BEC COSO

Question 1

McGee, Inc. calculates financial ratios to be sure they are in compliance with loan contract. This is an example of:

Answer 1

Internal, financial report (financial ratios indicate it is financial report)

Question 2

According to COSO, which of the following is a compliance objective?

Answer 2

To maintain a safe level of CO2 emissions during production (NOT maintaining GAAP because that is a reporting objective)

Question 3

Risk assessment precision

Answer 3

Whether, and the extent to which, risk can be quantified

Question 4

Risk assessment materiality

Answer 4

Determination of how large of a risk poses a threat to an objective

Question 5

Internal control principle: BOD meets to review plan for risks of cloud computing

Answer 5

2) Board of Directors exercises oversight responsibility, could also say 9) Change management, 11) Technology controls

Question 6

Internal control principle: CFO caught embezzling money from Big Brothers/Sisters program

Answer 6

1. Commitment to integrity and ethical values

Question 7

Internal control principle: CFO establishes skills and training for all positions that include internal control responsibilities

Answer 7

4. Competence

Question 8

How technology can improve MONITORING of internal control.

Answer 8

Can identify conditions and circumstances that indicate that controls have failed or risks are present.

Question 9

Which Type of Control Is It?

Answer 9

The dual nature of such controls can make it difficult to properly categorize a control. Search for the fundamental, underlying nature of the control; distinguish this from the secondary effects of the control

Question 10

Shortcoming in a component and relevant principles that reduces likelihood of entity achieving its objectives. Design or operation of control does not allow mgmt. or EEs in the normal course of business to prevent or detect misstatements in a timely basis.

Answer 10

Internal control deficiency

Question 11

Jeff has an ERP system. It has assigned responsibility for determining who has what access rights in ERP system. The assignment most likely was to:

Answer 11

Support functions would most likely be responsible for determining system access.

Question 12

Primary purpose of monitoring internal control is to verify internal controls remain effective to address changes in:

Answer 12

Risk

Question 13

Specific targets against which the effectiveness of internal control is evaluated.

Answer 13

Control objective

Question 14

Controls that accomplish the same objective as another control and that compensate for deficiencies in that control.

Answer 14

Compensating controls

Question 15

Controls that are most important to monitor to support a conclusion about the internal control system’s ability to manage or mitigate meaningful risks.

Answer 15

Key controls

Question 16

Metrics that reflect critical success factors.

Answer 16

Key performance indicators

Question 17

Forward-looking metrics that seek to identify key potential problems, enable org to take timely action before problem occurs.

Answer 17

Key risk indicators (KRIs)

Question 18

Information that directly substantiates operation of controls.

Answer 18

Direct information

Question 19

Relevant information for assessing whether controls are operating and an underlying risk is mitigated but does not provide explicit evidence.

Answer 19

Indirect information

Question 20

Persuasiveness of information

Answer 20

Degree to which the info provides support for conclusions, derived for suitability.

Question 21

Whether something is meaningful about operation of underlying controls.

Answer 21

Relevant information

Question 22

Accurate, verifiable, from an objective source.

Answer 22

Reliable information

Question 23

Enough to form a reasonable conclusion, must also be suitable.

Answer 23

Sufficient information

Question 24

Suitable information

Answer 24

Relevant, reliable and timely

Question 25

Timely information

Answer 25

Used in a time frame that makes it possible to prevent or detect control deficiency before they become material.

Question 26

Information that can be established, confirmed or substantiated as true or accurate.

Answer 26

Verifiable information

Question 27

Characteristics of evaluators

Answer 27

Competent and objective

Question 28

Contains strategic, operations, reporting and compliance objectives as part of this model of internal control.

Answer 28

COSO ERM

Question 29

User and designer communication issues are more important for:

Answer 29

Managing CHANGE in the system of internal control (not monitoring control effectiveness)

Question 30

Component of internal control that would encompass the routine controls over business processes and transactions.

Answer 30

Control activities

Question 31

Public company audit committees must contain what type of expert?

Answer 31

Financial expert

Question 32

3 activities that comprise assessing and reporting on control monitoring

Answer 32

1) Prioritize findings
2) Report results as appropriate
3) Follow-up

Question 33

3 elements to establish foundation of controls

Answer 33

1) tone at the top
2) org structure
3) baseline understanding of control effectiveness

Question 34

Define ongoing monitoring

Answer 34

Activities to monitor the effectiveness of internal control in the ordinary course of operations

Question 35

Strategic objectives according to COSO ERM

Answer 35

High level goals that support the overall mission of the organization, added to ERM from COSO framework.

Question 36

Risk response

Answer 36

Management’s response to risk, depend on mgmt. risk appetite and may include risk avoidance, reduction, sharing (ex. insurance) or acceptance.

Question 37

According to COSO, who is the group directly responsible for implementation and development of ERM framework?

Answer 37

Management (BOD is indirectly responsible)

Question 38

Liklihood of loss x amount of loss

Answer 38

Expected value

Question 39

Company decides to respond to risk by hedging the risk with futures contract. Type of risk:

Answer 39

Risk sharing

Question 40

Established by SOX in 2002 to control the auditing profession.

Answer 40

Public Company Accounting Oversight Board (PCAOB)