Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Internal Audit > Chapter 6 > Flashcards

Chapter 6 Flashcards

1
Q

WHAT ARE THE 3 INTERNAL AUDIT FRAMEWORKS

A

1 - INTERNAL CONTROL INTEGRATED FRAMEWORK (COSO)
2 - GUIDANCE ON CONTROL (COCO - CANADIAN)
3 - INTERNAL CONTROL: REVISED GUIDE FOR DIRECTORS ON THE COMBINED CODE (TURNBULL REPORT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WHAT DOES SOX REQUIRE OF THE CFO AND CEO?

A

THE SEC REQUIRES THE CFO AND CEO OF PUBLICLY TRADED COMAPNIES OPINE ON THE DESIGN ADEQUACY AND OPERATING EFFECTIVENESS OF INTERNAL CONTROLS OVER FINANCIAL REPORTING (ICFR)

OPINION MUST BE BASED IN A SUITABLE FRAMEWORK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

REQUIREMENTS OF A SUITABLE CONTROL FRAMEWORK

A
  1. FREE FROM BIAS
  2. PERMIT CONSISTANT QUAL AND QUANT MEASURE OF A COMPANY’S IC ENVIRONMENT
  3. BE COMPLETE TO REDUCE OR ELIMINATE OMISSIONS
  4. BE RELEVANT TO A REVIEW OF ICFR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WHAT IS THE BENEFIT OF USING STANDARDS IN REVIEWING ICFR

A

PROMOTE COMPARABILITY OF THE IC REPORTS OF DIFFERENT COMPANIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

COSO DEFINITION OF INTERNAL CONTROL

A

A PROCESS, EFFECTED BY AN ENTITY’S BOD, MGMT, AND OTHER PERSONNEL, DESIGNED TO PROVIDE REASONABLE ASSURANCE REGARDING ACHIEVEMENT OF OBJECTIVES RELATING TO OPERATIONS, REPORTING AND COMPLIANCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WHO IS ULTIMATELY RESPONSIBLE FOR THE IC OF AN ORGANIZATION

A

THE CEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WHAT ARE THE 3 CATEGORIES OF COSO OBJECTIVES

A
  1. OPERATIONS OBJECTIVES
  2. REPORTING OBJECTIVES (INTERNAL & EXTERNAL)
  3. COMPLIANCE OBJECTIVES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

WHAT ARE THE 5 COMPONENTS OF IC COVERED BY THE COSO FRAMEWORK

A
  1. CONTROL ENVIRONMENT
  2. RISK ASSESSMENT
  3. CONTROL ACTIVITIES
  4. INFORMATION AND COMMUNICATION
  5. MONITORING ACTIVITIES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

WHAT IS THE CONTROL ENVIRONMENT COMPRISED OF

SOFT CONTROLS

A
  1. INTEGRITY AND ETHICAL VALUES OF THE ORG
  2. PARAMETERS ENABLING THE BOD TO CARRY OUT ITS GOV OVERSIGHT RESPONSIBILITIES
  3. ORG STRUCTURE AND ASSIGNMENT OF AUTH AND RESP
  4. PROCESS FOR RECRUITING THE RIGHT PEOPLE
  5. RIGOR AROUND PERFORMANCE MEASURES AND PAY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WHAT IS A PRECONDITION TO RISK ASSESSMENT

A

ESTABLISHMENT OF OBJECTIVES LINKED AT DIFFERENT LEVELS OF THE ENTITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WHAT IS INVOLVED IN RISK ASSESSMENT

A

PROCESS FOR IDENTIFYING AND ASSESSING RISKS TO THE ACHIEVEMENT OF OBJECTIVES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SUCCESSES THAT MUST BE ACCOMPLISHED FOR OBJECTIVES TO BE ACHIEVED

A

CRITICAL SUCCESS FACTORS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ACTIONS TAKEN BY MGMT, THE BOD, AND OTHER PARTIES TO MITIGATE RISK AND INCREASE LIKELIHOOD THAT ESTABLISHED OBJECTIVES AND GOALS WILL BE ACHIEVED

A

CONTROL ACTIVITIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

8 TYPES OF CONTROLS THAT ARE PRESENT IN A WELL DESIGNED IC ENVIRONMENT

A
  1. PERFORMANCE REVIEWS
  2. AUTHORIZATIONS
  3. IT ACCESS CONTROL ACTIVES
  4. DOCUMENTATION
  5. PHYSICAL ACCESS CONTROL ACTIVITIES
  6. IT APPLICATION
  7. INDEPENDENT VERIFICATION AND RECONCILIATIONS
  8. SEGREGATION OF DUTIES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

4 ACTIONS THAT SHOULD BE SEPARATED

A
  1. TRANSACTION AUTH
  2. ACCOUNTING FOR TRANS
  3. ASSET CONTROLLERSHIP
  4. RECONCILING FUNCTION
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

WHAT IS MEANT BY HIGH QUALITY INFORMATION?

