Flashcards in Internal Controls & IT General Controls 1 (Part 2) Deck (10):
Name the 5 elements under the "COSO Model of Internal Controls" (bottom up):
(1) Control Environment
(2) Risk Assessment
(3) Control Activities
(4) Information and Communication
Under the "COSO Model of Internal Controls", describe the "Control Environment" element:
- Set of control activities and policies that sets tone of org and provides foundation for the other 4 elements
Under the "COSO Model of Internal Controls", what factors are included in the "Control Environment" element?
- Enforcement of integrity and ethical
values (ethics / fraud policy)
- Employees' Competency
- Mgmt philosophy and style
- Assigning authority and responsibility
- Org structure
- Professional development of employees
- BoD involvement
Under the "COSO Model of Internal Controls", describe the "Risk Assessment" element:
- Set of activities and policies used to ID
and assess risks, significant enough to impair entity’s ability to achieve business goals or control objectives
Under the "COSO Model of Internal Controls", what factors are involved in the "Risk Assessment" element?
- Risk Assessment is fundamental to effective control activities, monitoring elements, and successful mitigation of risks, including IT-related risks.
- A critical element of the system of ICs
- Mgmt document risk assessment to ID, assess and manage (mitigate) risk
- 2 key roles of risk assessment are financial reporting risks and IT risks
Under the "COSO Model of Internal Controls", what factors are involved in the "Control Activities" element?
- Control activities should be integrated w/ Risk Assessment
- The risks ID'd in risk assessment are assigned controls where level of control is linked to level of risk (high-power control for high risk)
- Polices needed to ensure mgmt's guidelines for IC
- Controls subject to cost-benefit analysis
What is a "Control"?
- A control is a task or action that has the intent to mitigate a particular risk for the respective control objective
Under the "COSO Model of Internal Controls", "Control Activities" are generally what 2 categories?
(1) Physical Controls
- Include controls whose objective addresses independent verification, transaction authorization, segregation of duties, supervision, accounting records and audit trail, and physical access controls
(2) Computer Controls are subdivided to:
(a) General Controls
(b) Application Controls
Under the "COSO Model of Internal Controls", what factors are involved in the "Information and Communication" element?
- Involves timely ID'ing, recording and
communicating relevant info necessary for employees and stakeholders to carry out their responsibilities
- Include financial reporting systems and their ability to properly capture data, report info and assist mgmt in decision making and managing the business
- Includes both internal and external reporting parties