Chapter 7: Internal Control

Question 1

Internal Control

Answer 1

the PROCESS implemented by the board of directors, management, and those under their direction to PROVIDE REASONABLE ASSURANCE that control objectives are achieved.

Question 2

Control objectives of Internal Controls (6) PPECSM

Answer 2

1. Safeguard assets
2. Maintain records in sufficient detail to report assets accurately and fairly
3. Provide accurate and reliable information
4. Promote and improve operational efficiency
5. encourage adherence to prescribed management policies
6. comply with applicable laws and regulations

Question 3

Threat

Answer 3

potential adverse consequence

Question 4

Exposure/impact

Answer 4

financial, operation, reputation, legal loss

Question 5

Likelihood/probability

Answer 5

estimated chance of occurrence

Question 6

Control limitations

Answer 6

management override
collusion of two or more parties
excessive controls will reduce efficiency

Question 7

Preventive Controls

Answer 7

prevents threats from occurring.

Question 8

Detective Controls

Answer 8

Discover problems if not prevented

Question 9

Corrective Controls

Answer 9

correct and recover problems.

Question 10

Foreign Corrupt Practices Act

Answer 10

Companies must maintain internal control system. It was created to prevent companies from bribing foreign officials to obtain businesses. AICPA into FCPA

Question 11

Sarbnes-Oxley Act (SOX)

Answer 11

Public company management must report on the effectiveness of internal controls. Independent auditors attest to these assertions. (prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud).

Question 12

General Controls

Answer 12

common controls across all IT hardware, software, networks. Make sure an organization’s control environment is stable and well managed ( Security, new software implementation)

Question 13

Application Controls

Answer 13

controls coded into software programs. Make sure transactions are processed correctly (data entry edits/validation, processing checks.

Question 14

Control Objectives for Information and Related Technology (COBIT) focuses on

Answer 14

IT operations

Question 15

Internal Control- INtegrated Framework (IC)

Answer 15

first control framework of COSO: widely accepted as the authority of internal controls and is incorporated into policies, rules, and regulations used to control business activities

Question 16

Enterprise Risk Management - INtegrated Framework (ERM)

Answer 16

second control framework of COSO: the process the board of directors ad management use to set strategy, identify events that may affect the entity, asses and manage risk, and provide reasonable assurance the compnay achieves its objectives and goals.

Question 17

5 COSO Elements:

Answer 17

1. Control Activities
2. Risk Assessment
3. Information and communication
4. Monitoring
5. Control Environment
   CRIME

Question 18

Inherent risk

Answer 18

risk exists before any action (earthquake, theft, accidents)

Question 19

Residual Risk

Answer 19

Risk remaining after actions are taken.

Question 20

Reduce Risk

Answer 20

implement controls/mitigation with effective system of internal controls

Question 21

Accept Risk

Answer 21

Do nothing, accept the likelihood

Question 22

Share Risk

Answer 22

Share or transfer to someone else by buying insurance outsourcing an activity, or entering into hedging transactions

Question 23

Avoid Risk

Answer 23

do not engage in risky business. A company may require the company to sell a division, exit a product line, or not expand as anticipated.

Question 24

Control Activities

Answer 24

policies, procedures, and rules that provide reasonable assurance that management’s control objectives are met and their risk responses are carried out. (reconcile bank account, approve customer credit, separate cash receipts from posting to accounts)

Question 25

General Authorization

Answer 25

lower level employees or the systems approve routine transactions

Question 26

Specific Authorization

Answer 26

Significant or unusual transactions require senior manager review and approval