A

RELEVANT
ACCURATE
TIMELY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

WHY MUST HIGH QUALITY INFORMATION BE COMMUNICATED?

A

INFORMATION MUST BE PROVIDED AS APPROPRIATE TO ACHIEVE OPERATING, REPORTING, AND COMPLIANCE REPORTING OBJECTIVE RESPONSIBILITIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

2 TYPES OF MONITORING ACTIVITIES

A 
ONGOING EVALUATIONS (CONTINUOUS MONITORING)
SEPARATE EVALUATIONS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

WHEN ARE MONITORING ACTIVITIES MOST EFFECTIVE

A

WHEN A LAYERED APPROACH IS USED (3 LINES OF DEFENSE MODEL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

WHAT IS INCLUDED IN LAYERED ACTIVITY MONITORING

A
  1. EVERYDAY ACTIVITIES PERFORMED BY MGMT OF A GIVEN AREA
  2. SEPARATE EVALUATION ON A REGULAR BASIS TO ENSURE DEFICIENCIES ARE ADDRESSED AND FIXED TIMELY
  3. INDEPENDENT ASSESSMENT BY OUTSIDE AREA OR FUNCTION
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

WHO IS ULTIMATELY RESPONSIBLE FOR ENSURING AN IC ENVIRONMENT IS PUT INTO PLACE

A

BOD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

WHAT IS THE ROLE OF MGMT (CEO) IN THE IC ENVIRONMENT

A
  1. PRIMARY RESPONSIBILITY FOR THE SYSTEM OF IC
  2. THE IC ENVIRONMENT IS ADEQUATELY DESIGNED AND IS OPERATING EFFECTIVELY
  3. TONE AT THE TOP IS SET BY UPPER LEVEL MGMT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

WHAT IS THE ROLE OF THE BOD IN THE IC ENVIRONMENT

A
  1. OVERSEES MGMT AND PROVIDES DIRECTION REGARDING THE IC SYSTEM
  2. ULTIMATELY HAS RESP FOR OVERSEEING THE SYSTEM OF IC
24
Q

WHAT IS THE ROLE OF THE INTERNAL AUDITOR IN THE IC ENVIRONMENT

A
  1. VERIFYING MGMT HAS MET IS RESPONSIBILITIES FOR IC

2. INDEPENDENTLY VALIDATE MGMT ASSERTIONS OF THE IC ENVIRONMENT

25
Q

WHAT IS THE IMPORTANCE OF ALL COMPANY PERSONNEL IN THE IC ENVIRONMENT

A

IC IS THE RESPONSIBILITY OF EVERYONE IN THE ORG AND CONSTITUTES AN EXPLICIT OR IMPLICIT PART ON EVERYONE’S JOB DESCRIPTION

26
Q

WHAT IS THE ROLE OF THE INDEPENDENT OUTSIDE AUDITOR IN THE IC ENVRIONMENT

A
  1. NOT RESPONSIBLE FOR THE IC ENVIRONMENT

2. PROVIDE AND INDEPENDENT, OBJECTIVE OPINION OVER THE EFFECTIVENESS OVER ICFR

27
Q

EXAMPLES OF LIMITATIONS OF THE IC SYSTEM

A
  1. OBJECTIVES AREN’T ESTABLISHED
  2. HUMAN JUDGEMENT IN DECISION MAKING CAN BE FAULTY
  3. SIMPLE ERRORS CAN OCCUR
  4. ABILITY OF MGMT TO OVERRIDE INTERNAL CONTROLS
  5. CIRCUMVENTION OF CONTROLS BY COLLUSION
  6. EXTERNAL EVENTS BEYOND THE CONTROL OF THE ORG
  7. COST BENEFIT LIMITATIONS
28
Q

