Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

0-SFCPA-BEC > Enterprise Risk Management, Internal Controls, & Business Processes (17-27%) > Flashcards

Enterprise Risk Management, Internal Controls, & Business Processes (17-27%) Flashcards

1
Q

What is ERM (Enterprise Risk Management)?

A

A process effected by an entity’s board of directors, management and other personnel, applied in strategy setting & across enterprise, designed to identify potential events that may affect entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding achievement of entity objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of ERM (Enterprise Risk Management)?

A

To provide an all-encompassing framework for managing risk throughout all activities of entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is COSO?

A

COSO = Committee of Sponsoring Organization

Joint initiative to combat fraud - is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 components of COSO ERM Model?

A 
GRIPS 
1 - Governance & culture
2 - Strategy & objective-setting
3 - Performance
4 - Review & revision
5 - Information, communication, & reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 4 main objectives of COSO ERM Model?

A

ORCS
1 - STRATEGIC - high-level goals that align with and support the mission of entity
2 - OPERATIONS - effective and efficient use of entity’s resources
3 - REPORTING - reliable reporting
4 - COMPLIANCE - compliance with applicable laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the limitations of the COSO ERM Model?

A

SIMILAR to that of the INHERENT LIMITATIONS of an INTERNAL CONTROL system

  • human judgement and human error
  • cost vs. benefits
  • simple errors can lead to big mistakes
  • circumvention of controls or processes due to collusion
  • management override
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 5 Core Principles within the Governance & Culture Component in the COSO ERM Model? (G in GRIPS)

A

1 - EXERCISES BOARD RISK OVERSIGHT - of strategy and carries out governance responsibilities to support management in achieving strategy and business objectives
2 - ESTABLISHES OPERATING PROCEDURES - establishes operating structures in pursuit of strategy and business objectives
3 - DEFINES DESIRED CULTURE - defines the desired behaviors that characterize entity’s desired culture
4 - DEMONSTRATES COMMITMENT TO CORE VALUES - at all levels demonstrates a commitment to core values
5 - ATTRACTS, DEVELOPS and RETAINS CAPABLE INDIVIDUALS - committed to building human capital in alignment with strategy and business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 4 Core Principles within the Strategy & Objective-Setting Component in the COSO ERM Model? (S in GRIPS)

A

1 - ANALYZES BUSINESS CONTEXT - considers potential effects of business context on risk profile
2 - DEFINES RISK APPETITE - in the context of creating, preserving, and realizing value
3 - EVALUATES ALTERNATIVE STRATEGIES - and potential impact on risk profile
4 - FORMULATES BUSINESS OBJECTIVES - considers risk while establishing business objectives at various levels that align and support strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 5 Core Principles within the Performance Component in the COSO ERM Model? (P in GRIPS)

A

1 - IDENTIFIES RISK - that impacts performance of strategy and business objectives
2 - ASSESSES SEVERITY OF RISK
3 - PRIORITIZES RISKS - for a basis for selecting responses to risk
4 - IMPLEMENTS RISK RESPONSES - identifies and selects
5 - DEVELOPS PORTFOLIO VIEW - develops and evaluates portfolio view of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 3 Core Principles within the Review & Revision Component in the COSO ERM Model? (R in GRIPS)

A

1 - ASSESSES SUBSTANTIAL CHANGES - that may substantially affect strategy and business objectives
2 - REVIEWS RISK and PERFORMANCE
3 - PURSUES IMPROVEMENT IN ENTERPRISE RISK MANAGMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 3 Core Principles within the Information, Communication, and Reporting Component in the COSO ERM Model? (I in GRIPS)

A

1 - LEVERAGES INFORMATION SYSTEMS and TECHNOLOGY
2 - COMMUNICATES RISK INFORMATION - through channels to support
3 - REPORTS ON RISK, CULTURE and PERFORMANCE - at multiple levels and across the entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Expected Value for the ERM (Enterprise Risk Model)?

A

Calculates the likelihood of losses and the amount of losses (most helpful metric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is COSO’s definition of Internal Control?

A

A PROCESS that is affected by all members of an organization that is designed to provide REASONABLE ASSURANCE regarding the achievement of OBJECTIVES related to OPERATIONS, REPORTING and COMPLIANCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 5 Components of Internal Control System?

A 
CRIME -  
C - Control Activities (policies & procedures)
R - Risk Assessment
I - Information & Communication
M - Monitoring
E - Control Environment (tone at top)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 3 main objectives of COSO?

