chap 10 COSO components of internal control Flashcards

1
Q

in the COSO framework,what are the 5 component of internal control that managment designs and implements to provide reasonable assurance that its control objectives will be met

A
  1. control environment
  2. control activities
  3. risk assessment
  4. information and communication
  5. monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

COSO represents the direct relationship between what ? (3)

A
  1. the 3 internal control objectives- reporting, operations, compliance
  2. the 5 components of internal control- control environmnet, control activities, risk assessment, information and communication, and monitoring activities
  3. the organizational structure - entity, division, operating unit, function
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

within each of the COSO components, there are broad ____ included that provide more ____ to support the respective component

A

principals

guidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The COSO principals apply across all types of entitites and to each of the internal control _____

A

objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

all of the 1 COSO principals must be present and functioning for internal controls to be ____

A

effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what does the internal control component of control environment consist of?

A

the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity represents what component of COSO?

A

control environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_____ _____ consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

A

control environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

control environment consists of the _____, ______,
and _____ that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

A

actions, policies, and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

control environment consists of the the actions, policies, and procedures that refect the overall ____ of top managment, directors, and owners of an entity about internal control and its importance to the entity

A

attitudes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top ____, _____, and _____ of an entity about internal control and its importance to the entity

A

managment, directors, and owners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about ____ ____ and its importance to the entity

A

internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its _____ to the entity

A

importance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

the control environmnet serves as the ____ for the other 4 components

A

umbrella

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

which component of COSO is so important that unless it is effective , the other 4 components are unlikely to result in effective internal control, regardless of their quality

A

control environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

the essense of an effectively controlled organization lies in the what?

A

attitude of its board of directors and senior management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what are the 5 underlying principals related to the control environment component of COSO?

A
  1. committment to integrity and ethical values
  2. an independent board of directors that is responsible for oversight of internal controls
  3. establishing approprate structures and reporting lines
  4. a commitment to attracting, developing, and retaining competent personnel
  5. holding individuals accountable for internal control responsibilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

integrity and ethical values are the product of the entitity ethical and behavioral _____, as well as how they are _____ and _____ in practice

A

standards
communicated
reinforced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

integrity and ethical values include managements actions to remove or reduce _____ and _____ that might prompt personnel to engage in dishonest, illegal, or unethical acts

A

incentives

temptations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

integrity and ethical values include the communication of these standards to personnel through what 3 forms?

A
  1. policy statements
  2. codes of conduct
  3. by example
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

understanding managements ____ and ____ style gives the auditor a sense of managments attitude about internal control

A

philosophy

operating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

who has the ultimate responsibility to make sure managment implements proper internal control and financial reporting processes?

A

the board of directors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

an effective board of directors is independent of _____

A

management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

an effective board of directors is independent of management and does what?

