B1-M1 Internal Control Frameworks Flashcards
what is the purpose of internal control integrated framework (developed in 1992)?
to assist organizations assess internal control
who is responsible for evaluating internal control procedures in a large public company?
independent internal audit function that reports to the governing body of the company. Ex: internal audit staff who report to the board of directors
what relationship is best describes the nature of board of directors to a company?
FIDUCIARY: act on behalf of and in best interest of the corporation
what are the 3 elements of the fraud triangle?
- pressure/motivation: both internal and external, creates the incentive to commit fraud
- opportunity: from poor internal controls, lack of duty segregation, and a weak control environment
- rationalization: represents the justification of actions by fraud perpetrators
what are the 3 objectives, 5 components, and 17 principles of COSO?
- 3 objectives: ORC
1. Operating
2. Reporting
3. Compliance - 5 components: CRIME
1. Control Environment: tone at the top - ethics
2. Risk Assessment: FS misstated, not efficient, breaking laws
3. Information & Communication: fair, accurate, complete, and timely FACT
4. Monitoring: effectiveness of controls & report deficiencies
5. Existing Control Activities: policies/procedures to mitigate risks - 17 principles: EBOCA SAFR OIE SOD CATP
- Control environment: EBOCA
+ Commitment to Ethics and Integrity
+ Board Independence and Oversight
+ Organization structure
+ Commitment to Competence
+ Accountability - Risk Assessment: SAFR
+ Specify objectives
+ Identify and Analyze Risks
+ Consider potential Fraud
+ Identify and Assess changes - Information and Communication: OIE
+ Obtain and use information
+ Internally communicate information
+ Communicate with External parties - Monitoring Activities: SOD
+ Ongoing and/or Separate evaluation
+ Communication of Deficiencies - Existing control activities: CATP
+ select and develop Control Activities
+ select and develop Technology controls
+ deployment of Policies and Procedures
what are the 3 objectives of coso?
3 objectives: ORC
1. Operating: effectiveness and efficiency of entity’s operations and ensure that the assets of the organization are adequately safeguarded
- Reporting: focus of coso. It pertain the reliability, timeliness, and transparency of the entity’s external and internal financial and nonfinancial reporting established by regulators
- Compliance: ensure the entity is adhering to all applicable laws and regulations
what are the triangle of fraud?
- incentive/pressure
- opportunity
- Attitude/rationalization
what are limitations of internal control?
- breakdowns in IC due to errors or human failure
- issues relating to suitability of entity’s objectives
- external events beyond control of entity
- collusion/circumvention
- management override