M1-Internal Control Frameworks Flashcards
The _______ component of the integrated framework includes the principle that deficiencies should be investigated in ongoing and separate evaluations and that deficiencies should be reported.
Monitoring (M in CRIME)
This framework addresses an entity’s timely reporting of identified internal control deficiencies.
Risks are fluid in that they regularly change in terms of likelihood and severity. In addition, new risks can arise while old risks can disappear. Internal controls should always be monitored for the purpose of addressing changes to risks.
The ________ component includes the tone at the top and the listing of reporting deficiencies.
Control Environment (C in CRIME)
The _________ component relates to control policies and procedures but does not include reporting deficiencies.
Control Activities (Existing) (E in CRIME)
The ______________ component includes gathering and communicating financial and internal control information, but does not specifically address reporting deficiencies.
Information and Communication (I in CRIME)
The principle of obtain and use information is applied when the organization obtains or generates and uses relevant, high-quality information to support the functioning of the control. (True or false)
true
Example: Management is using the exception (information) to support the control of monitoring overtime costs.
____________ anticipate that communications enable and support understanding and execution of internal control objectives, processes, and individual responsibilities.
Internal communications
Variance analysis specifically supports internal control, not simply internal communications generally.
____________ anticipate that matters affecting the achievement of financial reporting are communicated with outside parties.
External Communications
The Committee on Sponsoring Organizations (COSO), an independent private sector initiative, was initially established in the mid 1980’s to study the factors that can lead to fraudulent financial reporting. The COSO is sometimes referred to as the Treadway Commission after its original Chairman, James Treadway, Jr., an executive in the private sector. The Private “sponsoring organizations” included the 5 major financial professional associations in the US:
- The American Accounting Association (AAA)
- The American Institute of Certified Public Accountants (AICPA)
- The Financial Executives Institute (FEI)
- The Institute of Internal Auditors (IIA)
- The Institute of Management Accountants (IMA)
In 1992, the Committee on Sponsoring Organizations (COSO) issued Internal Control-Integrated Framework (the Framework) to assist organizations in developing comprehensive assessments of internal control effectiveness. (true or false)
true
The Framework is widely regarded as an appropriate and comprehensive basis to document the assessment of internal controls over financial reporting.
The board of directors has a fiduciary responsibility to act on behalf of and in the best interest of the corporation. (true or false)
true
Employees act as AGENTS
Officers act as EXECUTIVES
Corporate attorneys or employees fulfill the role of REPRESENTATIVE
Active engagement by an audit committee in representing the Board of Directors relative to all matters of internal and external audits is evidence of the board’s understanding of their oversight responsibility over financial reporting. (true or false)
true
The financial reporting competencies principle of the control environment component of internal control integrated framework suggests stronger controls and encourages the company to retain qualified personnel to handle financial reporting. (true or false)
true
The existence of a compliance program that includes both ethics training and a hotline for anonymous reporting is evidence of development of ethical values and ensuring that those values are understood and taken seriously. (true or false)
true
_________ components of internal control programs relate to periodic evaluations of what could go wrong and the effectiveness of procedures to prevent or detect errors or irregularities.
Risk Assessment
The risk assessment component of the internal control integrated framework includes principles such as financial reporting objectives, risks and fraud risk.
Programmer access to development and production represents flawed segregation of duties that creates deficiencies for change control. Change control considers the manner in which management monitors and authorizes changes to a variety of information technology matters including software applications programs. Only authorized individuals should be allowed to move changes into production and the function of making the change should be segregated from the function of putting the change into production.(True or false)
true