COSO LISA

Question 1

Control Environment - Tone at the Top

Chopper is the original, but here there’s only 5

Answer 1

Organizational Structure - set it up, lines of authority
Competency - Show commitment to by hiring competent people (human resources)
Oversight - With authority comes, responsibility, show that they exercise oversight
Accountability - Hold them accountable for their actions
Ethics and Integrity - Show that behavior is supported

A lot of verbs here, demonstrates commitment to integrity, exercises oversight responsibility, establishes organizational structure, demonstrates commitment to competence, enforces accountability

CHOPPER
Commitment to Competency - Ensure employees have proper skill set, especially those
Involved in control functions
Human Resource Policy and Procedures - policies that ensure staff is hired, trained, evaluated,
Compensated
Organizational Structure - Provides basis for running the place
Philosophy and Operating Style of Management - unethical mgt = unethical ee’s
Participation of the BOD or Audit Cmte
Ethical and Integrity Values - lead by example, code of conduct, whistle blower policies
Responsibility and Authority Assignment - job descriptions, org charts

Question 2

Risk Assessment (4)

ORFC
Be Objective about analyzing Risk and Fraud because things Change

Answer 2

Specifies Suitable Objectives - you need to know what u r trying to accomplish b4 you
Can specify what’s at risk, who r u reporting to, what laws must u comply with
Identifies and Analyzes Risk- those risks that emanate from sources inside the company, those
From outside the company, economy, regulatory, political, social, technological, at the
Transaction level, the effect and how you are going to mitigate the risk via getting rid of
The possibility entirely, sharing it, hedging, or establishing controls
Assesses Fraud Risk - Types, nature of, incentives for, opportunities, attitudes that develop
Over time and are a precursor
Identifies and Analyzes Significant Change - Are the assumptions underlying our conclusions
About risk still valid, or has our organization or the world changed significantly

Objectives
Risk Analysis (other than Fraud)
Fraud Risks
Change Risk

Question 3

Control Activities

PIPS

Answer 3

Performance Reviews
Information Processing - IT General vs. Applicaton Controls (input, processing, output)
Physical Controls
Segregation of Duties - Noah and the ARCCS. Authorization, Recording, Custody, Comparison

Question 4

COSO FIVE COMPONENTS

Answer 4

CRIME. BUT IN ORDER IT’S ERCIM

Control Activities
Risk Assessment
Information and Communication
Monitoring
Control Environment

Crime said ERiC I’M

Question 5

Monitoring Component Internal Control
What are the people called who monitor and what should they be?
Why do internal control systems fail?
What is the sequence of activities for monitoring IC?

Answer 5

Evaluators and they need to be competent and objective

Systems fail because controls or not designed or implemented properly or the environment has changed.

Sequence of Monitoring:
Baseline - Learn how system was designed and implemented
Change Identification - Ongoing and separate evals (2 categories) to identify and address changes in the Effectiveness of IC to initiate changes
Change Management - Determine when changes are needed and what types are effective
Control Revalidation/Update - New baseline of of the revised system

Question 6

Monitoring IC - 2nd step after baseline understaning - what are the two types of evaluations?

Answer 6

Ongoing Evaluations and Separate Evaluations

Not sure what the difference is, need to look up

Information systems have embedded modules that look for unusual or suspicious activity

Question 7

Limitations of Internal Control: COCO

Answer 7

Collusion
Override by Mgt
Cost/Benefit Constraints
Obsolescence: Change in Co.’s operation or size

Question 8

ENTERPRISE RISK MANAGEMENT - 4 COMPONENTS

Answer 8

ROCS
REPORTING
OPERATIONS
COMPLIANCE
STRATEGY

Question 9

Enterprise Risk Management - Control Environment

Answer 9

The internal environment component sets the tone of the entity. It reflects the entity’s (1) risk management philosophy, (2) risk appetite, (3) integrity, (4) ethical values, and (5) overall environment.

Risk Mgt Philosophy
Risk Appetite
Integrity
Ethical Values
Overall Environment

Question 10

ENTERPRISE RISK MANAGEMENT - Capabilities of ERM

Answer 10

The following are the categories of the capabilities of ERM:
Idiots: should say capabilities to hone or improve likelihood of
Risk appetite and strategy
Risk response decisions
Operational surprises and losses
Multiple and cross-enterprise risks
Opportunities
Deployment of capital
Although increased productivity may result from ERM, it is not directly a capability provided by ERM.

Question 11

ENTERPRISE RISK MANAGEMENT - Limitations of ERM Arise From

Answer 11

Limitations of ERM arise from the possibility of (1) faulty human judgment, (2) cost-benefit considerations, (3) simple errors or mistakes, (4) collusion, and (5) management override of ERM decisions.

The failure to achieve objectives is a risk of poor enterprise risk management.

Question 12

ENTERPRISE RISK MANAGEMENT: What’s a result of poor ERM

Answer 12

The failure to achieve objectives is a risk of poor enterprise risk management

Question 13

ENTERPRISE RISK MANAGEMENT - 8 COMPONENTS

Crime Plus What - need to figure out

Answer 13

eight components of the COSO ERM framework are internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring.
INTERNAL ENVIRONMENT
OBJECTIVE SETTING
EVENT IDENTIFICATION
RISK ASSESSMENT
RISK RESPONSE
CONTROL ACTIVITIES
INFORMATION AND COMMUNICATION
MONITORING