Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BEC CPA > Internal Control Framework > Flashcards

Internal Control Framework Flashcards

1
Q

What are the 3 Internal Control Objectives

A

1) Effectiveness and Efficiency of Operations
2) Reliability of Financial Reporting
3) Compliance with Laws and Regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 4 types of Reporting

A

1) Financial 2) Non-Financial 3) Internal 4) External

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

COSO IC - Monitoring

A

Ensures the ongoing reliability of information and control process by testing the system and its data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

COSO IC - Information and Communication Systems

A

Enables an organization’s people to identify, process, and exchange information needed to manage and control operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

COSO IC - Control Activities

A

Policies and procedures that ensure actions taken to address risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

COSO IC - Risk Assessment

A

Process of identifying, analyzing, and managing risks involved in achieving the organization objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In what COSO IC are changes related to international exposure, acquisitions, or executive transitions assessed, prioritized, and responded to?

A

COSO IC Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

COSO IC – Control Environment

A

Management’s philosophy towards controls, organizational structure, system of authority and responsibility, and personnel practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

COSO IC – Objectives of Information Systems

A

Enable the organization to obtain, generate, use, and communicate information to maintain accountability and measure and review of performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 3 control principles for – Information and Communication?

A
  1. Information quality
  2. Internal communication
  3. External communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Information Quality?

A

Relevant, timely, accurate, and verifiable information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are 2 control principles for – Monitoring?

A
  1. Ongoing and periodic
  2. Address deficiencies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is considered in Monitoring – control principle – Ongoing and Periodic?

A
  1. Bench-making and providing feedback
  2. Consideration of environmental business changes
  3. Evaluation of personnel knowledge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is considered in Monitoring - control principle - when Addressing Deficiencies?

A
  1. Both Management and BOD assess
  2. Communicate with manager at least one level above identified problem
  3. Management should track correction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Internal Control COSO?

A

A process designed to provide reasonable assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are limitations of Internal Controls?

A
  1. Inappropriate management objectives
  2. People mess up
  3. Management override
  4. Collusion
  5. Cost-benefit effect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define Control Deficiency

A

Shortcoming that reduces likelihood of entity achieving it’ objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 3 type of SEC deficiencies?

A
  1. Control deficiency
  2. Significant deficiency
  3. Material weakness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define material weakness

A

Creates a reasonable possibility of a material misstatement of the entity’s financial statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the 3 types of controls? And what is an example of each type of control?

A
  1. Preventive (passwords) (segregation of duties)
  2. Detective (reconciling records)
  3. Corrective (reverse effect or error)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the 4 control priciples of Risk Assessment?

A
  1. Clarity on an organization objective (precision of risk tolerance level and risk assessment materiality)
  2. Organization identifies risks (identify and analyze risk) (create a risk management strategy)
  3. Consider the potential for fraud
  4. Change Management (identify changes that could impact internal controls)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What goes into developing a Risk Management Strategy?

A
  1. Engage management in assessment
  2. Analyze internal and external factors
  3. Estimate risk importance
  4. Develop risk responses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What type of changes are assessed in Change Management?

A
  1. Changes in external environment
  2. Changes in the business model
  3. Changes in organizational leadership
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the 3 control principles in – Control Activities?

A
  1. Risk reduction (mitigate risk to acceptable levels)
  2. Technology controls (select and implement general controls over technology)
  3. Create policies and procedures (that support management directives, establish responsibility and accountability, employ competent personnel, periodically reassess and revise policies and procedures)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

When reducing risks to an acceptable level, the organization does what 5 procedures to mitigate risks to the achievement of objectives?

A
  1. Integrates controls with risk assessments
  2. Determines which business process requires control focus
  3. Consider how the environment, nature, and scope of operations influence risk reduction
  4. Evaluates a mix of potential control activity types (manual or automated) (preventive or detective)
  5. Segregates incompatible activities
26
Q

What are the 5 control principles for Control Environment?

A
  1. Organization demonstrates commitment to integrity and ethical values
  2. BOD independence from management oversee development and monitoring of internal controls
  3. Management establishes structures, reporting lines, and authorities and responsibilities
  4. Competence (organization commitment to attract, develop, and retain competent individuals) and develop competencies through training and hiring
  5. Accountability (the organization holds individuals accountable for their internal control responsibilities) and establish and evaluate performance measures, incentives, and disciplinary action.
27
Q

What are the 3 control principles for information and communication?

A
  1. Quality (relevant high-quality information)
  2. Internal communication that supports IC processes
  3. External communication supports IC processes
28
Q

What is relevant high-quality information?

A

Information that supports IC process, captures internal and external data, transforms data into information, information that is (relevant, timely, current, accurate, verifiable, protected, and retained), consider cost/benefits of information

29
Q

What are 2 control principles of – Monitoring Activities?

A
  1. Ongoing and periodic evaluation of internal controls
  2. Deficiencies are address by appropriate personnel on a timely basis
30
Q

What are the 7 activities within ongoing and periodic internal control evaluations within Monitoring Activities?

