The flashcards below were created by user
on FreezingBlue Flashcards.
What the purpose of the COSO Internal Control Framework? What does the acronym COSO stand for?
- COSO: Committee of Sponsoring Organizations
- To create and then assess the effectiveness of internal controls to maximize the entity's ability to achieve its objectives.
Define Internal Control
A process to provide reasonable assurance that the organization will achieve its objectives.
At what level are internal controls expected to be applied?
At the divisional (operating unit) or functional level.
What are the three categories of objectives for the COSO Internal Control Framework and their general focus?
- Operations: effectiveness and efficiency of an entity's operations.
- Reporting: reliability, timeliness, and transparency of an entity's internal and external financial and nonfinancial reporting.
- Compliance: adherence to all applicable laws and regulations.
What are the five internal control components of the COSO Internal Control Framework?
- Control Activities
- Risk Assessment
- Information and Communication
- Monitoring Activities
- Environment of Control
What is the focus of the Control Environment? What are its principles?
Sets the "tone at the top" approach taken by the senior management and board of directors.
- Ethical Values
- Board Independence and Oversight
- Organizational Structure
- Commitment to Competence
What is the focus of Risk Assessment? What are its principles?
Identification and analysis of internal and external influences, and
establishing a response to the risks.
- Specify Objectives
- Assess Change
- Risks, Identify and Analyze
What is the focus of Information and Communication? What are its principles?
Identification, capture and exchange of information
- Obtain and use info (better be facts)
- Internal Communication
- External Communication
What is the focus of Monitoring Activities? What are its principles?
Assessing the quality of internal control performance over time
- Separate Evaluations
- Ongoing Evaluations
- Deficiencies, Communicate
What is the focus of Control Activities? What are its principles?
The policies and procedures to ensure that the directives iniatiated by management to mitigate risks are performed
- Control Activities, select and develop
- Technology Controls
- Policies and Procedures Deployment
True/False: The COSO Internal Control Framework is a prescriptive checklist and the entity's Board is expected to have a procedure in each category?
- The framework requires judgment (not prescription) to create, develop and review an Internal Control system
Which of the following terms is used by COSO regarding the Internal Control Framework? (1) Major deficiency, (2) Significant deficiency, (3) Material weakness?
Major Deficiency: a material internal control deficiency (or combo of deficiencies) that significant reduce the likelihood that an organization can achieve its objectives.
What are strategic objectives?
High level goals aligned with the mission of the organization. Critical to the success of the company (e.g., achieving 60% market share)
What are operational objectives?
The effective and efficient use of resources. (Ex: defect rate <5%, overtime <2%)
What are internal and external reporting objectives?
- Internal, such as monitoring to enable management to take action
- External, meet the needs of the stakeholders
What are compliance objectives?
Meeting specific laws, requirements and regulations
When are internal controls present, functioning, and effective?
When all the principles and components are included, operationally working, and risks of not meeting objectives are reduced to an acceptable level.
What types of control activities are included in demonstrating a commitment to ethics and integrity?
- Establishing standards of conduct
- Evaluating adherence to these standards
What types of control activities are included in establishing an organizational structure?
Defining, assigning and limiting authorities and responsibilities
What types of control activities are included in supporting individual accountability?
- Establishing performance measures, incentives, and rewards
- Evaluating performance against these measures
- Determining if excessive pressure exists that would motivate someone to break the rules
What areas of concern must be considered when analyzing for risk due to fraud?
- Look for the following issues that would encourage the behavior
- incentives or pressures
- employee attitudes
- types of rationalizations
Which of the following is the best method to reduce the risk of kiting? (1) review and approval of checks & support, (2) bank reconciliation, (3) segretation of duties.
- (3) segregation of duties.
- Kiting occurs when the same person writes the checks and makes the deposits. Separating these duties will limit the opportunity.
What 3 elements help to enable fraud?
- Financial pressure (a motive0
- Opportunity (to commit the act)
- Rationalization (justification of the act)
What are several types of internal control methods utilized to reduce risk?
- Separation of Duties: no one person should be able to initiate a transaction and then approve it; record the information in the accting records and then control the proceeds that result.
- Supervisory Review: ensure someone separate from the person performing the function verifies the transaction
- Separate Department Review: someone in another dept verifies the transaction
- Limiting use of and access to computer systems
- Reconciliation of bank accounts
- Conducting a physical inventory
- Use of computer logs