M1 Internal Control Frameworks Flashcards
An independent private sector initiative that was initially established in the mid-1980s to study the factors that lead to fraudulent financial reporting
COSO (Committee of Sponsoring Organizations);
Sometimes referred to as the Treadway Commission
to assist organizations in developing comprehensive assessments of internal control effectiveness
COSO - Internal Framework
a process that is designed and implemented by an organization’s management, BOD, and other employees to provide reasonable assurance that the organization will achieve its operating, reporting and compliance objectives
Internal Control
What are the 3 categories of objectives within the COSO framework?
ORC = Operating, reporting and compliance
COSO objectives that relate to the effectiveness and efficiency of an entity’s operations as well as ensuring that the assets of the organization are adequately safeguarded
Opeartions (O in ORC)
COSO objective that pertains to the reliability timeliness and transparency of an entity’s external and internal financial and nonfinancial reporting as established by regulators
Reporting (R in ORC)
COSO objective that ensure the entity is adhering to all applicable laws and regulations
Compliance (C in ORC)
What are the 5 components of internal control?
“CRIME” (Control Environment, Risk assessment, Information & Communication, Monitoring, Existing control activities)
Component of internal control that includes the processes, structures and standards that provide the foundation for an entity to establish a system of internal control “tone at the top”
Control environment (EBOCA)
What are the five principles related to the control environment (C in CRIME)
EBOCA - Ethics and integrity, Board independence, Organizational structure, Commitment to competence, Accountability
component of internal control that is an entity’s identification and analysis of risks to the achievement of its objectives
Risk assessment (R in CRIME)
What are the four principles related to risk assessment (R in CRIME)
SAFR (Specify objectives, identify and ASSESS Changes, consider potential for FRAUD, identify and analyze RISKS)
Component of internal control that support the identification, capture, and exchange of information in a timely and useful manner
Information and Communication (I in CRIME)
What are the 3 principles related to information and communication (I in CRIME)
OIE (Obtain and use information, Internally communicate information, and communicate with External parties)
Component of internal control that is the process of assessing the quality of internal control performance over time by assessing the design and operation of controls on at timely basis and taking the necessary corrective actions
Monitoring Activities (M in CRIME)
What are the 2 principles related to monitoring activities?
SO D
Ongoing and Separate evaluations, communication of Deficiencies
Component of internal control set forth by an entity’s policies and procedures to ensure that the directives initiated by management to mitigate risks are performed
Existing control activities (E in CRIME)
What are the three principles related to existing control activities (E in CRIME)
CA T P (select and develop Control Activities; select and develop Technology controls; deployment of Policies and Procedures)
Represents a material IC deficiency or combination of deficiencies that significantly reduces the likelihood that an organization can achieve its objectives
Major deficiency
Missed MC: According to COSO, a primary purpose of monitoring IC is to verify that the IC system remains adequate to address changes in
Risks
Missed MC: Considers the manner in which management monitors and authorizes changes to a variety of IT matters including software application programs
Change control
Missed MC: Which of the following components of IC integrated framework addresses an entity’s financial reporting objectives?
Risk Assessment
