Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ARM 400 > ARM 400 Chapter 7 > Flashcards

ARM 400 Chapter 7 Flashcards

1
Q

Define control environment.

A

The degree of importance a board of directors and management place on the organization’s internal control system and their related actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the Sarbanes-Oxley Act of 2002

A

A federal statutory law governing corporate directors in the areas of investor protection, internal controls, and penalties, both civil and criminal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define management controls.

A

A system of specified standards or objectives against which an organization’s management measures performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define preventative controls.

A

Controls designed to prevent errors or inconsistencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define detective controls.

A

Controls designed to detect errors or inconsistencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some examples of how internal controls support organizational objectives?

A
  • Safeguarding and protecting assets.
  • Ensuring legal and regulatory compliance.
  • Improving internal and external reporting reliability.
  • Preserving shareholders’ or stakeholders’ interests.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some examples of how internal controls support transactional objectives?

A
  • Promoting operational efficiency and effectiveness.
  • Ensuring adherence to policies and procedures.
  • Guaranteeing accurate record keeping.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

According to the FERMA guidance on Internal Control Best practices, the audit committee should assure that it’s agenda includes periodic review of?

A
  • The internal audit charter and independence of the internal audit function.
  • Internal Audit plans and allocated resources, including audit risk assessment criteria.
  • Professional competence of the internal audit function: providing advice to the CEO regarding performance evaluation, compensation changes, hiring, dismissal of the head of internal audit.
  • Quality assessment reviews in accordance with the International Standards for the Professional Practice of Internal Auditing, including outside assessments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Auditing, established the Three Lines of Defense Model to help clarify roles in an internal control system. What is the First Line of defense?

A

It is the operational management who is responsible for assessing, controlling and mitigating risks as well as maintaining effective internal controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Auditing, established the Three Lines of Defense Model to help clarify roles in an internal control system. What is the Second Line of defense?

A

This line of defense is where the risk management function supports and monitors operational management’s implementation of risk management practices. The compliance function of the model monitors compliance risk such as nonconformity withs laws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Auditing, established the Three Lines of Defense Model to help clarify roles in an internal control system. What is the Third Line of defense?

A

Internal audit provides assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Auditing, established the Three Lines of Defense Model to help clarify roles in an internal control system. What is the unofficial forth Line of defense?

A

External audits because they provide independent assurance to various stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’S) Internal Control - Integrated framework acts as an internal control by doing what?

A

It sets common standards that are designed to increase effectiveness and efficiency of operations as well as reliability of financial reporting while ensuring compliance with applicable laws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 5 components of the COSO control cube?
(HINT: CRCIICM)

A
  • Control environment
  • Risk assessment
  • Control activities
  • Information & Communication -
  • Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the International Organization for Standardization (ISO) 9000 series and ISO/IEC 27000 series do in relation to internal controls?

A

Sets international standards to ensure that organizations meet the needs of customers and stakeholders while complying with statutory and regulatory requirements.
ISO 9000 focuses on quality management.
ISO/IEC focuses on information security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What framework does the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing privide?

A

It is a framework for auditors to provide independent , objective and reasonable assurances that management has adopted a system of controls that is effective and is functioning as intended.

17
Q

In regards to the COSO cube, what does the Control environment do?

A

Sets the tone for internal control by providing resources, discipline and structure.

18
Q

In regard to the COSO cube, what does Risk Assessment do?

A

Identifies and measures risks that threaten the organization’s objectives.

19
Q

In regard to the COSO cube, what do Control Activities refer to?

A

It is a collection of policies, procedures, and practices enacted to carry out the management objectives and risk mitigation goals.

20
Q

In regard to the COSO cube, what does the Information and communication section refer to?

A

The systems or processes that communicate control responsibilities in a manner that enables responsibilities to be met.

21
Q

In regard to the COSO cube, what does the Monitoring Activities section do?

A

This part of the COSO cube refers to the external oversight or internal application of independent methodologies such as customized procedures or standard checklists to reinforces adherence to rules put in place.

22
Q

In addition to the five components of the COSO cube, the cube also addresses what 3 types of objectives?

A

Operations - speaks to the efficiency of the organizations operations and how successfully the approach the stated goals.

Reporting - pertains to internal and external reports, whether tracking progress towards goals or meeting regulatory requirements.

Compliance - is referring to any goals dealing with laws or regulations.

23
Q

Because audits are conducted in diverse legal and cultural environments, _________ has designed standards to ensure that the auditor’s responsibilities are met.

A

Institute of Internal Auditors (IIA)

24
Q

In regard to IIA standards, what is an attribute standard?

A

This refers to a standard that defines the attributes of an organizations and individuals performing internal auditing.

25
Q

In regard to IIS standards, what is a performance standard?

A

This is referring to a standard that defines the nature of internal auditing and providing quality criteria against which the performance of these services can be measured.

26
Q

Based upon the standards set forth by IIA, the internal auditor is required to validate which key areas?

A
  • That the objectives support and align with the organization’s mission.
  • That significant risks are identified and assessed.
  • That appropriate responses align risks with the organization’s risk appetite.
  • Relevant risk information is captured and communicated in a timely manner.
27
Q

What is risk-based auditing?

A

This is auditing that prioritizes the use of an organization’s limited internal audit resources to this areas that pose the greatest risk.

28
Q

The accuracy of financial statements is a key area of focus for any internal audit approach, including those that are risk-based. What does the Auditing Standard No. 5 (AS 5) do?

A

This auditing standard was issued by the Public Company Accounting Oversight Board (PCAOB) and it applies when an auditor is engaged to audit management’s assessment of the effectiveness of internal control over financial reporting.

29
Q

How does Auditing Standard # 5 (AS5) support a risk-based approach?

A
  • Focus internal control audits on the most important matters.
  • Eliminate unnecessary audit procedures.
  • Match the audit scope to the size and risk model of the enterprise.
  • Offer simplified implementation guidance from prior standards.
30
Q

According to the Auditing Standard # 5 (AS5), failing to prevent or detect fraudulent misstatements is a greater risk for internal financial-reporting control than failing to prevent or detect any other error. This requires a specific fraud risk assessment with what types of controls?

A
  • Controls over significant , unusual transactions.
  • Controls over journal entries and adjustments made in the period-end of the financial reporting process.
  • Controls over transactions between related parties.
  • Controls related to significant management estimates.
  • Controls that mitigate incentives for management to falsify or inappropriately manage financial results.
31
Q

Why does involving internal auditors in an organization’s risk management efforts create a win-win situation?

A

Because they serve as a resource to support the risk managers’ work as well as aid efforts to develop risk-based auditing plans because they may have a higher understanding of pertinant risks.

32
Q

Who develops the risk management policy?

A

The board of directors, who also determine the amount and types of risk the organization wants to pursue, retain, reduce or avoid.

33
Q

What are a few of the key items that Risk Management focuses on in it’s role?

A
  • Design and implement risk management plan and tools to use.
  • Works with the business managers to establish internal risk management controls.
  • Monitors risk levels within the organization.
  • Identifies and quantifies new, emerging risks and recommends appropriate responses.
  • Is accountable for whether the risk management plan is effective.
34
Q

What are few of the key items that Internal Audit focuses on in relation to risk management?

A
  • Reviews and critiques the implementation of the risk management plan.
  • Audits internal risk controls to ensure that they are in place and functioning as designed.
  • Monitors risk levels within the organization to determine whether the risk management plan and internal risk controls are effectively managing risk as expected.
  • Identifies and quantifies new and emerging risks.
35
Q
A

ARM 400 (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions