chap 10 COSO components of internal control

Question 1

in the COSO framework,what are the 5 component of internal control that managment designs and implements to provide reasonable assurance that its control objectives will be met

Answer 1

1. control environment
2. control activities
3. risk assessment
4. information and communication
5. monitoring

Question 2

COSO represents the direct relationship between what ? (3)

Answer 2

1. the 3 internal control objectives- reporting, operations, compliance
2. the 5 components of internal control- control environmnet, control activities, risk assessment, information and communication, and monitoring activities
3. the organizational structure - entity, division, operating unit, function

Question 3

within each of the COSO components, there are broad ____ included that provide more ____ to support the respective component

Answer 3

principals

guidance

Question 4

The COSO principals apply across all types of entitites and to each of the internal control _____

Answer 4

objectives

Question 5

all of the 1 COSO principals must be present and functioning for internal controls to be ____

Answer 5

effective

Question 6

what does the internal control component of control environment consist of?

Answer 6

the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

Question 7

the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity represents what component of COSO?

Answer 7

control environment

Question 8

_____ _____ consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

Answer 8

control environment

Question 9

control environment consists of the _____, ______,
and _____ that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

Answer 9

actions, policies, and procedures

Question 10

control environment consists of the the actions, policies, and procedures that refect the overall ____ of top managment, directors, and owners of an entity about internal control and its importance to the entity

Answer 10

attitudes

Question 11

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top ____, _____, and _____ of an entity about internal control and its importance to the entity

Answer 11

managment, directors, and owners

Question 12

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about ____ ____ and its importance to the entity

Answer 12

internal control

Question 13

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its _____ to the entity

Answer 13

importance

Question 14

the control environmnet serves as the ____ for the other 4 components

Answer 14

umbrella

Question 15

which component of COSO is so important that unless it is effective , the other 4 components are unlikely to result in effective internal control, regardless of their quality

Answer 15

control environment

Question 16

the essense of an effectively controlled organization lies in the what?

Answer 16

attitude of its board of directors and senior management

Question 17

what are the 5 underlying principals related to the control environment component of COSO?

Answer 17

1. committment to integrity and ethical values
2. an independent board of directors that is responsible for oversight of internal controls
3. establishing approprate structures and reporting lines
4. a commitment to attracting, developing, and retaining competent personnel
5. holding individuals accountable for internal control responsibilities

Question 18

integrity and ethical values are the product of the entitity ethical and behavioral _____, as well as how they are _____ and _____ in practice

Answer 18

standards
communicated
reinforced

Question 19

integrity and ethical values include managements actions to remove or reduce _____ and _____ that might prompt personnel to engage in dishonest, illegal, or unethical acts

Answer 19

incentives

temptations

Question 20

integrity and ethical values include the communication of these standards to personnel through what 3 forms?

Answer 20

1. policy statements
2. codes of conduct
3. by example

Question 21

understanding managements ____ and ____ style gives the auditor a sense of managments attitude about internal control

Answer 21

philosophy

operating

Question 22

who has the ultimate responsibility to make sure managment implements proper internal control and financial reporting processes?

Answer 22

the board of directors

Question 23

an effective board of directors is independent of _____

Answer 23

management

Question 24

an effective board of directors is independent of management and does what?

Answer 24

stays involved in and scrutinizes managements activities

Question 25

the board must exercise oversight of the ____ and _____ of controls

Answer 25

design

performance

Question 26

an active and objective board can reduce the likelihood that management will do what?

Answer 26

override existing controls

Question 27

the board creates an audit committee that is charged with oversight responsiblility for what ?

Answer 27

financial reporting

Question 28

the audit committee is responsible for maintaing ongoing communication with who?

Answer 28

external and internal auditors

Question 29

the audit committe is responsible for approving what done by auditors for public companies?

Answer 29

audit and nonaudit services

Question 30

maintaing ongoing communication with external and internal auditors allows the audit committee to do what?

