BEC_MISC1 Flashcards
What is the main purpose of COSO’s Internal Control Framework?
Assist organizations in DEVELOPING COMPREHENSIVE ASSESSMENTS OF INTERNAL CONTROL.
What does the INFORMATION AND COMMUNIATION component of IC entail?
FACT
Fair, Accurate, Complete, Timely
What principles govern the CONTROL ENVIRONMENT
EBOCA
- Commitment to Ethical values and Integrity
- Board independence and oversight
- Organizational structure
- CommitmenttoCompetence
- Accountability
What principles govern RISK ASSESSMENT?
SAFR
Specify Objectives
Consider the potential of _F_raud
Identify and Asses changes
Identify and analyze Risks
What principles govern INFORMATION AND COMMUNICATION?
OIE
OBTAIN and use information
INTERNALLY communicate information
Communicate with EXTERNAL parties
What principles govern MONITORING ACTIVITIES?
SO D
ONGOINGand/orSEPARATE Evaluations
Communication of DEFICIENCIES
What principles govern (EXISTING) Control Activities?
CA T P
- Select and Develop CONTROLACTIVITIES
- Select and Develop TECHNOLOGY CONTROLS
- Deploy through POLICIESandPROCEDURES
What are PRESENT and FUNCTIONING of effective IC mean?
PRESENT (DESIGN): Relevant IC controls are INCLUDED IN THE DESIGN
FUNCTIONING (Operating Effectively): Demonstrates that the commponents and relevant principles are OPERATING AS DESIGNED
What does an INEFFECTIVE INTERNAL CONTROL mean according to COSO?
“MAJOR DEFICIENCY”
This means a significant deficiency that REDUCES THE LIKELIHOOD** THAT AN ORGANIZATION **CAN ACHIEVE ITS OBJECTIVES
How could management add value to a company?
CPER
- Creation
- Preservation
- Erosion
- Realization
How does VALUE-REALIZATION for a company takes place?
Value is realized when benefits created by the organization are distributed to the shareholders (e.g. dividend payment).
When an organization responses to risk by disposing a business unit, product line, or geographical segment, what type of risk response is that?
RISK AVOIDANCE
When a business buys insurance against losses or enter a joint venture to address risk, what type of risk response is that?
RISK SHARING
When a firm responses to risk by diversifying product offering, rather than eliminating the product, what type of risk response is that?
RISK REDUCTION
According to COSO ERM framework, RISK ASSESSMENT includes what types of risks?
- Inherent Risk
- Target Residual Risks
- Actual Residual Risks
How does a firm SHARE RISK?
Involving an outside party (e.g. insurance company) to share some risk burden.