Flashcards in Internal Control Deck (8):
What is Internal Control?
Internal control is a process , effected by an entity's board of directors , management, and other personnel , designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
Describe the Component 1 of Integrated Framework Components, the Control Environment.
Component 1: Control Environment - The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the topregarding the importance of internal control and expected standards of conduct. The five principles relating to the control environment are:
(1) The organization demonstrates a commitment to integrity and ethical values
(2) The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control
(3) Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives
(4) The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
(5) The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives
Describe the Component 2 of Integrated Framework Components, Risk Assessment.
Component 2: Risk Assessment
Risk assessment is a dynamicand iterative process for identifying and analyzing risks to achieving the entity’s objectives.
Risks are assessed according to their probability and impact.
Describe the Component 3 of Integrated Framework Components, Control Activities.
Control activities are actions established by policies and procedures to help ensure that management directives to mitigate risks to the achievement of objectives are carried out.
For effective control activities formal and informal measures are relevant:
(1) Formal: laws, regulations, process descriptions, organizational structures, separation of functions, financial controls.
(2) Informal: knowledge, trust, high ethical standards, openness and transparency
Which are the types of control?
(1) Directive Controls - support the achievement of objectives
(2) Preventive Controls - Prevent non-beneficial behavior or events
(3) Detective Controls - are designed to detect misstatements or omissions as soon as possible
(4) Corrective Controls - are designed to re-align the actual state with the target state.
Describe the Component 4 of Integrated Framework Components, Information and Communication.
Information and communication are necessary for the entity to carry out internal control responsibilities in support of achievement of its objectives.
Communication should be effected in an adequate manner so that every member of the organization understands his or her role with respect to internal control and its implications.
Describe the Component 5 of Integrated Framework Components, Monitoring.
Internal control processes change in the course of time due to different factors such as fluctuation of personnel or resource restrictions.
The monitoring of internal control ensures that the control measures stay effective under changing conditions.
(1) Ongoing evaluations (dependent on the process)
and / or
(2) Separate evaluations (independent from the process)
In case of deviances corrective measures must be taken.