Professional Documents
Culture Documents
Sas#7 Acc100
Sas#7 Acc100
Good things come to people who wait, but better things come to those who go
out and get them.
Please read the learning targets before you proceed to the succeeding activities. The
learning targets are your goals. Remember, you need to achieve your learning targets at
the end of the lesson.
B. MAIN LESSON
1) Activity 2: Content Notes
1
The figure on the next page illustrates that the internal control shield is composed of three levels of
control: preventive controls, detective controls, and corrective controls. This is the preventive–
detective–corrective (PDC) control model.
Preventive Controls. Prevention is the first line of defense in the control structure.
Preventive controls are passive techniques designed to reduce the frequency of occurrence of
undesirable events. Preventive controls force compliance with prescribed or desired actions and thus
screen out aberrant events. When designing internal control systems, an ounce of prevention is most
certainly worth a pound of cure. Preventing errors and fraud is far more cost-effective than detecting
and correcting problems after they occur. The vast majority of undesirable events can be blocked at
this first level. For example, a well-designed source document is an example of a preventive control.
The logical layout of the document into zones that contain specific data, such as customer name,
address, items sold, and quantity, forces the clerk to enter the necessary data. The source
documents can therefore prevent necessary data from being omitted. However, not all problems can
be anticipated and prevented. Some will elude the most comprehensive network of preventive
controls.
Detective Controls. Detective controls form the second line of defense. These are devices,
techniques, and procedures designed to identify and expose undesirable events that elude
preventive controls. Detective controls reveal specific types of errors by comparing actual
occurrences to pre-established standards. When the detective control identifies a departure from
standard, it sounds an alarm to attract attention to the problem.
Corrective Controls. Corrective controls are actions taken to reverse the effects of errors detected
in the previous step. There is an important distinction between detective controls and corrective
controls. Detective controls identify anomalies and draw attention to them; corrective controls
actually fix the problem. For any detected error, however, there may be more than one feasible
corrective action, but the best course of action may not always be obvious.
2: Risk Assessment
Identify, analyze and manage risks relevant to financial reporting:
changes in external environment
risky foreign markets
significant and rapid growth that strain internal controls
new product lines
restructuring, downsizing
changes in accounting policies
4: Monitoring
The process for assessing the quality of internal control design and operation
Separate procedures—test of controls by internal auditors
Ongoing monitoring:
o computer modules integrated into routine operations
o management reports which highlight trends and exceptions from normal performance
5: Control Activities
Policies and procedures to ensure that the appropriate actions are taken in response to
identified risks
Fall into two distinct categories:
o IT controls—relate specifically to the computer environment
o Physical controls—primarily pertain to human activities
Transaction Authorization
used to ensure that employees are carrying out only authorized transactions
general (everyday procedures) or specific (non-routine transactions) authorizations
Segregation of Duties
In manual systems, separation between:
authorizing and processing a transaction
custody and recordkeeping of the asset
subtasks
In computerized systems, separation between:
program coding
program processing
program maintenance
Supervision
a compensation for lack of segregation; some may be built into computer systems
Accounting Records
provide an audit trail
Access Controls
help to safeguard assets by restricting physical access to them
Independent Verification
reviewing batch totals or reconciling subsidiary accounts with control accounts
d. corrective control
8. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
9. In balancing the risks and benefits that are part of every ethical decision, managers receive guidance
from each of the following except
a. justice
b. self interest
c. risk minimization
d. proportionality
10. Which of the following is not an element of the internal control environment?
a. management philosophy and operating style
b. organizational structure of the firm
c. well-designed documents and records
d. the functioning of the board of directors and the audit committee
C. LESSON WRAP-UP
1) Activity 6: Thinking about Learning
A. Work Tracker
You are done with this session! Let’s track your progress. Shade the session number you just
completed.
7
P1 P2 P3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
KEY TO CORRECTIONS:
Activity 3:
ANS:
A. preventive; B. detective; C. preventive; D. detective; E. detective
Activity 5:
1. C 2. A 3. C 4. A 5. A
6. A 7. B 8. B 9. B 10. C
Rationalization:
1. Management is responsible for establishing and maintaining the internal control system.
2. The concept of reasonable assurance suggests that the cost of an internal control should be less
than the benefit it provides.
3. All of the options are limitations of internal control system except C.
4. Preventive controls are proactive measures that function to deter fraud, waste and abuse of business
resources. In most cases, preventive controls have fewer negative complications and are more cost
effective than reactive detective controls.
5. Credit check before approving a sale on account is an example of a preventive control.
6. A well-designed purchase order is an example of a preventive control.
7. A physical inventory count is an example of a detective control.
8. The bank reconciliation uncovered a transposition error in the books. This is an example of a
detective control.
9. All of the options except B.
10. All of the options are the element of the internal control environment except C.
FAQs
1. Explain the problems associated with lack of auditor independence.
ANS:
8
Auditing firms who are also engaged by their clients to perform non-accounting activities such as
actuarial services, internal audit outsourcing services, and consulting lack independence. They are
essentially auditing their own work. This risk is that as auditors they will not bring to management’s
attention detected problems that may adversely affect their consulting fees. For example, Enron’s
auditors – Arthur Andersen – were also their internal auditors and their management consultants.