BEC COSO Flashcards
McGee, Inc. calculates financial ratios to be sure they are in compliance with loan contract. This is an example of:
Internal, financial report (financial ratios indicate it is financial report)
According to COSO, which of the following is a compliance objective?
To maintain a safe level of CO2 emissions during production (NOT maintaining GAAP because that is a reporting objective)
Risk assessment precision
Whether, and the extent to which, risk can be quantified
Risk assessment materiality
Determination of how large of a risk poses a threat to an objective
Internal control principle: BOD meets to review plan for risks of cloud computing
2) Board of Directors exercises oversight responsibility, could also say 9) Change management, 11) Technology controls
Internal control principle: CFO caught embezzling money from Big Brothers/Sisters program
- Commitment to integrity and ethical values
Internal control principle: CFO establishes skills and training for all positions that include internal control responsibilities
- Competence
How technology can improve MONITORING of internal control.
Can identify conditions and circumstances that indicate that controls have failed or risks are present.
Which Type of Control Is It?
The dual nature of such controls can make it difficult to properly categorize a control. Search for the fundamental, underlying nature of the control; distinguish this from the secondary effects of the control
Shortcoming in a component and relevant principles that reduces likelihood of entity achieving its objectives. Design or operation of control does not allow mgmt. or EEs in the normal course of business to prevent or detect misstatements in a timely basis.
Internal control deficiency
Jeff has an ERP system. It has assigned responsibility for determining who has what access rights in ERP system. The assignment most likely was to:
Support functions would most likely be responsible for determining system access.
Primary purpose of monitoring internal control is to verify internal controls remain effective to address changes in:
Risk
Specific targets against which the effectiveness of internal control is evaluated.
Control objective
Controls that accomplish the same objective as another control and that compensate for deficiencies in that control.
Compensating controls
Controls that are most important to monitor to support a conclusion about the internal control system’s ability to manage or mitigate meaningful risks.
Key controls
Metrics that reflect critical success factors.
Key performance indicators
Forward-looking metrics that seek to identify key potential problems, enable org to take timely action before problem occurs.
Key risk indicators (KRIs)
Information that directly substantiates operation of controls.
Direct information
Relevant information for assessing whether controls are operating and an underlying risk is mitigated but does not provide explicit evidence.
Indirect information
Persuasiveness of information
Degree to which the info provides support for conclusions, derived for suitability.
Whether something is meaningful about operation of underlying controls.
Relevant information
Accurate, verifiable, from an objective source.
Reliable information
Enough to form a reasonable conclusion, must also be suitable.
Sufficient information
Suitable information
Relevant, reliable and timely
Timely information
Used in a time frame that makes it possible to prevent or detect control deficiency before they become material.
Information that can be established, confirmed or substantiated as true or accurate.
Verifiable information
Characteristics of evaluators
Competent and objective
Contains strategic, operations, reporting and compliance objectives as part of this model of internal control.
COSO ERM
User and designer communication issues are more important for:
Managing CHANGE in the system of internal control (not monitoring control effectiveness)
Component of internal control that would encompass the routine controls over business processes and transactions.
Control activities
Public company audit committees must contain what type of expert?
Financial expert
3 activities that comprise assessing and reporting on control monitoring
1) Prioritize findings
2) Report results as appropriate
3) Follow-up
3 elements to establish foundation of controls
1) tone at the top
2) org structure
3) baseline understanding of control effectiveness
Define ongoing monitoring
Activities to monitor the effectiveness of internal control in the ordinary course of operations
Strategic objectives according to COSO ERM
High level goals that support the overall mission of the organization, added to ERM from COSO framework.
Risk response
Management’s response to risk, depend on mgmt. risk appetite and may include risk avoidance, reduction, sharing (ex. insurance) or acceptance.
According to COSO, who is the group directly responsible for implementation and development of ERM framework?
Management (BOD is indirectly responsible)
Liklihood of loss x amount of loss
Expected value
Company decides to respond to risk by hedging the risk with futures contract. Type of risk:
Risk sharing
Established by SOX in 2002 to control the auditing profession.
Public Company Accounting Oversight Board (PCAOB)
