3- Risk Management & Internal Controls

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

a software that captures and records accounting business events

Application

ensures that the organization is operating in accordance with management's plan

Assurance

comprised of company's board of directors and outside board members with special qualifications in finance or accounting, objective is to oversee a company and internal audit has a direct line of communication with

Audit Commitee

COSO

Committee of Sponsoring Organizations of the Treadway Commission

internal control goals for adhering to laws and regulations

Compliance Objectives

Disclosure of instances of internal control not in compliance

External audit

Disclosure of significant internal control deficiencies

External audit

assess and identify risks and respond to risks at a portfolio-view level. Report results to key stakeholders

Performance

prevent problems from happening

Preventive Controls

-risk appetite -risk identifications -risk categorization -risk prioritization -heat maps

key course concepts risk assessment

Selects and develops control activities

related principles control activities

new publication with five interrelated components that highlight the importance of risk in creating strategies and driving a company's performance

Enterprise Risk Management Framework

Evaluates management's assessment of effectiveness of internal control and audit opinion of management's report

External audit

apply to the entire operation of the full system and its environment such as; all corporate applications, email, web browsers, time keeping software, benefits management systems, etc.

IT General Controls

a. Some defined processes b. Some defined controls c. Lack of documentation d. Primarily manual controls e. Inconsistencies f. Reliance on key individuals

Informal

continually obtain and share necessary information from both internal and external sources, flowing up, down, and across the company

Information Communication & Reporting

discovers improvements for policies, procedures, controls, and risk management

Insights

adds value to a business by providing assurance, insight, and objectivity to the company

Internal Audit

Defines internal control and gives criteria for developing, implementing, and monitoring and effective internal control system

Internal Control- Integrated Framework

controls-based approach to risk management that is widely accepted as the authoritative guidance on internal controls and SOX compliance

Internal Control- Integrated Framework

the process that specifically mitigates risks to the company's financial information

Internal Controls

An independent function of the company that has a unique reporting relationship in an organization

Internal audit

Included in annual financial statements

Internal control report

Includes assessment of effectiveness of internal control system

Internal control report

Management is responsible for implementing and maintain adequate internal controls

Internal control report

shows how far along a company is on its journey to reach the ideal state by comparing the current state to a predetermined set of best practices

Maturity Model

assesses the company through an independent consulting point of view

Objectivity

Framework required for:

1. Publicly traded companies in the U.S. and their subsidiaries 2. Foreign companies that are publicly traded and do business in the U.S. 3. Private companies planning their IPO to become a publicly traded company 4. Accounting firms performing audits of the above SOX regulated companies

when a control only applies to a specific application - including all the business processes and accounts that are linked to it

Application Controls

use technology to implement a control activity

Automated Controls

when two employees work together to circumvent controls

Collusion

Committed to fighting corporate fraud, is comprised of 5 private organizations that focus on providing guidance to executions and government entities on fraud prevention and response

Committee of Sponsoring Organizations of the Treadway Commission

Comprised of: American Accounting Association, American Institute of Certified Public Accountants, Institute of Internal Auditors, Institute of Management Accountants, and Financial Executives Institute

Committee of Sponsoring Organizations of the Treadway Commission

technology to create detective controls that use rules-based programming to monitor the business' data for red flags of risks

Continuous Monitoring

5 key steps to implementing an effective system of internal controls

Control Components

the three areas focused on achieving results

Control Objectives

the mechanisms, like rules, policies, or procedures, that make up the process of internal controls

Controls

change undesirable outcomes and occur after a risk has occurred

Corrective Controls

a. Clearly defined processes b. Clearly defined controls c. Formal documentation d. Mix of manual and automated controls e. No reliance on key individuals

Defined optimized

alert management to an issue once it has occurred

Detective Controls

effectiveness and efficiency of firm's daily functions, allocation of resources, operation and financial performance and prevention of losses

Operations Objectives

a. Enterprise-wide risk management b. Enterprise-wide control environment c. Top-down proactive approach d. Clearly defined processes e. Clearly defined controls f. Formal documentation g. Clear communication throughout organization h. More automated controls than manual controls i. Internal audit provides strategic value

Optimized

type of preventive control that lessens the risk of error and fraud by ensuring that different employees are responsible for the separate parts of a business activity of authorizing, recording, and having custody

Segregation/ Separation of Duties

measures the residual risk for technology attacks by comparing the relationship of the three control functions

Time-Based Model of Controls

comes with serious criminal penalties with fines up to $5 million and/or imprisonment up to 20 years

