EXAM 2 Flashcards
What are the 5 components of COSO?
- ______ en____
- _____ as___
- M____
- ____ and ____
- _____ act____
CERAMIC
- Control Environment
- Risk Assessement
- Monitoring
- Information and Communication
- Control Activities
Define Control Environment
overall 1) _____, ____, and ____ of significant 2) ____ groups to 3) ______ a ___-_____ organization 4) (______)
1) attitude, awareness, and actions
2) internal
3) maintain a well-controlled
4) (tone at the top)
Define Risk Assessment
process designed to 1) _____ and ma___ ___ that may 2) ____ its ____ to 3) _____ its 4) o____
1) identify and manage risks
2) affect its ability
3) achieve
4) objectives
Define Monitoring
process that 1) _____ the 2) ____ of _____ ____ over 3) ___
1) assesses
2) quality of internal controls
3) time
Define Information and Communication
process of 1) i____, c____, and e____ in____ in a 2) ____ fashion to 3) _____ the organization to 4) a____ its ob____
1) identifying, capturing, and exchanging information
2) timely
3) enable
4) achieve its objectives
Define Control Activities
1) po____ and p____ established by 2) _____ to help 2) ____ that 3) ____ ____l objectives are 4) ____ and ri___ ____
1) policies and procedures
2) management
2) ensure
3) internal control
4) achieved and risks mitigated
Control Environment (tone at the top)
-number of factors an auditor should look at when evaluating an organization’s control environment
-1) management’s ph____ and o____ st___
-2) organizational _____ , including assignment of ____, res____, and acc____
-3) board of _____ and ____ committee
-4) _____ policies and practices
-5) in____ and et____ values
-6) co____ to competence
-7) com_____ and ev____ programs
-8) effectiveness of ____ function
-1) management’s philosophy and operating style
-2) organizational structure, including assignment of authority, responsibility, and accountability
-3) board of directors an audit committee
-4) HR policies and practices
-5) integrity and ethical values
-6) commitment to competence
-7) compensation and evaluation programs
-8) effectiveness of internal audit function
Risk Assessment (done by 1) _____)
1. Entity’s 2) _____ of risk
2. Entity’s 3) _____ of risk
3. Entity’s 4) ______ of risk
1) management
2) location
3) evaluation
4) management
Risk Assessment Factors
-1) ex_____/ac____ of _____ operations
-2) new pe____
-3) new te_____
-4) rapid ____
-5) new i____
-6) new ____ lines
-1) expansion/acquisition of foreign operations
-2) new personnel
-3) new technology
-4) rapid growth
-5) new information
-6) new product lines
Information and Communication (not finished in notes)
Monitoring (how does the client monitor their own controls and structure)
-1) evaluates the ___ of ____l control _____ and ____ over time
-2) initiating appropriate ______ act___s
-3) separate ev_____ or ongoing a____
-4) responsibility of _____
-5) necessary due to the tendency of ____ control to ____ ____ overtime
-1) evaluates the quality of internal control design and operation over time
-2) initiating appropriate corrective actions
-3) separate evaluations or ongoing activities
-4) responsibility of management
-5) necessary due to the tendency of internal control to break down overtime
Control Activities
- U___ _____ (to ____ or ____ ma____ _____) in the relevant data
- What could ____ ____?
- What are ______ _____?
a. Are they properly de_____? Do we think the control, if performed properly, will _____ or _____ misstatement?
b. If we want to rely on the control (not finished)
- Understand controls (to prevent or detect material misstatement) in the relevant data
- What could go wrong?
- What are key controls?
a. Are they properly designed? Do we think the control, if performed properly, will prevent or detect misstatement?
b. If we want to rely on the control (not finished)
Key Controls of Control Activities
-1) a_____
-2) in_____
-3) ap____
-4) exe____
-5) rec____
-1) authorized
-2) initiated
-3) approved
-4) executed
-5) recorded
What are categories of Control Activities?
-1) pr_____ (ex. writing a _____)
-2) m____l (ex. ____ doing it)
-3) do_____ (we like for all controls to be _____)
-4) com___
-5) det____ (happens _____ transactions, ex. bank _____, re____)
6) pro_____ and un____ (this is part of detective)
-1) preventive (ex. writing a check)
-2) manual (ex. person doing it)
-3) documented (we like for all controls to be documented)
-4) compensating
-5) detective (happens after transactions, ex. bank reconciliation, reviews)
-6) programmed and undocumented
What are the Segregation of Duties (3) ?
-1) ____ transactions,
-2) R_____ transactions
-3) Main____ cu____ of a_____s
-if you have all 3 of these, it’s a 4) ____ if they don’t have 5) ____
-6) ____ companies have a disadvantage in this case
-it gives a person too much control to do unethical things
-1) Authoring transactions,
-2) Recording transactions
-3) Maintaining custody of assets
4) problem
5) integrity
6) small
