Internal Control Monitoring Purpose and Terminology Flashcards
Define “sufficient information”.
Enough information to form a reasonable conclusion.
Define “relevant information”.
Information is meaningful to assessing a risk, control, or control component.
Define “board monitoring”
Execution of monitoring procedures by the board of directors or its committees. Includes oversight of management’s performance in relation to all of the COSO components, including evaluating management’s own monitoring process and assessing the risk that management may override controls.
Define “key risk indicators”
Forward-looking metrics that seek to identify potential problems, thus enabling an organization to take timely action, if necessary.
Define “evaluator”.
An individual who monitors internal control. Must have skills, knowledge, and authority sufficient to understand risks and identify the controls needed to manage those risks. Two most important attributes are competence and objectivity.
Define “accuracy”
The degree to which information can reasonably be expected to be free from error and/or to communicate results that reflect reality.
Define “competence”.
Competence refers to the evaluator’s knowledge of the controls and related processes, including how controls should operate and what constitutes a control deficiency.
Define “verifiable or verifiability”.
Can be established, confirmed or substantiated as true or accurate.
Define “key performance indicators”.
Metrics that reflect critical success factors. They help organizations measure progress towards goals and objectives.
Define “indirect information”.
Relevant, but secondary, information for assessing whether a risk is mitigated by a control.
Define “objective or objectivity”.
The measure of the extent of factors that might influence a person to report inaccurate or incomplete information about risks or controls.
Define “persuasiveness of information or persuasive information”.
The degree to which the information provides support for conclusions. Derived from its suitability (i.e., its relevance, reliability, and timeliness) and its sufficiency.
Define “self-review”.
Person responsible for a control (but not that person’s peer or supervisor) assesses control effectiveness. The least objective type of “self assessment.”
Define “compensating controls”.
Controls that accomplish the same objective as another control and that can be expected to “compensate” for deficiencies in the first control
Define “key controls”.
Controls that are most important to monitor in order to support a conclusion about the internal control system’s ability to manage or mitigate meaningful risks.
