Chapter 7 Flashcards
Internal control
the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved
Safeguard assets
prevent or detect unauthorized acquisitions, use or disposition
6 control objectives of internal control
safeguard assets
maintain records
provide accurate and reliable info.
promote and improve operational efficiency
encourage adherence to prescribed management policies
comply with applicable laws and regulations
preventive controls
deter programs before they arise
detective controls
discover problems that are not prevented
corrective controls
identify and correct problems as well as correct and recover from the resulting errors
general controls
make sure an organizations control environemnt is stable and well managed
applications controls
make sure transactions are processed correctly
4 levels of control to help management reconcile the conflict between creativity and control
- belief system
- boundary system
- diagnostic control system
- interactive control system
belief system
describes how the company creates values, helps employees understand management vision, communicates company core values, and inspires employees to live by those values
boundary system
helps employees act ethically by setting boundaries on employee behavior
diagnostic control system
measures monitors and compares actual company progress to budgets and performance goals
interactive control system
helps managers to focus subordinates attention on key strategic issues and be more involved in their decisions
threat
potential adverse consequences
exposure or impact
financial, operation, reputation, legal loss
likelihood or probability
estimated chance of occurrence
control limitations
management override
collusion of two or more parties
excessive controls will reduce efficiency
Foreign Corrupt Practices Act
companies must maintain internal control system. passed to prevent companies from bribing foreign officials to obtain business
Sarbanes-oxley act
public company management must report on the effectiveness of internal control. Independent auditors attest to these assertions
COBIT
consolidates control standards from 36 different sources into a single framework that allows management to benchmark security and control practices of IT environments, users to be assured that adequate IT security and control exist and auditors to substantiate their internal control opinions and to advice on IT security and control matters
COSO
provide guidance for evaluation of controls. AAA, AICPA, IIA, IMA, FEI.
COSO model - 5 element
Control activities Risk assessment Information and communication Monitoring Control environment
internal environment consists of
managements philosophy, operating style, risk appetite
BOD
commitment to integrity, ethical values, and competence
organizational structure
methods of assigning authority and responsibility
human resource standards
external influences
events
occurrences or incidents (positive or negative impact)
inherent risk
risk exists before any action (earthquake theft accidents)
residual risk
risk remaining after actions: reduce accept share avoid
control activities
policies, procedures, and rules that provide reasonable assurance that managments contorl objectives are met and their risk responses are carried out
general authorization
lower level employees or the systems approve routine transactions
specific authorization
significant or unusual transactions require senior manager review and approval
effective segregation of duties that should be seperated
authorization
recording
custody
