Internal Controls & IT General Controls 1 (Part 2) Flashcards Preview

CITP > Internal Controls & IT General Controls 1 (Part 2) > Flashcards

Flashcards in Internal Controls & IT General Controls 1 (Part 2) Deck (10):
1

Name the 5 elements under the "COSO Model of Internal Controls" (bottom up):

ERAIM

(1) Control Environment
(2) Risk Assessment
(3) Control Activities
(4) Information and Communication
(5) Monitoring

2

Under the "COSO Model of Internal Controls", describe the "Control Environment" element:

- Set of control activities and policies that sets tone of org and provides foundation for the other 4 elements

3

Under the "COSO Model of Internal Controls", what factors are included in the "Control Environment" element?

- Communication
- Enforcement of integrity and ethical
values (ethics / fraud policy)
- Employees' Competency
- Mgmt philosophy and style
- Assigning authority and responsibility
- Org structure
- Professional development of employees
- BoD involvement

4

Under the "COSO Model of Internal Controls", describe the "Risk Assessment" element:

- Set of activities and policies used to ID
and assess risks, significant enough to impair entity’s ability to achieve business goals or control objectives

5

Under the "COSO Model of Internal Controls", what factors are involved in the "Risk Assessment" element?

- Risk Assessment is fundamental to effective control activities, monitoring elements, and successful mitigation of risks, including IT-related risks.
- A critical element of the system of ICs
- Mgmt document risk assessment to ID, assess and manage (mitigate) risk
- 2 key roles of risk assessment are financial reporting risks and IT risks

6

Under the "COSO Model of Internal Controls", what factors are involved in the "Control Activities" element?

- Control activities should be integrated w/ Risk Assessment
- The risks ID'd in risk assessment are assigned controls where level of control is linked to level of risk (high-power control for high risk)
- Polices needed to ensure mgmt's guidelines for IC
- Controls subject to cost-benefit analysis

7

What is a "Control"?

- A control is a task or action that has the intent to mitigate a particular risk for the respective control objective

8

Under the "COSO Model of Internal Controls", "Control Activities" are generally what 2 categories?

(1) Physical Controls
- Include controls whose objective addresses independent verification, transaction authorization, segregation of duties, supervision, accounting records and audit trail, and physical access controls
(2) Computer Controls are subdivided to:
(a) General Controls
- ITGC
(b) Application Controls

9

Under the "COSO Model of Internal Controls", what factors are involved in the "Information and Communication" element?

- Involves timely ID'ing, recording and
communicating relevant info necessary for employees and stakeholders to carry out their responsibilities
- Include financial reporting systems and their ability to properly capture data, report info and assist mgmt in decision making and managing the business
- Includes both internal and external reporting parties

10

Under the "COSO Model of Internal Controls", what factors are involved in the "Monitoring" element?

- Involves control activities about controls themselves
- Involves regular reviews of controls to assess quality of control over time
- Primary goal is to
ID changes in IC system, when control needs to be changed or deleted, or when new control is needed
- Monitoring would ID IC deficiencies and communicate them timely to
appropriate party
- Ex: Regular mgmt review, supervisory activities, technology to monitor controls