BEC 1: Internal Control Frameworks

Question 1

Committee of Sponsoring Organizations (COSO) has how many Objectives, Components, and Principles?

Answer 1

-3 Objectives (ORC)
-5 Components (CRIME)
-17 Principles
1-5)EBOKA
6-9)SAFR
10-12) OIE
13-14) SO D
15-17) CA T P

Question 2

5 COSO Components (CRIME)

Answer 2

1) Control Environment-
- Tone @ the Top. Ethics
2) Risk Assessment-
- FS Misstatements, not efficient, breaking law
3) Information & Communication-
- FACT (Fair, Accurate, Complete, Timely)
4) Monitoring-
- Effectiveness of controls & report difficiencies
5) (Existing) Control Activities-
- Policies and Procedures to mitigate risk

Question 3

Control Environment [(C)rime] and it’s 5 principles

Answer 3

EBOKA:

• commitment to (E)thical values and integrity
• (B)oard independence and oversight
• (O)rganizational structure
• (C)ommitment to competence
• (A)ccountability

Question 4

Risk Assessment [c(R)ime] and it’s 4 principles

Answer 4

SAFR:

• (S)pecify Objectives
• identify and analyze (R)isks
• consider the potential for (F)raud
• Identify and (A)ssess changes

Question 5

Information and Communication [cr(I)me} and it’s 3 principles

Answer 5

OIE:

• (O)btain and use Information
• (I)nternally communicate information
• communicate with (E)xternal parties

Question 6

Monitoring Activities [cri(m)e] and it’s 2 principles

Answer 6

SO D:

• (O)ngoing and/or (S)eparate evaluations
• communication of (D)efiencies

Question 7

(Existing) Control Activities [crim(E)] and it’s 3 principles

Answer 7

CA T P:

• select and develop (C)ontrol (A)ctivities
• select and develop (T)echnology controls
• deploy through (P)olicies and procedures

Question 8

6 Limitations of COSO

Answer 8

1) Human judgement can be faulty and subject to bias
2) Breakdowns and failures occur as long as humans are involved
3) Management can override internal controls
4) Management/other personnel can get around controls through collusion
5) External events outside management’s control
6) Suitability of entity’s objectives

Question 9

Enterprise Risk Management (ERM). What is it?

Answer 9

Framework and process to balance risk and return

Question 10

5 Components of ERM (GOPRO)

Answer 10

1) (G)overnance and culture
2) strategy and (O)bjective setting
3) (P)erformance
4) (R)eview and revision
5) (O)ngoing information, communication, and reporting

Question 11

Governance and Culture [(G)opro] and it’s 5 Principles

Answer 11

DOVES:

• defines (D)esired culture
• exercises board (O)versight
• Demonstrates commitment to core (V)alues
• attracts, develops, and retains capable (E)mployees
• establishes operating (S)tructure

Question 12

Strategy and Objective-Setting [g(o)pro] and it’s 4 principles

Answer 12

SOAR:

• evaluate alternatives (S)trategies
• formulate business (O)bjectives
• (A)nalyzes business context
• defines (r)isk appetite

Question 13

Performance [go(P)ro] and it’s 5 principles

Answer 13

VAPIR:

• develops portfolio (V)iew
• (A)ssesses severity of risk
• (P)rioritize risk
• (I)dentify risk
• implement risk (R)esponses

Question 14

Review & Revision [gop(R)o] and it’s 3 principles

Answer 14

SIR:

• assesses (S)ubstantial change
• pursues (I)mprovement in ERM
• (R)eviews risk and performance

Question 15

Ongoing Infortmation, Communication, and Reporting

Answer 15

TIP:

• leverages information and (T)echnology
• communicates risk (I)information
• reports on risk, culture, and (P)erformance