Section 1 A pt 2 Flashcards
Risk Assessment
Specifies suitable ___
Identifies and analyzes ___
Assesses ___ risk
Identifies and analyzes significant ___
Objectives
Risk
Fraud
Change
Control Activities
Selected and develeop ___ activities
Select and develop ___ controls over ___
Deploy through ___ and ___
Control activities
General controls over technology
policies and procedures
Info & Communication
Use __ info
Communicate __ and ___
relevant
internally & externally
Monitoring
Evaluate and communicate __
deficiencies
A senior executive of an international organization who wishes to demonstrate the importance of the security of company information to all team members should:
visibly participate in a global information security campaign.
allocate additional budget resources for external audit services.
review and accept the information security risk assessments in a staff meeting.
refer to the organization’s U.S. human resources policies on privacy in a company newsletter.
visibly participate in a global information security campaign.
“All team members” refers to the entire international organization, which implies the executive would provide this message to all employees worldwide. The tone at the top is most clearly demonstrated by personal example set by senior executives. The other answer choices are good behaviors but they are not visible to the worldwide entity.
Which of the following is most useful when risk is being prioritized?
Low- and high-probability exposures
Low- and high-degree loss exposures
Expected value
Uncontrollable risks
Expected value
A company officer who is not a director is authorized to perform which of the following duties?
Enter into a contract with a vendor of computers for the company
Terminate the company’s external audit firm
Remove a director for failure to exercise reasonable supervision
Declare dividends to shareholders
Enter into a contract with a vendor of computers for the company
Duty of __. Directors and officers must act in good faith, with the care of a reasonable person in a similar position, and with reasonable belief their decisions are in best interest of the corporation.
Duty of \_\_: they must put the interests of shareholders and the corporation above their own interests.
Duty of ___. refers to the care a reasonable person should take before entering into an agreement or a transaction with another party; it is essentially a way of preventing unnecessary harm to either party involved in a transaction.
Care
Loyalty
Due diligence
According to COSO, what is the first ongoing monitoring step in evaluating the effectiveness of an internal control system?
Establishing a control baseline
Identifying changes in internal control that have taken place
Re-evaluating the design and implementation to establish a new baseline
Periodically revalidating operations where no known change has occurred
Establishing a control baseline
COSO stands for what?
he Committee of Sponsoring Organizations of the Treadway Commission (COSO)
According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in:
risks.
the law.
technology.
operating procedures.
risks
An internal audit manager requested information detailing the amount and type of training that the IT department’s staff received during the last year. According to COSO, the training records would provide documentation for which of the following principles?
Exercising oversight of the development and performance of internal control
Demonstrating a commitment to retain competent individuals in alignment with objectives
Developing general control activities over technology to support the achievement of objectives
Holding individuals responsible for their internal control responsibilities in the pursuit of objectives
Demonstrating a commitment to retain competent individuals in alignment with objectives
Ways to demonstrate commitment to competence
Promote employees based on \_\_
Training T/F
merit and performance.
True
Under COSO’s internal control framework, how many control principles are spread over the five major components?
20
10
17
5
How many COMPONENTS?
17 principles
5 components
Internal controls are likely to fail for any of the following reasons, except:
they are not designed and implemented properly at the outset.
they are designed and implemented properly as static controls, but the environment in which they operate changes.
they are designed and implemented properly, but their operation changes in some way.
they are designed and implemented properly, and their design changes as processes change.
they are designed and implemented properly, and their design changes as processes change.
member of the board of directors of Central Communications Co. is offered a license by a third party to operate a cellular phone system. The director does not present this offer to the board of directors for approval but informally mentions it to a fellow board member, who does not think it will be a problem. The director buys the license. Which of the following statements is correct regarding the director’s actions?
The director breached a duty of care by failing to use prudent business judgment.
The director breached the duty of due diligence.
The director breached a duty of loyalty by usurping a corporate opportunity.
