Internal Factors & COSO Flashcards
RMM gets assessed at the…
- F/S level
- assertion level: risk that particular assertions relating to classes of transactions, account balances or disclosures are materially misstated
RMM is assessed ___________ materiality
BEFORE (materiality guides an auditor in determining if an error during substantive testing represents RMM)
under SOX, audit committee is required to….
be made up of independent members of the company’s BOARD OF DIRECTORS
required risk assessment procedures include:
Analytical procedures: study of data comparisons and relationships using high-level data
Inquiries: of management and others within entity, including internal auditors
Inspection: of documents and records, such as authorization forms and procedures manuals
Observation: watching the application of manual controls
the CEO and CFO of issuer must certify with reports filed with SEC:
- reviewed annual/quarterly report (including financial statements)
- believe financial information is fairly presented
- are responsible for I/C
- evaluated the effectiveness of I/C within the past 90 days
- disclosed significant changes in I/C since its evaluation
- disclosed fraud or significant deficiencies in I/C to auditor or audit committee
framework for internal controls is Internal Control Integrated Framework developed by COSO with these 3 objectives:
- Operational: effectiveness and efficiency of operations
- Reporting: accurate and reliable financial and non financial reporting for internal/external purposes
- Compliance: with laws and regulations
What are the 5 components of the COSO I/C Framework
C.R.I.M.E.
1. Control activities
2. Risk assessment
3. Information and communication
4. Monitoring activities
5. control Environment
what are control activities and the 4 sequence of steps?
primarily relate to risk reduction, technology controls and policies
- Performance reviews: evaluate performance against criteria to investigate differences
- Information processing: prevent processing info unless certain criteria are met
- Physical controls: limit access to assets
- Segregation of duties
what is risk assessment ?
primarily relates to organizational objective, risk assessment (domestic/international), fraud and change management
polices and procedures which help ensure management directives/objectives are being carried out
what is information and communication?
relates to the quality and flow of information within the entity and to outside parties and encompasses the controls to assure that management and employees have the information to perform their functions (directives communicated and being carried out)
what are the 2 main principles of monitoring activities?
- controls are assessed through ongoing and/or separate evaluations to determine if I/C components are operating effectively
- evaluate and communicate I/C deficiencies to parties responsible for taking corrective action (BOD)
the most common and effective way to carry this out is via internal audit
what is the control environment?
establishes integrity and ethical values in the organizational culture through the idea of TONE AT THE TOP
C.H.O.P.P.E.R.
Commitment to competence
Human resources policies/practices
Organizational structure
Participation of those charged with governance
Philosophy and operating style of management
Ethical values and integrity
Responsibiliy assignment
COSO is the framework commonly used by auditing profession as the benchmark for internal controls of…
NON-ISSUERS
substantive testing is used to ___________ a material misstatement
detect
the extent of backup used each time with an ERP (enterprise resource planning) system is referred to as…
full, incremental and differential
