Internal Controls & IT General Controls 1 (Part 2) Flashcards Preview

CITP > Internal Controls & IT General Controls 1 (Part 2) > Flashcards

Flashcards in Internal Controls & IT General Controls 1 (Part 2) Deck (10)
Loading flashcards...
1
Q

Name the 5 elements under the “COSO Model of Internal Controls” (bottom up):

A

ERAIM

(1) Control Environment
(2) Risk Assessment
(3) Control Activities
(4) Information and Communication
(5) Monitoring

2
Q

Under the “COSO Model of Internal Controls”, describe the “Control Environment” element:

A
  • Set of control activities and policies that sets tone of org and provides foundation for the other 4 elements
3
Q

Under the “COSO Model of Internal Controls”, what factors are included in the “Control Environment” element?

A
  • Communication
  • Enforcement of integrity and ethical
    values (ethics / fraud policy)
  • Employees’ Competency
  • Mgmt philosophy and style
  • Assigning authority and responsibility
  • Org structure
  • Professional development of employees
  • BoD involvement
4
Q

Under the “COSO Model of Internal Controls”, describe the “Risk Assessment” element:

A
  • Set of activities and policies used to ID

and assess risks, significant enough to impair entity’s ability to achieve business goals or control objectives

5
Q

Under the “COSO Model of Internal Controls”, what factors are involved in the “Risk Assessment” element?

A
  • Risk Assessment is fundamental to effective control activities, monitoring elements, and successful mitigation of risks, including IT-related risks.
  • A critical element of the system of ICs
  • Mgmt document risk assessment to ID, assess and manage (mitigate) risk
  • 2 key roles of risk assessment are financial reporting risks and IT risks
6
Q

Under the “COSO Model of Internal Controls”, what factors are involved in the “Control Activities” element?

A
  • Control activities should be integrated w/ Risk Assessment
  • The risks ID’d in risk assessment are assigned controls where level of control is linked to level of risk (high-power control for high risk)
  • Polices needed to ensure mgmt’s guidelines for IC
  • Controls subject to cost-benefit analysis
7
Q

What is a “Control”?

A
  • A control is a task or action that has the intent to mitigate a particular risk for the respective control objective
8
Q

Under the “COSO Model of Internal Controls”, “Control Activities” are generally what 2 categories?

A

(1) Physical Controls
- Include controls whose objective addresses independent verification, transaction authorization, segregation of duties, supervision, accounting records and audit trail, and physical access controls
(2) Computer Controls are subdivided to:
(a) General Controls
- ITGC
(b) Application Controls

9
Q

Under the “COSO Model of Internal Controls”, what factors are involved in the “Information and Communication” element?

A
  • Involves timely ID’ing, recording and
    communicating relevant info necessary for employees and stakeholders to carry out their responsibilities
  • Include financial reporting systems and their ability to properly capture data, report info and assist mgmt in decision making and managing the business
  • Includes both internal and external reporting parties
10
Q

Under the “COSO Model of Internal Controls”, what factors are involved in the “Monitoring” element?

A
  • Involves control activities about controls themselves
  • Involves regular reviews of controls to assess quality of control over time
  • Primary goal is to
    ID changes in IC system, when control needs to be changed or deleted, or when new control is needed
  • Monitoring would ID IC deficiencies and communicate them timely to
    appropriate party
  • Ex: Regular mgmt review, supervisory activities, technology to monitor controls