Internal Control Frameworks _M1

Question 1

What is the purpose of maintaining internal controls according to COSO?

3 bullets

Answer 1

• Promotion of compliance with laws and regulations
• Helping to achieve performance objectives
• Safeguarding resources.

An internal control system serves many purposes

Question 2

What are the 5 organizations that make up the Comittee on Sponsoring Organizations (COSO)?

5 Industry Organizations

Answer 2

1. Financial Executives Institute (FEI)
2. American Accounting Association (AAA).
3. Institute of Internal Auditors (IIA)
4. Institute of Management Accountnts (IMA)
5. American Institute of Certified public Accountats (AICPA)

Question 3

What does Sarbanes-Oxley Act of 2002 require management to report on regarding internal controls?

Answer 3

Financial statement disclosures include:

• management’s assumption of responsibility for internal control
• management’s assessment of internal control effectiveness
• A statement that the auditor has reported on management’s evaluation.

Question 4

What was COSO designed to do?

Answer 4

Help managers assess internal controls

Question 5

What can management use Internal Control Framework for?

Answer 5

• The Integrated Framework is built on a principles-based (rather than rules-based) approach, which allows management to use judgment and flexibility
  in applying internal controls. Which means mgmt wouldn’t use it to enforce rules that must be followed
• The Integrated Framework is often used to eliminate inefficient and ineffective controls.
• The Integrated Framework can be used to identify/analyze risk and to establish risk mitigation strategies.
• Internal controls are ideally applied throughout all levels of the organization

Question 6

What are the 3 sides of the COSO cube?

Answer 6

Top column: 3 Objectives of Internal Controls

• Operations
• Reporting
• Compliance

Front facing rows: The components of internal control.

• Control Environment
• Risk Assessment
• Information and Communication
• Monitoring
• Existing Control Activities

3rd Dimension: Entity Organizational Structure.
* Entity level “Tone at the top”
* Division Level
* Operating Unit
* Function

Question 7

What are the 3 objectives of internal control on the COSO cube (top rows of the cube)?

Answer 7

1. Operations
   Safeguarding an entity’s assets against potential losses
2. Reporting
   The transparency of financial reporting
3. Compliance
   Ensuring that all applicable laws and regulations are followed

Question 8

What are the 5 components of internal control framework according to COSO?

2nd dimension of the coso cube

CRIME phemonic

Answer 8

• Control Environment: component of the Internal Control framework represents the processes, structures, and standards that provide the foundation for the
  establishment of an entity’s internal control system.
• Risk Assessment: Specify objectives, identify and analyze risk, consider potential for fraud, identify and assess changes.
• Information and Communication component of the framework involves the identification, capture, and exchange of information.
• Monitoring: activities involve assessing internal control performance in a timely manner and taking corrective actions if necessary.
• Existing Control Activities: are established by an entity’s policies and procedures

Know the duties involved with each component

Question 9

What is the 1st step in ongoing monitoring?

Answer 9

Step1: Establishing a control baseline needs to be the first monitoring step in evaluating the effectiveness of an internal control system.
Step 2: then compare against when the evaluation is performed.

Question 10

What are some examples of on-going monitoring of internal controls?

Answer 10

• Include such functions as verification that major disbursements meet the criteria and formal authorization of all major disbursements.
• Include reviews of large or unusual transactions and high level reviews of disaggregated information.
• Include Reviews of changes in liability reserves in excess of a specified threshold.

Question 11

What are the 17 principles of the internal control’s 5 components?

Answer 11

• Control Environment = EBOCA
  1. Committment to Ethics and intergrity
  2. Board Independence and Oversight
  3. Organizational Structure
  4. Commitment to Competence
  5. Accountability
• Risk Assessment = SAFR
  1. The specification of financial reporting objectives
  2. The identification and analysis of risks
  3. Considering the potential for fraud
  4. The identification and assessment of change/Risk
• Information and Communication= OIE
  1. Obtain and use information
  2. Internally communicate information
  3. Communication with external auditors
• Monitoring= SO D
  1. On-going/seperate evaluation
  2. The identification, communication, and correction of deficiencies
• Existing Control Activity= CATPP
  1. The selection and development of control activities
  2. Select and develop technology controls
  3. deploy through policies and procedures

Question 12

What is the 3 fraud triangle factors?

3 main bullets

Answer 12

• Pressure/Motivation/Incentive: both internal and external, creates the incentive to commit fraud.
• Opportunity: stems from poor internal controls, lack of duty segregation, and a weak control environment.
• Rationalization: represents the justification of actions by fraud perpetrators.

leads to fraud in the workplace.

3 main bullets

Question 13

What are the different categories of deficiencies?

Answer 13

1. Control deficiency
2. Significant deficiency
3. Material weakness

Question 14

What are some of the things that will help mitigate management override of controls?

There could be others just to be familiar with a few

Answer 14

• Management override of internal controls is an inherent limitation of even an effective internal control system. Spreading influence across many individuals and layers of management would help reduce this risk.
• Internal auditors will regularly evaluate the effectiveness and execution of internal controls.
• A whistle-blower program that provides protection and anonymity for employees.
• A culture of integrity and ethical values will make it less likely that management will be willing or able to override internal controls.

Question 15

What is the board typically responsible for?

3 bullets

Answer 15

• Establishing strategies and objectives
• Ensuring that appropriate resources and
  skills are in place
• Maintaining awareness of current technology

Supervisory and monitoring tasks are for management only.

Question 16

Which term best describes members of the organization?

Answer 16

• The board of directors has a fiduciary responsibility to act on behalf of and in the best interest of the corporation.
• Employees act as agents.
• Corporate attorneys or employees fulfill the role of representative.
• Officers, act as executives

Question 17

What is the definition of internal controls?

Answer 17

• Adaptable to the structure of the entity.
• Established to provide reasonable (not absolute) assurance.
• Geared toward achieving operations, reporting, and compliance objectives.
• Affected by people and their actions.

Question 18

What does it mean to have an effective system of internal controls?

Answer 18

• An effective system of internal controls has all five components operating together in an integrated system. (CRIME)
• An effective system of internal controls has all components and associated principles “present” in the system. (17 PRINCIPLES)
• An effective system of internal controls has all components and associated principles “functioning” as designed in the system

Question 19

What are the different type of controls?

Answer 19

• Detective Controls: things done to dectect issues that occurred.
• A preventive control: steps taken to prevent future issues.
• Input control: relates to the integrity of inputs.
• A corrective control: will fix an identified deficiency.