M 1.2 Internal Controls and Enterprise Risk Management Flashcards
- Which of the following components is considered the foundation of the internal controls established by an organization
a. control activities
b. monitoring
c. the control environment
d the audit committee
c. the control environment
Because the control environment is considered the foundation of all of the other component of internal control.
- Which of the following is not a principle related to the component of the control environment?
a. demonstrate a commitment to integrity and ethical values.
b. demonstrate a commitment to attract, develop and retain competent individuals
c. Identify and assess changes that could significantly impact the system of internal control
d. Hold individuals accountable for their internal control responsibilities
c. identify and assess changes that could significantly impact the system of internal control
because identify and assess changes that could significantly impact the system of internal control is a principle of the risk assessment component.
all a, b, and d are all principles of the control environment component.
- Which of the following is not true regarding the information and communication component of internal control?
a. the information system captures both internal and external sources of data.
b. the information and communication component involves developing channels for communication from external stakeholders.
c. A whistle-blower hotline is an important aspect of the information and communication component.
d. An important aspect of the information and communication component is assessment of information about fraud.
d. An important aspect of the information and communication component is assessment of information about fraud.
because it is related to the risk assessment component.
a. b. and c are all true of the information and communication component.
- Which of the following is not a type of control under the control activity component of the COSO framework for internal control?
a. supervisory controls
b. physical controls
c. monitoring controls
d verifications
c. monitoring controls
Because monitoring is a separate component of internal control.
a. b. and d are types of control activities
- which of the following is not a control environment factor?
a. integrity and ethical values
b. board of directors or audit committee
c. human resources policies and procedures
d. control monitoring
d. control monitoring
Because monitoring is a separate component of internal control.
a. b. and c are all aspects of the control enviroment
- Which of the following components of internal control would encompass the routine controls over business processes and transactions?
a. the control environment
b. information and communication
c. control activities
d. risk assessment
c. control activities
because control activities, policies and procedures are designed to assure that management’s directives are followed.
- which of the following is not a component in the COSO framework for internal controls?
a. control environment.
b. segregation of duties
c. risk assessment
d. monitoring
b. segregation of duties
Because segregation of duties is an aspect of control activities.
a, c, and d are components of internal control
- Which of the following is not a technique for identifying events in an enterprise risk management program.
a. process flow analysis
b. facilitated workshops
c. probabilistic models
d. loss event data methodologies
c. probabilistic models
Because probabilistic models are sued for risk assessment.
a, b, and d are all method used for event identification
