COSO Flashcards
The process of identifying analyzing and managing the risks is
Risk assessment
The internal control that enables people to identify process and exchange info is
Information and communication
The policies and procedures that ensure that actions are taken to address the risks
Control activities
A control objective is
Compliance
Operations
Reporting
Compliance objectives concern laws and regulations
Compliance objective
The control environment is the
Core or foundation of any system of internal control
Organizational objectives risk assessment fraud and charge management relates to
Risk assessment
Establishing ongoing and periodic evaluations and assessing control deficiencies
Monitoring
Whistle blower hot line contributes to
Both internal and external organizational communications.
Establishing integrity and ethical values
Control environment
Risk reduction technology controls and policies
Control activities
Monitoring is one of the eight components of
Enterprise risk management framework
Strategic operations reporting and compliance objectives are part of the
Coso erm model
Risk response includes management decision to
Avoid accept reduce or share risk to develop a set of actions to align risks
The coso erm model has how many control components
8
A control that accomplishes the same objective as another control
Compensating
A condition where a internal control requires attention
Control deficiency
Targets against which effectiveness of internal control are evaluated
Control objective
Metrics that reflect critical success factors
Key performance indicator
Primary attributes of effective evaluators is
Competence and objectivity
System of internal control begins with
Setting organizational objectives
Increasing the reliability of financial reporting and compliance with laws and regulations is not an approach to monitor
Internal control
Establishing a baseline of internal control known to be effective is a
Sub activity of establishing a foundation for monitoring
Ongoing and separate evaluations to identify and address changes in internal control effectiveness is
Change identification
The four primary themes of attribute standards are
Purpose authority and responsibility
Independence and objectivity
Proficiency and due professional care
Quality assurance and improvement program
Periodic external assessments must occur every
5 years
The quality assurance and improvement program must include
Internal and external assessments
The person responsible for managing an organizations internal audit activity by the IIA is a
Chief executive audit
Purpose authority and responsibility is an
Attribute standard
The seven primary performance standards are
Managing the internal audit activity Nature of work Engagement planning Performing the engagement Communicating results Monitoring progress Resolution of senior managements acceptance of risks
Internal audits activity to focus on planning the engagement objectives scope timing and resources
Engagement planning
Engagement team focus on governance risk management and control processes associated with internal audit is
Nature of work
The internal auditors responsibilities for obtaining adequate basis of conclusions
Performing the engagement
Chief audit executive responsibilities for overseeing the internal audit
Managing the internal audit activity
Implementation standards distinguish requirements between
Assurance and consulting services
Attribute standards address characteristics of organizations
And individuals who perform internal audit services
Clarifying the concepts within the attribute and performance standards is
Interpretations of international standards
Measure the quality of the internal auditors conduct on delivering internal audit services
Performance standards
Mandatory guidance of IIA international Professional practices framework
Definition of internal auditing
Code of ethics
International standards
Strongly recommended guidance of international professional practice framework includes
Position papers
Practice advisors
Practice guides
argues decision makers weight losses more heavily then do gains
Prospect theory
Reduce the risk of incorrect processing in a newly installed computerized accounting system
Independently verify the transactions
Calculates and integrates the liking of losses with the amount of losses
Expected value
The limitation of enterprise risk managements (erm)
Can provide absolute assurance with respect to objective categories
Recognizing potential impediments to communication between system user and system designer is
Managing change in the system internal control
Mandatory guidance of IIA international professional practices
Definition of internal auditing
Code of ethics
International standards
Strongly recommended guidance is
Position papers
Practice advisories
Practice guides
The guidance between the requirements for assurance and consulting is
Implementation standards
The internal control concerns testing the system and it’s data
Monitoring
In the COSO cube model whets not a control objective
Monitoring is not a control objective
Compliance objectives concern laws and
Regulations
Sod stands for
Segregation of duties
The IIA definition of internal auditing standards does not mention
Cost of capital
