chap 10 COSO components of internal control Flashcards by Mandy Henderson

in the COSO framework,what are the 5 component of internal control that managment designs and implements to provide reasonable assurance that its control objectives will be met

control environment
control activities
risk assessment
information and communication
monitoring

How well did you know this?

Not at all

Perfectly

COSO represents the direct relationship between what ? (3)

the 3 internal control objectives- reporting, operations, compliance
the 5 components of internal control- control environmnet, control activities, risk assessment, information and communication, and monitoring activities
the organizational structure - entity, division, operating unit, function

How well did you know this?

Not at all

Perfectly

within each of the COSO components, there are broad ____ included that provide more ____ to support the respective component

principals

guidance

How well did you know this?

Not at all

Perfectly

The COSO principals apply across all types of entitites and to each of the internal control _____

objectives

How well did you know this?

Not at all

Perfectly

all of the 1 COSO principals must be present and functioning for internal controls to be ____

effective

How well did you know this?

Not at all

Perfectly

what does the internal control component of control environment consist of?

the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

How well did you know this?

Not at all

Perfectly

the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity represents what component of COSO?

control environment

How well did you know this?

Not at all

Perfectly

_____ _____ consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

control environment

How well did you know this?

Not at all

Perfectly

control environment consists of the _____, ______,
and _____ that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its importance to the entity

actions, policies, and procedures

How well did you know this?

Not at all

Perfectly

control environment consists of the the actions, policies, and procedures that refect the overall ____ of top managment, directors, and owners of an entity about internal control and its importance to the entity

attitudes

How well did you know this?

Not at all

Perfectly

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top ____, _____, and _____ of an entity about internal control and its importance to the entity

managment, directors, and owners

How well did you know this?

Not at all

Perfectly

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about ____ ____ and its importance to the entity

internal control

How well did you know this?

Not at all

Perfectly

control environment consists of the the actions, policies, and procedures that refect the overall attitudes of top managment, directors, and owners of an entity about internal control and its _____ to the entity

importance

How well did you know this?

Not at all

Perfectly

the control environmnet serves as the ____ for the other 4 components

umbrella

How well did you know this?

Not at all

Perfectly

which component of COSO is so important that unless it is effective , the other 4 components are unlikely to result in effective internal control, regardless of their quality

control environment

How well did you know this?

Not at all

Perfectly

the essense of an effectively controlled organization lies in the what?

attitude of its board of directors and senior management

How well did you know this?

Not at all

Perfectly

what are the 5 underlying principals related to the control environment component of COSO?

committment to integrity and ethical values
an independent board of directors that is responsible for oversight of internal controls
establishing approprate structures and reporting lines
a commitment to attracting, developing, and retaining competent personnel
holding individuals accountable for internal control responsibilities

How well did you know this?

Not at all

Perfectly

integrity and ethical values are the product of the entitity ethical and behavioral _____, as well as how they are _____ and _____ in practice

standards
communicated
reinforced

How well did you know this?

Not at all

Perfectly

integrity and ethical values include managements actions to remove or reduce _____ and _____ that might prompt personnel to engage in dishonest, illegal, or unethical acts

incentives

temptations

How well did you know this?

Not at all

Perfectly

integrity and ethical values include the communication of these standards to personnel through what 3 forms?

policy statements
codes of conduct
by example

How well did you know this?

Not at all

Perfectly

understanding managements ____ and ____ style gives the auditor a sense of managments attitude about internal control

philosophy

operating

How well did you know this?

Not at all

Perfectly

who has the ultimate responsibility to make sure managment implements proper internal control and financial reporting processes?

the board of directors

How well did you know this?

Not at all

Perfectly

an effective board of directors is independent of _____

management

How well did you know this?

Not at all

Perfectly

an effective board of directors is independent of management and does what?

stays involved in and scrutinizes managements activities

How well did you know this?

Not at all

Perfectly

the board must exercise oversight of the ____ and _____ of controls

design | performance

an active and objective board can reduce the likelihood that management will do what?

override existing controls

the board creates an audit committee that is charged with oversight responsiblility for what ?

financial reporting

the audit committee is responsible for maintaing ongoing communication with who?

external and internal auditors

the audit committe is responsible for approving what done by auditors for public companies?

audit and nonaudit services

maintaing ongoing communication with external and internal auditors allows the audit committee to do what?

discuss with the auditors matters that might relate to managment integrity or the appropriateness of actions taken by management

what aspects of the audit committee are important determinants of its ability to effectiely evaluate internal controls and FSs prepared by management? (2)

1. their independence from management | 2. their knowledge of financial reporting issues

the Sarbanes Oxley Act directed the SEC to require the national stock exchanges (NYSE and NASDAQ) to strengthen what?

audit committee requirements for public companies listing securities on the exchange

the national stock exchanges will not list any security from a company with an audit commitee that what? (5)

1. is not comprised solely of independent directors 2. is not soley responsible for hiring and firing the company's auditors 3. does not establish procedures for the receipt and treatment of complaints (whistleblowing) regarding accounting, internal control, or auditing matters 4. does not have the ability to engage its own counsel and other advisors 5. is inadequately funded

PCAOB standards require the auditor to evaluate the effectiveness of the audit committees what? (2)

1. oversight of the companys external finacial reporting | 2. oversight of the companys internal control over financial reporting

individuals responsible for overseeing the strategic direction of the entity and the accountability of the entity , inc luding financial reporting and disclosure are called what by auditing standards?

those charged with governance

in auditing standards, those charged with governance are responsible for what? (2)

1. overseeing the strategic direction of the entity | 2. overseeing the accountability of the entity , including financial reporting and disclosure

the entitys organizational structure defines the existing lines of _____ and ______

responsibility | authority

the organizational structure can consist of (4)?

