COSO Framework

Question 1

COSO Internal Control

Answer 1

Internal Controls are Processes, designed, and implemented by an entity’s management, BOD, and other employees to provide reasonable assurance about the achievement of entity objectives.

Question 2

T/F COSO Internal Controls are rule based?

Answer 2

F - principals, tailored to the particular company in a particular industry

Question 3

Reporting Objectives

Answer 3

Timeliness, reliability, transparency of an entity’s external and internal financial and non-financial reporting

Question 4

Operational Objectives

Answer 4

Effectiveness and efficiency of an entity’s operations and ensuring assets of the organization are properly safeguarded

Question 5

Compliance Objectives

Answer 5

Reasonable assurance the entity will comply with applicable laws and regulations

Question 6

Control Environment

Answer 6

Tone at the top; includes processes, structures and standards that provide the foundation for an entity to establish a system of internal control

Question 7

What are principles related to Control Environment?

Answer 7

Competence
Accountability
Board Independence
Lines of Authority
Ethics

Question 8

Competence

Answer 8

Organization demonstrates commitment to attract, develop, and retain competent individuals as well as prepare for turnover and succession planning

Question 9

Accountability

Answer 9

Organizations need to hold employees accountable for their internal control responsibilities, need to measure performance, possible incentives and rewards as appropriate, disciplinary actions as necessary

Question 10

Board Independence

Answer 10

Board oversees internal control from initial development of controls to performance oversight

Question 11

Lines of Organizational Structure

Answer 11

Organizational structure is tailored to the entity and reporting relationships do no undermine the commitment to effective financial reporting and internal control

Question 12

Ethics

Answer 12

Commitment to ethics from top down through behavior, code of conduct

Question 13

Risk Assessment

Answer 13

Relates to objective setting, assessing risks, fraud, and change management

Question 14

What are the principles of Risk Assessment?

Answer 14

Objective Setting
Assessment of Risk
Fraud
Change Management

Question 15

Objective Setting

Answer 15

Understanding the organization’s mission, vision, and core values to ensure the objectives are aligned with the overall goals and direction of the organization

Question 16

Assessment of Risk

Answer 16

Assessment of operational, reporting, and compliance risks and determining how to respond

Question 17

Fraud Risk

Answer 17

Considers incentives and pressures to commit fraud and ability to rationalize it

Question 18

Fraud triangle

Answer 18

Incentives & pressure, opportunity, ability to rationalize

Question 19

Change Management

Answer 19

Assessing changes that could significantly impact the system of internal control such as changes in industry trends or key employees leaving the company

Question 20

Control Activities

Answer 20

Methods used to implement the response to risk

Question 21

What are the principles of control activities

Answer 21

Risk reduction
Technology controls
Policies

Question 22

Information and Communication

Answer 22

Enables internal control functions and emphasizes that a company must capture and exchange information needed to conduct, manage, and control operations; everyone also must understand their role

Question 23

Internal communication

Answer 23

communication within the entity to enable all personnel understand and execute their internal control responsibilities

Question 24

External communication

Answer 24

Board of directors have relevant information, IT security people provide information about networks, external auditors can provide information about accounting controls

Question 25

Monitoring

Answer 25

Process used to assess the quality of internal control performance over time through ongoing evaluations, separate evaluations, or a combination; essential for the effectiveness of internal control providing assurance that errors or deviations will be detected and corrected

Question 26

Ongoing evaluations

Answer 26

built into the business processes at different levels of the entity

Question 27

Separate evaluations

Answer 27

occur periodically, often by the internal audit department, vary in scope

Question 28

What does effective monitoring align with?

Answer 28

Risk profile

Question 29

What are the principles of monitoring

Answer 29

Ongoing/separate evaluations
Evaluate and communicate control deficiencies

Question 30

Evaluate and communicate control deficiencies

Answer 30

Evaluation and communication should happen quickly enough to parties responsible for taking corrective action

Question 31

Monitoring for change continuum

Answer 31

assess changes in internal control effectiveness

Question 32

What are the 4 steps for monitoring for change continuum

Answer 32

Establish a control baseline
Change identification
Control revalidation
Establish a new baseline

Question 33

Establish a control baseline

Answer 33

understanding the baseline condition before the change

Question 34

Change identification

Answer 34

Through risk assessment, finding what has changes and then respond to those changes by asking what controls we can put in place to minimze theft

Question 35

Control revalidation

Answer 35

monitor changes to make sure controls are effective

Question 36

Change management

Answer 36

Verify controls remain effectiveness by establishing a new baseline

Question 37

Enterprise Risk Management

Answer 37

Assists organizations in developing a comprehensive response to risk management; effectively deal with uncertainty, evaluate risk acceptance, and build value

Question 38

What are the components of ERM

Answer 38

Governance and culture
Strategy and objective setting
Performance
Review and revision
Information, communication, reporting

Question 39

What are the components of COSO

Answer 39

Control Enviornment
Risk Assessment
Information and Communication
Monitoring
Existing control activities

Question 40

What is the main objective of ERM?

Answer 40

Creating, preserving, and realizing value

Question 41

Governance and culture

Answer 41

Sets the organization’s tone, reinforcing the importance of and establishing oversight responsibilities for

Question 42

Principles of governance and culture

Answer 42

Board oversight
Establishing operating structues
Attract develop and retain capable individuals
Define desired culture
Demonstrate commitment to core values

Question 43

Principles of Strategy and objective setting

Answer 43

Evaluates alternative strategies
Formulates business objectives
Analyze business context
Define risk appetite

Question 44

Principles of Performance

Answer 44

Develops portfolio view
assesses severity of risk
prioritize risk
identifies risk events
implements risk response

Question 45

Principles of Review and revision

Answer 45

assess substantial change
pursue improvement
reviews risk and performance

Question 46

Principles of Information, communication, and reporting

Answer 46

leverage information and technology
communicate risk information
reports on risk culture and performance

Question 47

Strategy and objective setting

Answer 47

Evaluating alternative strategies and formulating business objectives based on vision of the organization and its mission

Question 48

Performance

Answer 48

identifies and select risk responses as result of prioritizing risk

Question 49

Review and revision

Answer 49

reviews performance and considers risk after the fact to determine whether the actions taken were effective in mitigating risk; re-visiting and improving efficiency