9/30 Class Flashcards
controls
preventing problems
exam
60 questions multiple choice then an essay question
study inclass discussions, then the book second and any powerpoints. remember the sox assignment?
404, 302, 906, whistleblower
PCAOB
requirements on auditors
COSO
control environment - on the bottom, management, etc.
risk assessment - what can go wrong
control activities - mitigating the risk first segregation of duties, authorization(preventative), documentary controls(audit trail), safeguarding of assets, reconciliation and review of analysis, IT controls, Information communications(ERP system), monitoring(internal auditors)
risks
economy, how is our image to the public, fraud, misleading investors, we must mitigate the risk
risk tolerance level
we have to provide assurance for investors
control environment
putting the right people in the right places, more aggressive CEOs are usually taking more risk
Winston Churchhill
panic feeling before hand is better than after, due diligence is what will help us and seeing what can go wrong before it goes wrong
four phases in risk assessment level
entity level - what do we want to achieve
detail/activity level - we have to see each segment and where things can go wrong, objectives follow GAAP
risks - what does the company want and what does our area want
what can go wrong - what will stop us from succeeding
controls - stops the fraud
check risks every years
four phases in risk
entity level objectives, activity level objectives, risks, managing change
controls are why we are doing this. we change controls according to the risk
objectives
entity - what the company is trying to accomplish, ex: videos, culture, etc.
activity level - what the activities are doing
coso cube
operations, financial reporting, compliance(law and regulations)
assertions
make assertions and put in good controls for it
risk vs objective
what is our risk, how do we mitigate that risk?
externally
we have to see the changes and risks that we are up against, if something is a push to commit fraud we have to account for that
the board
needs to look at the sec comments on competitors to see what controls we should put in place