Chapter 3

Question 1

What are internal control

Answer 1

is a process that specifically mitigates risk to the company financial information

Question 2

What can internal control do

Answer 2

Create quality info
Identify financial issue
Prevent fraud
Increase operating efficiency
Ensure compliance with laws and regulation
Lessen the risk of financial misstatement

Question 3

What are the function of Internal control

Answer 3

Prevent
Detect
Correct

Question 4

What are preventive Control

Answer 4

Precent problem from happening ex: Segregation of duties

Question 5

What are Detective control

Answer 5

alert the management to an issue once it has occurred. They identify problems like fraud, legal compliance and quality control

Question 6

What are corrective controls

Answer 6

these are the changes you makes after an undesirable outcome occur after the risk has occurred

Question 7

Explain management override

Answer 7

this is when the internal control dont work due to management not following the policy or procedure

Question 8

Explain the time based model of control

Answer 8

This measure the residual risk for technology attacks by comparing the relationship of the three control functions

Question 9

Whats the time base model of control formula

Answer 9

P>(D+C)

Question 10

What are three locations for controls

Answer 10

Physical control ( human actives )
IT General Control (
IT Application Control

Question 11

It general controls

Answer 11

Apply to the entire operation of the full systems and it environment ( emails, web browsers, time keeping software)

Question 12

What are the two methods of implementing control

Answer 12

Manual
automated

Question 13

Whats does implementing manual control requires

Answer 13

it requires human judgement or physical interaction .
Risk and error and manipulation

Question 14

What are automated control implementation

Answer 14

use technology to implement control activities. This increased reliability and consistency

Question 15

Continuous Monitoring technology are use for

Answer 15

create detective controls that use rules based programming to monitor the business data for red flags risk

Question 16

Whats are the three lines of defense

Answer 16

first = Business operation ( management)
second: Risk management and Compliance ( management)
Third : Internal audit)

Question 17

First line of defense role

Answer 17

Provision of products or services to client to managing risk

Question 18

Second line of defense role

Answer 18

Support monitor and challenge on risk related matter

Question 19

Third line of defense role

Answer 19

Independent and objectives assurance and advice on all matters related to achieve the objectives

Question 20

What is the maturity Model

Answer 20

This show how far the company is to achieving its ideal state by comparing the current one to a predetermine set of practices

Question 21

What are the four phase of Maturity model

Answer 21

Limited
Informal
Defined
Optimized

Question 22

Limited on the maturity Model means

Answer 22

the company is poorly defined and the employees have multiple ways to achieve the same outcomes.

Question 23

Informal process
reliance on key individual
Ad hoc controls

What maturity model phased these are

Answer 23

Phase 1 Limited

Question 24

Informal on the maturity model means

Answer 24

Some processes and controls are defined but the documentation , inconsistencies and reliance on key individual still exist

Question 25

Defined on the maturity model means

Answer 25

Policies,procedures and controls are formally document which creates a consistent environment where key employees are no longer relied on

Question 26

Optimized on the maturity model means

Answer 26

the gold standard in the process of maturity model

Question 27

Clearly defined controls
Formal documentation
Clearly defined process
No reliance on key individual

Whats phase on the maturity model is it

Answer 27

Phase 3 : Defined

Question 28

Top down approach, proactive approach
Internal audit provide strategic values
Clear communication

Whats phase on the maturity model is it

Answer 28

Phase 4 : Optimized

Question 29

Some defined processes
Lack of documentation
Primarily manual control
reliance on key individual

Whats phase on the maturity model is it

Answer 29

Phase 2 : Informal

Question 30

When doing an internal audit we must have

Answer 30

Assurance
Insight
Objectivity

Question 31

What is a framworks

Answer 31

publish a set of specification and criteria that defines a strategies to achieve a certain objectives. Like a set of instructions for business to follow . ex: road maps

Question 32

What is Sarbanes- Oxley Act ( SOX)

Answer 32

Is to protect investors from fraud and other risk by improving the reliability of financial statement

Question 33

What are the key part of COSO Frameworks

Answer 33

Control Objectives
Component and related principles
COSO Cube

Question 34

What are the control objectives

Answer 34

Operations
Reporting
Compliance

Question 35

what are the fives steps of Component

Answer 35

Control environment
risk assessment
Control activities
Information and communication
Monitoring