BEC Flashcards
components of internal control In the COSO (2011) “cube” model
Monitoring
Risk Assessment
Control Activities
According to the 17 COSO control principles, ‘organizational objectives’ primarily relate to which fundamental component of internal control?
Risk Assessment
[According to the COSO principles, the control environment includes establishing integrity and ethical values in the organizational culture.]
Strategic, operations, reporting, and compliance objectives are a part of which of the following models of internal control?
COSO ERM
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring‐for‐change continuum?
Change identification.
[Control Revalidation and update is concerned with revalidation after changes in controls, rather than on ongoing and separate evaluations intended to identify changes in internal control effectiveness.]
One of the Rules of Conduct in the IIA’s Code of Ethics states, “Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.” To which Principle of the Code of Ethics does this Rule of Conduct relate?
Competency
COSO Model - Control Monitoring Process
ESTABLISH FOUNDATION - Tone at the top - Organizational Structure - Baseline Understanding of Internal Controls DESIGN & EXECUTION - Prioritize Risks - Identify Key Controls - Identify Persuasive information about Key Controls - Implementing monitoring Procedures ASSESS & REPORT - Prioritize Findings - Report Results to appropriate level - Follow up
Control Monitoring Process Methods
Review
Bench-marking
Questionnaires
Focus Groups and Interviews
Control Revalidation
Periodically re-validate that controls are working effectively, thus maintaining a continuous control baseline
four elements of “mandatory” guidance of the IIA’s International Professional Practices Framework.
Internal Audit definition
Core principles of professional practice of internal auditing
Code of Ethics
Standards
structure of authoritative guidance of the IIA’s International Professional Practices Framework.
Mandatory Guidance & Strongly Recommended
structure of the IIA’s Code of Ethics
4 Principles & 12 rules of conduct
principles of the IIA’s Code of Ethics
Integrity
Objectivity
Competence
Confidentiality
structure of standards
Statements of basic requirements of Internal audit
Interpretation
glossary of terms
Categories of standards
Attributes
Performance
Michael Porter’s 4 attributes that promoted or impeded the creation of competitive advantage. Also known as the ‘diamond elements’
factor conditions
demand conditions
firm strategy, structure & rivalry
related supporting industries
diamond elements affect four factors that lead to a national competitive advantage. what are they?
resources and skills available
decision to pursue goals with available resources
individuals’ agenda inside organizations
pressure on firms to invest and invest
5 major and 3 non major factors influencing currency rates/demand
5 major
- inflation
- current account balance
- political & economic environment/ stability
- relative interest rates
- public debt levels
3 non major
- consumer references
- relative income
- speculation
Dodd frank accorded whistleblowers to bypass OSHA and file suit in federal court
Sox did not allow that.
Preventive control
Detective control
Corrective control
Preventive control stops or prevents breaches immediately. prevents incidents from occurring. A firewall PREVENTS hackers from accessing the records
A detective control does not prevent incidents from occurring. like a burglar alarm might call the police, i only indicates an incident may have occurred. review of credit card statement is a detective control
Corrective controls do not prevent breaches. They limit the impact of the breach on the organization by correcting the vulnerability. Backing up files to enable data restoration after a system crash is a corrective control
Questions to ask your self when asked to identify type of control
Does it PREVENT? DETECT? CORRECT?
component of internal control that concerns with the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives.
Control activities - comes after Risk assessment because you need to assess the risk before you address them, DUH!
risk reduction primarily relates to which fundamental component of internal control
Control activities - comes after risk assessment because you need to assess the risk before you can reduce it, DUH!
Strategic, operations, reporting, and compliance objectives are a part of which of the following models of internal control?
COSO ERM
organizational objectives primarily relate to which fundamental component of internal control:
Risk assessment.
Control activities addresses risk assessment
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring‐for‐change continuum?
Change Identification
Change Management is not the best answer to this question. This stage of the monitoring for change process is concerned with, when changes occur, verifying that controls remain effective despite identified changes in controls and/or risks. Hence, the primary ongoing and separate evaluation process would be a part of change identification and not change management.