BEC Flashcards
components of internal control In the COSO (2011) “cube” model
Monitoring
Risk Assessment
Control Activities
According to the 17 COSO control principles, ‘organizational objectives’ primarily relate to which fundamental component of internal control?
Risk Assessment
[According to the COSO principles, the control environment includes establishing integrity and ethical values in the organizational culture.]
Strategic, operations, reporting, and compliance objectives are a part of which of the following models of internal control?
COSO ERM
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring‐for‐change continuum?
Change identification.
[Control Revalidation and update is concerned with revalidation after changes in controls, rather than on ongoing and separate evaluations intended to identify changes in internal control effectiveness.]
One of the Rules of Conduct in the IIA’s Code of Ethics states, “Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.” To which Principle of the Code of Ethics does this Rule of Conduct relate?
Competency
COSO Model - Control Monitoring Process
ESTABLISH FOUNDATION - Tone at the top - Organizational Structure - Baseline Understanding of Internal Controls DESIGN & EXECUTION - Prioritize Risks - Identify Key Controls - Identify Persuasive information about Key Controls - Implementing monitoring Procedures ASSESS & REPORT - Prioritize Findings - Report Results to appropriate level - Follow up
Control Monitoring Process Methods
Review
Bench-marking
Questionnaires
Focus Groups and Interviews
Control Revalidation
Periodically re-validate that controls are working effectively, thus maintaining a continuous control baseline
four elements of “mandatory” guidance of the IIA’s International Professional Practices Framework.
Internal Audit definition
Core principles of professional practice of internal auditing
Code of Ethics
Standards
structure of authoritative guidance of the IIA’s International Professional Practices Framework.
Mandatory Guidance & Strongly Recommended
structure of the IIA’s Code of Ethics
4 Principles & 12 rules of conduct
principles of the IIA’s Code of Ethics
Integrity
Objectivity
Competence
Confidentiality
structure of standards
Statements of basic requirements of Internal audit
Interpretation
glossary of terms
Categories of standards
Attributes
Performance
Michael Porter’s 4 attributes that promoted or impeded the creation of competitive advantage. Also known as the ‘diamond elements’
factor conditions
demand conditions
firm strategy, structure & rivalry
related supporting industries
diamond elements affect four factors that lead to a national competitive advantage. what are they?
resources and skills available
decision to pursue goals with available resources
individuals’ agenda inside organizations
pressure on firms to invest and invest
5 major and 3 non major factors influencing currency rates/demand
5 major
- inflation
- current account balance
- political & economic environment/ stability
- relative interest rates
- public debt levels
3 non major
- consumer references
- relative income
- speculation
Dodd frank accorded whistleblowers to bypass OSHA and file suit in federal court
Sox did not allow that.
Preventive control
Detective control
Corrective control
Preventive control stops or prevents breaches immediately. prevents incidents from occurring. A firewall PREVENTS hackers from accessing the records
A detective control does not prevent incidents from occurring. like a burglar alarm might call the police, i only indicates an incident may have occurred. review of credit card statement is a detective control
Corrective controls do not prevent breaches. They limit the impact of the breach on the organization by correcting the vulnerability. Backing up files to enable data restoration after a system crash is a corrective control
Questions to ask your self when asked to identify type of control
Does it PREVENT? DETECT? CORRECT?
component of internal control that concerns with the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives.
Control activities - comes after Risk assessment because you need to assess the risk before you address them, DUH!
risk reduction primarily relates to which fundamental component of internal control
Control activities - comes after risk assessment because you need to assess the risk before you can reduce it, DUH!
Strategic, operations, reporting, and compliance objectives are a part of which of the following models of internal control?
COSO ERM
organizational objectives primarily relate to which fundamental component of internal control:
Risk assessment.
Control activities addresses risk assessment
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring‐for‐change continuum?
Change Identification
Change Management is not the best answer to this question. This stage of the monitoring for change process is concerned with, when changes occur, verifying that controls remain effective despite identified changes in controls and/or risks. Hence, the primary ongoing and separate evaluation process would be a part of change identification and not change management.
An economic currency exchange risk
occurs when exchange rate changes alter the value of future revenues and costs.
The equation for the graphic plot of a linear economic variable is D = b + m(a), where m > 0. What is the slope of the economic “curve” represented by this equation?
Positive slope
The graphic plot of the given equation would have a positive slope. Since the constant “m” is positive, the dependent variable “D” increases as the independent variable “a” increases (and decreases when “a” decreases).
distinguish a change in quantity of a commodity demanded from a change in the demand for a commodity
distinguish a change in the quantity of a commodity supplied from a change in supply of a commodity.
- change in Qty demanded is a function of price.
- change in demand is a function of change in factors other than price
- Change in qty supplied function of price
- change in supply is a function of change in factors other than price
Which one of the following would not cause an increase in demand for a commodity?
An increase in the number of consumers.
An increase in the price of a substitute commodity.
An increase in consumers’ preference for the commodity.
A reduction in the price of the commodity.
Ans: A reduction in the price of the commodity.
Expln: A reduction in price will not cause an increase in demand for a commodity, but rather will change (increase) the quantity demanded. An increase in demand causes a shift of the demand curve (up and to the right). A change in price causes movement along a specific demand curve.
Define supply.
Supply is the quantity of a commodity provided at alternative prices during a specified time
what is The principle of increasing costs
once the fixed factors of production are being used efficiently, increasing production (i.e., supply) will cost more than the prior average cost per unit. Therefore, increasing production (and thus increasing average cost) will occur only if that increase in average cost can be recovered through a higher sales price for the good/service.