Answer 30

discuss with the auditors matters that might relate to managment integrity or the appropriateness of actions taken by management

Question 31

what aspects of the audit committee are important determinants of its ability to effectiely evaluate internal controls and FSs prepared by management? (2)

Answer 31

1. their independence from management

2. their knowledge of financial reporting issues

Question 32

the Sarbanes Oxley Act directed the SEC to require the national stock exchanges (NYSE and NASDAQ) to strengthen what?

Answer 32

audit committee requirements for public companies listing securities on the exchange

Question 33

the national stock exchanges will not list any security from a company with an audit commitee that what? (5)

Answer 33

1. is not comprised solely of independent directors
2. is not soley responsible for hiring and firing the company’s auditors
3. does not establish procedures for the receipt and treatment of complaints (whistleblowing) regarding accounting, internal control, or auditing matters
4. does not have the ability to engage its own counsel and other advisors
5. is inadequately funded

Question 34

PCAOB standards require the auditor to evaluate the effectiveness of the audit committees what? (2)

Answer 34

1. oversight of the companys external finacial reporting

2. oversight of the companys internal control over financial reporting

Question 35

individuals responsible for overseeing the strategic direction of the entity and the accountability of the entity , inc luding financial reporting and disclosure are called what by auditing standards?

Answer 35

those charged with governance

Question 36

in auditing standards, those charged with governance are responsible for what? (2)

Answer 36

1. overseeing the strategic direction of the entity

2. overseeing the accountability of the entity , including financial reporting and disclosure

Question 37

the entitys organizational structure defines the existing lines of _____ and ______

Answer 37

responsibility

authority

Question 38

the organizational structure can consist of (4)?

Answer 38

1. entity level
2. division level
3. operating units
4. functions within those units

Question 39

T/F

controls operate at each level of the corporate structure

Answer 39

T

Question 40

by understanding the clients organizational structure, the auditor can learn the ____ and _____ elements of the business and perceive how controls are ______

Answer 40

management
functional
implemented

Question 41

what is competence?

Answer 41

the knowledge and skills necessary to accomplish task that define an individuals job

Question 42

if employees are ____ and _____ , other controls can be absent and reliable FSs will still result

Answer 42

competent

trustworthy

Question 43

because of the importance of competent, trustworth personnel in providing effective control, the methods by which persons are ____ , _____, _____, _____, and _____ are an important part of internal control

Answer 43

hired
trained
evaluated
promoted
compensated

Question 44

who is responsible for comminicating expectationa and holdign individuals accountable for internal control duties (2)?

Answer 44

managment

board of directgors

Question 45

what 3 things make the accountability process effective?

Answer 45

1. management setting the appropriate tone
2. appropriate structures and reporting lines put in place
3. incentives to fulfill internal control duties

Question 46

what is risk assessment?

Answer 46

a process for identifying and analyzing risks that may prevent the organization from achieving its objectives

Question 47

what are the 4 underlying principals related to risk assessment?

Answer 47

1. company should have clear objecctives in order to be able to identify and assess the risk relating to those objectives
2. should determine how the risks should be managed
3. should consider the potential for fraudulent behavior
4. should monitor changes that could impact internal controls

Question 48

specific risk related to ____ should be considered as they can lead to substantial losses if ignored

Answer 48

IT

Question 49

if IT systems fail, organizastions can be parayzed by what /(2)

Answer 49

1. the inability to retrieve info

2. the use of unreliable info caused by processing errors

Question 50

what are 7 factors that may lead to increased risk?

Answer 50

1. failure to meet prior objectives
2. quality of personnel
3. geographic dispersion of company operations
4. significance and complexity of core business processes
5. intro of new IT
6. economic downturns
7. entracnce of new competitors

Question 51

what are 3 things managment does once it identifies a risk?

Answer 51

1. estimates the significance of that risk
2. assesses the likelihoood of the risk occurring
3. develops specific actions that need to be taken to reduce the risk to an acceptable level

Question 52

what is the differences between management and the auditor with respect to risk assessment?

