Internal Control Frameworks Flashcards

1
Q

Define “verifiable or verifiability.”

A

Information that can be established, confirmed or substantiated as true or accurate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define “control activities” (according to the COSO internal control and ERM frameworks)

A

Policies and procedures that ensure that organizational actions address key risks related to the achievement of management’s objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define “risk assessment” (according to the COSO internal control framework)

A

The process of identifying, analyzing, and managing the risks related to achieving the organization’s objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define “compensating controls.”

A

Controls that accomplish the same objective as another control and will “compensate” for deficiencies in the first control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define “internal control.”

A

A process, effected by the entity’s board of directors, management, and other personnel, that is designed to provide reasonable assurance regarding the achievement of objectives in these categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define “feed-forward controls.”

A

A process in which future results are projected based on current and past information and, if the future results are undesirable, the inputs to the system are changed to avoid the projected outcome. Many inventory ordering systems are essentially feed-forward controls: The system projects product sales over the relevant time period, identifies the current inventory level, and orders inventory sufficient to fulfill the sales demand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define “evaluator.”

A

An individual who monitors internal control. Must have skills, knowledge, and authority sufficient to understand risks and identify the controls needed to manage those risks. Two most important attributes are competence and objectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name the three activities that comprise assessing and reporting on control monitoring.

A

Prioritize findings.
Report results as appropriate.
Follow up to implement corrective actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define “key controls.”

A

Controls that are most important to monitor in order to support a conclusion about the internal control system’s ability to manage or mitigate meaningful risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define “detective controls.”

A

After-the-event controls designed to detect an error after it has occurred (though preferably before the erroneous information is used to update the database or appears in reports). Examples of detective controls include data entry edits (field checks, limit tests) and reconciliation of batch control totals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define “corrective controls.”

A

Often paired with detective controls, corrective controls attempt to reverse the effects of the error or irregularity that has been detected. Examples of corrective controls include maintenance of backup files, disaster recovery plans, and insurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does monitoring benefit corporate governance?

A

Monitoring is the core, underlying control component in the COSO ERM model. Controls degrade over time, technologies change, and people forget or get lazy. Because of this, monitoring is essential to maintaining strong internal control and effective risk management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define “information and communications” (according to the COSO internal control framework).

A

This component enables an organization’s personnel to identify, process, and exchange the information needed to manage and control operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define “general controls.”

A

Controls over the environment as a whole. General controls apply to all functions, not just specific accounting applications. They help ensure that data integrity is maintained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define “application controls.”

A

Controls over specific data input, data processing, and data output activities. They are designed to ensure the accuracy, completeness, and validity of transaction processing. As such, application controls have a relatively narrow focus on those accounting applications that are involved with data entry, update, and reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define “key risk indicators.”

A

Forward-looking metrics that identify critical potential problems, thus enabling an organization to take timely action, if necessary

17
Q

Define “control environment” (according to the COSO internal control framework).

A

Encompasses management’s philosophy toward controls, organizational structure, system of authority and responsibility, personnel practices, and policies and procedures. The core or foundation of any system of internal control.

18
Q

Define “key performance indicators.”

A

Metrics that reflect critical success factors. They help organizations measure progress toward critical goals and objectives.

19
Q

Define “monitoring” (according to the COSO internal control framework).

A

This component ensures the ongoing reliability of information and control processes by monitoring and testing the control system.

20
Q

List the four activities that comprise the design and execution of control monitoring.

A

Prioritize risks.
Identify controls.
Identify persuasive information about controls.
Implement monitoring procedures.

21
Q

Define “feedback controls.”

A

A procedure in which the results of a process are evaluated and, if the results are undesirable, the process is adjusted to correct the results. Most detective controls are also feedback controls.

22
Q

What are the three elements of establishing a foundation for control?

A

The tone at the top
Organizational structure
Baseline understanding of control effectiveness

23
Q

Define “preventive controls.”

A

Before-the-event controls designed to stop an error or irregularity from occurring. Examples of preventive controls include locks on buildings and doors, password-protected access to files, and segregation of duties.

24
Q

Define “control objectives.”

A

These provide specific targets for evaluating the effectiveness of internal control. Typically they are stated in terms that describe the nature of the risk to be managed or mitigated.

25
Q

Define four key roles, and their responsibilities, related to the system of internal control.

A

Board of directors: oversight of key controls
Management: maintaining control effectiveness
Support (business-enabling) functions: support management and board related to specific aspects of internal control
Internal auditors: assess, monitor, and report on internal control effectiveness