BEC 1 Corporate Governance Part 3 Flashcards
Differentiate the COSO framework from the Audit framework.
The Five components of the COSO framework are useful for identifying and evaluating the effectiveness of an entity’s internal control.
In contrast, the Audit framework focuses on how a given control prevents or detects and corrects material misstatements in an entity’s financial reporting.
Identify some inherent limitations that may exist even with an effective internal control system.
The following inherent limitations may still exist with an effective i/c system:
- Breakdown in i/c due to error or human failure
- Issues pertaining to the suitability due to error or human failure
- External events beyond the control of the entity’s objectives
- Faulty or biased judgment in decision making
- Management override of controls
- Circumvention of controls through collusion
What constitutes ineffective i/c under the COSO framework?
If a major deficiency is identified related to the presence and functioning of a component or relevant principle, or with respect to the components operating together in an integrated manner, the entity may not conclude that it has an effective internal control system in place under the COSO framework.
What are the two principles associated with the monitoring component of the COSO ICIF?
- Ongoing and Separate Evaluations
2. Communication of Deficiencies
What themes does the ERM framework encompass?
- Aligning risk appetite and strategy
- Enhancing risk response decision
- Reducing operating surprise and losses
- Identifying and managing multiple and cross-enterprise risks.
- Seizing opportunities
- Improving deployment of capital
Explain the difference btw opportunities and risks under the ERM framework.
Positive events that promote achievement of objectives are opportunities
Negative events that prevent the achievement of objectives are risks.
What are the components of the COSO Enterprise Risk Management (ERM) Integrated Framework?
IS EAR AIM
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
What are the key elements of the internal environment component of the COSO Enterprise Risk Management (ERM) Integrated Framework?
PHRASED C
- Philosophy of risk management
- Human resources standards
- Risk appetite
- Accountability
- Structure (organizational)
- Ethical values (and integrity)
- Directors’ oversight
- Commitment to competence
What are the key elements of the objective setting component of the COSO Enterprise Risk Management (ERM) Integrated Framework?
- Strategic Objectives
- Related Objectives
- Selected Objectives
- Risk Appetite
- Risk Tolerances
What are the key elements of the events identification component of the COSO Enterprise Risk Management (ERM) Integrated Framework?
- Events
- Influencing Factors
- Event Identification Techniques
- Event Interdependencies
- Event Categories
- Distinguishing Risk and Opportunities
What are the key elements of the risk assessment component of the COSO ERM Framework?
- Inherent and Residual Risk
- Establishing Likelihood and Impact
- Data Source
- Assessment Techniques
- Event Relationships
What are the key elements of the risk response component of the COSO ERM Integrated Framework?
- Evaluating Possible Responses
- Selected Responses
- Portfolio View
What are the key elements of the control activities component of the COSO Enterprise Risk Management (ERM) Integrated Framework?
- Integration with risk response
- Types of control activities
- Controls Information Systems
- Entity-Specific Controls
What are the elements of the information and communication component of the COSO ERM Integrated Framework?
- Information
2. Communication
What are the key elements of the monitoring component of the COSO ERM Integrated Framework?
- Ongoing Monitoring Activities
- Separate Evaluation
- Reporting Deficiencies