Coso Flashcards
(20 cards)
Organizational objectives primarily relate to which component of internal control?
Risk Management
New time clock with security controls will change what the least
errors in employees overtime computation
What is a general control for a computerized system
Restricting access to biometric devices
example of a detective control
Comparing data entry totals to batch control totals
example of a preventative control
access control software
General control rather than transactional control
Tech development policies and procedures
warehouse has new inventory line, which changes what types of controls
Control baseline and Change management
Reporting on your own controls monthly is what type of reporting
Self
The ERM of a more risk agressive entity demands
greater integration
what is not a risk of a strategy of a car rental company
The org has a well defined plan to achieve it’s mission, vision and core values
Assessing risk to determine which are most important
Performance
Risk management framework does not
decrease risk appetite
In a risk aware organization
The culture is closely linked to the strategies, objectives and business context
In ERM, ______ focuses on the development of strategy and goals while _____ focuses on the implementation of strategy and variation from plans.
risk appetite; tolerance
A heat map used as a part of assessing risks plots the___________________ on the vertical axis against the___________________ on the horizontal axis.
likelihood rating; impact ratings
An entity reviews its ERM practices. Which question is the organization least likely to investigate as a part of this review?
What is the relationship between our strategy and objectives?
Data from ______________ is typically structured, while data from ________ is typically unstructured.
staffing increases or decreases due to restructuring; email about decision making and performance
Key risk indicators are
Predictive and usually quantitative.
Riley, Ripley, and RudBack are builders of high-end (i.e., expensive) customized homes. They want to create a report on the risks that they face in their human resources function. Which level of reporting would be appropriate to this goal?
Risk profile view
Griswold Corp. is planning a data analytics program to manage the risk of vendor fraud in purchasing. Which of the following activities would occur last in this process?
Determine reporting procedures for vendor anomalies.
