ch 6 to 8 Flashcards
(102 cards)
1
Q
Control exercised over business from outside by owners and other stakeholders
A
External control
2
Q
Control exercised within the business by management and overseen by the board. Includes control of activities that have been outsourced.
A
Internal control
3
Q
Father of management theory
A
Fayol
4
Q
Comprises a plan of organization and the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed management policies.
A
Internal control
5
Q
Plan of organization and the procedures and records that are concerned with the safeguards of assets and reliability of financial records
A
Accounting control
6
Q
Includes but is not limited to the plan of the organization and the procedures and records that are concerned with the decision processes leading to management’s authorization of transactions
A
Administrative control
7
Q
Broadly defined as a process, effected by the entity’s BOD, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.
A
Internal control
8
Q
Objectives of internal control
A
- Effectiveness and efficienccy of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
9
Q
Control depends on each of the functions of management. What are these functions?
A
- Planning
- Organizing
- Directing and leading
- Staffing
- Coordinating
10
Q
Operate control procedures and have valuable insights into where internal control is effective and how it might be improved.
A
Other personnel
11
Q
All aspects of all processes that give reasonable assurance of the achievement of all of the organizational objectives
A
Internal control
12
Q
Reasonable assurance
A
Much more than a sporting chance
13
Q
Responsible for the policies of the organization that impact upon internal control. Responsible to oversee that management has effective internal control.
A
Board
14
Q
Responsible to design, implement, monitor, and maintain effective systems of internal control.
A
Management
15
Q
Five essential components of internal control
A
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
16
Q
Includes the values, ethics, culture, and commitment of the organization and its members. Provides the setting necessary for effective internal control arrangements to be established and applied
A
Control environment
17
Q
Attitude and actions of the board and management regarding the significance of control within the organization. Provides the discipline and structure for the achievement of the primary objectives of the system of internal control.
A
Control environment
18
Q
Elements of control environment
A
- Integrity and ethical values
- Management’s philosophy and operating style
- Organizational structure
- Assignment of authority and responsibility
- Human resource policies and procedures
- Competence of personnel
19
Q
Identification of threats to the organization, their assessment or measurement, and deciding how they should be responded to
A
Risk assessment
20
Q
Reflect the required performance indicators applicable to each risk as a means of establishing the thresholds of tolerance
A
Objectives
21
Q
Objectives may be classified in a number of ways. What are some of the ways they may be classified?
A
- Operations objectives
- Financial reporting objectives
- Compliance objectives
22
Q
All procedures the organization operates which have a control purpose.
A
Control component
23
Q
What are the two dimensions to control activities?
A
- establishment of a policy which defines what has to be done to achieve the related business objective
- a procedure required which defines the processes necessary to meet policy requirements
24
Q
Lifeblood of the organization
A
Data
25
What are characteristics of good data or information?
* accurate
* complete
* secure
* authorized
26
To harness information efficiently, there needs to be a controlled balance between:
* data
* information
* analyses
* decisions
* actions
27
Provide the principal means of monitoring the effectiveness of internal control systems
Information systems
28
Responsible for monitoring the internal control system
The board
29
_______ should have defined responsibilities for ongoing or day-to-day monitoring of operations, financial performance, etc.
Line management
30
_________ has the potential to play a vital role in independently assessing the effectiveness of controls and reporting upon the same to the board
Internal audit function
31
Enumerate the 6 paradigms
Paradigm 1: COSO on Internal Control
Paradigm 2: Turnbull on Internal Control
Paradigm 3: Coco on Internal Control
Paradigm 4: A Systems/Cybernetics Model of Internal Control
Paradigm 5: Control by Division with Supervision
Paradigm 6: Control by Category
32
Closely similar to the COSO internal control framework but developed in much less detail. It has a greater emphasis on risk.
UK's Turnbull guidance
33
Less "mechanical" and more "behavioral" than the COSO internal control framework. Has advantages in application within organizations that are more participative and less hierarchical.
Internal control framework of the Canadian Institute of Chartered Accountants' Criteria of Control Board (CoCo)
34
Internal control components of CoCo
* Purpose
* Commitment
* Capability
* Monitoring and Learning
35
How does CoCo define its elements?
