The flashcards below were created by user
on FreezingBlue Flashcards.
What is internal control?
System to provide reasonable assurance that objectives are met; Making sure everything is as it is supposed to be.
What are the 3 functions of control?
- Preventative (deter problems)
- Detective (discover problems)
- Corrective (correct problems).
What are some objectives internal control checks for?
- safeguard assets
- maintain records appropriatly
- reports are fair and accurate
- provide accurate and reliable info
- prepare financial reports in accordance with established criteria
- improve and promote operational efficiency
- encourage adherence to policies
- comply with laws and regulations.
What are the 2 control categories?
- General (overall system and process; entire organization)
- Application (transactions are processed correctly; app works as it should).
What are some objectives of the Sarbanes-Oxley Act of 2002 (SOX)?
- prevent financial statement fraud
- inrease transparency of financial reports
- protect investors
- stregthen internal controls
- establish responsibility for executives.
What does PCAOB stand for and what is it?
Public Company Accounting Oversight Board
= organization that oversees auditors.
What are some of the rules SOX changed/introduced?
- new auditing rules (partner rotation; separation of audit and non-audit services)
- new rules for audit committees (independent, but part of BOD; one must be financial expert; oversee external auditors)
- new rule for management (responsibility for fairness and review of financial statements; resp. for sharing material IC weaknesses and fraud w/ auditors)
- new IC requirements (establishing and maintaining adequate IC system).
What are the IC frameworks discussed in chapter 7?
- = Control Objectives for Information and Related Technology
- - business objectives, IT resources + processes
- = Committee of Sponsoring Organizations
- - (non IT IC) control environment + activities, assess risks, info and communication, monitoring.
Briefly describe the enterprise risk management model.
set objectives (what org. needs to do)
=> ID event (that enables reaching objectives)
=> assess risk (that can threaten event).
What are the 5 choices when it comes to risk control?