Deck 2 Flashcards
COSO Internal Control Framework + Audit Risk (26 cards)
the integrated framework is built on a _____ BASED approach that allows mgmt to use judgment and flexibility in applying internal controls, NOT rules based
PRINCIPLES BASED
What component do these principles relate to?
*commitment to competence
*accountability
*organizational structure
*Communication and enforcement of integrity and ethical values
*Participation of those charged with governance
*Management’s philosophy and operating style (mgmt’s approach toward business risks)
*Assignment of authority, responsibility, and accountability
*Human resource policies and practices
CONTROL ENVIRONMENT
What component do these principles relate to?
*specifying objectives
*identify/analyze risks
*consider fraud and control changes
*identify and assess the effect of entity changes on internal controls
*corporate restructuring
RISK ASSESSMENT
What component do these principles relate to?
*deployment of policies and procedures (ex: segregation of duties, mgmt directives are carried out)
*selection and development of controls around IT
*Authorization of transactions
*pre-numbering of documents
*operating performance reviews
DAY TO DAY ACTIVITIES
(EXISTING) CONTROL ACTIVITIES
What component do these principles relate to? (OIE)
*Obtaining and using information
*Internal and External communication
INFORMATION AND COMMUNICATION
What component do these principles relate to?
*evaluation of communications from external parties such as customers, regulatory agencies, and external auditors
*communication of deficiencies
*ongoing or separate evaluations (oversight, reviews, inspections - mgmt oversight of the effectiveness of internal control)
*comparing information from various sources with the company
*investigating variances and their causes between expected and actual results
*Periodically comparing and updating the mission vision and values of a not-for-profit
*internal audit function
MONITORING
________ is the process that assesses the quality of control of performance over time and to take any necessary corrective actions
MONITORING
___________ are the policies and procedures that help ensure that mgmt directives are carried out and that necessary steps to address risks are taken
(EXISTING) CONTROL ACTIVITIES
analyzing new information systems and processing of entity transactions is a part of the understanding of ______________
INFORMATION AND COMMUNICATION
_______risk is designed to identify risks before they occur INTERNALLY; Risk that company’s internal rules don’t stop mistakes/fraud
(PREVENTATIVE)
CONTROL RISK
______ risk is the risk that the AUDITOR’S procedures will lead to a conclusion that a material error does not exist when the error DOES exist; Risk that auditor doesn’t catch mistakes/fraud. risk that the auditor will not detect a material misstatement
DETECTION RISK
_____ manages all types of risk to help achieve strategic goals (high-level goals); considers strategic, operational, financials, reputational risk
*______ ensures effective internal controls to support operations. focuses on process-level and compliance risks (includes ORC, CRIME)
They are both under COSO
ENTERPRISE RISK MGMT (ERM); INTERNAL CONTROL - INTEGRATED FRAMEWORK
the internal audit function is part of _______
MONITORING
Recording the proper monetary value of transactions is part of ____________
INFORMATION AND COMMUNICATION
(T/F) the 5 professional associations are part of the Committee on Sponsoring Organizations (COSO):
*Institute of Management Accountants (IMA)
*Institute of Internal Auditors (IIA)
American Institute of Certified Public Accountants (AICPA)
* Financial Executives Institute (FEI)
*American Accounting Association (AAA).
TRUE
The three categories of objectives (operations, reporting, and compliance) are shown as ________. The five components (control environment, risk assessment, control activities, information and communication, and monitoring activities) are shown as ______.
COLUMNS; ROWS
The function of a ________ access control is to separate unauthorized individuals from computer resources
PHYSICAL
_____ risk refers to the likelihood that a material misstatement could occur in a F/S due to the NATURE of the business or its environment WITHOUT considering internal controls
INHERENT RISK
inherent risk and control risk differ from detection risk because they exist ______ of the audit / detection risk is related to the auditor’s procedures and can be changed at the auditor’s sole discretion, has inverse relationship to RMM (inherent and control risk)
INDEPENDENTLY
as the acceptable level of detection risk increases, the assurance that must be provided by substantive tests can _____. the auditor may reduce sample size
DECREASE
Audit procedures that provide ___ (more or less) assurance increase detection risk, which is the risk that the auditor will not detect a material misstatement that exists. ex: confirming A/R before year-end would likely increase detection risk
LESS
Audit Risk Formula is:
DR = ?
AR / RMM (inherent risk x control risk)
tests of ____ are used to assess the level of CONTROL risk. These are procedures performed to evaluate the effectiveness of an organization’s internal controls.
TESTS OF CONTROLS
tests of ____ involve examining specific transactions or account balances to gather evidence about their accuracy by verifying invoices, checking account balances, confirming transactions with third parties.
TESTS OF DETAILS
