chap 10 COSO components of internal control Flashcards
in the COSO framework,what are the 5 component of internal control that managment designs and implements to provide reasonable assurance that its control objectives will be met
- control environment
- control activities
- risk assessment
- information and communication
- monitoring
COSO represents the direct relationship between what ? (3)
- the 3 internal control objectives- reporting, operations, compliance
- the 5 components of internal control- control environmnet, control activities, risk assessment, information and communication, and monitoring activities
- the organizational structure - entity, division, operating unit, function
within each of the COSO components, there are broad ____ included that provide more ____ to support the respective component
principals
guidance
The COSO principals apply across all types of entitites and to each of the internal control _____
objectives
all of the 1 COSO principals must be present and functioning for internal controls to be ____
effective
what does the internal control component of control environment consist of?
the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity
the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity represents what component of COSO?
control environment
_____ _____ consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity
control environment
control environment consists of the _____, ______,
and _____ that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity
actions, policies, and procedures
control environment consists of the the actions, policies, and procedures that refect the overall ____ of top managment, directors, and owners of an entity about internal control and its importance to the entity
attitudes
control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top ____, _____, and _____ of an entity about internal control and its importance to the entity
managment, directors, and owners
control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about ____ ____ and its importance to the entity
internal control
control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its _____ to the entity
importance
the control environmnet serves as the ____ for the other 4 components
umbrella
which component of COSO is so important that unless it is effective , the other 4 components are unlikely to result in effective internal control, regardless of their quality
control environment
the essense of an effectively controlled organization lies in the what?
attitude of its board of directors and senior management
what are the 5 underlying principals related to the control environment component of COSO?
- committment to integrity and ethical values
- an independent board of directors that is responsible for oversight of internal controls
- establishing approprate structures and reporting lines
- a commitment to attracting, developing, and retaining competent personnel
- holding individuals accountable for internal control responsibilities
integrity and ethical values are the product of the entitity ethical and behavioral _____, as well as how they are _____ and _____ in practice
standards
communicated
reinforced
integrity and ethical values include managements actions to remove or reduce _____ and _____ that might prompt personnel to engage in dishonest, illegal, or unethical acts
incentives
temptations
integrity and ethical values include the communication of these standards to personnel through what 3 forms?
- policy statements
- codes of conduct
- by example
understanding managements ____ and ____ style gives the auditor a sense of managments attitude about internal control
philosophy
operating
who has the ultimate responsibility to make sure managment implements proper internal control and financial reporting processes?
the board of directors
an effective board of directors is independent of _____
management
an effective board of directors is independent of management and does what?
stays involved in and scrutinizes managements activities
the board must exercise oversight of the ____ and _____ of controls
design
performance
an active and objective board can reduce the likelihood that management will do what?
override existing controls
the board creates an audit committee that is charged with oversight responsiblility for what ?
financial reporting
the audit committee is responsible for maintaing ongoing communication with who?
external and internal auditors
the audit committe is responsible for approving what done by auditors for public companies?
audit and nonaudit services
maintaing ongoing communication with external and internal auditors allows the audit committee to do what?
discuss with the auditors matters that might relate to managment integrity or the appropriateness of actions taken by management
what aspects of the audit committee are important determinants of its ability to effectiely evaluate internal controls and FSs prepared by management? (2)
- their independence from management
2. their knowledge of financial reporting issues
the Sarbanes Oxley Act directed the SEC to require the national stock exchanges (NYSE and NASDAQ) to strengthen what?
audit committee requirements for public companies listing securities on the exchange
the national stock exchanges will not list any security from a company with an audit commitee that what? (5)
- is not comprised solely of independent directors
- is not soley responsible for hiring and firing the company’s auditors
- does not establish procedures for the receipt and treatment of complaints (whistleblowing) regarding accounting, internal control, or auditing matters
- does not have the ability to engage its own counsel and other advisors
- is inadequately funded
PCAOB standards require the auditor to evaluate the effectiveness of the audit committees what? (2)
- oversight of the companys external finacial reporting
2. oversight of the companys internal control over financial reporting
individuals responsible for overseeing the strategic direction of the entity and the accountability of the entity , inc luding financial reporting and disclosure are called what by auditing standards?
those charged with governance
in auditing standards, those charged with governance are responsible for what? (2)
- overseeing the strategic direction of the entity
2. overseeing the accountability of the entity , including financial reporting and disclosure
the entitys organizational structure defines the existing lines of _____ and ______
responsibility
authority
the organizational structure can consist of (4)?