GROSS RISK THAT EXISTS ASSUMING THERE ARE NO IC FEATURES IN PLACE

A

INHERENT RISK

29
Q

HOW ARE RISKS MEASURED

A

IMPACT

LIKELIHOOD

30
Q

PORTION OF INHERENT RISK THAT MGMT CAN INFLUENCE AND REDUCE BY DAT TO DAY BUSINESS ACTIVITIES

A

CONTROLLABLE RISK

31
Q

PORTION OF INHERENT RISK THAT REMAINS AFTER MGMT EXECUTES ITS RISK RESPONSES

A

RESIDUAL RISK

32
Q

HOW IS RESIDUAL RISK CONTROLLED

A
  1. IF THE RESIDUAL RISK IS BELOW THE ORG’S RISK APPETITE, THE IC SYSTEM IS OPERATING AT AN ACCEPTABLE LEVEL
  2. IF THE RESIDUAL RISK EXCEEDS THE RISK APPETITE, THE SYSTEM SHOULD BE REEVALUATED (SHARE OR TRANSFER A PORTION OF THE RESIDUAL RISK)
33
Q

EXAMPLES OF LIMITATIONS OF THE IC SYSTEM

A
  1. OBJECTIVES AREN’T ESTABLISHED
  2. HUMAN JUDGEMENT IN DECISION MAKING CAN BE FAULTY
  3. SIMPLE ERRORS CAN OCCUR
  4. ABILITY OF MGMT TO OVERRIDE INTERNAL CONTROLS
  5. CIRCUMVENTION OF CONTROLS BY COLLUSION
  6. EXTERNAL EVENTS BEYOND THE CONTROL OF THE ORG
  7. COST BENEFIT LIMITATIONS
34
Q

GROSS RISK THAT EXISTS ASSUMING THERE ARE NO IC FEATURES IN PLACE

A

INHERENT RISK

35
Q

HOW ARE RISKS MEASURED

A

IMPACT

LIKELIHOOD

36
Q

PORTION OF INHERENT RISK THAT MGMT CAN INFLUENCE AND REDUCE BY DAT TO DAY BUSINESS ACTIVITIES

A

CONTROLLABLE RISK

37
Q

PORTION OF INHERENT RISK THAT REMAINS AFTER MGMT EXECUTES ITS RISK RESPONSES

A

RESIDUAL RISK

38
Q

HOW IS RESIDUAL RISK CONTROLLED

A
  1. IF THE RESIDUAL RISK IS BELOW THE ORG’S RISK APPETITE, THE IC SYSTEM IS OPERATING AT AN ACCEPTABLE LEVEL
  2. IF THE RESIDUAL RISK EXCEEDS THE RISK APPETITE, THE SYSTEM SHOULD BE REEVALUATED (SHARE OR TRANSFER A PORTION OF THE RESIDUAL RISK)
39
Q

CONTROLS THAT HAVE A PERVASIVE EFFECT ON THE ACHIEVEMENT OF OVERALL OBJECTIVES

A

ENTITY LEVEL CONTROLS

40
Q

EXAMPLES OF ENTITY LEVEL CONTROLS

A
  1. CONTROLS RELATED TO THE CONTROL ENVIRONMENT
  2. CONTROLS OVER MGMT OVERRIDE
  3. CENTRALIZED PROCESSING AND CONTROLS LIKE SHARED SERVICE ENVIRONMENTS
  4. CONTROLS MONITORING RESULTS OF OPERATIONS
  5. CONTROLS OVER PERIOD END FINANCIAL REPORTING
41
Q

2 CATEGORIES OF ENTITY LEVEL CONTROLS

A

GOVERNANCE CONTROLS

MGMT OVERSIGHT CONTROLS

42
Q

1 CATEGORY OF ENTITY LEVEL CONTROLS ESTABLISHED BY THE BOARD AND EXECUTIVE MGMT TO INSTITUTE THE ORG’S CONTROL CULTURE AND PROVIDE GUIDANCE THAT SUPPORTS STRATEGIC OBJECTIVES

A

GOVERNANCE CONTROLS

43
Q

1 CATEGORY OF ENTITY LEVEL CONTROLS ESTABLISHED BY MGMT AT THE BUSINESS UNIT LEVEL TO REDUCE RISK TO THE BUSINESS UNIT AND INCREASE THE PROBABILITY THAT BUSINESS UNIT OBJECTIVES ARE ACHEIVED

A

MGMT OVERSIGHT CONTROLS

44
Q

CONTROLS ESTABLISHED BY PROCESS OWNERS TO REDUCE THE RISK THAT THREATENS THE ACHIEVEMENT OF PROCESS OBJECTIVES

A

PROCESS LEVEL CONTROLS

45
Q

EXAMPLES OF PROCESS LEVEL CONTROLS

A
  1. RECONCILIATION OF KEY ACCOUNTS
  2. PHYSICAL VERIFICATION OF ASSETS
  3. PROCESS EMPLOYEE SUPERVISION AND PERFORMANCE EVALUATIONS
  4. MONITORING/OVERSIGHT OF SPECIFIC TRANSACTIONS
46
Q

CONTROLS MORE DETAILED THAN PROCESS LEVEL CONTROLS AND REDUCE RISK RELATIVE TO A GROUP

A

TRANSACTION LEVEL CONTROLS

47
Q

EXAMPLES OF TRANSACTION LEVEL CONTROLS

A
  1. AUTHORIZATIONS
  2. DOCUMENTATION
  3. SEGREGATION OF DUTIES
  4. IT APPLICATION CONTROLS (INPUT)
48
Q

CONTROLS DESIGNED TO REDUCE PRIMARY RISKS ASSOCIATED WITH BUSINESS OBJECTIVES

A

KEY CONTROLS

49
Q

CONTROLS DESIGNED TO EITHER MITIGATE RISK THAT ARE NOT KEY TO BUSINESS OBJECTIVES OR PARTIALLY REDUCE THE LEVEL OF RISK WHEN A KEY CONTROL DOES NOT OPERATE EFFECTIVELY

A

SECONDARY CONTROLS

50
Q

CONTROL DESIGNED TO SUPPLEMENT KEY CONTROLS THAT ARE EITHER INEFFECTIVE OR CANNOT FULLY MITIGATE A RISK OR GROUP OF RISKS BY THEMSELVES

A

COMPENSATING CONTROLS

51
Q

DIFFERENCE IN PREVENTIVE AND DETECTIVE CONTROLS

A

PREVENTIVE CONTROLS PREVENT EVENTS FROM OCCURRING THAT ARE INCORRECT. CAN BE DIFFICULT TO DESIGN BECAUSE OF EFFICIENCY AND EFFECTIVENESS

DETECTIVE CONTROLS ALLOW YOU TO SEE ERRORS THAT HAVE ALREADY OCCURED

52
Q

CONTROLS DESIGNED TO EITHER MITIGATE RISK THAT ARE NOT KEY TO BUSINESS OBJECTIVES OR PARTIALLY REDUCE THE LEVEL OF RISK WHEN A KEY CONTROL DOES NOT OPERATE EFFECTIVELY

A

SECONDARY CONTROLS

53
Q

CONTROL DESIGNED TO SUPPLEMENT KEY CONTROLS THAT ARE EITHER INEFFECTIVE OR CANNOT FULLY MITIGATE A RISK OR GROUP OF RISKS BY THEMSELVES

A

COMPENSATING CONTROLS

54
Q

DIFFERENCE IN PREVENTIVE AND DETECTIVE CONTROLS

A

PREVENTIVE CONTROLS PREVENT EVENTS FROM OCCURRING THAT ARE INCORRECT. CAN BE DIFFICULT TO DESIGN BECAUSE OF EFFICIENCY AND EFFECTIVENESS

DETECTIVE CONTROLS ALLOW YOU TO SEE ERRORS THAT HAVE ALREADY OCCURED

55
Q

TWO TYPES OF INFORMATION SYSTEMS CONTROLS

A

GENERAL COMPUTING CONTROLS

APPLICATION CONTROLS

56
Q

INFO SYS CONTROL APPLIED TO MANY APPLICATION SYSTEMS AND HELP ENSURE CONTINUED PROPER OPERATION

A

GENERAL COMPUTING CONTROLS

57
Q

COMPUTERIZED STEPS WITHIN THE APPLICATION SOFTWARE AND RELATED MANUAL PROCEDURES TO CONTROL THE PROCESSING OF VARIOUS TYPES OF TRANSACTIONS

A

APPLICATION CONTROLS

Internal Audit (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions