B1 - M1: Internal Control Framework Flashcards
The components of the Fraud Triangle are:
Incentive, Opportunity, and Rationalization
Evaluating internal control procedures in a large public corporation is the responsibility of:
Internal Audit Staff reporting to the Board of Directors
The Organizational Structure principle stresses:
Reporting relationships. Reporting relationships should not undermine effective financial reporting, Independence of the board, internal auditors
The Board of Directors principle stresses:
Leadership. The board oversees the implementation fo financial reporting and internal controls
The Human Resources principle stresses:
Policy, procedure, competence
The Authority and Responsibility principle stresses:
Appropriate delegation to maintain effective internal controls
The concept of Management’s Philosophy and Operating style deal primary with:
Work Ethic and Commitment to effective Financial Reporting
The primary purpose of Monitoring Internal Control is:
To verify that an internal control system is adequate to address changes in RISK
Under COSO, is the Approval of high-dollar transactions by supervisors a Monitoring Activity?
No, because this action IS THE CONTROL and does not represent monitoring.
Under COSO, is the Investigation of variances between actual and expected results a Monitoring Activity?
Yes, because this could detect a failure
Under COSO, is Following Up on customer and vendor complaints regarding amounts dued/owed a Monitoring Activty?
Yes, because this could detect a failure
Under COSO, is Comparing information from various sources in the organization a Monitoring Activity?
Yes, because this could detect a failure
Under COSO Internal Control Framework, the action of Setting Baseline Expections for Employee Performance is an example of:
Control Environment Component, specifically the Accountability Principle
The relationship between a Board of Directors and its company is defined as:
Fiduciary
Prioritize Findings is a part of which Component of COSO Integrated Framework?
Assess-and Report phase of Monitoring Internal Controls
Prioritize Risks is a part of which Component of COSO Integrated Framework?
Risk Assessment Component
Identify Controls is a part of which Component of COSO Integrated Framework?
Control Activities Component
Tone at the top is a part of which Component of COSO Integrated Framework?
Control Environment Component
When programmers have the ability to implement application code changes into production without monitoring or Quality Assurance functions, this is an example of what type of definciency?
Change Control
What are the Five Components of Internal Control under COSO?
CRIME; C-ontrol Environment, R-isk Assessment,
I-nformation & Communication, M-onitoring,
E-xisting Control Activities
What are the objectives of Risk Assessment (CRIME -5 components of Internal Control, COSO)?
Financial Reporting Objectives, Risks, Fraud Risk
What are the objectives of Existing Control Activities (CRIME -5 components of Internal Control, COSO)?
Policy, Procedure, Info Tech
What are the objectives of Control Environment (CRIME -5 components of Internal Control, COSO)?
Ethics, Independence, Oversight, Org Structure, Competence, Accountability
What are the objectives of Information and Communication (CRIME -5 components of Internal Control, COSO)?
Internal communication, External communication, Obtain and Use information
What are the objectives of Monitoring (CRIME -5 components of Internal Control, COSO)?
Internal Control Performance over time, Design and Operation of Controls
Why is having one employ Enter and Approve Purchase Orders a violation of Segregation of Duties?
Because the employee could enter false purchase data and then approve it, resulting fraudulent payments. Having an Independent Approver makes this less likely.
What is Positive Pay (Banking)?
Positive Pay is a tool used for fraud detection, matching key attributes of a check (i.e. check #, check amt, acct #) to an inventory of authorized checks issued by the company