19.3 COSO Framework -- Internal Control for Data Governance Flashcards
Which of the following considerations is least likely to affect how an organization implements a system of internal control?
A. The ratio of full-time employees to part-time employees.
B. The size of the organization.
C. Technology innovation.
D. The use of outsourced service providers.
A. The ratio of full-time employees to part-time employees.
The ratio of full-time employees to part-time employees will not affect the organizational goals of the entity, nor is it likely to change how procedures and processes are performed throughout the business. As a result, the ratio is not likely to affect the implementation of a system of internal control.
An internal auditor is evaluating the internal control system in place for an organization’s cash-receipts cycle. According to the existing controls in place, the credit manager is responsible for authorizing the write-off of any debt that is deemed to be uncollectible. However, the auditor notices that two of the credit manager’s assistants have been authorizing the write-off of bad debt without the credit manager’s knowledge. Upon further investigation, the auditor discovers that the assistants have been authorizing the write-off of bad debt in a manner that benefits them personally. The inherent limitation of internal control best illustrated by this scenario is
A. Human error.
B. Collusion.
C. Management override.
D. External events.
B. Collusion
Collusion is when two or more individuals conspire to commit an act that violates a set of standards, usually for the personal benefit of the perpetrators. In this scenario, two assistants violated the existing set of controls by authorizing debt write-offs for their own personal benefit. Therefore, the limitation best illustrated by the scenario is a collusion.
Which of the following would not be considered an inherent limitation of the potential effectiveness of an entity’s internal control?
A. Incompatible duties.
B. Management override.
C. Faulty judgment.
D. Collusion among employees.
A. Incompatible duties
Internal control has inherent limitations. The performance of incompatible duties, however, is a failure to assign different people the functions of authorization, recording, and asset custody, not an inherent limitation of internal control. Segregation of duties is a category of control activities.
The primary responsibility for establishing and maintaining internal control rests with
A. Management
B. The treasurer
C. The controller
D. The external auditor
A. Management
Establishing and maintaining internal control is the responsibility of management. Internal control is intended to provide reasonable assurance that the entity’s objectives are achieved. Achievement of these objectives is the basic function of management.
The board of directors is responsible for
A. Providing the first line of defense for effective risk management
B. Defining expectations about transparency and accountability
C. Evaluating the adequacy and effectiveness of controls
D. Examining and reporting on internal control
B. Defining expectations about transparency and accountability
The board of directors defines expectations about integrity, ethical values, transparency, and accountability through its authority.
Of the following reasons to establish internal control, which is the most comprehensive?
A. Encourage compliance with organizational objectives
B. Provide reasonable assurance that the objectives of the organization are achieved
C. Safeguard the resources of the organization
D. Ensure the accuracy, reliability, and timeliness of information
B. Provide reasonable assurance that the objectives of the organization are achieved
The COSO model broadly defines internal control as a “process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) effectiveness and efficiency of operations, (2) reliability of financial reporting, and (3) compliance with applicable laws and regulations”
Management’s aggressive attitude toward financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity’s control environment when
A. External policies established by parties outside the entity affect its accounting practices
B. The audit committee is active in overseeing the entity’s financial reporting policies
C. Management is dominated by one individual who is also a shareholder
D. Internal auditors have direct access to the board of directors and entity management
C. Management is dominated by one individual who is also a shareholder.
Management’s philosophy and operating style is one factor affecting the control environment as described in the COSO model for internal control. Such characteristics as management’s attitudes and actions toward financial reporting and its emphasis on meeting budget, profit, and other goals have a significant influence on the control environment, especially when management is dominated by one or a few individuals. When incentives or pressures are present to achieve certain performance goals, the auditor should heighten his or her concern about the possibility of fraud.
According to COSO, the proper tone at the top helps a company to do each of the following, except
A. Navigate gray areas where no specific compliance rules or guidelines exist
B. Adhere to fiscal budgets and goals as outlined by the internal audit committee and board of directors
C. Promote a willingness to seek assistance and report problems before it is too late for corrective action
D. Create a compliance-supporting culture that is committed to enterprise risk management
B. Adhere to fiscal budgets and goals as outlined by the internal audit committee and board of directors
Through words and actions, those at the top (the board of directors and management) communicate their attitudes toward integrity and ethical values. Tone at the top does not help a company adhere to fiscal budgets and goals as outlined by the internal audit committee and board of directors. Adherence to the budget is more closely linked to control activities.
Which of the following parties have roles or responsibilities in the internal control of an organization?
I. Compensation committee
II. Customers and suppliers
III. Employees
IV. Regulators
V. Senior management
VI. Outsourced IT functions
A. I, III, V, and VI.
B. I and V.
C. I, II, III, IV, V, and VI.
D. II, IV, and VI.
C. I, II, III, IV, V, and VI.
Both internal parties (including the compensation committee, employees, and senior management) and external parties (including customers, suppliers, regulators, and outsourced IT functions) have roles or responsibilities in the internal control of an organization.
Internal auditors are responsible for
A. Operating a control system that provides reasonable assurance that objectives will be achieved
B. Safeguarding assets
C. Assessing the risk exposures in relation to the organization’s operations regarding the safeguarding of assets
D. Designing or drafting procedures for information systems
C. Assessing the risk exposures in relation to the organization’s operations regarding the safeguarding of assets
Internal auditors are responsible for evaluating the adequacy and effectiveness of controls in responding to risks in the entity’s oversight, operations, and information systems.