Internal Control Frameworks Flashcards
What are the 5 components of the COSO internal control framework?
•Control environment- tone at the top
•Risk assessment- identifying and managing risks
•Info & communication- allows employees to identify and exchange info regarding controls and ops
•Monitoring- monitoring data and the company’s systems
•Existing control activities- policies and procedures implemented to ensure actions are taken towards completing the co’s objectives
What are the 3 objectives of COSO for internal controls?
•Reporting- reliability, timeliness, transparency of internal/external financial and non financial reports set by regulators
•Operation- efficiency and effectiveness of operations; operational and financial performance goals, safeguarding assets against loss
•Compliance- adherence to laws and regulations applicable to the entity
What are the 6 limitations of internal control identified by COSO?
• Human judgment can be faulty/ subject to bias
•Breakdowns in internal control due to errors or human failure
•Management can override internal controls
•Management/other personnel can get around controls through collusion
• External events beyond the control of the entity
•Unrealistic objectives are set that the controls cannot fully address
What are the 5 principles within the control environment component of COSO?
•Commitment to ethics and integrity (E)
•Board independence from management and oversight of the performance of internal control (B)
•Organizational Structure- mgmt establishes structures, reporting lines and appropriate authorities/responsibilities in pursuit of objectives (O)
•Commitment to competence- the org demonstrates a commitment to attract, develop and retain competent individuals (C)
•Accountability- the org holds individuals accountable for their responsibilities in pursuit of objectives (A)
What are the 4 principles within the risk assessment component of COSO?
•the org Specifies objectives with sufficient clarity to enable the identification and assessment of risk relating to objectives (S)
•the org identifies and Assesses changes that could significantly impact the system of internal control (A)
•the org considers the potential for fraud in assessing risks (F)
•the org analyzes risks as a basis for determining how risks should be managed (R)
General requirements for effective internal control: All 5 components and 17 principles that are relevant must be ___ and ___.
Present- the components and relevant principles are included in the D&I of the internal control system.
Functioning- the components and relevant principles are operating as designed in the system.
All 5 components operate together as an integrated system to reduce risk that the objectives will not be met.
What term does the COSO framework use for ineffective internal control?
Major deficiency- a material internal control deficiency that significantly reduces the likelihood that an organization can achieve its objectives
What are the 4 common risks identified using the COSO framework?
*Material omission or misstatement (unintentional)
*Fraud (intentional misrepresentation)
*Management override (mgmt overrides controls for personal gain)
*Illegal acts (violations or gov regulations that could have a material impact on the FS) ex: bribes
