Chap 6 Internal Control Flashcards Preview

Internal Audit > Chap 6 Internal Control > Flashcards

Flashcards in Chap 6 Internal Control Deck (26):


The body of guiding principles that from a template against which organization can evaluate a multitude of business practices.



Internal Control of Financial Reporting



Committee of Sponsoring Organization of the Treedway Commission, a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance


Supplemental publications to COSO's Internal Control - Integrated Framework

- internal Control Over Financial Reporting -Guidance for Smaller Public Companies
- Guidance in Monitoring Internal Control Systems
- internal Control Over External Financial Reporting: a Compendium of Appeoaches and Examplea


The COSO, CoCo and Turnbull frameworks

Are used by an increasing number of organizations to evaluate the entire system of internal controls, not just internal controls over financial reporting


Internal Control (COSO's definition)

A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the ache comment of objectives relating to operations, reporting and compliance


The components of internal control

Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring Activities


Critical Success Factors

Success that much be accomplished for objectives to be achieved


Segregation of Duties

Diving control activities among different people to reduce the risk of error or inappropriate actions taken by any single individual


Actions Speak Louder Than Words

In addition to hardcopy, electronic and oral communication formats, management's actions powerfully communicate what is important to the organization


Deficiency (COSO's definition)

"A condition within an internal control system worthy of attention" that may represent a perceived potential, or a real short-coming, or opportunity to strengthen the internal control system to provide a greater likelihood that the entity's objectives will be achieved


Tone at the Top

The entity-wide attitude of integrity and control consciousness, as exhibited be the most senior executives of an organization


Reasonable Assurance

A level of assurance that is supported by generally accepted auditing procedures and judgements


Inherent Limitations if Internal Control

The confines that relate to the limits if the human judgement, resource constraints, and the need to consider the cost of controls in the relation to expected benefits, the reality that breakdowns can occur, and the possibility of collusion or management override


Inherent Risk

The combination I'd internal and external risk factors in there pure uncontrollable state, or the gross risk that exists assuming that there are no internal controls in place


Risk Appetite

The amount of risk, on a broad level, an organization is willing to accept in the pursuit of its business objectives.


Risk Tolerance

The acceptable levels of risk size and variation relative to the achievement of objectives, which must align with the organization's risk appetite


Controllable Risk

The portion of inherent risk that management can reduce through day-to-day operations and management activities


Residual Risk

The portion if the inherent risk that remains after management execute its risk responses (sometimes referred to as net risk)


Entry-Level Control

A control that operates across an entire entity and as such is not bond by or associated with individual processes.


Process-Level Control

An activity that operates within a specific process for the purpose of achieving process-level objectives


Transactional-level Control

An activity that reduces risk relative to a group or variety of operations-level tasks or transactions within an organization


Key Control

An activity designed to reduce risk associated with a critical business objective.


Secondary Control

an activity designed to either reduce the risk associated with business objectives that are not critical to the organizations survival or success or serve as a backup to a key control


Compensating Control

An activity that if key controls do not fully operate effectively, may help to reduce the related risk. A compensating control will not by itself reduce risk to an acceptable level



The U.S. Company Accounting Oversight Board