Chapter 6

Question 1

What are the three objectives of COSO

Answer 1

Reliability of financial reporting
Effectiveness and efficiency of operations
Compliance with laws and regulations

Question 2

Who designs and enforces internal controls

Answer 2

The board of directors and management team

Question 3

What act requires management of all public company to issue an internal control report

Answer 3

Sarbanes Oxley
It must include an assessment of effectiveness and statement of responsibility and identify COSO as the framework.

Question 4

What is COSO

Answer 4

A framework used for evaluating the effectiveness of internal controls for financial reporting (IFCR)

Question 5

What are the 5 COSO components

Answer 5

Control environment
Risk assessment
Information and Communication
Control Activities
Monitoring of controls

Question 6

What is the control environment (COSO)

Answer 6

The basis for carrying out controls across an organization. Examples are company integrity and values, oversight responsibiity

Question 7

What is risk assessment (COSO)

Answer 7

A dynamic process for identifying and analyzing the risks to achieving the entity’s objectives. Example: fraud risk and significant change

Question 8

What is control activity (COSO)

Answer 8

Actions established by the policies and procedures that are performed at all levels of the entity. Examples: Selecting and developing any controls in the company and deploying them

Question 9

What is information and communication (COSO)

Answer 9

Internal and external communication that provides the organization with the
information to carry out their day-to day control activities and for personnel to understand their responsibilities. Example: internal and external communications

Question 10

What is Monitoring Activities (COSO)

Answer 10

The ongoing and separate evaluation used to ascertain whether each of the
five components are present and functioning.

Question 11

What are the inherent limitations of controls/COSO

Answer 11

Management override
Human error
Collusion

Question 12

What is an Integrated Audit

Answer 12

An integrated audit
combines a financial
statement audit with an audit
of internal control over
financial reporting (ICFR).

Question 13

What is a control defficiency

Answer 13

The design or implementation of internal controls doesn’t permit employees to prevent or detect mistatement

Question 14

What is a significant deficiency

Answer 14

A deficiency that is less severe than a material weakness but important enough to merit attention

Question 15

What is a material Weakness

Answer 15

A significant deficiency or combination of that results in a reasonably probability the control will not prevent or detect and a material misstatement.

Question 16

What is remediation of a material weakness

Answer 16

The process of correction a material weakness in the ICFR

Question 17

When you do give an adverse opinion on ICFR

Answer 17

When there is a material weakness in ICFR

Question 18

What is a management letter

Answer 18

The method for auditors to communicate internal matters in writing on a timely basis for those charged with governments. This includes internal control weaknesses, significant deficiencies, and other matters from the audit

Question 19

What is an auditor’s responsibility for communicating ICFR to management?

Answer 19

Auditors must communicate in writing any deficiencies or material weaknesses identified during the audit

Question 20

What is an entity level control?

Answer 20

Controls that exist at the organizational level like HR policies and attitude towards internal controls

Question 21

What are transaction level controls

Answer 21

Transaction-level controls are controls that affect a particular transaction or group of transactions.

Question 22

What is segregation of duties

Answer 22

Separating incompatible duties so one person doesn’t have all three of the following responsibilities
Authorizing
Safekeeping
Record keeping

Question 23

What is a SOC Report

Answer 23

Internal controls report users need to assess and address the risk associated with an outsourced service. SOC 3 reports you give to the public

Question 24

What is a SOC type 1

Answer 24

Expresses opinion on the fairness of the design of controls

Question 25

What is a SOC type 2

Answer 25

Expresses an opinion on the fairness of the design and operating effectiveness of internal controls

Question 26

What are IT general controls

Answer 26

The overall information processing environment. Example: data center, access controls. software changes

Question 27

What are IT application controls

Answer 27

Controls that apply to processing specific computer applications. Examples: Input controls for data like date formatting, error controls

Question 28

What is a financial total, hash total, and record count

Answer 28

Financial total is the summary of amounts for all records in a batch like total dollars of all vendors to be paid
Hash total is the summary or codes from a batch like employee ID
Record count is summary of all physical records like invoices

Question 29

What are examples of input controls

Answer 29

Missing data check
Verification controls
Valid character checks
Valid code check

Question 30

What is pilot and parallel testing

Answer 30

Pilot testing is when a new system is implemented in one part of the organization while the other locations rely on the old system.
Parallel testing is when the old and new systems operate simultaneously in all locations