4/30 Flashcards
Requirements of Audit Committees
SOX requires 1 financial expert w/ understanding of GAAP and Fin Stmts & exp in preparing or auditing F/S & experience with internal auditing controls & understanding of audit committee functions
What did Dodd-Frank do re: a whistleblowers right to sue for retaliation accorded by SOX?
- Extended time to file a complaint with OSHA from 90 to 180 days
- Extended right to sue to whistleblowing employees of private subsidiaries controlled by public companies.
- Granted whistleblowers the right to a jury trial in retaliation cases that are properly filed in federal court
Reward under Doddd-Frank act in providing info to authorities in re: to fraud in company
10%-30% of sanctions imposed
By amending SOX, Dodd-Frank protects whistleblowers in nonpublic subsidiaries of public companies from retaliation.
fact
Can SEC enforce the whistleblower retaliation provisions of Dodd-Frank?
Yes!
General Control
Apply to all functions, not just specific accounting applications. General controls help ensure that data integrity is maintained.
Detective Control
“After the fact” controls. ie data entry edits, recon of batch control totals
Preventive Control
“Before the fact” controls designed to stop an error or irregularity from occurring. Examples of preventive controls include locks on building and doors, password protected access to files, and segregation of duties.
Corrective Control
Allows users to recover from a problem once identified ie. disaster recover plans, insurance, backup files
Feed-Forward Controls
A process in which future results are projected based on current and past information and, if the future results are undesirable, the inputs to the system are changed to avoid the projected outcome. Many inventory ordering systems are essentially feed-forward controls: the system projects product sales over the relevant time period, identifies the current inventory level, and orders inventory sufficient to fulfill the sales demand.
Feedback Controls
A procedure in which the results of a process are evaluated and, if the results are undesirable, the process is adjusted to correct the results; most detective controls are also feedback controls.
Risk Assesment
This is the process of identifying, analyzing, and managing the risks involved in achieving the organization’s objectives.
Which is the component of I.C. that concerns testing the system and data
Monitoring
COSO cube Model?
Monitoring, Control Activities, Risk Assesment, Info
& Communications, control environment
Control Objectives
- Compliance
- Operations
- Reporting
Control Activities
Policies & procedures that ensure actions taken are to address risks related to achievment of mgmts objectives, technology controls, and policies
Risk Assesment
Relates to organizational objectives, risk assessment, fraud, and change mgmt
Monitoring - COSO control Principal
Relates to establishing ongoing and periodic evaluations, & addressing control deficiencies
Most core, underlying control.
Info & Comm - COSO control principal
Relates to quality of information supporting controls, and internal and external communication
Risk Response
Managements decision to avoid, accept, reduce, or share risk and to develop set of actions to align risk with entity’s risk preferences
How many objectives does COSO model have? COSO ERM?
5,8
What is expected value?
calculates and integrates likelihood of losses w/amt of losses.
What are the two main attributes of effective evaluators that are identified by COSO?
Competence and Objectivity
What is compensating Control?
A control that accomplishes the same objective as another control
Change Identification
Monitoring for change process that would include ongoing and separate evaluations intended to identify and address changes in IC effectiveness
In large public corp, evaluating IC procedures should be responsibility of?
Internal audit staff who reports to board of directors
The IIA’s Definition of Internal Auditing
Helps an org accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Term that identifies the characteristics of organizations and individuals performing internal audit services?
Attribute Standards
Term that identifies the type of internal auditing stds used to measure quality of internal auditors conduct in delivering internal audit services?
Performance Standards
Which Principle of code of ethics does this rule of conduct relate to?
“Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.”
Competency
What does the mandatory guidance consist of? for the IIA’s Intl Professional Practices Framework
1) Definition of Internal Auditing; (2) Code of Ethics; and (3) International Standards.
The key words associated with the four Principles comprising the IIA’s Code of Ethics are
(1) Integrity; (2) Objectivity; (3) Confidentiality; and (4) Competency.
The primary themes associated with the Attribute Standards are
(1) Purpose, Authority, and Responsibility; (2) Independence and Objectivity; (3) Proficiency and Due Professional Care; and (4) Quality Assurance and Improvement Program.
The Attribute Standards related to an internal audit activity’s Quality Assurance and Improvement Program must include periodic external assessments. How often is an external assessment required?
At least every 5 years
hat term identifies the guidance in the International Standards for the Professional Practice of Internal Auditing that distinguishes between requirements for “assurance” services and “consulting” services?
Implementation Standards
In the COSO “cube” model, this component of internal control enables an organization’s people to identify, process, and exchange the information needed to manage and control operations.
Information and Communication