A
  1. Consider mix on ongoing and separate evaluations
  2. Establish a baseline understanding from existing system of IC (Benchmarking)
  3. Develop and select ongoing and separate evaluations
  4. Ensure personnel have knowledge to conduct evaluation
  5. Integrate ongoing evaluation of business process and adjust as conditions change
  6. Provide periodic evals for objective feedback
  7. Adjust scope and frequency of evaluations based on risk assessment
31
Q

What are the 4 activities for addressing deficiencies?

A
  1. Management and BOD should assess the results
  2. Communicate deficiencies to management at lease 1 level above the identified problem
  3. Communicate deficiencies to BOD and senior management
  4. Management should track corrective action on a timely basis
32
Q

What are the 4 key roles and (responsibilities) for Internal Controls?

A
  1. BOD (oversight of IC, working knowledge of entity and environment, objective and capable)
  2. Management (tone at the top, first line of defense, accountable to BOD, develop entity level controls, evaluate control deficiencies and impact)
  3. Support Functions (second line of defense, departments legal/compliance/finance/HR/IT, evaluate effectiveness of controls)
  4. Internal Auditors (third line of defense, evaluate adequacy and effectiveness of controls, monitor ICs)
33
Q

What are the factors to consider when deciding to outsource IC?

A
  1. Importance of controls and risk of failure
  2. Need for external auditors to rely on controls
  3. Capabilities and limitations of internal audit staff
34
Q

Give 4 reasons why we monitor controls?

A
  1. Over time controls deteriorate
  2. Technology improvements
  3. Changes in management techniques
  4. People quit
35
Q

What are 4 benefits of control monitoring?

A
  1. Lessen negative effects of control deterioration
  2. Identify IC problems before they become a crisis
  3. Generate timely, accurate, and reliable information
  4. Maximize efficiency
36
Q

The evaluator/monitor of IC must have skills, knowledge, and authority to do what 3 procedures?

A
  1. Understand material risks
  2. Identify controls to mitigate risks
  3. Oversee information about effectiveness of IC
37
Q

Define Monitor’s Competences

A

Has knowledge of controls and related processes on what constitutes a control deficiency

38
Q

Define Self-Assessment

A

A person responsible for a function, who determines the effectiveness of controls in which assessment is by personnel who operate the control or peer or supervisor review

39
Q

Define control objective

A

States the risk that should be managed or mitigated

40
Q

Define compensating controls

A

Accomplish the same objective as another control

41
Q

Define key controls

A

Manage and mitigate risks

42
Q

Define key performance indicators

A

Metric used to assess critical success factors

43
Q

Define key risk indicators

A

Forward looking metrics helps identify potential problems

44
Q

What are 4 Quality of Evidence Related to Control Monitoring – Direct Information?

A
  1. Directly substantiates operation of a control
  2. Must link directly to effective operation of control
  3. Highly persuasive
  4. Obtained through (observation, reperformance, directly evaluating their operation)
45
Q

Define persuasiveness of information

A

Degree to which information supports relevant conclusion and derives from relevance, reliability, timeliness, and sufficiency

46
Q

Define relevant information

A

Helps assess the operations of controls

47
Q

Define reliable information

A

Accurate, verifiable, and from an objective source

48
Q

Define sufficiency of information

A

When enough information is gathered to form a reasonable conclusion and evidence much be suitable

49
Q

Define suitable information

A

Relevant, reliable, and timely

50
Q

What are the 4 control monitoring process methods?

A
  1. Reviewing
  2. Bench marking
  3. Questionnaires
  4. Focus groups and interviews
51
Q

What are the 3 COSO model – control monitoring processes and (how is it performed)?

A
  1. Establish a foundation for monitoring (generate a “baseline understanding”)
  2. Design and execute monitoring procedures (prioritize risks, identify controls, identify persuasive info about key controls and risks, implement monitoring procedures)
  3. Assess and report control evaluation results (prioritize findings by determining severity of identified deficiencies, report results to appropriate level, follow up to implement corrective action)
52
Q

What are 3 causes of ineffective Internal Control system?

A
  1. Not properly designed or implemented
  2. Not properly modified when change occurs
  3. Change in operation of IC which causes them to be ineffective
53
Q

What is the solution for managing the causes of ineffective IC system?

A

Monitoring for Change continuum – assessing changes in IC

54
Q
A
55
Q

What is the 4-stage process for “monitoring for change continuum” in assessing changes in IC effectiveness?

A
  1. Establish a control baseline
  2. Change identification
  3. Control revaluation
  4. Change management
56
Q

How is a control baseline established?

A

Begin with an area where controls are well understood (understand IC design and whether control were implemented to achieve control objective)

57
Q

How to identify change (change identification)?

A

Identify changes in operations, design, or related risk, or IC effectiveness

58
Q

How to perform control revaluation?

A

Periodically revaluate that controls remain effective by maintaining continuous control baseline

59
Q

How to perform change management?

A

When changes occur, verify that controls remain effective and establish a new control baseline for modified controls

60
Q
A

BEC CPA (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions