Chapter 7: Internal Control Flashcards
Internal Control
the PROCESS implemented by the board of directors, management, and those under their direction to PROVIDE REASONABLE ASSURANCE that control objectives are achieved.
Control objectives of Internal Controls (6) PPECSM
- Safeguard assets
- Maintain records in sufficient detail to report assets accurately and fairly
- Provide accurate and reliable information
- Promote and improve operational efficiency
- encourage adherence to prescribed management policies
- comply with applicable laws and regulations
Threat
potential adverse consequence
Exposure/impact
financial, operation, reputation, legal loss
Likelihood/probability
estimated chance of occurrence
Control limitations
management override
collusion of two or more parties
excessive controls will reduce efficiency
Preventive Controls
prevents threats from occurring.
Detective Controls
Discover problems if not prevented
Corrective Controls
correct and recover problems.
Foreign Corrupt Practices Act
Companies must maintain internal control system. It was created to prevent companies from bribing foreign officials to obtain businesses. AICPA into FCPA
Sarbnes-Oxley Act (SOX)
Public company management must report on the effectiveness of internal controls. Independent auditors attest to these assertions. (prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud).
General Controls
common controls across all IT hardware, software, networks. Make sure an organization’s control environment is stable and well managed ( Security, new software implementation)
Application Controls
controls coded into software programs. Make sure transactions are processed correctly (data entry edits/validation, processing checks.
Control Objectives for Information and Related Technology (COBIT) focuses on
IT operations
Internal Control- INtegrated Framework (IC)
first control framework of COSO: widely accepted as the authority of internal controls and is incorporated into policies, rules, and regulations used to control business activities
Enterprise Risk Management - INtegrated Framework (ERM)
second control framework of COSO: the process the board of directors ad management use to set strategy, identify events that may affect the entity, asses and manage risk, and provide reasonable assurance the compnay achieves its objectives and goals.
5 COSO Elements:
- Control Activities
- Risk Assessment
- Information and communication
- Monitoring
- Control Environment
CRIME
Inherent risk
risk exists before any action (earthquake, theft, accidents)
Residual Risk
Risk remaining after actions are taken.
Reduce Risk
implement controls/mitigation with effective system of internal controls
Accept Risk
Do nothing, accept the likelihood
Share Risk
Share or transfer to someone else by buying insurance outsourcing an activity, or entering into hedging transactions
Avoid Risk
do not engage in risky business. A company may require the company to sell a division, exit a product line, or not expand as anticipated.
Control Activities
policies, procedures, and rules that provide reasonable assurance that management’s control objectives are met and their risk responses are carried out. (reconcile bank account, approve customer credit, separate cash receipts from posting to accounts)
General Authorization
lower level employees or the systems approve routine transactions
Specific Authorization
Significant or unusual transactions require senior manager review and approval