Corporate Governance Flashcards

To better understand COSO, ERM, etc.

1
Q

What is the most true assessment of internal control objectives of information systems?

A

Internal control provides reasonable, not absolute, assurance. An IT system may have inherent risks and cost-benefit trade-offs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the five major components of an internal control system?

A
  1. Control Environment
  2. Risk Assessment
  3. Information & Communication
  4. Monitoring
  5. Control Activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the most fundamental component of internal control?

A

Control Environment. Core or foundation of any system of internal control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three main objectives of COSO?

A
  1. Operations Objectives
  2. Reporting Objectives
  3. Compliance Objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe operations objectives.

A

Pertains to effectiveness and efficiency of entity’s operations. Includes operational and financial performance goals and safeguarding assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe reporting objectives.

A

Pertains to internal and external financial and non-financial reporting. Encompasses reliability, timeliness, transparency, and other terms set by regulators and standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe compliance objectives.

A

Pertains to adherence of LAWS and regulations applicable to the entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Organizational objectives relate to which fundamental component of internal control?

A

Risk assessment. Since objectives help to define the risks that are to be assessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the three types of internal control deficiencies?

A
  1. Control Deficiency (Least Serious)
  2. Significant Deficiency
  3. Material Weakness (Most Serious)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

According to COSO Internal Control Framework, when activities are outsourced to an outside party, are responsibilities transferred over?

A

No, responsibilities never transfer to outside party. Management is never relieved of internal control responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in?

A

Risks. This is the primary purpose of monitoring internal control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

COSO indicates that evaluators monitoring internal controls must have two qualities?

A

Competence & Objectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a compensating control?

A

A control that accomplishes the same objective as another control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which component of COSO is designed to ensure that internal control are continuing to operate effectively?

A

Monitoring. It is core, underlying control component in the COSO ERM model. Ensuring that internal controls continue to operate effectively is the primary purpose of monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is direct information?

A

Info that directly substantiates the operation of controls and is obtained by observing them or performing them in operation. Highly persuasive. Monitor more important risks using direct info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is indirect information?

A

Relevant information to assess if controls are operating effectively and risk is mitigated. Not provide explicit evidence if controls are operating effectively. Monitor less important risks w/ indirect information.

17
Q

What are four parts of monitoring for change continuum in order?

A
  1. Establish control baseline - Initial assessment to gain understanding of controls and risk. Baseline understanding of control effectiveness.
  2. Identify changes - Ongoing monitoring and separate evaluations to identify & address potential changes in control effectiveness.
  3. Change management - Verify controls remain effective despite identified changes in controls.
  4. Revalidate Control Baseline - When monitoring procedures use highly persuasive information. Conclude controls are effective to maintain control baseline. When using less persuasive information, monitoring will need to revalidate control operation through separate evaluations using persuasive info.
18
Q

The materials manager of a warehouse is given a new product line to manage with new inventory control procedures. Does this impact control baseline and change management?

A

Yes, this is substantial change so it will effect both control baseline and change management.

19
Q

Describe methods for reviewing control processes.

A
  1. Reviewing process - flowcharts, and control documentation
  2. Benchmarking assessments - Comparing organization controls w/ best practices
  3. Questionnaires
  4. Focus groups and interviews
20
Q

What are the three parts of COSO model: control Monitoring Process?

A
  1. Establish a foundation for monitoring - tone at the top, organizational structure.
  2. Design and execute monitoring procedures. Focused on persuasive info about operation of key controls. Prioritize and address meaningful risk to organization.
  3. Assess and report control evaluation results. Prioritize findings, report results to appropriate level, and take corrective action.
21
Q

What is change control?

A

Process used to request, review, specify, plan, approve, implement, and monitor change to a system.

22
Q
  1. Evaluating internal controls procedures in the primary responsibility of who?
  2. Designing or implementing control procedures is primary responsibility of who?
A
  1. Internal audit staff reporting to Board of Directors.

2. Accounting management who reports to CFO.

23
Q

Describe continuous, self, and supervisory monitoring.

A
  1. Continuous - A computer system that frequently monitors controls.
  2. Self - A human monitoring himself
  3. Supervisory - A human supervisor monitoring controls.
24
Q

A change control process should include several things such as?

A

Change request forms, approval process for changes, and appropriate documentation.

25
Q

List reasons why COSO control systems fail.

A
  1. They are not designed or implemented properly.
  2. They are properly designed but environmental changes overrides them and make them ineffective.
  3. They are properly designed but the way they operate has changed making them ineffective.
26
Q

According to COSO, the use of ongoing and separate evaluations to establish a new baseline after changes have been made can best be accomplished in which of the following stages of the monitoring-for-change continuum?

A

Change management. stage involves evaluating the design and implementation of changes and establishing a new baseline.

27
Q

What is a limitation for all control systems no matter how effectively designed/implemented they are?

A

Management override of controls

28
Q

Which COSO component is related to proper measurement of transaction?

A

Information and communication