M1 Internal Control Frameworks Flashcards
An independent private sector initiative that was initially established in the mid-1980s to study the factors that lead to fraudulent financial reporting
COSO (Committee of Sponsoring Organizations);
Sometimes referred to as the Treadway Commission
to assist organizations in developing comprehensive assessments of internal control effectiveness
COSO - Internal Framework
a process that is designed and implemented by an organization’s management, BOD, and other employees to provide reasonable assurance that the organization will achieve its operating, reporting and compliance objectives
Internal Control
What are the 3 categories of objectives within the COSO framework?
ORC = Operating, reporting and compliance
COSO objectives that relate to the effectiveness and efficiency of an entity’s operations as well as ensuring that the assets of the organization are adequately safeguarded
Opeartions (O in ORC)
COSO objective that pertains to the reliability timeliness and transparency of an entity’s external and internal financial and nonfinancial reporting as established by regulators
Reporting (R in ORC)
COSO objective that ensure the entity is adhering to all applicable laws and regulations
Compliance (C in ORC)
What are the 5 components of internal control?
“CRIME” (Control Environment, Risk assessment, Information & Communication, Monitoring, Existing control activities)
Component of internal control that includes the processes, structures and standards that provide the foundation for an entity to establish a system of internal control “tone at the top”
Control environment (EBOCA)
What are the five principles related to the control environment (C in CRIME)
EBOCA - Ethics and integrity, Board independence, Organizational structure, Commitment to competence, Accountability
component of internal control that is an entity’s identification and analysis of risks to the achievement of its objectives
Risk assessment (R in CRIME)
What are the four principles related to risk assessment (R in CRIME)
SAFR (Specify objectives, identify and ASSESS Changes, consider potential for FRAUD, identify and analyze RISKS)
Component of internal control that support the identification, capture, and exchange of information in a timely and useful manner
Information and Communication (I in CRIME)
What are the 3 principles related to information and communication (I in CRIME)
OIE (Obtain and use information, Internally communicate information, and communicate with External parties)
Component of internal control that is the process of assessing the quality of internal control performance over time by assessing the design and operation of controls on at timely basis and taking the necessary corrective actions
Monitoring Activities (M in CRIME)
