Governance, Risk, and Compliance Flashcards

1
Q

Describe SOX Section 201

A

Prohibits external auditors from performing non audit services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe SOX Section 203

A

The lead audit partner should be rotated every 5 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe SOX Section 204

A

The audit firm must report findings/recommendations back to the audit committee in a timely manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe SOX Section 302

A

Corporate responsibility for financial reports should be taken by the principal officers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe SOX Section 404

A

Annual reports must contain managements assessment of internal controls & the responsibility for certifying and maintaining them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe SOX Section 407

A

One member of the audit committee should be a financial expert.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identify the 5 major components of COSO

A
CRIME:
Control Activities
Risk Assessment
Information & Communication
Monitoring
Control Environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe Control Enviroment

A

Sets the tone of an organization. Foundation for all other components such as internal control, discipline & structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe Risk Assessment

A

identification & analysis of relevant risk to achievement of objectives, forming a basis for determining how the risks should be managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe Control activies

A

the policies & procedures that help ensure that management directives are carried out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe Information & communication

A

Identification, capture, & exchange of information in a form & time frame that enables people to carry our their responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe Monitoring

A

A process that assesses the quality of internal control performance over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the types & limits of internal controls

A

Preventative: Keep errors & irregularities from happening

Detective: Attempts to find errors after they occurred

Corrective: controls placed to correct errors after detection

Directive: Serve to steer positive results (i.e. organic trade)

Compensating: to mitigate lapses & shortcomings in the control framework (independent review or multiple reviewing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define business continuity planning

A

Creating a strategy for continuing operations in the event of a major disruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define the objective of a disaster recovery plan & identify the components.

A

Steps that should be taken in the event of a major disruption;

Assess Risk, Identify critical components, determine method of recovery, test recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identify & describe system application controls

A

Input controls: Support complete & accurate input of data by authorized users & identify rejected & duplicate items.

Processing Controls: Preserve the integrity of the inputs while processing.

Output Controls: Address final validity of information plus its dissemination.

17
Q

Identify & Describe Audit risks

A

Inherent Risk: Likelihood of material misstatement before considering effectiveness of controls.

Control Risk: Likelihood of material misstatement will not be prevented or detected by internal controls

Detection Risk: Errors not detected or prevented by control structure will be missed by auditors.