ACC 100: Accounting Information System

Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

Lesson title: Ethics, Fraud, and Internal Control Materials:

Lesson Objectives: FLM Student Activity Sheets
1) Understanding internal control structure and control activities
References:
Principles of Accounting
Information Systems by James
A. Hall

Good things come to people who wait, but better things come to those who go
out and get them.

A. LESSON PREVIEW / REVIEW

1) Introduction
Welcome to another lecture for ACC100! Internal control activities are the policies and
procedures as well as the daily activities that occur within an internal control system. Let’s
have some fun learning these controls.

Please read the learning targets before you proceed to the succeeding activities. The
learning targets are your goals. Remember, you need to achieve your learning targets at
the end of the lesson.

2) Activity 1: What I Know Chart

What do you know about Internal Control? Try answering the questions below by writing
your ideas under the What I Know column. You may use key words or phrases that you
think are related to the questions.

What I Know Questions: What I Learned (Activity 4)

What are the Objectives of Internal
Control?

B. MAIN LESSON
1) Activity 2: Content Notes
1

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

Internal Control Objectives

1. Safeguard assets of the firm

2. Ensure accuracy and reliability of accounting records and information
3. Promote efficiency of the firm’s operations
4. Measure compliance with management’s prescribed policies and procedures

Modifying Assumptions to the Internal Control Objectives

 Management Responsibility: The establishment and maintenance of a system of internal
control is the responsibility of management.
 Reasonable Assurance: The cost of achieving the objectives of internal control should not
outweigh its benefits.
 Methods of Data Processing: The techniques of achieving the objectives will vary with
different types of technology.

Limitations of Internal Controls

 Possibility of honest errors
 Circumvention via collusion
 Management override
 Changing conditions--especially in companies with high growth

Exposures of Weak Internal Controls (Risk)

 Destruction of an asset
 Theft of an asset
 Corruption of information
 Disruption of the information system

The Preventive–Detective–Corrective Internal Control Model

The figure on the next page illustrates that the internal control shield is composed of three levels of
control: preventive controls, detective controls, and corrective controls. This is the preventive–
detective–corrective (PDC) control model.

Preventive Controls. Prevention is the first line of defense in the control structure.
Preventive controls are passive techniques designed to reduce the frequency of occurrence of
undesirable events. Preventive controls force compliance with prescribed or desired actions and thus
screen out aberrant events. When designing internal control systems, an ounce of prevention is most
certainly worth a pound of cure. Preventing errors and fraud is far more cost-effective than detecting

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

and correcting problems after they occur. The vast majority of undesirable events can be blocked at
this first level. For example, a well-designed source document is an example of a preventive control.
The logical layout of the document into zones that contain specific data, such as customer name,
address, items sold, and quantity, forces the clerk to enter the necessary data. The source
documents can therefore prevent necessary data from being omitted. However, not all problems can
be anticipated and prevented. Some will elude the most comprehensive network of preventive
controls.

Detective Controls. Detective controls form the second line of defense. These are devices,
techniques, and procedures designed to identify and expose undesirable events that elude
preventive controls. Detective controls reveal specific types of errors by comparing actual
occurrences to pre-established standards. When the detective control identifies a departure from
standard, it sounds an alarm to attract attention to the problem.

Corrective Controls. Corrective controls are actions taken to reverse the effects of errors detected
in the previous step. There is an important distinction between detective controls and corrective
controls. Detective controls identify anomalies and draw attention to them; corrective controls
actually fix the problem. For any detected error, however, there may be more than one feasible
corrective action, but the best course of action may not always be obvious.

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

Five Internal Control Components

1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities

1: The Control Environment

 Integrity and ethics of management
 Organizational structure
 Role of the board of directors and the audit committee
 Management’s policies and philosophy
 Delegation of responsibility and authority
 Performance evaluation measures
 External influences—regulatory agencies
 Policies and practices managing human resources

2: Risk Assessment
Identify, analyze and manage risks relevant to financial reporting:
 changes in external environment
 risky foreign markets
 significant and rapid growth that strain internal controls
 new product lines
 restructuring, downsizing
 changes in accounting policies

3: Information and Communication

The AIS should produce high quality information which:
 identifies and records all valid transactions
 provides timely information in appropriate detail to permit proper classification and financial
reporting
 accurately measures the financial value of transactions
 accurately records transactions in the time period in which they occurred

4: Monitoring
The process for assessing the quality of internal control design and operation
 Separate procedures—test of controls by internal auditors
 Ongoing monitoring:
o computer modules integrated into routine operations
o management reports which highlight trends and exceptions from normal performance

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

5: Control Activities
 Policies and procedures to ensure that the appropriate actions are taken in response to
identified risks
 Fall into two distinct categories:
o IT controls—relate specifically to the computer environment
o Physical controls—primarily pertain to human activities

Two Types of IT Controls

 General controls—pertain to the entity wide computer environment
Examples: controls over the data center, organization databases, systems development, and
program maintenance
 Application controls—ensure the integrity of specific systems
Examples: controls over sales order processing, accounts payable, and payroll applications

Six Types of Physical Controls

 Transaction Authorization
 Segregation of Duties
 Supervision
 Accounting Records
 Access Control
 Independent Verification

Transaction Authorization
 used to ensure that employees are carrying out only authorized transactions
 general (everyday procedures) or specific (non-routine transactions) authorizations
Segregation of Duties
In manual systems, separation between:
 authorizing and processing a transaction
 custody and recordkeeping of the asset
 subtasks
In computerized systems, separation between:
 program coding
 program processing
 program maintenance
Supervision
 a compensation for lack of segregation; some may be built into computer systems
Accounting Records
 provide an audit trail
Access Controls
 help to safeguard assets by restricting physical access to them

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

Independent Verification
 reviewing batch totals or reconciling subsidiary accounts with control accounts

2) Activity 3: Skill Building

Identify to indicate whether each procedure is a preventive or detective control.

a. authorizing a credit sale

b. preparing a bank reconciliation
c. locking the warehouse
d. preparing a trial balance
e. counting inventory

3) Activity 4: What I know Chart, Part 2

Now let’s check your final understanding of Flexible Learning. I hope that everything about the
topic is clear to you. This time you must fill out the What I Learned column.

Activity 5: Check for Understanding and Keys to Correction

Independent Practice

Select the letter of your choice.

1. Who is responsible for establishing and maintaining the internal control system?
a. the internal auditor
b. the accountant
c. management
d. the external auditor

2. The concept of reasonable assurance suggests that

a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment

3. Which of the following is not a limitation of the internal control system?

a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries

4. The most cost-effective type of internal control is

a. preventive control
b. accounting control
c. detective control
6

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

d. corrective control

5. Which of the following is a preventive control?

a. credit check before approving a sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts receivable subsidiary ledger to the control account

6. A well-designed purchase order is an example of a

a. preventive control
b. detective control
c. corrective control
d. none of the above

7. A physical inventory count is an example of a

a. preventive control
b. detective control
c. corrective control
d. feedforward control

8. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above

9. In balancing the risks and benefits that are part of every ethical decision, managers receive guidance
from each of the following except
a. justice
b. self interest
c. risk minimization
d. proportionality

10. Which of the following is not an element of the internal control environment?
a. management philosophy and operating style
b. organizational structure of the firm
c. well-designed documents and records
d. the functioning of the board of directors and the audit committee

C. LESSON WRAP-UP
1) Activity 6: Thinking about Learning
A. Work Tracker
You are done with this session! Let’s track your progress. Shade the session number you just
completed.
7

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

P1 P2 P3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

B. Think about your Learning

1. Please read again the learning targets for the day. Were you able to achieve those learning
targets? If yes, what helped you achieve them? If no, what is the reason for not achieving them?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________

2. What question(s) do you have as we end this lesson?

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________

KEY TO CORRECTIONS:
Activity 3:
ANS:
A. preventive; B. detective; C. preventive; D. detective; E. detective

Activity 5:
1. C 2. A 3. C 4. A 5. A
6. A 7. B 8. B 9. B 10. C

Rationalization:
1. Management is responsible for establishing and maintaining the internal control system.
2. The concept of reasonable assurance suggests that the cost of an internal control should be less
than the benefit it provides.
3. All of the options are limitations of internal control system except C.
4. Preventive controls are proactive measures that function to deter fraud, waste and abuse of business
resources. In most cases, preventive controls have fewer negative complications and are more cost
effective than reactive detective controls.
5. Credit check before approving a sale on account is an example of a preventive control.
6. A well-designed purchase order is an example of a preventive control.
7. A physical inventory count is an example of a detective control.
8. The bank reconciliation uncovered a transposition error in the books. This is an example of a
detective control.
9. All of the options except B.
10. All of the options are the element of the internal control environment except C.
FAQs
1. Explain the problems associated with lack of auditor independence.

ANS:
8

This document is the property of PHINMA EDUCATION

 ACC 100: Accounting Information System
Students Activity Sheet #7

Name: Class number:

Section: Schedule: Date:

Auditing firms who are also engaged by their clients to perform non-accounting activities such as
actuarial services, internal audit outsourcing services, and consulting lack independence. They are
essentially auditing their own work. This risk is that as auditors they will not bring to management’s
attention detected problems that may adversely affect their consulting fees. For example, Enron’s
auditors – Arthur Andersen – were also their internal auditors and their management consultants.

This document is the property of PHINMA EDUCATION