Answer 52

management- assesses risk as a part of designing and operating internal controls to minimize errors and fraud

auditors- assess risk to decide the evidence needed in an audit

Question 53

what are control activities?

Answer 53

the policies and procedures , in addition to those included in the other 4 control components, that help ensure that necessary actions are taken to address risks to the acheivement of the entitys objectives

Question 54

what are the 3 underlying principles related to control activities?

Answer 54

1. develop control activities that mitigate risks to an acceptable level
2. developing general controls over technology
3. establishing appropriate policies, procedures, and expectations

Question 55

what are the 5 types of typcial control activities?

Answer 55

1. adequate separation of duties
2. proper authorization of transactions and activities
3. adequate documents and records
4. physical control over assets and records
5. independent checks on performance

Question 56

what 4 general guidelines for adequate separation of duties to prevent fraud and errors are especially significant to auditors?

Answer 56

1. separation of the custody of assets from accounting for those assets
2. separation of the authorization of transactions fro the custody of related assets
3. separation of operational responsibility from record keeping responsibility
4. separation of IT duties from user departments

Question 57

to protect a company from embezzlement, a person who has custody of an asset should not ____ for that asset

Answer 57

account

Question 58

to reduce embezzlement, you should prevent persons who authorize transactions from having control over the _____ ____

Answer 58

related asset

Question 59

to ensure unbiased info, ____ ____ is typically the responsibility of a separate department reporting to the controller

Answer 59

record keeping

Question 60

T/F

Every transaction must be properly authorized if controls are to be satisfactory

Answer 60

T

Question 61

authorization can be either ____ or ____

Answer 61

general specific

Question 62

what happens under general authorization?

Answer 62

managment establishes policies and subordinates are instructed to implemetn these general authorizations by approving all transactions within the limits set by the policy

Question 63

Specific authorization applies to _____ transactions

Answer 63

individual

Question 64

what is the distinction between authorization and approval?

Answer 64

authorization is a policy decision for eithe ra general class of transactions or a specific transaction and approval is the implementation of managments general authorization decisions

Question 65

documents and records are the records upon which transactions are _____ and _____

Answer 65

entered

summarized

Question 66

adequate documents are essential for correct _____ of transactions and control of _____

Answer 66

recording

assets

Question 67

what are the principals that dictate the proper design and use of documents and records? (4)

Answer 67

1. prenumbered consecutively to facilitate control over missing documents and records and as aid in locating them when needed at later date. important for completeness assertion
2. prepared at time transaction takes place or as soon as possible after to minimize timing errors
3. designed for multiple use to minimize the number of different forms
4. constructed in manner that encourages correct preparation . can do by providing internal checks within form or record

Question 68

what is a control closely related to documents and records?

Answer 68

chart of accounts

Question 69

what does the chart of accounts do?

Answer 69

classifies transactions into individual B/S and I/S accounts

Question 70

the chart of accounts is helpful in preventing _____ errors if it accurately describes which type of transactions should be in each account

Answer 70

classification

Question 71

to maintain adequate internal control, ____ and ____ must be protected

Answer 71

assets

records

Question 72

the most important type of protective measure for safeguarding assets and records is the use of ?

Answer 72

physical precautions

Question 73

what is the control activity of independent check or internal verification on performance?

Answer 73

the careful and continuous review of the other four control activities

Question 74

why does the need for independent checks arise?

Answer 74

because internal controls tend to change over time unless there is frequent review

Question 75

independent checks on performance are necesarry beccause personnel are likely to forget or intntionally fail to follow procedure, or may become careless unless someone ____ and ____ their performance

Answer 75

observes

evaluates

Question 76

personnel responsible for performing internal verification procedures must be independent of what?

Answer 76

those originally responsible for preparing the data

Question 77

what is the least expensive means of internal verification?

Answer 77

separtion of duties

Question 78

most accounting system involve technologies wehre many internal verification procedures are ____

Answer 78

automated

Question 79

what is the purpose of an entitys accounting info and communication system?

Answer 79

to initiate, record, process, and report the entityes transactions and to maintain accountability for the related assets