Purpose - "what to do" objectives to be achieved
Capability - " tools to do it" information, resources, supplies, and skills
Commitment - "wanting to do it" to perform the task well over time
Monitor - "are we doing it" performance and external environment
Learn - "are we doing it" how to do the task better and changes to be made
36
This paradigm views the organizational process as analogous to an air conditioning system. Control system is continuously interpreting information available to it.
A systems/cybernetics model of internal control
37
States that the control mechanism must be designed to accommodate the variety of what is to be controlled
Ashby's cybernetics law of requisite variety
38
Set of related elements with a purpose. Has three main elements: input, output, and process.
(Systems/Cybernetics)
System
39
Changes input into output
(Systems/Cybernetics)
Process
40
Parts of the elements that may change
(Systems/Cybernetics)
Variables
41
Part of the system within which functioning of the system takes place
(Systems/Cybernetics)
Boundary
42
Smaller system within a larger system
(Systems/Cybernetics)
Subsystem
43
What happens within a system
(Systems/Cybernetics)
Internal
44
Variable enters from outside the system boundary or exits to beyond the system boundary
(Systems/Cybernetics)
External
45
Takes place beyond the boundary
(Systems/Cybernetics)
Environment of a system
46
Requires a system to be more open to the environment in order to cope with rapid change
(Systems/Cybernetics)
Turbulent environment
47
Variable of system's behavior which is to be monitored and controlled
(Basic elements of a control system)
Control object
48
Part of the system which measures (or monitors) the control object
(Basic elements of a control system)
Detector
49
Standard against which the actual performance of the control object is compared
(Basic elements of a control system)
Reference point
50
Makes the comparison and assesses whether or not it is significant
(Basic elements of a control system)
Comparator (analyzer)
51
Takes the decision which is intended to restore actual performance to what is desired
(Basic elements of a control system)
Activator
52
Basic elements of a control system (System/Cybernetics)
1. **Control object** - temperature
2. **Detector** - temperature gauge on the thermostat
3. **Reference point** - 22 deg
4. **Comparator (analyzer)** - relative temperature sensor in thermostat
5. Activator - control switch in thermostat
53
Ensures that desired states are achieved
Control
54
The control part of the system invariably relies upon __________
Feedback
55
________ passes information forward to an activator which is then able to adjust processes which have not yet taken place in the light of the actual inputs which have been achieved rom earlier processes
Feedforward
56
System that does not have inputs or outputs from and to the system
Closed system
57
System subject to uncontrolled inputs
Open system
58
Controls that are automated
Programmed controls
59
More likely to be essential when it is necessary to control inputs and outputs to and from the system
Discretionary controls
60
One that can adapt in order to achieve desired states
"Corrective" system
61
Has the flexibility to modify its processes in response to changes in the environment
"Adaptive" system
62
Control responses that are entirely predictable being based on predetermined system rules and functioning with no regard to environmental changes
Corrective control systems
63
Take control steps in response to changes in the environment and can learn from their experience
Adaptive control systems
64
Model of internal control based on the premise that effective control may be achieved by means of an appropriate combination of various opportunities to "divide," together with supervision
Control by division with supervision
65
What are the divisions under Paradigm 5?
1. Division of Duties
2. Division of Fundamentally Incompatible Responsibilities
3. Division of Operations
4. Division of Staff
5. Division of Data
6. Division of Data Entry and Accounts Posting
7. Division of Authority
8. Division of Time
66
Ensure that two or more people work together on tasks where there is a risk of a lack of control
(Paradigm 5 Division)
Division of Duties
67
Control will be strengthened if authorization is required from someone who does not execute the task
(Paradigm 5 Division)
Division of Fundamentally Incompatible Responsibilities
68
Some activities conflict with each other if undertaken by the same person or group
(Paradigm 5 Division)
Division of operations
69
Be aware of control weaknesses that may arise when the effect of other divisions is negated because of personal relationships
(Paradigm 5 Division)
Division of staff
70
Modern IT databases mean that data is held once only on the IT databases, to be accessible to all users from different parts of the organization who need to access that data.
(Paradigm 5 Division)
Division of data
71
Consider whether control may be improved if bookkeeping activities are divided.
(Paradigm 5 Division)
Division of data entry and account postings
72
There are different ways in which authority to commit the organization can be allocated with varying degrees of control effectiveness
(Paradigm 5 Division)
Division of Authority
73
To complete a transaction promptly tends to speed up business cycle times and increase the volume of business while lowering costs.
