Internal Control Monitoring Purpose and Terminology

Question 1

Define “evaluator.”

Answer 1

An individual who monitors internal control. Must have skills, knowledge, and authority sufficient to understand risks and identify the controls needed to manage those risks. Two most important attributes are competence and objectivity.

Question 2

Define “verifiable or verifiability.”

Answer 2

Can be established, confirmed, or substantiated as true or accurate.

Question 3

Define “ persuasiveness of information or persuasive information.”

Answer 3

The degree to which the information provides support for conclusions. Derived from its suitability (i.e., its relevance, reliability, and timeliness) and its sufficiency.

Question 4

Define “compensating controls.”

Answer 4

Controls that accomplish the same objective as another control and will “compensate” for deficiencies in the first control.

Question 5

Define “key performance indicators.”

Answer 5

Metrics that reflect critical success factors. They help organizations measure progress towards critical goals and objectives.

Question 6

Define “key controls.”

Answer 6

Controls that are most important to monitor in order to support a conclusion about the internal control system’s ability to manage or mitigate meaningful risks.

Question 7

Define “self-review.”

Answer 7

Person responsible for a control but NOT that person’s peer or supervisor assesses control effectiveness. The least objective type of “self-assessment.”

Question 8

Define “timely information.”

Answer 8

Information is produced and used in a time frame that makes it possible to prevent or detect control deficiencies before they become material.

Question 9

Define “accuracy.”

Answer 9

The degree to which information can reasonably be expected to be free from error and/or to communicate results that reflect reality.

Question 10

Define “reliable information.”

Answer 10

Information must be accurate, verifiable, and from an objective source.

Question 11

Define “suitable information.”

Answer 11

Must be relevant (i.e., fits for its intended purpose), reliable (i.e., accurate, verifiable, and from an objective source), timely (i.e., produced and used in an appropriate time frame).

Question 12

Define “objective or objectivity.”

Answer 12

The measure of the extent of factors that might influence a person to report inaccurate or incomplete information about risks or controls.

Question 13

Define “key risk indicators.”

Answer 13

Forward-looking metrics that identify critical potential problems, thus enabling an organization t take timely action, if necessary.

Question 14

Define “competence” in relation to a control evaluation.

Answer 14

Competence refers to the evaluator’s knowledge of the controls and related processes, including how controls should operate and what constitutes a control deficiency.

Question 15

Define “relevant information.”

Answer 15

Information is meaningful to assessing a risk, control, or control competent.

Question 16

Define “control objectives.”

Answer 16

These provide specific targets for evaluating the effectiveness of internal control. Typically stated in terms that describe the nature of the risk to be managed or mitigated.

Question 17

How does monitoring benefit corporate governance?

Answer 17

Monitoring is the core underlying control component in the COSO ERM Model. Controls degrade over time technologies change,and people forget or get lazy. Because of this, monitoring is essential to maintaining strong internal control and effective risk management.

Question 18

Define “self-assessment.”

Answer 18

Either the person responsible for a control, or that person’s peer or supervisor, assesses control effectiveness.