Section VII: Internal Controls Flashcards
What are internal controls?
Mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud.
What are two things internal controls should take into account?
- Risk Assurance (confidence level of effectiveness of an orgs risk practices)
- Risk Tolerance (how much risk an org can bear)
What are the three levels of internal control?
- Entity Level Control
- Direct Control
- Management Control
What are four things Entity-Level Controls do?
- Protect Assets
- Ensure Legal & Regulatory Compliance
- Make Internal & External Reports Reliable
- Protect Shareholders & Shareholder Interests
What are three things Direct Controls do?
- Encourage Operational Efficiency
- Ensure Compliance with Policies & Procedures
- Promote Accurate Recordkeeping
What are the two Internal Controls?
- Detective
- Preventative
What are the two main types of Detective Controls?
- Reconciliations
- Safeguarding Assets
What are the three main types of Preventive Controls?
- Approval & Authorizations
- Segregation of Duties
- Safeguarding Assets
What three common conditions exist in every instance of fraud?
- Motivation
- Rationalization
- Opportunity
What did Sarbanes-Oxley Act (SOX) do in 2002?
Expanded to broaden the concept of “corporate governance” to include internal audits.
What did the Committee of Sponsoring Organizations (COSO) do in 1991?
Named risk assessment a vital element of controls, aligning internal controls with risk management.
What are the Three Lines of Defense? (hint: there are actually four)
- Evaluate, control, and mitigate risk.
- Monitor operational managers and support their activities.
- Internal audits reassure the board and senior management of the effectiveness of risk management efforts.
- While not strictly part of the Three Lines of Defense Model, some consider external auditors a “fourth line of defense”.
What are the eight internal control frameworks and standards?
- Basel Committee
- Canadian Institute of Chartered Accountants’ (CICA’s) Criteria of Control Framework (CoCo)
- Committee of Sponsoring Organizations (COSO)
- Institute for Internal Auditors (IIA)
- ISO 9000 Series
- ISO/IEC 2700 Series
- Standards for Internal Control in the United States Federal Government
- UK Corporate Governance Code
What is the Basel Committee?
Framework used for evaluation of internal control systems.
What guidance does the Basel Committee provide?
- Management oversight and the control culture
- Risk recognition and assessment
- Control Activities and Segregation of duties
- Information and Communication
- Monitoring activities and correcting deficiencies
What does the CICA do?
Similar to COSO, it addresses internal control and defines specific criteria for effective controls.
What are the four essential elements as groupings for CoCo?
- Purpose
- Commitment
- Capability
- Monitoring & Learning
What are the five essential components of internal control under the COSO Framework?
- Control Activities
- Control Environment
- Information and Communication
- Monitoring
- Risk Assessment
What are the three objectives of the COSO Framework?
- Compliance
- Operations
- Reporting
What is the COSO Cube include?
- Entity
- Division
- Operating Unit
- Functional Levels
What is the Institute for Internal Auditors (IIA) Standards?
A set of published standards ensuring auditors fulfill their responsibilities.
What is the ISO 9000 Series?
International Organization for Standardization. This standard is used internationally and focuses on quality management and regulatory compliance. Many corporate stockholders require ISO 9001 certification.
What is ISO/IEC 27000 Series?
The ISO and the International Electrochemical Commission (IEC) sets standards to help organizations maintain information and privacy security.
What are the Standards for Internal Control in the US Federal Government?
Similar to COSO, they provide framework to assess internal controls for governmental agencies.