17 Principles of Internal Control

Question 1

What is the most important principle to internal control??

Answer 1

Control Environment- The organization demonstrates a commitment to INTEGRITY AND ETHICAL VALUES.

Set and demonstrates (through actions) an ethical “tone at the top”

Question 2

What is the Board of Directors responsibility with control environment?

Answer 2

They are concerned with big risk and big issues. They should have oversight. There should be independence between them and management. They should have expertise in various areas of the business.

Question 3

What role does competence play in control environment?

Answer 3

the organization should demonstrate a commitment to attract, develop, and retain competent individuals including:

Assessing competencies, creating development plans to achieve needed skills, and addressing deficiencies through training, hiring, or outsourcing.

Planning and preparing for turnover and succession

Question 4

What role does accountability play in control environment?

Answer 4

The organization holds individuals accountable for their internal control responsibilities including:

• Establishing and evaluating performance measures, incentives, rewards and disciplinary actions for individuals.
• NOTE: Excessive performance pressures that result in unethical things is not good

Question 5

What role does objectives play in risk assessment?

Answer 5

Organization have sufficient clarity to enable the identification of risks that threaten achievement of objectives including:

• Precision of risk tolerance levels, can we quantify the risk and can we add a range? (What is the likely that we will go bankrupt if we don’t apply a certain technology?)

Question 6

What role does assessment play in the risk assessment?

Answer 6

The organization identifies risks to achievement of objectives and analyzes risk to guide risk management strategy including

• Engage appropriate management in risk assessment
• Consider and include entity, subsidiary, division, operating unit, and functional levels
• Analyze internal and external factors
• Develop risk responses

Question 7

What role does fraud play in risk assessment?

Answer 7

Organization considers potential fraud in assessing risks to achieving objectives including:

• Consider fraud risk factors and threats
• Assess potential fraud influence of incentive and pressures
• Assess fraud opportunities
• Assess attitudes and potential rationalizations that might justify fraud

Question 8

What role does change management play in risk assessment?

Answer 8

The organization identifies and assesses changes in external environment

Question 9

What role does risk reduction play in control activities?

Answer 9

Control activities reduce the risks to the achievement of objectives to an acceptable level including:

• Integrate control with risk assessment
• Risk reduction analyzes determine business processes to target control
• Consider influence of environment, complexity, and nature and scope of operations, on risk reduction and control

Question 10

What role does technology control play in control activities?

Answer 10

Management has to understanding the technology.

Has to understand dependencies of business processes, automated controls, and technology general controls

Question 11

What role does policies play in control activities?

Answer 11

The organization control activities inform policies that establish stakeholder expectations. Establish procedures to insure implementation.

Question 12

What role does quality play in information and communication?

Answer 12

Relevant, high-quality information supports internal control processes including organization processes that:

• Identify information required to support internal control processes
• Capture internal and external sources of data
• Transform data

Question 13

What role does internal communication play in information and communication?

Answer 13

Organizational processes communicate required information to enable all personnel to understand and execute their internal control responsibilities.

Question 14

What role does external communication play in information and communication?

Answer 14

• Board of directors receive relevant information
• External communication methods are sensitive to the timing, audience, and nature of the communication and to legal, regulatory and fiduciary requirements.

Question 15

What role both ongoing and periodic monitoring play in internal control?

Answer 15

• Benchmarking and providing feedback

- Consideration of environmental and business changes, knowledge of evaluation personnel and risk assessments

Question 16

What role does address deficiencies play in monitoring?

Answer 16

Parties charged with taking corrective actions including senior management and BOD, receive timely communication of IC deficiencies including:

• Management and BOD assessment of valuations
• Communication of deficiencies to management at least one level above the problem
• Management tracking of the correction of deficiencies