CRIME Flashcards
C.R.I.M.E. ?
Control Environment
Risk Assessment
Information and Communication
Monitoring Activities
Existing Control Activities
The Organization demonstrates a commitment to integrity and ethical values.
Control Environment
The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
Control Environment
Management establishes, with board oversight, structures, reporting lines, and appropriate authorities, and responsibilities in the pursuit of objectives
Control Environment
The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
Control Environment
The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives
Control Environment
The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives
Risk Assessment
The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed
Risk Assessment
The organization considers the potential for fraud in assessing risks to the achievement of objectives
Risk Assessment
The organization identifies and assesses changes that could significantly affect the system of internal control
Risk Assessment
The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
Control Activities
The organization selects and develops general control activities over technology to support the achievement of objectives.
Control Activities
The organization deploys control activities through policies that establish what is expected and procedures that put policies into action
Control Activities
The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
Information and Communication
The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
Information and Communication
The organization communicates with external parties regarding matters affecting the functioning of internal control.
Information and Communication
The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
Monitoring Activities
The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate
Monitoring Activities
Control Environment
1) Commitment to integrity and ethical values
2) BOD is independent and has oversight of Internal Controls Development
3) Mgmt establishes structure, authority, and responsibility
4) Org demonstrates commitment to competence
5) Org enforces accountability
Risk Assessment
1) Org specifies suitable objectives
2) Org identifies and analyzes risk
3) Org assesses fraud risk
4) Org identifies and analyzes significant changes
Information and Communication
1) Org uses relevant, quality information
2) Communicates internally responsibilities for Internal Control
3) Communicates Externally
Monitoring Activities
1) Conducts ongoing and/or separate evaluations
2) Evaluates and communicates deficiencies
Existing Control Activities
1) Selects and develops control activities to mitigate risks
2) Selects and develops general controls over IT
3) Deploys control activities through policies and procedures
