Governance, Risk, and Compliance Flashcards
Describe SOX Section 201
Prohibits external auditors from performing non audit services
Describe SOX Section 203
The lead audit partner should be rotated every 5 years
Describe SOX Section 204
The audit firm must report findings/recommendations back to the audit committee in a timely manner.
Describe SOX Section 302
Corporate responsibility for financial reports should be taken by the principal officers.
Describe SOX Section 404
Annual reports must contain managements assessment of internal controls & the responsibility for certifying and maintaining them.
Describe SOX Section 407
One member of the audit committee should be a financial expert.
Identify the 5 major components of COSO
CRIME: Control Activities Risk Assessment Information & Communication Monitoring Control Environment
Describe Control Enviroment
Sets the tone of an organization. Foundation for all other components such as internal control, discipline & structure.
Describe Risk Assessment
identification & analysis of relevant risk to achievement of objectives, forming a basis for determining how the risks should be managed.
Describe Control activies
the policies & procedures that help ensure that management directives are carried out.
Describe Information & communication
Identification, capture, & exchange of information in a form & time frame that enables people to carry our their responsibilities.
Describe Monitoring
A process that assesses the quality of internal control performance over time
Describe the types & limits of internal controls
Preventative: Keep errors & irregularities from happening
Detective: Attempts to find errors after they occurred
Corrective: controls placed to correct errors after detection
Directive: Serve to steer positive results (i.e. organic trade)
Compensating: to mitigate lapses & shortcomings in the control framework (independent review or multiple reviewing)
Define business continuity planning
Creating a strategy for continuing operations in the event of a major disruption
Define the objective of a disaster recovery plan & identify the components.
Steps that should be taken in the event of a major disruption;
Assess Risk, Identify critical components, determine method of recovery, test recovery.