What are the Limitations of Internal Controls?
A system of controls does not provide absolute assurance that the control objectives of an organization will be met. Instead, there are several inherent limitations in any system that reduce the level of assurance. These inherent limitations are as follows.
Collusion
Two or more people who are intended by a system of control to keep watch over each other could instead collude to circumvent the system. Since this essentially eliminates a control, the probability of losses being incurred is greatly increased.
Human Error
A person involved in a control system could simply make a mistake, perhaps forgetting to use a control step. Or, the person does not understand how a control system is to be used, or does not understand the instructions associated with the system. This may be caused by the assignment of the wrong person to a task.
Management Override
Someone on the management team who has the authority to do so could override any aspect of a control system for his personal advantage.
Missing Segregation of Duties
A control system might have been designed with an insufficient segregation of duties, so that one person can interfere with its proper operation.
Consequently, it must be accepted that no system of internal controls is perfect. There is always a way in which it can fail or be circumvented.
According to COSO, which of the following components of the enterprise risk management addresses an entity's integrity and ethical values
Which of the following items is one of the eight components of COSO's enterprise risk management framework
In a large public corporation, evaluating internal control procedures should be responsibility of
internal audit staff who report to the board of directors
Which of the following represents an inherent limitation of internal controls?
the CEO can request a check with no purchase order
Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization
Allowing for greater management oversight of incompatible activities
Review of the audit log is an example of which of the following types of security control
Which of the following is not a component of internal control as defined by COSO
Which of the following is considered an application input control?
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system
Independently verify the transactions
Which of the following statement is correct regarding internal control?
An inherent limitation to internal control is the fact that controls can be circumvented by management override
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been
A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following response to the risk
Each of the following types of controls is considered to be an entity-level control, except those
Regarding the company's annual stockholder meeting
Controls in the information technology area are classified into preventive, detective, and corrective categories. Which of the following is preventive control
All of the following are examples of internal control procedures except
Customer satisfaction surveys
The Public Company Accounting Oversight Board (PCAOB) is not responsible for standards related to
Which of the following most likely would not be considered as an inherent limitation of the effectiveness of a firm's internal control
According to COSO which of the following is not a component of internal control
When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that
The cost of an entity's internal control should not exceed the benefits expected to be derived
Proper segregation of duties calls for separation of the following functions
Authorization, recording, and custody
An entity's ongoing monitoring activities often include
Reviewing the purchasing function
The overall attitude and awareness of a firm's top management and board of directors concerning the importance of internal control is often reflected in its
Management philosophy and operating style would have a relatively less significant influence on a firm's control environment when
Accurate management job descriptions delineate specific duties
Control risk should be assessed in terms of
Financial statement assertions
An auditor assesses control risk because it
affects the level of detection risk that the auditor may accept
The framework could be used by management in its internal control assessment under requirements of SOX is the
All of the above are correct
The internal control provisions of SOX apply to which companies in the United States
Reconciliation of cash accounts may be referred to as what type of control?
Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should
Prepare a summary listing of checks received
Tracing shipping documents to pre-numbered sales invoices provides evidence that
Shipments to customers were properly invoiced
Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission
A customer intended to order 100 units of a product A, but incorrectly ordered nonexistent product B. Which of the following controls most likely would detect this error
Which of the following is an example of a validity check
The computer flags any transmission for which the control field value did not match that of an existing file record
Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group