P1.E.1 Governance, Risk & Compliance Flashcards
Types of Internal Controls
P1.E.1 Governance, Risk & Compliance
- Preventative
- Detective
- Corrective
- Directive
- Compensating
Components of Internal Control (COSO)
P1.E.1 Governance, Risk & Compliance
- Control Environment: Management’s philosophy and tolerance for risk (sets the tone).
- Risk Assessment: Assessing and classifying risks as either inherent or residual.
- Control Activities: Policies and procedures to handle risks.
- Information & Communication: Clearly identifying and communicating relevant information.
- Monitoring Activities: Monitoring and modifying controls as necessary.
Hierarchy of Corporate Governance
P1.E.1 Governance, Risk & Compliance
- Articles of Incorporation
- Corporate Bylaws
- Policies & Procedures
Acceptable Audit Risk
P1.E.1 Governance, Risk & Compliance
- Inherent risk: material error, omission or misstatement, given there are no related controls in place.
- Control risk: material misstatement due to failure in internal controls to either prevent or detect error.
- Detection risk: inversely related to risk of material misstatement (comprised of inherent & control risk)
Audit Risk = Inherent risk (IR) x Control risk (CR) x Detection risk (DR)
Audit Opinions
P1.E.1 Governance, Risk & Compliance
- Unmodified Audit Opinion (Standard Unqualified): fairly presented and conforms with GAAP
- Qualified: prepared in accordance to GAAP with exception of particular account or assertion.
- Adverse: material misstatement of FS.
- Disclaimer: unable to complete testing due to limited scope.
Expected Loss Formula
P1.E.1 Governance, Risk & Compliance
= P(E) x P(F) x amount of loss
P(E) = probability of event occurring P(F) = probability of control failure
Internal Control Objectives
P1.E.1 Governance, Risk & Compliance
- Effective and efficient operations
- Safeguarding of Assets
- Reliable reporting
- Compliance with Laws and Regulations
Preventative Control Objective
P1.E.1 Governance, Risk & Compliance
To keep errors or irregularities from happening.
Example: segregation of duties, requiring passwords, drug testing, etc.
Detective Control Objective
P1.E.1 Governance, Risk & Compliance
Attempts to find errors after they occur and help identify wrongdoings.
Example: reconcilements, inventory counts, variance analysis, peer reviews, etc.
Corrective Control Objective
P1.E.1 Governance, Risk & Compliance
To correct errors uncovered by detective controls.
Example: training programs and disciplinary actions.
Directive Control Objective
P1.E.1 Governance, Risk & Compliance
Helps steer positive results.
Example: policy and procedures.
Compensating Control Objective
P1.E.1 Governance, Risk & Compliance
Helps mitigate lapses and shortcomings in control framework.
Example: having multiple people physically count cash, auditor counting inventory, etc.
SOX
P1.E.1 Governance, Risk & Compliance
201: service outside of scope of practice of auditors
203: audit partner rotation
204: audit partner report to audit committee in a timely manner
302: corporate responsibility for financial reports
404: management assessment of internal controls
407: financial expert
PCAOB
P1.E.1 Governance, Risk & Compliance
Established by SOX
- Auditors must evaluate internal control of financial reporting.
- Top-down, risk assessment approach.
- Auditor uses same control framework as management to evaluate internal controls.
Foreign Corrupt Practice Act (FCPA)
P1.E.1 Governance, Risk & Compliance
To discourage American organizations from paying bribes to foreign governments.
- Anti-bribery provisions
- Accounting transparency provisions
Compliance program:
- Document of corps existing internal accounting controls
- Cost/benefit analysis of controls & risks that are being minimized
- System of quality checks to evaluate internal accounting control system
