COSO Flashcards
What is COSO?
Created by five organizations to develop a internal control model; 3 dimensions
Why do we have internal control?; three reasons ORC
1)Effectiveness and efficiency of operations - OPERATIONS; 2) Reliability of financial reporting - REPORTING; 3)Compliance with laws & regulations - COMPLIANCE
Four types of reporting?
Financial/Non-financial; Internal/External
What are the five components of an internal control system? (CRIMC)
Control environment - Management’s philosophy, organizational structure
Risk assessment - Process of identifying, analyzing, and managing risks with achieving organization’s objectives
Information and communication
Monitoring - Ensure ingoing reliability of information
Control activities - Policies and procedures that ensure actions are taken to address risks related to achievement of management’s objectives
What is the COSO ERM model?
Expands upon regular COSO model
What are the four elements of COSO ERM representing objectives of managing risk (WHY?)
Strategic, operations, reporting, compliance (strategic is the new one)
What are the eight control components of COSO ERM? HINT: original has 5, this has 8
Internal Environment, Event Identification, Risk Assessment, Risk Response, Control Activities, Information & Communication, Monitoring
What are the four organizational levels of COSO ERM?
Entity, division, business unit, subsidiary
Two components of analyzing and decomposing risk
1) Likelihood of a loss; 2) Amount of loss
Expected value of a loss is the likelihood of a loss x amount
Why monitor internal controls?
Things change; lessen the effects of entropy (identify before they become problems)
Who are two attributes of those that evaluate internal controls?
Competence and Objectivity;
Competence - Evaluator’s knowledge of controls and processes
What are compensating controls?
Accomplish the same objective as another control
