COSO Framework

Question 1

3 objectives of Coso Framework

Answer 1

1. Operations
2. Reporting
3. Compliance

Question 2

Operations Objectives

Answer 2

effectiveness and efficiency of an entity’s operations. Includes financial and operational goals and ensuring assets of the org are safeguarded against potential losses

Question 3

Reporting Objectives

Answer 3

reliability, timeliness and transparency of entities external internal financial and nonfinancial reporting established by regulators

Question 4

Compliance Objectives

Answer 4

ensure the entity is adhering to all applicable laws and regulations

Question 5

5 components of internal control and short summary what they are about

Answer 5

1. Control Environment - tone at the top (ethics)
2. Risk assessment - FS misstated, not efficient, breaking law
3. Information and communications - Fair Accurate Complete Timely (FACT)
4. Monitoring - effectiveness of controls and report deficiencies
5. (existing) Control activities : polices / procedures to mitigate risk

Question 6

Control Environment Components

Answer 6

provides process, structure, and standards and foundation for entity to establish a system of internal control (EBOCA)

1. Commitment to Ethics and Integrity: POF establishing standards and conduct
2. Board independence and Oversight: POF establishing oversight responsibilites
3. Organizational Structure: POF establishing reporting lines, authorities and responsibilites that are appropriate to org objectives
4. Commitment to Competence: POF hire, develop, retain competent employees
5. Accountability: POF establishing performance measures, incentives, and rewards

Question 7

Risk Assessment Components

Answer 7

Make entity “SAFR”

1. Specific Objectives: identification and assessment of risk related to objectives created
2. Identify and Analyze risk: how risk should be managed
3. Consider potential Fraud. POF assessing incentives and pressures, opportunities and attitudes, and rationalizations
4. Identify and Assess Changes: POF assessing changes in the external environment, business model, and leadership

Question 8

Information and Communication components

Answer 8

“OIE”

1. Obtain and use information: org obtains or generates and uses relevant high quality ind to support internal controls
2. Internally communication info: POF flow of info up and down and across the org (internal audit, audit committee management)
3. Communicate with External Parties: POF management having open two-way external communication channels

Question 9

Monitoring Activities Components

Answer 9

SO D (monitor SOD or grass won’t grow)

1. Ongoing / Separate evaluations: to ascertain whether the components of internal control are present and functioning
2. Communications of Deficiencies: org evaluates and communicates internal control deficiencies in a timely manner

Question 10

(existing) control activities compoents

Answer 10

Entities policies and procedures to mitigate risk (CATP)

1. Select and develop Control Activities: to mitigate risk
2. Select and develop Technology controls: to support achievement objectives
3. Deployment of Policies and Procedures: put policies into action