Evaluation of the Control Environment Flashcards
CoCo definition of ‘control environment’?
The elements of an org that, taken together, support people in the achievement of objectives. The elements include resources, systems, processes, culture. structure and tasks
COSO definition of ‘control environment’?
Process effected by an entity’s directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- effective and efficient operations
- reliability of financial reporting
- compliance with applicable laws and regulations
IIA definition of ‘control environment’?
Set of processes, functions, activities, sub-systems and people who are grouped together or consciously segregated to ensure the effective achievement of objectives or goals.
What term is used to describe internal control by IIA?
Control environment
What term is used to describe internal control by COSO?
internal environment
What term is used to describe internal control by ISO31000?
RM context
What is the definition of ‘control’ given in the ISO Guide 73?
A measure intended, or assumed, to modify risk
What is the purpose of internal control?
- promote operational effectiveness and efficiency (CoCo)
- enhance reliability of internal and external reporting (CoCo)
- ensure compliance with laws and regulations (CoCo)
- safeguard and protect assets
- safeguard the interests of stakeholders
- ensure accurate records are kept
- adherence to policies, protocols and procedures
LILAC and CoCo models will be used to drive ?
? will be measure using 4Ns.
Maturity
Describe the 4 stages of the CoCo Framework
A clear purpose and sense of direction is set out
Commitment of individuals is guided by an understanding of purpose
Commitment supported by capability (sense of competence) leads to action
Monitoring action and learning from the internal and external environment facilitates improvement
What element of COSO does CoCo make up?
Internal environment
What other model of risk awareness is CoCo comparable to?
LILAC (leadership, involvement, learning, accountability, communication)
Describe the PURPOSE component of the CoCo framework
- objectives established and communicated
- significant internal and external risks assessed
- policies established communicated and practiced
- plans established and communicated, with performance indicators/targets
Describe the COMMITMENT component of the CoCo framework
- shared ethical values established communicated and practiced
- HR policies consistent with ethical values
- clearly defined authority, responsibility and accountability
- natural trust fostered to support flows of info
Describe the CAPABILITY component of the CoCo framework
- people with necessary knowledge, skills and tools
- values of the org supported by comms processes
- relevant info identified and communicated
- decisions and actions co-ordinated
- control activities integral to org’s general activities
Describe the MONITORING AND LEARNING component of the CoCo framework
- environment monitored to re-evaluate controls
- performance monitored against targets
- assumptions behind objectives challenged
- review of info needs and related info systems
- procedures established to ensure appropriate actions
- periodic assessment of control effectiveness
CoCo and COSO internal control have differing emphasis. Compare both.
CoCo:
- need to exploit opportunities
- reduced weaknesses in resilience
- importance of individual trust in quality of controls
- need to periodically challenge assumptions
COSO:
- commitment to integrity and ethical values
- board oversight of development and performance of internal control
- management set structures, reporting lines, authorities and responsibilities
- attract, develop and retain competent individuals
- individuals accountable for internal control responsibilities
Why is the CoCo framework useful for measuring risk-aware culture?
Strong scores in the areas of purpose, commitment, capability and learning indicates that staff and management understand the importance of RM and their role within it.
What is the principle role of internal audit in in risk management?
Ensuring accurate reporting
What additional role does the internal audit function have for companies subject to Sarbanes-Oxley?
Certification of financial performance statements
What 5 assertions are used to present financial data?
- existence of info
- completeness of data
- rights and obligations
- valuation and allocation
- presentation and disclosure
What does ‘materiality’ mean and how is this typically valued?
Significance of risk.
0.05% of annual turnover or above.
Give a definition of internal audit
“An independent, objective assurance and consulting activity designed to add value and improve an org’s operations.
It helps an org accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls and governance processes.”
What are the core roles of IA in ERM according to the IIA?
- evaluating the reporting of key risks
- evaluating RM processes
- reviewing management of key risks
- providing assurance that risks are correctly evaluated
- providing assurance on RM processes