Using Auditing standards or your Textbook, define the following control – related terms:- a. Control environment
b. Segregation of duties
c. Restricted access
d. Preventive and detective controls
e. Design and operating effectiveness
a. Control Environment:
The control environment is the reflections of overall attitude of top management and owners of entities about control and its importance to the entity. The control environment includes the actions, policies and procedures and the way of implementation its strategies and overall attitude. For better understanding and assessing the control environment the following subcomponents should be taken into consideration (text book page no. 275): 1. Active integrity and promotion of ethical values
2. Commitment and competence
3. The Board of Directors or Audit Committee participation 4. Management philosophy and operating style
5. Organization structure
6. Human resource policies and practices
7. Methods of assigning authority and responsibility
8. Management control methods
9. System development methodology
10. Management reaction to external influences
11. Internal audit
b. Segregation of duties:
Segregation of duties is the vital part of the control activities in individual transaction cycle. Segregation of duties is an effective part of internal control as it reduces the risk of misstatement and inappropriate of actions and it also protect and discourage the fraud. Under segregation of duties the following functions should be done by different employees: i. Authorization/Approval
ii. Record keeping
iii. Assets custody.
The basic concept of segregation of duties is to distribution of the following works among different employees like initiate transaction, approve transaction, record transaction, handle assets and review & monitor reports.
Restricted Access refers to the control of physical and logical access control of data and documents so that accountability and specific responsibility can be established. Restricted access reflects the organization attitude towards segregation of duties. An effective access policies and practices can make restricted access rights and can also select the authorized individual with designation who is authorized to approve access right. Restricted access can prevent or minimize the unauthorized interference to programs or data based documents. Restricted access also reduces the opportunity to gather undue information to communicate others or otherwise make use of any information.
d. Preventative and Detective controls:
The preventative and detective control works as means of tools of reduction the risk of fraud of an organization. An effective combination of preventative and detective measures discourage the employees to commit fraud and reduce the risk of fraud as well. Preventative control focuses on preventing errors through implementing standard policy and procedures by the management of an organization. Segregation of duties, proper authorization/approval system act as a preventative controls against fraud. Detective controls are designed to identify an errors or frauds after it has been occurred. Analyzing and reviewing of various reports helps in detecting errors. Reconciliation and periodic audits also act as an effective detective controls. An effective and preventative program and controls discourage employees to commit fraud because there is possibility of detection fraud and penalty.
e. Design and Operating Effectiveness:
Design effectiveness refers to the control designed by the management of an organization covering the identified risk of an organization. Before designing an effective control, management take into consideration the nature of the business and the control environment to cover up the specified and identified...