1. entity level 2. division level 3. operating units 4. functions within those units

T/F | controls operate at each level of the corporate structure

by understanding the clients organizational structure, the auditor can learn the ____ and _____ elements of the business and perceive how controls are ______

management functional implemented

what is competence?

the knowledge and skills necessary to accomplish task that define an individuals job

if employees are ____ and _____ , other controls can be absent and reliable FSs will still result

competent | trustworthy

because of the importance of competent, trustworth personnel in providing effective control, the methods by which persons are ____ , _____, _____, _____, and _____ are an important part of internal control

``` hired trained evaluated promoted compensated ```

who is responsible for comminicating expectationa and holdign individuals accountable for internal control duties (2)?

managment | board of directgors

what 3 things make the accountability process effective?

1. management setting the appropriate tone 2. appropriate structures and reporting lines put in place 3. incentives to fulfill internal control duties

what is risk assessment?

a process for identifying and analyzing risks that may prevent the organization from achieving its objectives

what are the 4 underlying principals related to risk assessment?

1. company should have clear objecctives in order to be able to identify and assess the risk relating to those objectives 2. should determine how the risks should be managed 3. should consider the potential for fraudulent behavior 4. should monitor changes that could impact internal controls

specific risk related to ____ should be considered as they can lead to substantial losses if ignored

if IT systems fail, organizastions can be parayzed by what /(2)

1. the inability to retrieve info | 2. the use of unreliable info caused by processing errors

what are 7 factors that may lead to increased risk?

1. failure to meet prior objectives 2. quality of personnel 3. geographic dispersion of company operations 4. significance and complexity of core business processes 5. intro of new IT 6. economic downturns 7. entracnce of new competitors

what are 3 things managment does once it identifies a risk?

1. estimates the significance of that risk 2. assesses the likelihoood of the risk occurring 3. develops specific actions that need to be taken to reduce the risk to an acceptable level

what is the differences between management and the auditor with respect to risk assessment?

management- assesses risk as a part of designing and operating internal controls to minimize errors and fraud auditors- assess risk to decide the evidence needed in an audit

what are control activities?

the policies and procedures , in addition to those included in the other 4 control components, that help ensure that necessary actions are taken to address risks to the acheivement of the entitys objectives

what are the 3 underlying principles related to control activities?

1. develop control activities that mitigate risks to an acceptable level 2. developing general controls over technology 3. establishing appropriate policies, procedures, and expectations

what are the 5 types of typcial control activities?

1. adequate separation of duties 2. proper authorization of transactions and activities 3. adequate documents and records 4. physical control over assets and records 5. independent checks on performance

what 4 general guidelines for adequate separation of duties to prevent fraud and errors are especially significant to auditors?

1. separation of the custody of assets from accounting for those assets 2. separation of the authorization of transactions fro the custody of related assets 3. separation of operational responsibility from record keeping responsibility 4. separation of IT duties from user departments

to protect a company from embezzlement, a person who has custody of an asset should not ____ for that asset

account

to reduce embezzlement, you should prevent persons who authorize transactions from having control over the _____ ____

related asset

to ensure unbiased info, ____ ____ is typically the responsibility of a separate department reporting to the controller

record keeping

T/F | Every transaction must be properly authorized if controls are to be satisfactory

authorization can be either ____ or ____

general specific

what happens under general authorization?

managment establishes policies and subordinates are instructed to implemetn these general authorizations by approving all transactions within the limits set by the policy

Specific authorization applies to _____ transactions

individual

what is the distinction between authorization and approval?

authorization is a policy decision for eithe ra general class of transactions or a specific transaction and approval is the implementation of managments general authorization decisions

documents and records are the records upon which transactions are _____ and _____

entered | summarized

adequate documents are essential for correct _____ of transactions and control of _____

recording | assets

what are the principals that dictate the proper design and use of documents and records? (4)

1. prenumbered consecutively to facilitate control over missing documents and records and as aid in locating them when needed at later date. important for completeness assertion 2. prepared at time transaction takes place or as soon as possible after to minimize timing errors 3. designed for multiple use to minimize the number of different forms 4. constructed in manner that encourages correct preparation . can do by providing internal checks within form or record

what is a control closely related to documents and records?

chart of accounts

what does the chart of accounts do?

classifies transactions into individual B/S and I/S accounts

the chart of accounts is helpful in preventing _____ errors if it accurately describes which type of transactions should be in each account

classification

to maintain adequate internal control, ____ and ____ must be protected

assets | records

the most important type of protective measure for safeguarding assets and records is the use of ?

physical precautions

what is the control activity of independent check or internal verification on performance?

the careful and continuous review of the other four control activities

why does the need for independent checks arise?

because internal controls tend to change over time unless there is frequent review

independent checks on performance are necesarry beccause personnel are likely to forget or intntionally fail to follow procedure, or may become careless unless someone ____ and ____ their performance

observes | evaluates

personnel responsible for performing internal verification procedures must be independent of what?

those originally responsible for preparing the data

what is the least expensive means of internal verification?

separtion of duties

most accounting system involve technologies wehre many internal verification procedures are ____

automated

what is the purpose of an entitys accounting info and communication system?

to initiate, record, process, and report the entityes transactions and to maintain accountability for the related assets