Section VII: Internal Controls Flashcards
What are internal controls?
Mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud.
What are two things internal controls should take into account?
- Risk Assurance (confidence level of effectiveness of an orgs risk practices)
- Risk Tolerance (how much risk an org can bear)
What are the three levels of internal control?
- Entity Level Control
- Direct Control
- Management Control
What are four things Entity-Level Controls do?
- Protect Assets
- Ensure Legal & Regulatory Compliance
- Make Internal & External Reports Reliable
- Protect Shareholders & Shareholder Interests
What are three things Direct Controls do?
- Encourage Operational Efficiency
- Ensure Compliance with Policies & Procedures
- Promote Accurate Recordkeeping
What are the two Internal Controls?
- Detective
- Preventative
What are the two main types of Detective Controls?
- Reconciliations
- Safeguarding Assets
What are the three main types of Preventive Controls?
- Approval & Authorizations
- Segregation of Duties
- Safeguarding Assets
What three common conditions exist in every instance of fraud?
- Motivation
- Rationalization
- Opportunity
What did Sarbanes-Oxley Act (SOX) do in 2002?
Expanded to broaden the concept of “corporate governance” to include internal audits.
What did the Committee of Sponsoring Organizations (COSO) do in 1991?
Named risk assessment a vital element of controls, aligning internal controls with risk management.
What are the Three Lines of Defense? (hint: there are actually four)
- Evaluate, control, and mitigate risk.
- Monitor operational managers and support their activities.
- Internal audits reassure the board and senior management of the effectiveness of risk management efforts.
- While not strictly part of the Three Lines of Defense Model, some consider external auditors a “fourth line of defense”.
What are the eight internal control frameworks and standards?
- Basel Committee
- Canadian Institute of Chartered Accountants’ (CICA’s) Criteria of Control Framework (CoCo)
- Committee of Sponsoring Organizations (COSO)
- Institute for Internal Auditors (IIA)
- ISO 9000 Series
- ISO/IEC 2700 Series
- Standards for Internal Control in the United States Federal Government
- UK Corporate Governance Code
What is the Basel Committee?
Framework used for evaluation of internal control systems.
What guidance does the Basel Committee provide?
- Management oversight and the control culture
- Risk recognition and assessment
- Control Activities and Segregation of duties
- Information and Communication
- Monitoring activities and correcting deficiencies
What does the CICA do?
Similar to COSO, it addresses internal control and defines specific criteria for effective controls.
What are the four essential elements as groupings for CoCo?
- Purpose
- Commitment
- Capability
- Monitoring & Learning
What are the five essential components of internal control under the COSO Framework?
- Control Activities
- Control Environment
- Information and Communication
- Monitoring
- Risk Assessment
What are the three objectives of the COSO Framework?
- Compliance
- Operations
- Reporting
What is the COSO Cube include?
- Entity
- Division
- Operating Unit
- Functional Levels
What is the Institute for Internal Auditors (IIA) Standards?
A set of published standards ensuring auditors fulfill their responsibilities.
What is the ISO 9000 Series?
International Organization for Standardization. This standard is used internationally and focuses on quality management and regulatory compliance. Many corporate stockholders require ISO 9001 certification.
What is ISO/IEC 27000 Series?
The ISO and the International Electrochemical Commission (IEC) sets standards to help organizations maintain information and privacy security.
What are the Standards for Internal Control in the US Federal Government?
Similar to COSO, they provide framework to assess internal controls for governmental agencies.
What is the UK Corporate Governance Code?
This code regulates and defines how companies on the London Stock Exchange develop and implement standards for their board of directors.
What is Risk-Based Auditing?
A way of maximizing return on those limited internal audit resources by focusing on the areas presenting the greatest risk to the firm.
What are the three core principles of Risk-Based Auditing?
- Audit to Business Objectives
- Focus on Material Risks
- Identify Threats
A series of financial scandals in the 1990s led to the creation of what act?
Sarbanes-Oxley Act
What did SOX create for oversight?
Public Company Accounting Oversight Board (PCAOB)
What four tasks did SOX give PCAOB the authority to do related to financial reporting?
- Inspect Audits
- Register Accounting Firms
- Sanctions
- Standards of Auditing
What are the two standards of PCAOB?
- Auditing Standard No. 2 (AS 2) - establishes requirements and provides directions that apply when an auditor is engaged to audit a company’s financial statements and management’s assessments of the effectiveness of internal controls over financial reporting.
- Auditing Standard No. 5 (AS 5) - Revised guidance for external auditors and introduced risk-based rules that focus on appropriate internal and entity-level controls.
What are the four objectives of AS 5?
- Align scope of audit to match firm’s size and risk model
- Focus the internal controls audit on the most important aspects of the audit that present the highest risk.
- Simplify the standards of AS 2.
- Streamline the audit procedure to eliminate unnecessary actions.
What are the five distinct controls of AS 5?
- Incentives
- Management Estimates
- Party Transactions
- Period End Journal Entries
- Unusual Transactions
What are the five risk management/internal controls that are part of internal auditing collaboration?
- Risk Management
- Risk Management Policy
- Risk Managers
- Internal Auditors
- Internal Audits in Risk Management
What four areas can Auditors use emerging technology?
- Automate Functions
- Implement New Systems
- Identify Trends
- Evaluate Business Data in Real-Time
