INTERNAL CONTROL CONCEPTS
Internal control systems from a management perspective
AUTOMATED APPLICATION CONTROLS
Automated application control -> e.g. -> control objective
The following are examples of automated application controls for online sales:
1.Size check - credit card number should consist of 16 characters only - Ensures orders captured on the website are
accurate & occurred.
2.Verification/ validation check - E-mail add. & passwords captured should be validated & compared to the
masterfile containing registered customers’ e-mail add. & passwords. - Ensures customer is authorised to transact.
3. Computer time-out facilities - if a customer fails to capture info. On the website for five minutes, the customer
should be required to re-login before continuing. - Ensures info occurred and was authorised.
4. Automatic log-off if incorrect password provided a er 3a empts. - the customer’s account should automa cally
be locked if this occurs - to ensure info occurred & was authorised.
5. Dependency check - When a customer clicks on the check out icon & nothing is present in the shopping basket,
an error message appears & prompts to select cellphone accessories to be placed in the basket. - to ensure
info. Is complete & accurate.
6.Reasonableness/consistency check - Perform an instant check on the total quantity of items that a customer
normally orders. If usually approx. 5 items query the entry of 1 000 items. This gives the customer a 2nd chance to
ensure 1 000 items have been accurately captured, or to make a correction. - To ensure orders occurred, are
accurate & complete.
7. Limit check - quantity ordered must be > 1 - ensures orders are accurate.
8. Alphanumeric check - quantity ordered & credit card number should have only numeric characters.
- Ensures orders are accuarte.
9. Valid character & sign check - quantity ordered should contain positive values only. - Ensures info is accurate
10. Size check - the credit card details should have 16 characters only - Ensures order is accurate and occurred
11. Mandatory field/missing data check - If any credit card details are missing the computer shouldn't continue
processing & should display an error message. - Ensures orders are complete
12. Data approval / authorisation check - The website obtains clearance on the customer’s credit card through a
direct link to the bank. The credit card details are presented to the bank & verified to determine if the card has been
stolen or has expired, & that the customer has sufficient funds. If authorised, payment will be collected immediately.
If not, the computer will display an error message. - Ensures order is accurate, ocurred and was authorised.
13. Help function - helps customers who are struggling with capturing the order - ensures orders are accurate.
IDENTIFYING WEAKNESSES IN CONTROLS IMPROVEMENTS TO CONTROLS
*If describing weaknesses do not make recommendations Note: If the question stipulates that the entity has a
*Always think of the following factors : cashflow problem you can't make suggestions that would
- Could this lead to liquidity problems? be costly like buying a generator / hiring new staff.
- Could the issue lead to dissatisfied customers? *If asked to describe the control obj. write a full sentence.
- Does a risk exist that a figure in the AFS may be over To ensure that sales are … authorised/occurred etc."
or understated.
Communicating deficiencies in internal control to those charged with governance and management
Deficiency in internal control Significant deficiency in internal control
*Control is designed, implemented or operated in such a *A deficiency (or combination) in internal control that, in
way that it can't prevent,detect or correct, misstatements the auditor’s professional judgment, is of sufficient
in the AFS on a timely basis; or importance to merit the attention of those charged with
*A control necessary to prevent,detect or correct, governance
misstatements in the AFS on a timely basis is missing.
Requirements for communication
1. The auditor shall communicate in writing significant deficiencies in internal control
2. identified during the audit - anything picked up after the audit shouldn't be mentioned.
3.to those charged with governance - Should most likely be the board of directors & not the FM
4. on a timely basis. - check the date to identify a shortcoming
5. A description of the deficiencies & an explanation of their potential effects
6. The purpose of the audit was for the auditor to express an opinion on the AFS.
7.Audit incl. consideration of internal control relevant to the prep. of AFS in order to design audit procedures that are
appr. in the circum., but not for the purpose of expressing an opinion on the effectiveness of internal control
8. The auditor should not state that the deficiencies identified are the only deficiencies.
9. The Letter should be signed by the designated engagement partner.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NicolaMarais. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R50,00. You're not tied to anything after your purchase.