Organisational Control and Audit Flashcards

1
Q

Who has created the framework for internal controls?

A

COSO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the eight components for the framework of controls?

A
  1. Control environment
  2. Objective setting
  3. Event identification
  4. Risk assessment
  5. Risk response
  6. Control activities
  7. Information and communication
  8. Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the control environment?

A

Culture that directors create in relation to the value and importance of internal controls, the philosophy and risk appetite of the company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the objective setting?

A

Ensure objectives and strategies are aligned with the company risk appetite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is event identification?

A

Environmental scanning to identify events internally and externally that could prevent the company achieving its objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is risk assessment?

A

Assessment of risk based on its likelihood and impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is risk response?

A

Using TARA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is control activities?

A

Relates to policies and procedures that are in place to mitigate risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is information and communication?

A

Relates to the reporting arrangements within the organisations and with external parties - good communication to mitigate risk (detailed vs summary)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is monitoring?

A

Relates to the fact that internal controls need to be monitored for their efficiency and effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What following factors does COSO identify which constitute the control environment?

A
Corporate culture
Management style
Organisational structure
Risk appetite
Ethical values and philosophy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What should the objectives of an organisation support?

A

An organisation’s mission and should be consistent with risk appetite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

With regards to internal reporting, why is it important?

A

It is vital that it is communication to the staff in a way it is easy to understand and conveys their importance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

With regards to internal reporting, what impacts how staff implement controls?

A

Culture and overall control environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is vital for internal reporting?

A

Monitoring and feedback for recommendations and improvements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Name the first main element of the UK Turnbull report?

A

Board should maintain a sound system of internal control to safeguard shareholders’ investment and company’s assets

17
Q

Name the second main element of the UK Turnbull report?

A

The directors should at least annually conduct a review of the effectiveness of the group’s sound system of internal control and should report to the shareholders that they have done so

The review should cover all controls including:

  • Financial
  • Operational and compliance controls
  • Risk management

The board is NOT required to provide detailed information about the review and so is NOT required to provide shareholders with an assessment of its effectiveness

18
Q

What is the third main element of the UK Turnbull report?

A

Companies which do not have an internal audit function should from time to time review the need for one

19
Q

Name some circumstances when you would need an internal audit department?

A
  • Unexpected things are happening
  • Significantly larger than last year
  • More complex
  • Change
20
Q

What is Sarbanes Oxley?

A

Annual report of stock market companies to include a statement on internal control that includes an assessment of the effectiveness of the IC system and procedures for FR.

The IC report relates to financial controls only but it must provide an evaluation of those controls.

Any material weaknesses in financial controls must be disclosed.

21
Q

Describe SOX Section 302

A

CEO and CFO prepare a statement certifying the appropriateness of the FS

22
Q

Describe SOX Section 404

A

Annual report contains an IC report that:

  • States management’s responsibility for maintaining IC
  • Verifies director’s assertions
  • Includes as assessment of the effectiveness of IC

Auditors audit this (Attestation report)
Identify framework used to assess the internal controls (COSO)

23
Q

What is the acronym for control activities?

A

SOAPSPAM

24
Q

What is the breakdown of SOAPSPAM?

A
  • Segregation of duties
  • Organisation
  • Authorisation
  • Physical controls
  • Supervision
  • Personnel
  • Arithmetical/accounting
  • Management
25
Q

What is the acronym for limitations for internal controls?

A

Really Dark Hot Chocolate

26
Q

What is the breakdown of Really Dark Hot Chocolate?

A
  • Resource constraints
  • Designed for routine transactions
  • Human error
  • Circumvention