A

ORC (similar to 4 main objectives of COSO ERM Model - ORCS)
1 - OPERATIONS objectives - pertaining to effectiveness and efficiency, including operational and financial performance goals, and safeguarding assets against loss

2 - REPORTING objectives - pertaining to internal control and external financial and non-financial reporting which may encompass reliability, timeliness, transparency, or other terms set by regulators, standards, or entity’s policies

3 - COMPLIANCE objectives - pertaining to adherence to laws and regulations applicable to entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 6 limitations of Internal Control identified by COSO?

A

Similar to limitations of COSO ERM Model (Similar to INHERENT LIMITATIONS of an INTERNAL CONTROL SYSTEM)

1 - human judgement can be faulty & subject to bias
2 - breakdowns & failures occur as long as humans involved, even from simple errors
3 - management override
4 - management or other personnel can get around controls through collusion
5 - external events simply beyond management’s control
6 - objectives for controls must be suitable as a precondition to internal controls - unrealistic or improbable objectives can be set that internal controls cant fully address

17
Q

What are the 3 Core Principles within the Control Activities (C) Component of the Internal Control System?

A

1 - SELECTS & DEVELOPS - RISK - ACCEPTABLE LEVELS - selects & develops control activities that contribute to mitigation of risks to the achievement of objectives to acceptable levels
2 - SELECTS & DEVELOPS - TECHNOLOGY - OBJECTIVES - selects & develops general control activities over technology to support the achievement of objectives
3 - DEPLOYS - POLICIES - deploys control activities through policies that establish what is expected and procedures that put policies into action

18
Q

What are the 4 Core Principles within the Risk Assessment (R) Component of the Internal Control System?

A

1 - SPECIFIES OBJECTIVES - ID & ASSESSMENT - specifies objectives with sufficient clarity to enable identification and assessment of risk relating to objectives
2 - IDENTIFIES RISKS - OBJECTIVES - ANALYZES - identifies risks to the achievement of its objectives across entity and analyzes risks as a basis for determining how risks should be managed
3 - CONSIDERS POTENTIAL FOR FRAUD - considers potential for fraud in assessing risks to the achievement of objectives
4 - IDENTIFIES & ASSESSES CHANGES - identifies and assesses changes that could significantly impact system of internal control

19
Q

What are the 3 Core Principles within the Information & Communication (I) Component of the Internal Control System?

A

1 - OBTAINS, GENERATES, USES - QUALITY INFO - obtains or generates and uses relevant, quality information to support the functioning of internal control
2 - COMMUNICATES WITH INTERNAL PARTIES - internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control
3 - COMMUNICATES WITH EXTERNAL PARTIES - communicates with external parties regarding matters affecting functioning of internal control

20
Q

What are the 2 Core Principles within the Monitoring (M) Component of the Internal Control System?

A

1 - SELECTS, DEVELOPS, PERFORMS EVALUATIONS - selects, develops, and performs ongoing and/or separate evaluations to ascertain whether components of internal control are present and functioning
2 - EVALUTE & COMMUNICATE DEFICIENCIES - evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate

21
Q

What are the 5 Core Principles within the Control Environment (E) Component of the Internal Control System?

A

1 - COMMITMENT - INTEGRITY & ETHICAL VALUES - demonstrates commitment to integrity and ethical values
2 - BOD - INDEPENDENCE - board of directors demonstrates independence from management and exercises oversight of development and performance of internal control
3 - ESTABLISHMENTS FOR PURSUIT OF OBJECTIVES - establishes structures, reporting lines, and appropriate authorities and responsibilities in pursuit of objectives
4 - RETAIN COMPETENT INDIVIDUALS - demonstrates commitment to attract, develop, and retain competent individuals in alignment with objectives
5 - HOLDS INDIVIDUALS ACCOUNTABLE - holds individuals accountable for their internal control responsibilities in pursuit of objectives

22
Q

What is SOX? Why was SOX passed?

A

Sarbanes-Oxley Act of 2002 - Implements regulations, many regarding responsibilities of corporate management and external auditors

Passed because of large financial scandals

23
Q

What are some of the main corporate governance provisions of SOX?

A
  • public companies required to have audit committees
  • must be a financial expert on audit committee
  • at least 3 members on audit committee
  • each member on audit committee must be independent member of BOD
  • officer certifications (CEO/CFO) on all 10Q and 10K reports
  • rules regarding auditors (kinds of NAS can provide-can provide tax services if approved by audit committee)
  • PCAOB - created as result of SOX
24
Q

What is considered a Financial Expert for the Audit Committee requirement?

