3 Governance, Risk Management, and Control (30%) Flashcards
8 areas (20 cards)
1
Describe the concept of organizational governance
Governance
May include but is not limited to:
a. Describe the roles of the board, senior management, the internal audit
function, and other assurance providers
- Govenance Principles
🔍 Concept of Organizational Governance (Page 2)
📌 Quote from CU6 page 2:
“Governance is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward achievement of its objectives.”
🧠 Explanation:
Organizational governance is the system of direction and control used to ensure an organization achieves its goals responsibly, ethically, and effectively.
👥 Roles Explained (Pages 3–6)
🧠 1. The Board
📌 From page 3–4:
Establishes and maintains governance structures.
Ensures management acts in the best interests of stakeholders.
Provides oversight and strategic direction.
Discusses with CAE to define internal audit’s authority and responsibilities.
Approves the internal audit charter and plan.
🧠 Simplified:
The board acts as governance leader and supervisor. It oversees management, approves policies, and supports internal audit’s independence.
🏢 2. Senior Management
📌 From page 4:
Implements strategies, policies, and controls.
Manages operations daily.
Establishes internal control systems.
Ensures ethical culture and compliance.
🧠 Simplified:
Senior management runs the organization day-to-day, manages risks, and sets the ethical tone.
🕵️♀️ 3. Internal Audit Function
📌 From page 5–6:
Evaluates and improves governance, risk management, and controls.
Reports independently to the board.
Brings a systematic and disciplined approach.
Provides assurance, advice, insight, and foresight.
🧠 Simplified:
Internal audit checks whether things are working properly and reports issues independently. It gives advice to improve operations and risk controls.
🤝 4. Other Assurance Providers
📌 From page 6:
Include compliance, risk management, legal, IT, external auditors.
Support governance by providing specialized assurance.
Internal audit coordinates with them to avoid overlap.
🧠 Simplified:
Other assurance providers help by checking specific areas (like law, compliance, or IT) and work alongside internal audit.
✅ Answer in One Sentence:
Organizational governance refers to the system by which the board guides and monitors the organization. The board oversees governance, senior management executes strategies and controls, internal audit provides independent assurance, and other assurance providers offer support in specialized areas.
1
Describe the concept of organizational governance
May include but is not limited to:
b. Recognize governance frameworks, principles, and models
2
Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls
Governance
May include but is not limited to:
a. Define organizational culture and the control environment
2
Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls
May include but is not limited to:
b. Define engagement risks and controls
2
Recognize the impact of organizational culture on the overall control environment and individual engagement risks and controls
May include but is not limited to:
c. Recognize the impact of the organization’s decision-making processes on the organization’s governance, risk management, and control processes
3
Recognize ethical and compliance-related issues
May include but is not limited to:
a. Identify ethical, legal, and compliance requirements applicable to an organization
3
Recognize ethical and compliance-related issues
May include but is not limited to:
b. Recognize the internal auditor’s role in an organization’s ethical framework
4
Interpret fundamental concepts of risk type
May include but is not limited to:
a. Differentiate between the following types of risk: strategic, operational, financial, compliance, reputational, and environmental, sustainability and social responsibility
4
Interpret fundamental concepts of risk type
May include but is not limited to:
b. Compare and contrast inherent and residual risks
5
Interpret fundamental concepts of the risk management process
May include but is not limited to:
a. Define risk management
5
Interpret fundamental concepts of the risk management process
May include but is not limited to:
b. Recognize an organization’s risk appetite and risk tolerance
5
Interpret fundamental concepts of the risk management process
May include but is not limited to:
c. Assess the elements of the risk management cycle
5
Interpret fundamental concepts of the risk management process
May include but is not limited to:
d. Evaluate an organization’s responses to identified risks
6
Describe risk management within organizational processes and functions
May include but is not limited to:
a. Evaluate the design and effectiveness of risk management processes
6
Describe risk management within organizational processes and functions
May include but is not limited to:
b. Describe the purpose and benefit of using a risk management framework
7
Interpret internal control concepts and types of controls
May include but is not limited to:
a. Describe the purpose of internal controls
7
Interpret internal control concepts and types of controls
May include but is not limited to:
b. Describe and evaluate types of internal controls, such as preventive, detective, and corrective
7
Interpret internal control concepts and types of controls
May include but is not limited to:
c. Recommend appropriate controls to mitigate risks
8
Recognize the importance of the design, effectiveness, and efficiency of internal controls (financial and nonfinancial)
May include but is not limited to:
a. Review the design and effectiveness of internal controls
8
Recognize the importance of the design, effectiveness, and efficiency of internal controls (financial and nonfinancial)
May include but is not limited to:
b. Describe the purpose and benefit of using an internal control framework.