Violation of internal control requirements

presents a higher risk for management override of internal controls, which can have a significant impact on an organization's internal control efforts

a lax control environment

strategic planning process combines ERM, strategy, and objective setting to determine the risk appetite and align it with the business objectives

Strategy & Objective Setting

it is the most important component because it sets the overall tone for the organization

control environment

recall that companies should adopt risk-aware culture that starts with leadership setting an example, and entity-level risk activities

control environment

this is a foundation for other components, and includes the attitude of management concerning integrity and ethical behavior

control environment

to ensure the control environment is regularly assessed, SOX compliance requires a routine test of how internal controls are monitored and an annual control review by external auditors

control environment

-risk responses -internal controls

key course concepts control activities

-risk appetite -enterprise-wide risk management -business process maturity model -management override -SOX regulations

key course concepts control environment

-Quality information -Reporting -Data analytics -Internal audit -Management -Internal audit -Audit committee -Financial statements

key course concepts information and communication

-Management assessments -Internal audits -Audit committee reporting

key course concepts monitoring

is held responsible for financial reporting misstatements

management

management monitors business processes with detective controls and ensures that the controls are working appropriately

monitoring

this component is about assessing internal controls and determining whether changes should be made

monitoring

Deploys through policies and procedures

related principles control activities

Selects and develops general controls over technology (ITGCs)

related principles control activities

Demonstrates commitment to competence

related principles control environment

Demonstrates commitment to integrity and ethical values

related principles control environment

Enforces accountability

related principles control environment

Establishes structure, authority, and responsibility

related principles control environment

Exercises oversight responsibility

related principles control environment

Communicates externally

related principles information and communication

Communicates internally

related principles information and communication

Uses relevant information

related principles information and communication

Conducts ongoing and/or separate evaluations

related principles monitoring

Evaluates and communicates deficiencies

related principles monitoring

Assess fraud risk

related principles risk assessment

Identifies and analyzes risk

related principles risk assessment

Identifies and analyzes significant change

related principles risk assessment

Specifies suitable control objectivies

related principles risk assessment

means an auditor is removed from the business process and has no stake or influence over the outcome of the business processes that they are auditing

Independent

Accuracy and documentation of financial statements

CEOs & CFOS

Financial statements reviewed by management

CEOs & CFOS

Informing external auditors of significant internal control issues and fraud concerns

CEOs & CFOS

Internal control structure reports provided to the SEC

CEOs & CFOS

Communicated and enforced throughout company

Formal data security policies

Ensure protection of all financial data in use and stored

Formal data security policies

published set of specification and criteria that defines a strategy to achieve certain objectives

Framework

sets company's tone and establishes oversight responsibilities for ERM

Governance & Process

a. Informal process b. Ad hoc controls c. Localized efforts d. Reactive management e. Reliance on key f. Reliance on key individuals

Limited

Ownership and the responsibility of enforcing mitigating measures to prevent identified risk from occurring

Management - business operations

Aids the first line of defense by ensuring controls are designed to adequately address risk, then monitors to ensure fist line is complying with internal control requirements

Management - risk management and compliance

Identifying and assessing organizational risks

Management - risk management and compliance

is when internal control activities don't work because management is not following policy or procedure, like telling a direct report to ignore a specific control

Management Override

might sound antiquated, but they play a significant role because they are used when human judgement or physical interaction is required

Manual Controls

reporting of financial information internally and externally and non-financial information to provide relevant, faithfully represented, timeliness and reliable financial information

Reporting Objectives

review performance to consider how well ERM is functioning and identify necessary revisions

Review & Revision

protects investors from fraud and other risks by improving the reliability and accuracy of financial statements; focuses on the internal control structure of a company

Sarbanes- Oxley Act 2002

this component consists of the internal and external communications, including financial reports, policies, and procedures

information and communication

identifies the potential for fraud and any changes that could impact the functionality of the internal controls

risk assessment

this component requires management to continuously identify, categorize, and prioritize risk by looking at both internal and external risks to the company

risk assessment

When the tone at the top- leadership- is poor, the control environment

suffers


Kaugnay na mga set ng pag-aaral

Juvenile Delinquency: Chapters 13-15

View Set

5.2 APIPA and Alternate Addressing

View Set

IPAP 3-17 Pharm 2 Mod 1-1- Skeletal Muscle Relaxants

View Set

Chapter 27; Cardiovascular and Lymphatics

View Set

MN Chapter 28 The child with gastrointestinal condition

View Set

ResearchMethods in Psychology Exam 2

View Set

Chapter 5: Antigen Recognition by T Lymphocytes

View Set

Cells in Organisms quiz 3 review

View Set