A
  • understanding of GAAP and financial statements
  • experience in preparing or auditing financial statements
  • experience with internal auditing controls
  • understanding of audit committee functions

if company does not have a ‘financial expert’, reason needs to be disclosed

25
Q

What are the functions of an accounting system?

A
  • track income and expenses
  • provide managerial reports, financial statements, reports prepared for external users, and provide adequate information in order to file tax returns
  • should address specific needs of the business
26
Q

What are the functions of a financial reporting system?

A
  • capture data about relevant transactions and events that occurred during the period
  • summarize and present this data in a format that’s understandable and useful to its users, usually for external users
27
Q

What is the information flow of the financial reporting system?

A
  • data is received about a transaction or event
  • transaction is recorded in a book of prime entry
  • summary totals from books of prime entry are posted to the general ledger accounts
  • ledger accounts summarized in a trial balance
  • trial balances are used to generate financial statements
28
Q

What are the categories of business process controls?

A
  • PREVENTIVE controls (prevent errors before occurs)
  • DETECTIVE controls (detect error after occurred)
  • CORRECTIVE controls (reverse effects of error)
  • FEEDBACK controls (results evaluated and adjusted)
  • GENERAL controls (apply to all parts & general in nature)
  • APPLICATION controls (specific parts)
  • AUTOMATED vs. MANUAL controls (automated-built into system, manual-rely on human actions)
29
Q

What are the 3 main types of tasks that should be separated for segregation of duties?

A

CAR -
1 - Custody (Access)
2 - Authorization (Execution)
3 - Record Keeping (Accounting)

or - AAA -
1 - Access (Custody)
2 - Authorization (Execution)
3 - Accounting (Record Keeping)

30
Q

What are some internal control objectives/procedures for receipt of cash?

A
  • cash/checks received, posted to remittance log (listing of all cash receipts)
  • transaction is also posted to cash receipts journal (all months cash receipts will be posted to that months receipts in general ledger)
  • different EEs should open mail, do accounting, prepare deposit of checks and reconcile bank
  • each cash receipt should be listed immediately when mail is open (bank lockbox system is best control)
  • ERs will bond EEs that handle cash receipts - insures against loss from illegal acts by EEs & reduces risk of dishonesty
  • prevention of lapping (cash received is stolen & shortage hidden) - different EEs should be receiving cash, posting payments received to AR ledger
31
Q

What are some internal control objectives/procedures for expenses/disbursements?

A
  • purchasing dept should make purchases using pre-numbered POs
  • receiving dept takes possession of deliveries
  • AP dept should handle accounting function & approve payments
  • only designated EEs should be able to make purchases for company
  • checks should require dual signatures
  • both receipts and disbursements bank recs should be prepared on a timely basis
  • all key documents should be pre-numbered and sequence should be accounted for as well
  • supporting documents should be stamped as cancelled as soon as they are paid
32
Q

What are some internal control objectives/procedures for payroll?

A
  • process consists of EE timecards or time sheets and then payroll is prepared and record in payroll journal, then checks given to EEs & months payroll is posted to general ledger (approval of time by supervisor is best control)
  • HR keeps records that contain pay rates and personnel files
  • treasury issues/signs/distributes checks
  • payroll dept calculates and does the record-keeping each period
33
Q

What are the 5 Trust Service Principles under Service Organization Controls (SOC)?

A 
SACPIP
1 - SECURITY
- firewalls
- intrusion detection
- multi-factor authentication
2 - AVAILABILITY
- performance monitoring
- disaster recovery
- incident handling
3 - CONFIDENTIALITY
- encryption
- access controls
- firewalls
4 - PROCESSING INTEGRITY
- quality assurance
- process monitoring
5 - PRIVACY
- access control
- multi-factor authentication
- encryption
34
Q

What are the 2 levels of SOC reports specified by SSAE #18?

A

Type 1 - describes systems and whether design of specified controls meet relevant trust principles

Type 2 - also addresses operational effectiveness of specified controls over a period of time (usually 9-12 months)

35
Q

What are the 3 types of SOC reports?

A

SOC1 - Internal Control over Financial Reporting (ICFR)
*for limited audience
SOC2 - Trust Services Criteria
*for limited audience
SOC3 - Trust Services Criteria for General Use
*for general public audience - less specific information

There are also specialized SOC reports for cybersecurity and supply chain

0-SFCPA-BEC (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions