraud involves stealing or misusing computer output?

Information generation fraud

What is a common method of scamming listed in the content?

Searching through discarded output from computers

Study Notes

Ethics, Fraud, and Internal Control

• Ethics in business are needed when conflicts arise, requiring choices.
• Conflicts in business arise between management and stakeholders, as well as employees.
• Litigation can result from ethical conflicts
• Business ethics can be categorized into four main areas: equity, rights, honesty, and corporate power.
• Executive salaries, comparable worth, product pricing, corporate due process, employee health screening, and sexual harassment fall under these categories.
• Other issues include diversity, equal employment opportunity, whistle-blowing, and conflicts of interest.
• Key elements of fraud include false representation, material fact, intent to deceive, justifiable reliance, and injury or loss.
• Studying fraud reveals that in 2002, fraud losses were estimated at 6% of revenue, approximately $600 billion.
• Fraud loss percentages vary by position in a company, with higher losses among managers and more experienced employees.
• Types of fraud include financial statement fraud, misappropriation of assets, concealment of material facts, illegal acts, bribery, conflicts of interest, and breach of fiduciary duty.
• Employee fraud typically involves non-management personnel taking company assets for personal gain.
• Management fraud involves higher levels of management using financial statements to mislead on the health and prosperity of an entity.

Moral Development

• Ethical principle orientation, social contract orientation, and authority orientation are key stages of moral development.
• Stages of behavioural moral development exhibit different behaviours in response to moral situations.

Computer Ethics

• Computer ethics concerns the social impact of computer technology including hardware, software, and telecommunications.
• Key computer ethics issues include privacy, security and accuracy, ownership of property, environmental issues, equity in access, artificial intelligence, unemployment and displacement, and computer misuse.

Internal Control Objectives

• Safeguarding assets, ensuring accuracy and reliability of accounting records, promoting efficiency of operations, and measuring compliance with policies are key internal control objectives.

Modifying Assumptions

• Management is responsible for establishing and maintaining a system of internal control.
• The cost of achieving internal control objectives should not outweigh the benefits.
• Internal control methods vary with different types of technology

Limitations of Internal Controls

• Internal controls are not foolproof because of honest errors, collusion, management overrides, and changing conditions.
• Colluding employees can bypass even the most robust controls.
• Cost-benefit analyses are often crucial in establishing internal controls.

Exposures of Weak Internal Controls (Risk)

• Weaknesses in internal controls expose organizations to risks such as destruction of assets, theft of assets, information corruption, and system disruption.

Weak Internal Controls Increasing Risk

• System breakdowns, erroneous management decisions, fraud, embezzlement, legal violations, substantial costs (higher expenses), and asset loss can arise from weak internal controls.

Internal Control Shield

• Internal control is a shield against undesirable events, including access, fraud, errors, and mischief.

Preventive, Detective, and Corrective Controls

• Internal controls operate on multiple levels: preventive, detective, and corrective, to minimize undesirable outcomes.

Auditing Standards

• Auditors adhere to Philippine Standards on Auditing (PSAs).

Relationship Between Internal Control, Auditor's Assessment, and Audit Procedures

• The internal control structure significantly influences the auditor's assessment of risk and, subsequently, the design of audit procedures.
• A weaker internal control structure results in a higher level of assessed risk, leading to increased audit procedures.

Five Internal Control Components

• The five components of internal control are: control environment, risk assessment, information and communication, monitoring, and control activities.

Control Environment

• Integrity and ethical values of management, organizational structure, role of the board of directors and audit committee, management policies, delegation of responsibilities, performance evaluation, external influences, and human resource policies and practices are key elements of the control environment.

Risk Assessment

• Identifying, analyzing, and managing risks relevant to financial reporting is vital. This includes changes in the external environment, risky foreign markets, significant growth, new product lines, restructuring, downsizing, and accounting policy changes.

Information and Communication

• The AIS produces high-quality information by identifying and recording valid transactions, providing timely information, classifying transactions properly, and measuring financial transaction value accurately.

Monitoring

• The process of assessing the quality of internal control design, feedback on quality, and separate procedures for internal auditors to test controls are necessary actions.

Control Activities

• Policies and procedures for appropriate actions in response to identified risks include performance reviews, information processing (general and application controls), segregation of duties, and physical controls.

Segregation of Duties

• Segregation is fundamental for both manual and computerized systems, preventing single-point failures and reducing fraud opportunities.

Physical Controls

• Physical controls like authorization, supervision, accounting records, access controls, and independent verification are crucial security protocols.

Internal Controls in CBIS

• Transaction authorization, segregation of duties, supervision, and accounting records are critical aspects of internal controls implemented in Computer-Based Information Systems (CBIS).
• Access controls are essential in environments with extensive data consolidation.
• Effective internal controls are not only about preventing but also about detecting and correcting any irregularities in a computer-based system.

Description

Test your knowledge on internal control systems, including segregation of duties, physical controls, and risk assessment. This quiz covers key concepts and challenges associated with both manual and computerized internal control environments. Perfect for students and professionals interested in accounting and auditing practices.