M1 Flashcards
COSO Frame Work
- started in 1992 by a private group
- It offers guidance for the internal reporting
- Summarizes the best practice
4 COSO guidance
- Creating
- Implementary
- Using
- Assessing (Reaction)
How many objectives does COSO have for internal control?
It has 3 objectives (ORC)
- Operating
- Reporting
- Compliance
Operating Objective
Operations are efficient and effective
assets are been safeguarded
Reporting Objective
Reporting financial (reliable, timeless, transparency)
Compliance Objective
Compliance with laws & regulations
How many components does COSO have?
It has 5 components (CRIME pneumatic)
- Control enviroment
- Risk Assesment
- Information & Communication
- Monotoring activities
- Existing control activities
Control environment component
Tone at the top ( Ethics)
Risk assessment component
See if the Finacial statement are been misleading
- Operations are not been effective
- Breaking law
Information and Communication
“FACT” is been informed
- Fair
- Accurate
- Complete
- Timely
Monitoring Component
The effectiveness of control and report deficient
Exiting Control & Activities Component
Policies/procedures to mitigate risk
How many principles does CRIME have?
It has 17 principles
- E-B-O-C-A (5)
- S-A-F-R (4)
- O-I-E (3)
- SO-D(2)
- CA-T-P(3)
Pneumatic for Control Environment
E-B-O-C-A
E from E-B-O-C-A
Ethics-Code of conduct
B from E-B-O-C-A
Board Independence- Board must be independent, objective and be knowledgeable of the business
O from E-B-O-C-A
Organization-Segregation of duties. Can’t be centralized or decentralized. (Flexible and tailor to the organization)
C from E-B-O-C-A
Commitment to Competence- Commitment to hire, train, develope and retain competent employees
A from E-B-O-C-A
Accountability-People are held responsible for their internal control responsibilities. (Performance measurement, rewards and evaluating)
Pneumatic for the Risk Assesment component?
S-A-F-R
S in S-A-F-R?
Specify objectives- organization allows for identification & assessment
A in S-A-F-R?
Identify & assess change- Find changes in the environment, a leadership model that can affect risk. Good or Bad
F in S-A-F-R?
Consider potential fraud- Considers the potential for fraud in assessing risk. ( ex: Incentives & pressure)
R in S-A-F-R?
Identify and analyze risk- Company looks for risk and sees how to respond
Pneumatic for Information & comunication component?
O-I-E
O in O-I-E
Obtain & use information - Obtain/generate and use information for fuction of internal control
I in O-I-E
Internal communication- Internal audit connunication among the organization.
E in O-I-E
Communication with external parties. Communication with an accounting firm
Pneumatic for Monitoring Activities?
SO-D
SO in SO-D
Separate Evaluation and Ongoing- Confirm internal controls are present and functional. (frequency of testing depends on risk)
D in SO-D
Communication of deficiencies- communicate internal control deficiencie and correct it.
Pneumatic for Existing control activities?
CA-T-P
find existing policies & procedures to mitigate risk
CA in CA-T-P
Select & develop control activities - help mitigate risk
T in CA-T-P
Select & develop technology controls- obtain information to achieve our objectives
P in CA-T-P
Policies and procedures
Key components in M1
Not all 17 principles must be present
All 5 components must be present
GASS uses “significant deficiency” & “material weakness “
COSO uses major “deficiency”
