COSO

Question 1

Control Activities

Answer 1

Policies and Procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives

Question 2

Monitoring

Answer 2

It is necessary to monitor and test the system and its data in order to ensure the ongoing reliability of information.

Question 3

Information & Communication

Answer 3

The information and communication systems that enable an organization’s people to identify, process and exchange the information needed to manage and control operations.

Question 4

Risk Assessment

Answer 4

Process of identifying, analyzing and managing the risks involved in achieving the organization’s objectives.

Question 5

Control Environment

Answer 5

Management’s philosophy toward controls, organizational structure, system of authority and responsibility, personnel practices, policies and procedures.

Question 6

3 Objectives of Internal Control

Answer 6

1. Operations
2. Reporting
3. Compliance

Question 7

5 Components of Internal Control

Answer 7

1. Control Environment
2. Risk Assessment
3. Information &
   Communication
4. Monitoring
5. Control Activities

Question 8

Control Environment Principles

Answer 8

1. Integrity and Ethical Values
2. Board of Directors
3. Management
4. Competence
5. Accountability

Question 9

Risk Assessment Principles

Answer 9

1. Objectives
2. Assessment
3. Fraud
4. Change Management

Question 10

Control Activities Principles

Answer 10

1. Risk Reduction
2. Technology Controls
3. Policies

Question 11

Information & Communication Principles

Answer 11

1. Quality
2. Internal
3. External

Question 12

Monitoring

Answer 12

1. Ongoing & Periodic

2. Address Deficiencies

Question 13

The Control Monitoring Process

Answer 13

1. Establish a Foundation
2. Design and Execute
3. Assess and Report

Question 14

Control Monitoring Process Step 1: Establish a Foundation

Answer 14

• Tone at the Top
• Organizational Structure
• Baseline Understanding of IC
  Effectiveness

Question 15

Control Monitoring Process Step 2: Design and Execute

Answer 15

• Prioritize Risks
• Identify Controls
• Identify Persuasive
  Information About Key
  Controls
• Implement Monitoring
  Procedures

Question 16

Control Monitoring Process Step 3: Assess and Report

Answer 16

• Prioritize Findings
• Report Results to Appropriate
  Level
• Follow Up on Corrective
  Action

Question 17

Control Monitoring Process Methods

Answer 17

1. Reviewing Process
2. Benchmarking Process
3. Questionnaires
4. Focus Groups & Interviews

Question 18

4 Stages of Monitoring for Change Continuum

Answer 18

1. Establish Control Baseline
2. Change Identification
3. Control Revalidation
4. Change Management

Question 19

Monitoring for Change Continuum Stage 1: Establish a Control Baseline

Answer 19

*begin where controls are well
understood
*gaining an initial
understanding

Question 20

Monitoring for Change Continuum Stage 2: Change Identification

Answer 20

*risk assessment related to
changes in controls
*ID changes in control
operations, design or risks

Question 21

Monitoring for Change Continuum Stage 3: Control Revalidation

Answer 21

• reevaluate control
  effectiveness
• maintain a continuous control
  baseline

Question 22

Monitoring for Change Continuum Stage 4: Change Management

Answer 22

• establishes a new control
  baseline for the modified
  controls