1 Business Processes, Risks & Internal Control Flashcards
What are the 4 types of business risks?
Strategic risks, compliance risks, reporting risks, operational risks
What are the five basic risk responses?
Acceptance, avoidance, pursuit, reduction, and transfer
What are the three categories of objectives of internal control?
Operations, reporting & compliance
What are the five components of internal control?
“Controls stop CRIME”
C = control activities R = risk assessment I = information and communication M = monitoring E = control environment
What are the three elements of fraud?
Incentives and Pressures
Opportunities
Attitudes and Rationalizations
What are the three phases of an effective approach to monitoring?
- establishing a foundation for monitoring
- designing and executing monitoring procedures
- assessing and reporting results
What are the four components for monitoring for change continuum?
- the control baseline - includes an understanding of the internal control system’s design and whether controls have been implemented to achieve the organization’s internal control objectives.
- change identification - identifies through ongoing monitoring and separate evaluations, changes in internal control.
- change management - evaluates the design and implementation of identified changes and establishes a new baseline.
- control revalidation/update - periodically revalidates the operation of internal control in the absence of changes.
What are the inherent limitations of internal controls?
- established objectives must be suitable
- human judgment if faulty
- controls may fail due to breakdowns (EE misunderstanding, carelessness or fatigue)
- management may override internal controls (to fraudulently achieve revenue projections or hide liabilities)
- manual or automated controls can be circumvented by collusion
- external events are beyond an organization’s control
What are the components of an effective fraud management program?
- company ethics policy
- fraud awareness
- fraud risk assessment
- ongoing reviews
- prevention and detection
- investigation