End of Chapter Materials and Suggested Solutions
Accounting, Information Technology, and Business Solutions
by Hollander, Denna, and Cherrington
What is meant by a system of internal controls?
Internal controls are a set of rules, policies, and procedures an organization implements to provide
reasonable assurance that (1) its financial reports are reliable, (2) its operations are effective and efficient,
and (3) its activities comply with applicable laws and regulations.
Distinguish between risk, exposure, and threat.
Risk, as with many words in the English language, has multiple meanings so we must be careful to define
how we are using it.
is any exposure to the chance of injury or loss.
(Some people use the term
in a more narrow sense to describe the probability of a loss occurring.)
is another word some
people use to describe these situations because they represent a probable evil, violence, or loss to the
entity. There are so many potential risks that it may seem overwhelming to try to control all of them.
we should only worry about the most significant risks.
The significance of a risk is determined by (a) its
impact on the organization, and (b) the likelihood of it occurring.
is a word some people use to
describe the potential impact on the entity.
Describe the relationship between risk, opportunity, and objectives.
Opportunity and risk go hand in hand.
You can’t have an opportunity without some risk and with every
risk there is some potential opportunity. People’s objectives and the stated objectives of the organization
impact both risks and opportunities.
Conservative objectives that can be easily achieved require less risk.
More aggressive objectives create greater risk as more difficult and complex activities are pursued to
achieve them. Change creates opportunities.
The world is constantly changing and change is often
viewed in a negative light because it upsets the status quo. The people who are the most successful are
those who are able to anticipate change, recognize the opportunities associated with it, and adapt very
In summary, change creates many new opportunities.
The opportunities an organization seeks
are guided by its objectives.
But with every opportunity there is some element of risk.
We seek to
manage these risks by a system of controls.
How do you determine the materiality of risk?
Materiality of risk is a function of:
The size of the potential loss and its impact on achieving the organization’s objectives.
The likelihood of the loss.
As either the likelihood or size of the loss increases, the materiality of the risk also increases.
the materiality, the greater the need for managing the risk.
In many situations these evaluations can only
be measured in rough, order-of-magnitude amounts.