Chap 6 Internal Control Flashcards
ICFR
Internal Control of Financial Reporting
Framework
The body of guiding principles that from a template against which organization can evaluate a multitude of business practices.
COSO
Committee of Sponsoring Organization of the Treedway Commission, a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance
Supplemental publications to COSO’s Internal Control - Integrated Framework
- internal Control Over Financial Reporting -Guidance for Smaller Public Companies
- Guidance in Monitoring Internal Control Systems
- internal Control Over External Financial Reporting: a Compendium of Appeoaches and Examplea
The COSO, CoCo and Turnbull frameworks
Are used by an increasing number of organizations to evaluate the entire system of internal controls, not just internal controls over financial reporting
Internal Control (COSO’s definition)
A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the ache comment of objectives relating to operations, reporting and compliance
The components of internal control
Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities
Critical Success Factors
Success that much be accomplished for objectives to be achieved
Segregation of Duties
Diving control activities among different people to reduce the risk of error or inappropriate actions taken by any single individual
Actions Speak Louder Than Words
In addition to hardcopy, electronic and oral communication formats, management’s actions powerfully communicate what is important to the organization
Deficiency (COSO’s definition)
“A condition within an internal control system worthy of attention” that may represent a perceived potential, or a real short-coming, or opportunity to strengthen the internal control system to provide a greater likelihood that the entity’s objectives will be achieved
Tone at the Top
The entity-wide attitude of integrity and control consciousness, as exhibited be the most senior executives of an organization
Reasonable Assurance
A level of assurance that is supported by generally accepted auditing procedures and judgements
Inherent Limitations if Internal Control
The confines that relate to the limits if the human judgement, resource constraints, and the need to consider the cost of controls in the relation to expected benefits, the reality that breakdowns can occur, and the possibility of collusion or management override
Inherent Risk
The combination I’d internal and external risk factors in there pure uncontrollable state, or the gross risk that exists assuming that there are no internal controls in place
Risk Appetite
The amount of risk, on a broad level, an organization is willing to accept in the pursuit of its business objectives.
Risk Tolerance
The acceptable levels of risk size and variation relative to the achievement of objectives, which must align with the organization’s risk appetite
Controllable Risk
The portion of inherent risk that management can reduce through day-to-day operations and management activities
Residual Risk
The portion if the inherent risk that remains after management execute its risk responses (sometimes referred to as net risk)
Entry-Level Control
A control that operates across an entire entity and as such is not bond by or associated with individual processes.
Process-Level Control
An activity that operates within a specific process for the purpose of achieving process-level objectives
Transactional-level Control
An activity that reduces risk relative to a group or variety of operations-level tasks or transactions within an organization
Key Control
An activity designed to reduce risk associated with a critical business objective.
Secondary Control
an activity designed to either reduce the risk associated with business objectives that are not critical to the organizations survival or success or serve as a backup to a key control
Compensating Control
An activity that if key controls do not fully operate effectively, may help to reduce the related risk. A compensating control will not by itself reduce risk to an acceptable level
PCAOB
The U.S. Company Accounting Oversight Board