The director acted properly in purchasing the license.
The director breached a duty of loyalty by usurping a corporate opportunity.
Internal controls are designed to provide reasonable (but not absolute) assurance that objectives are achieved and compliance to laws and regulations is obtained. Control objectives related to financial reporting, operational efficiency, and law and regulation compliance include all of the following except:
only transactions that are valid, authorized, and legal are processed.
only transactions that occurred within the period are recorded.
transactions are accurately recorded free of omissions, accounting categorization errors, and/or mathematical errors.
sufficient funds are on hand to meet current and long-term obligations.
sufficient funds are on hand to meet current and long-term obligations.a company that is highly centralized will have a more diverse ethical culture than a company that is decentralized.
Enforces Accountability? T/F
Formal Job Description
True
In respect to the roles and responsibilities within an internal control framework:
the goals of internal controls are to provide close to absolute assurance that the objectives of the company will be met.
the CEO of an organization is expected to allow his senior staff to set the ethical tone for the organization so as not to micromanage and stifle the organization.
since the board of directors do not devote themselves to the day-to-day operations, they have little influences on the internal control environment.
the internal and external auditors are responsible for the assessment of internal controls in relation to design, implementation, and effectiveness.
the internal and external auditors are responsible for the assessment of internal controls in relation to design, implementation, and effectiveness.
the internal and external auditors are responsible for the assessment of internal controls in relation to design, implementation, and effectiveness.
Change identification
Monitoring identifies changes in the environment or internal control system and the entity’s ability to manage those changes. To “identify and address changes” is part of change identification.
A written policy and procedure manual should contain:
a formal job description.
an employee training program.
corporation budgets.
proper business practices.
prop biz practice
Which of the following is not an internal control objective?
Reasonable (Standard methodologies are used to determine the value representative of transactions.)
Fund (Sufficient funds are on hand to meet current obligations.)
Recording accuracy (Transactions are mostly free of error.)
Supportability (The goods and services received and provided are recorded properly.)
Recording accuracy (Transactions are mostly free of error.)
Accurately recorded” is an objective of internal control but should be free of error, not “mostly free of error.”
A company’s internal controls are established to provide protection for the company’s assets as well as to detect fraud. An internal control allows for the firm’s resources to be all of the following except:
monitored.
designed.
properly used.
measured.
designed
Such a control will aid an organization in achieving specific goals and objectives. It is an internal control that allows for a firm’s resources to be properly:
used,
monitored, and
measured.
Within the COSO Internal Control—Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively?
Control environment
Risk assessment
Information and communication
Monitoring activities
monitor
According to COSO, an effective approach to monitoring internal control involves each of the following steps, except:
establishing a foundation for monitoring.
increasing the reliability of financial reporting and compliance with applicable laws and regulations.
designing and executing monitoring procedures that are prioritized based on risks to achieve organizational objectives.
assessing and reporting the results, including following up on corrective action where necessary.
increasing the reliability of financial reporting and compliance with applicable laws and regulations.
nternal auditors play a role in an entity’s internal control through all of the following methods except:
implementing control activities.
evaluating the effectiveness of controls.
promoting continuous improvement.
evaluating the efficiency of controls.
implementing control activities.
periodic reviews and analyses of actual results versus benchmarks such as organizational goals or plans, metrics, and other key performance indicators
what is this
top level review
According to COSO, which of the following activities provides an example of a top-level review as a control activity?
Computers owned by the entity are secured and periodically compared with amounts shown in the records.
A comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved.
Reconciliations are made of daily wire transfers with positions reported centrally.
Verification of status on a medical claim determines whether the charge is appropriate for the policyholder.
A comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved.
Under COSO, which of the following principles falls under monitoring?
Evaluates and communicates deficiencies
Establishes structure, authority and responsibility
Specifies suitable objectives
Deploys through policies and procedures
Evaluates and communicates deficiencies