A

stays involved in and scrutinizes managements activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
the board must exercise oversight of the ____ and _____ of controls
design | performance
26
an active and objective board can reduce the likelihood that management will do what?
override existing controls
27
the board creates an audit committee that is charged with oversight responsiblility for what ?
financial reporting
28
the audit committee is responsible for maintaing ongoing communication with who?
external and internal auditors
29
the audit committe is responsible for approving what done by auditors for public companies?
audit and nonaudit services
30
maintaing ongoing communication with external and internal auditors allows the audit committee to do what?
discuss with the auditors matters that might relate to managment integrity or the appropriateness of actions taken by management
31
what aspects of the audit committee are important determinants of its ability to effectiely evaluate internal controls and FSs prepared by management? (2)
1. their independence from management | 2. their knowledge of financial reporting issues
32
the Sarbanes Oxley Act directed the SEC to require the national stock exchanges (NYSE and NASDAQ) to strengthen what?
audit committee requirements for public companies listing securities on the exchange
33
the national stock exchanges will not list any security from a company with an audit commitee that what? (5)
1. is not comprised solely of independent directors 2. is not soley responsible for hiring and firing the company's auditors 3. does not establish procedures for the receipt and treatment of complaints (whistleblowing) regarding accounting, internal control, or auditing matters 4. does not have the ability to engage its own counsel and other advisors 5. is inadequately funded
34
PCAOB standards require the auditor to evaluate the effectiveness of the audit committees what? (2)
1. oversight of the companys external finacial reporting | 2. oversight of the companys internal control over financial reporting
35
individuals responsible for overseeing the strategic direction of the entity and the accountability of the entity , inc luding financial reporting and disclosure are called what by auditing standards?
those charged with governance
36
in auditing standards, those charged with governance are responsible for what? (2)
1. overseeing the strategic direction of the entity | 2. overseeing the accountability of the entity , including financial reporting and disclosure
37
the entitys organizational structure defines the existing lines of _____ and ______
responsibility | authority
38
the organizational structure can consist of (4)?
1. entity level 2. division level 3. operating units 4. functions within those units
39
T/F | controls operate at each level of the corporate structure
T
40
by understanding the clients organizational structure, the auditor can learn the ____ and _____ elements of the business and perceive how controls are ______
management functional implemented
41
what is competence?
the knowledge and skills necessary to accomplish task that define an individuals job
42
if employees are ____ and _____ , other controls can be absent and reliable FSs will still result
competent | trustworthy
43
because of the importance of competent, trustworth personnel in providing effective control, the methods by which persons are ____ , _____, _____, _____, and _____ are an important part of internal control
``` hired trained evaluated promoted compensated ```
44
who is responsible for comminicating expectationa and holdign individuals accountable for internal control duties (2)?
managment | board of directgors
45
what 3 things make the accountability process effective?
1. management setting the appropriate tone 2. appropriate structures and reporting lines put in place 3. incentives to fulfill internal control duties
46
what is risk assessment?
a process for identifying and analyzing risks that may prevent the organization from achieving its objectives
47
what are the 4 underlying principals related to risk assessment?
1. company should have clear objecctives in order to be able to identify and assess the risk relating to those objectives 2. should determine how the risks should be managed 3. should consider the potential for fraudulent behavior 4. should monitor changes that could impact internal controls
48
specific risk related to ____ should be considered as they can lead to substantial losses if ignored
IT
49
if IT systems fail, organizastions can be parayzed by what /(2)
1. the inability to retrieve info | 2. the use of unreliable info caused by processing errors
50
what are 7 factors that may lead to increased risk?
1. failure to meet prior objectives 2. quality of personnel 3. geographic dispersion of company operations 4. significance and complexity of core business processes 5. intro of new IT 6. economic downturns 7. entracnce of new competitors
51
what are 3 things managment does once it identifies a risk?
1. estimates the significance of that risk 2. assesses the likelihoood of the risk occurring 3. develops specific actions that need to be taken to reduce the risk to an acceptable level
52
what is the differences between management and the auditor with respect to risk assessment?
management- assesses risk as a part of designing and operating internal controls to minimize errors and fraud auditors- assess risk to decide the evidence needed in an audit
53
what are control activities?
the policies and procedures , in addition to those included in the other 4 control components, that help ensure that necessary actions are taken to address risks to the acheivement of the entitys objectives
54
what are the 3 underlying principles related to control activities?
1. develop control activities that mitigate risks to an acceptable level 2. developing general controls over technology 3. establishing appropriate policies, procedures, and expectations
55
what are the 5 types of typcial control activities?
1. adequate separation of duties 2. proper authorization of transactions and activities 3. adequate documents and records 4. physical control over assets and records 5. independent checks on performance
56
what 4 general guidelines for adequate separation of duties to prevent fraud and errors are especially significant to auditors?
1. separation of the custody of assets from accounting for those assets 2. separation of the authorization of transactions fro the custody of related assets 3. separation of operational responsibility from record keeping responsibility 4. separation of IT duties from user departments
57
to protect a company from embezzlement, a person who has custody of an asset should not ____ for that asset
account
58
to reduce embezzlement, you should prevent persons who authorize transactions from having control over the _____ ____
related asset
59
to ensure unbiased info, ____ ____ is typically the responsibility of a separate department reporting to the controller
record keeping
60
T/F | Every transaction must be properly authorized if controls are to be satisfactory
T
61
authorization can be either ____ or ____
general specific
62
what happens under general authorization?
managment establishes policies and subordinates are instructed to implemetn these general authorizations by approving all transactions within the limits set by the policy
63
Specific authorization applies to _____ transactions
individual
64
what is the distinction between authorization and approval?
authorization is a policy decision for eithe ra general class of transactions or a specific transaction and approval is the implementation of managments general authorization decisions
65
documents and records are the records upon which transactions are _____ and _____
entered | summarized
66
adequate documents are essential for correct _____ of transactions and control of _____
recording | assets
67
what are the principals that dictate the proper design and use of documents and records? (4)
1. prenumbered consecutively to facilitate control over missing documents and records and as aid in locating them when needed at later date. important for completeness assertion 2. prepared at time transaction takes place or as soon as possible after to minimize timing errors 3. designed for multiple use to minimize the number of different forms 4. constructed in manner that encourages correct preparation . can do by providing internal checks within form or record
68
what is a control closely related to documents and records?
chart of accounts
69
what does the chart of accounts do?
classifies transactions into individual B/S and I/S accounts
70
the chart of accounts is helpful in preventing _____ errors if it accurately describes which type of transactions should be in each account
classification
71
to maintain adequate internal control, ____ and ____ must be protected
assets | records
72
the most important type of protective measure for safeguarding assets and records is the use of ?
physical precautions
73
what is the control activity of independent check or internal verification on performance?
the careful and continuous review of the other four control activities
74
why does the need for independent checks arise?
because internal controls tend to change over time unless there is frequent review
75
independent checks on performance are necesarry beccause personnel are likely to forget or intntionally fail to follow procedure, or may become careless unless someone ____ and ____ their performance
observes | evaluates
76
personnel responsible for performing internal verification procedures must be independent of what?
those originally responsible for preparing the data
77
what is the least expensive means of internal verification?
separtion of duties
78
most accounting system involve technologies wehre many internal verification procedures are ____
automated
79
what is the purpose of an entitys accounting info and communication system?
to initiate, record, process, and report the entityes transactions and to maintain accountability for the related assets