- entity level
- division level
- operating units
- functions within those units
T/F
controls operate at each level of the corporate structure
T
by understanding the clients organizational structure, the auditor can learn the ____ and _____ elements of the business and perceive how controls are ______
management
functional
implemented
what is competence?
the knowledge and skills necessary to accomplish task that define an individuals job
if employees are ____ and _____ , other controls can be absent and reliable FSs will still result
competent
trustworthy
because of the importance of competent, trustworth personnel in providing effective control, the methods by which persons are ____ , _____, _____, _____, and _____ are an important part of internal control
hired trained evaluated promoted compensated
who is responsible for comminicating expectationa and holdign individuals accountable for internal control duties (2)?
managment
board of directgors
what 3 things make the accountability process effective?
- management setting the appropriate tone
- appropriate structures and reporting lines put in place
- incentives to fulfill internal control duties
what is risk assessment?
a process for identifying and analyzing risks that may prevent the organization from achieving its objectives
what are the 4 underlying principals related to risk assessment?
- company should have clear objecctives in order to be able to identify and assess the risk relating to those objectives
- should determine how the risks should be managed
- should consider the potential for fraudulent behavior
- should monitor changes that could impact internal controls
specific risk related to ____ should be considered as they can lead to substantial losses if ignored
IT
if IT systems fail, organizastions can be parayzed by what /(2)
- the inability to retrieve info
2. the use of unreliable info caused by processing errors
what are 7 factors that may lead to increased risk?
- failure to meet prior objectives
- quality of personnel
- geographic dispersion of company operations
- significance and complexity of core business processes
- intro of new IT
- economic downturns
- entracnce of new competitors
what are 3 things managment does once it identifies a risk?
- estimates the significance of that risk
- assesses the likelihoood of the risk occurring
- develops specific actions that need to be taken to reduce the risk to an acceptable level
what is the differences between management and the auditor with respect to risk assessment?
management- assesses risk as a part of designing and operating internal controls to minimize errors and fraud
auditors- assess risk to decide the evidence needed in an audit
what are control activities?
the policies and procedures , in addition to those included in the other 4 control components, that help ensure that necessary actions are taken to address risks to the acheivement of the entitys objectives
what are the 3 underlying principles related to control activities?
- develop control activities that mitigate risks to an acceptable level
- developing general controls over technology
- establishing appropriate policies, procedures, and expectations
what are the 5 types of typcial control activities?
- adequate separation of duties
- proper authorization of transactions and activities
- adequate documents and records
- physical control over assets and records
- independent checks on performance
what 4 general guidelines for adequate separation of duties to prevent fraud and errors are especially significant to auditors?
- separation of the custody of assets from accounting for those assets
- separation of the authorization of transactions fro the custody of related assets
- separation of operational responsibility from record keeping responsibility
- separation of IT duties from user departments
to protect a company from embezzlement, a person who has custody of an asset should not ____ for that asset
account
to reduce embezzlement, you should prevent persons who authorize transactions from having control over the _____ ____
related asset
to ensure unbiased info, ____ ____ is typically the responsibility of a separate department reporting to the controller
record keeping
T/F
Every transaction must be properly authorized if controls are to be satisfactory
T
authorization can be either ____ or ____
general specific
what happens under general authorization?
managment establishes policies and subordinates are instructed to implemetn these general authorizations by approving all transactions within the limits set by the policy
Specific authorization applies to _____ transactions
individual
what is the distinction between authorization and approval?
authorization is a policy decision for eithe ra general class of transactions or a specific transaction and approval is the implementation of managments general authorization decisions
documents and records are the records upon which transactions are _____ and _____
entered
summarized
adequate documents are essential for correct _____ of transactions and control of _____
recording
assets
what are the principals that dictate the proper design and use of documents and records? (4)
- prenumbered consecutively to facilitate control over missing documents and records and as aid in locating them when needed at later date. important for completeness assertion
- prepared at time transaction takes place or as soon as possible after to minimize timing errors
- designed for multiple use to minimize the number of different forms
- constructed in manner that encourages correct preparation . can do by providing internal checks within form or record
what is a control closely related to documents and records?
chart of accounts
what does the chart of accounts do?
classifies transactions into individual B/S and I/S accounts
the chart of accounts is helpful in preventing _____ errors if it accurately describes which type of transactions should be in each account
classification
to maintain adequate internal control, ____ and ____ must be protected
assets
records
the most important type of protective measure for safeguarding assets and records is the use of ?
physical precautions
what is the control activity of independent check or internal verification on performance?
the careful and continuous review of the other four control activities
why does the need for independent checks arise?
because internal controls tend to change over time unless there is frequent review
independent checks on performance are necesarry beccause personnel are likely to forget or intntionally fail to follow procedure, or may become careless unless someone ____ and ____ their performance
observes
evaluates
personnel responsible for performing internal verification procedures must be independent of what?
those originally responsible for preparing the data
what is the least expensive means of internal verification?
separtion of duties
most accounting system involve technologies wehre many internal verification procedures are ____
automated
what is the purpose of an entitys accounting info and communication system?
to initiate, record, process, and report the entityes transactions and to maintain accountability for the related assets