Chapter 6 - Introduction to Internal Control Systems and Risk Management
6 control activities
(1) a good audit trail (2) sound personnel and practices (3) separation of duties (4) physical promotion of assets (5) internal review of controls by internal audit system (6) timely performance reports
3 types of controls
(1) preventative (2) detective (3) corrective
The 4 objectives of the internal control system
(1) to safeguard assets (2) to check the accuracy and reliability of accounting data (3) to promote operational efficiency (4) to encourage adherence to prescribed managerial policies
The 5 Components of Internal Control
1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring
5 Components of Enterprise Risk Management
1. Risk governance and culture 2. Risk, strategy and objective-setting 3. Risk in execution 4. Risk information, communication, and reporting 5. Monitoring enterprise risk management and performance
2013 COSO Report
Added to Five Components of Internal Control - Improve governance - Use framework beyond financial reporting - Improve quality of risk assessment - Strengthen anti-fraud efforts - Adapt controls to changing business requirements
COSO
Committee of Sponsoring Organizations of the Treadway Commission
An internal system should consist of 5 components. Which of the following is not one of those five components? A). The control environment B). Risk assessment C). Monitoring D). Performance Evaluation
D. Performance Evaluation
Section 404 of SOX
Requires that company management document and assess the effectiveness of all internal control processes that can affect financial reporting. Company auditors express an opinion on whether management's assessment of the effectiveness of internal controls is fairly stated.
Control Activities
The policies and procedures that help ensure that management's directives are carried out.
Enterprise Risk Management (ERM)
a comprehensive risk management program that addresses the organization's pure, speculative, strategic, and operational risks
According to COSO 2013 it is clear that internal control is:
a process, is goal-oriented, is effected by people, can only provide reasonable assurance, and is applied at any and all levels of the enterprise
Which of the following is not one of the components of the 2017 COSCO Enterprise Risk Management: Aligning Risk with Strategy and Performance Framework: A). Risk and Compliance B). Risk, Strategy, and Objective-Setting C). Monitoring Enterprise Risk Management Performance D). Risk in Execution
a. Risk and Compliance
Which of the following would a manager most likely use to organize and evaluate corporate governance structure? A). The 2013 COSCO Internal Control - Integrated Framework B). The 2017 COSCO Enterprise Risk Management - Aligning Risk with Strategy and Performance Framework C). The Sarbanes-Oxley Act of 2002 D). COBIT
a. The 2013 COSCO Internal Control - Integrated Framework
This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization. A). internal control B). SAS No. 94 C). Risk assessment D). Monitoring
a. internal control
COSCO recommends that firms ____ to determine whether they should implement a specific control. A). use cost-benefit analysis B). conduct a risk assessment C). Consult with internal auditors D). identify objectives
a. use cost-benefit analysis
Which of the following is not one of the 3 additional components that was added in the 2004 COSCO Enterprise Risk Management - Integrated Framework? A). objective setting B). risk assessment C). event identification D). risk response
b. Risk Assessment
Which of the following would a manager most likely use for risk assessment across the organization? A). The 2013 COSCO Internal Control - Integrated Framework B). The 2017 COSCO Enterprise Risk Management - Aligning Risk with Strategy and Performance Framework C). The Sarbanes-Oxley Act of 2002 D). COBIT
b. The 2017 COSCO Enterprise Risk Management - Aligning Risk with Strategy and Performance Framework
Segregation of duties is a fundamental concept in an effective system of internal control. But, the internal auditor must be aware that this safeguard can be compromised through: A). lack of training of employees B). collusion among employees C). irregular employee reviews D). absence of internal auditing
b. collusion among employees
Which of the following is not one of the four objectives of an internal control system? A). safeguard assets B). promote firm profitability C). promote operational efficiency D). encourage employees to follow managerial policies
b. promote firm profitability
Section 404 affirms that management is responsible for establishing and maintaining an adequate internal control structure. This section may be found in which of the following? A). The 2013 COSCO Internal Control - Integrated Framework B). The 2017 COSCO Enterprise Risk Management - Aligning Risk with Strategy and Performance Framework C). The Sarbanes-Oxley Act of 2002 D). COBIT
c. The Sarbanes-Oxley Act of 2002
Which of these is not one of the three major types of controls? A). preventative B). corrective C). objective D). detective
c. objective
Which of the following forms of audit is most likely to involve a review of an entity's performance of specific activities in comparison to organizational specific objectives? A). information system audit B). financial audit C). operational audit D). compliance audit
c. operational audit
Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees? A). analysis, authorizing, transactions B). custody, monitoring, detecting C). recording, authorizing, custody D). analysis, recording, transactions
c. recording, authorizing, custody
Statement on Auditing Standards (SAS) No. 94
cautions external auditors that internal controls are both manual and automated
When management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in A). risk management B). information and communication C). monitoring D). the control environments
d. the control environments
1992 COSO Report
established a common definition of internal control and a standard to assess internal control systems so that they can be improved if needed
Internal Control System
system consisting of the policies and procedures managers use to: protect assets promote efficient operations ensure reliable accounting urge adherence to company policies.
Corporate Governance
the system of governing a company so that the interests of corporate owners and other stakeholders are protected
risk assessment
to identify the organizational risks, analyze their potential in terms of costs and likelihood of occurrence and implement only those controls whose projected benefits outweigh their costs