Study Unit 4 - Control Frameworks & Fraud

Question 1

COSO’s 3 Control Objectives

Answer 1

1. Effectiveness & Eficiency of Operations
2. Reliability of Financial Reporting
3. Compliance w/ laws & regs.

(Everything Really Counts)

Question 2

COSO 5 Internal Control (IC) Components

Answer 2

1. Control Activities (policies & procedures)
2. Risk Assmt (basis of risk management)
3. Info & Communication (timing is key)
4. Monitoring (assess performance of IC)
5. Control Environment (Tone from the top)

(CRIME)

Question 3

CoCo 4 Components

Answer 3

1. Purpose
2. Commitment
3. Capability
4. Monitoring & Learning

(Police Can Catch Many Lawbreakers)

Question 4

COBIT 5 Key Principles

Answer 4

1. Meeting Stakeholder Needs
2. Covering the Enterprise End-to-End
3. Applying a Single, Integrated Framework
4. Enabling a Holistic Aproach
5. Separating Governance from Mgmt.

Question 5

eSAC model processes for inputs & outputs

Answer 5

• Inputs:
  
  • Mission
  • Values
  • Strategies
  • Objectives
• Outputs:
  
  • Results
  • Reputation
  • Learning

Question 6

eSAC 4 control objectives

Answer 6

1. Efectiveness & Eficiency of Ops
2. Reporting of Financial & Management info.
3. Compliance w/ laws & regs
4. Safeguarding of Assets

(Similar to COSO, ERCs)

Question 7

eSAC Business Assurance objectives

Answer 7

1. Avaliability (of info)
2. Capability (bring to completion)
3. Functionality (to achieve objectives)
4. Protectability (safeguarding of assets)
5. Accountability (principles)

(A Court Finds People Accountable)

Question 8

COSO Enterprise Risk Mmanagement (ERM) Framework 8 Components

Answer 8

1. Control Environment
2. Obj. Setting (align with mission, risk aptte)
3. Event identification (Opportunity & Risk)
4. Risk assessment (Likelihood & Impact)
5. Risk Response (consistent w/ appetite)
6. Control Activities (Policies & Procedures)
7. Information & Communication
8. Monitoring (evaluating performance)

Question 9

5 Risk Response Strategies

Answer 9

1. Avoidance
2. Retention (Acceptance)
3. Reduction (Mitigation)
4. Sharing (transfer of loss to another party)
5. Exploitation (Risk for reward)

Question 10

Terminology of Fraud Indicators (Symptoms)

Answer 10

1. Document Symptom (tampering with info)
2. Pressure (Personal or Organizational)
3. Opportunity
4. Lifestyle Symptom
5. Rationalization (justfication for actions)
6. Behavioral Symptom

Question 11

10 Fraud Indicators

Answer 11

1. No employee rotation
2. No SoD
3. No definitions of responsibility
4. Unrealistic goals
5. No vacation taken
6. Not following controls
7. High profits in downturn
8. High turnover of supervisors
9. Unjustified use of sole-source suppliers
10. Sales out of proportion from COGS