(Paradigm 5 Division)
Division of time
74
A particular type of control may be appropriate in certain circumstance, and indeed more than one type of control may be needed to bear down effectively on a particular risk.
Paradigm 6: Control by category
75
What are the 7 categories of control?
1. Preventive
2. Pre-emptive
3. Directive
4. Performance
5. Detective
6. Corrective
7. Investigative
76
Designed to limit the possibility of an undesirable outcome being realized
Preventive control
77
Yes/No controls that require approval before processing can proceed
Pre-emptive control
78
Designed to ensure that a particular outcome is achieved
Directive control
79
Designed to orientate and motivate the organization's people to focus on the achievement of targets
Performance control
80
Post-action or post-event controls taking place after the other system's processes have been completed and detecting unwanted consequences that have already occurred
Detective control
81
Designed to correct undesirable outcomes which have occurred and have been detected
Corrective control
82
To try to understand how the undesirable outcome occurred
Investigative control
83
Foundation for all other components of internal control. Sets the tone of the organization.
Control environment
84
Enumerate the control environment factors.
1. Integrity, ethical values, and competence of entity's people
2. Philosophy and operating style
3. Way management assigns authority and responsibility and organizes and develops its people
4. Attention and direction provided by the BOD.
85
2 Control objectives for a review of the control environment
1. To ensure that management **conveys the message** that integrity, ethical values, and commitment to competence cannot be compromised, and that employees receive and understand that message
2. To ensure that management **continually demonstrates** by word and action, commitment to high ethical and competence standards.
86
Intentional, deceitful act for gain with concealment
Fraud
87
Theft by a person in a position of trust
Defalcation
88
Classifications of fraud
* management fraud
* employee fraud
* outsider fraud
* collusive fraud
89
Most effective antidote to fraud
Strong system of internal control in all its component parts.
Both fraud and accidental errors and losses share the characteristic of occurring in part due to breakdown in the system of internal control
90
What is the goal of SOX
Protect investors by improving accuracy and reliability of financial reporting and corporate disclosures.
Regulates corporate governance, risk management, auditing, and public company financial reporting with the goal of reducing accounting fraud and corporate corruption.
91
Who sponsored SOX?
* Senator Paul Sarbanes
* US Rep. Michael Oxley
92
Requires the management of US quoted companies to establish, maintain, assess and certify to an adequate internal control structure for financial reporting. Requires auditors to attest to and report on management assertions
Section 404 of SOX
93
Requires signing officers of a published report to certify inter alia that they have designed and evaluated internal controls over reporting.
Section 302 of SOX
94
Control deficiency that results in a more than remote likelihood of a misstatement of the company's annual or interim FS that is more than inconsequential will not be prevented or detected
Significant deficiency
95
Deficiency in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention
Significant deficiency
96
A significant deficiency that results in more than a remote likelihood that a material misstatement will not be prevented or detected
Material weakness
97
Deficiency in internal control over financial reporting that has a reasonable possibility that a material misstatement of the company's annual or interim FS will not be prevented or detected
Material weakness
98
Misstatement that is less than material yet important enough to merit attention
Significant misstatement
99
5 attributes of audit committee financial expert
1. Understanding of:
* GAAP and FS
* internal controls and procedures for financial reporting
* audit committee functions
2. Ability to assess general application of principles in connection with accounting for estimates, accruals, and reserves
3. Experience
* preparing, auditing, analyzing or evaluating FS
* actively supervising one or more persons engaged in such activities
100
To be considered independent, the member of the audit committee must not...
1. accept any consulting, advisory, or other compensatory fee
2. be an affiliated person
101
Prohibited non-audit services
1. bookkeeping
2. financial info systems design and implementation
3. appraisal/valuation
4. actuarial
5. internal audit outsourcing
6. management or HR functions
7. broker/dealer
8. legal services & expert services unrelated to audit
102
Assessing effectiveness of internal control
1. Ownership of IC
2. IC Framework
3. identify objectives
4. mission critical business processes
5. standardizing processes
6. learn & document key processes
7. identify key controls in key process
8. judge key control
9. design & document tests
10. conduct tests
11. interpret results of tests
12. interpret control significance of unwanted outcomes
13. conclude on effectiveness of IC
14. draw overall conclusions
