Corporate Governance Flashcards
To better understand COSO, ERM, etc.
What is the most true assessment of internal control objectives of information systems?
Internal control provides reasonable, not absolute, assurance. An IT system may have inherent risks and cost-benefit trade-offs.
What are the five major components of an internal control system?
- Control Environment
- Risk Assessment
- Information & Communication
- Monitoring
- Control Activities
What is the most fundamental component of internal control?
Control Environment. Core or foundation of any system of internal control.
What are the three main objectives of COSO?
- Operations Objectives
- Reporting Objectives
- Compliance Objectives
Describe operations objectives.
Pertains to effectiveness and efficiency of entity’s operations. Includes operational and financial performance goals and safeguarding assets.
Describe reporting objectives.
Pertains to internal and external financial and non-financial reporting. Encompasses reliability, timeliness, transparency, and other terms set by regulators and standards.
Describe compliance objectives.
Pertains to adherence of LAWS and regulations applicable to the entity.
Organizational objectives relate to which fundamental component of internal control?
Risk assessment. Since objectives help to define the risks that are to be assessed.
What are the three types of internal control deficiencies?
- Control Deficiency (Least Serious)
- Significant Deficiency
- Material Weakness (Most Serious)
According to COSO Internal Control Framework, when activities are outsourced to an outside party, are responsibilities transferred over?
No, responsibilities never transfer to outside party. Management is never relieved of internal control responsibilities.
According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in?
Risks. This is the primary purpose of monitoring internal control.
COSO indicates that evaluators monitoring internal controls must have two qualities?
Competence & Objectivity.
What is a compensating control?
A control that accomplishes the same objective as another control.
Which component of COSO is designed to ensure that internal control are continuing to operate effectively?
Monitoring. It is core, underlying control component in the COSO ERM model. Ensuring that internal controls continue to operate effectively is the primary purpose of monitoring.
What is direct information?
Info that directly substantiates the operation of controls and is obtained by observing them or performing them in operation. Highly persuasive. Monitor more important risks using direct info.