AUD Deck 3 Flashcards
COSO Internal Control Framework
What is COSO?
COMMITTE OF SPONSORING ORGANIZATION (COSO) provides management and those charged with governance a way to IMPLEMENT CONTROLS so that they can achieve their goals. To help businesses ASSESS INTERNAL CONTROL
*provides EFFECTIVE INTERNAL CONTROL over FINANCIAL REPORTING
What are the entity’s objectives that are included in Internal Control?
O =EFFECTIVENESS AND EFFICIENCY OF OPERATIONS
R = RELIABILITY OF FINANCIAL REPORTING
C = COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
Strategic objectives are established as part of enterprise risk management.
principles of Control Environment
E = COMMITEMENT TO ETHICS AND INTEGRITY
B = BOARD INDEPENDENCE AND OVERSIGHT
O = ORGANIZATIONAL STRUCTURE
C = COMMITMENT TO COMPETENCE
A = ACCOUNTABILITY
principles of Risk Assessment
we want to make the entity SAFR
S = SPECIFY OBJECTIVES
A = IDENTIFY AND ASSESS CHANGE
F = CONSIDER POTENTIAL FRAUD
R = IDENTIFY AND ANALYZE RISKS
principles of Information and Communication
OIE, this a lot of INFORMATION
O = OBTAIN AND USE INFORMATION
I = INTERNALLY COMMUNICATE INFORMATION
E = COMMUNICATE WITH EXTERNAL PARTIES
principles of Monitoring Activities
we need to MONITOR SO D to make sure the grass grows
SO = ONGOING AND/OR SEPARATE EVALUATIONS
D = COMMUNICATION OF DEFICIENCIES
principles of (Existing) Control Activities
CA = SELECT AND DEVELOP CONTROL ACTIVITIES
T = SELECT AND DEVELOP TECHNOLOGY CONTROLS
P = DEPLOYMENT OF POLICIES AND PROCEDURES
which component sets the tone, baseline expectations, performance expectations (accountability principle), participation of those charged with governance, hiring and advancement policies, management’s approach toward business risks, management’s philosophy and operating style
CONTROL ENVIRONMENT
which component IDENTIFIES and assesses the effect of entity changes on internal controls; periodic evaluations of what could go wrong and the EFFECTIVENESS of the procedures to prevent or detect errors or irregularities. IDENTIFIES AND ANALYZES RISKS AND CONSIDERS THE POTENTIAL FOR FRAUD
RISK ASSESSMENT
which component deals with performance reviews, segregation of duties, deployment of policies and procedures, monthly bank reconciliations with supervisor sign offs. this component consists of control policies and procedures. IMPLEMENT
(EXISTING) CONTROL ACTIVITIES
which component deals with communication of internal control deficiencies, assessing internal control performance and taking corrective actions if necessary, periodically comparing and updating the mission vision and values; evaluation of communications from external parties (ex: customers)
MONITORING
which component deals with information processing; communication with external auditors; accounting records (auditor should understand the design and implementation related to financial reporting); analyze new information systems
INFORMATION AND COMMUNICATION
The COSO Cube shows the 3 OBJECTIVES as ____, the 5 INTERNAL CONTROL COMPONENTS AS ________ and the 4 levels of an ENTITY’S ORGANIZATION as the ________
COLUMNS; ROWS; THIRD DIMENSION
Who established the Treadway Commission and why??
PRIVATE SPONSORING ORGANIZATIONS
- AMERICAN ACCOUNTING ASSOCIATION (AAA)
- AMERICAN INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS (AICPA)
- FINANCIAL EXECUTIVES INSTITUTE (FEI)
- INSTITUTE OF INTERNAL AUDITORS (IIA)
- INSTITUTE OF MANAGEMENT ACCOUNTANTS (IMA)
ESTABLISHED TO STUDY FACTORS THAT LEAD TO FRAUDULENT FINANCIAL REPORTING
What is Sarbanes-Oxley Act?
The Sarbanes-Oxley Act is a Federal law enacted with the intent of IMPROVING THE ACCURACY AND RELIABILITY of financial information disclosed by PUBLIC COMPANIES
