Flashcards in Intro to Coso and 17 Principles of IC Deck (18):
Define Control Activities
Relates to policies and procedures that ensure the organizational actions address key risks related to the achievement of management's objectives
Ensures the ongoing reliability of info and control processes by monitoring and testing the control system
Info and Communications
Enable an organization's personnel to identify, process, and exchange the info needed to manage and control operations.
Process of identifying, analyzing, and managing risks related to achieving organization's objectives.
Encompasses mgt's philosophy towards controls, organizational structure, system of authority and responsibility, personnel practices, policies and procedures. It's the core or foundation of any system of internal control.
The 3 dimensions of COSO IC framework are concerned with:
What, why, and where of internal controls
A sustainability report is a:
External, financial report. It gives info about economic, environmental, social, and governance performance.
Control Objectives on COSO cube are: (3)
Operations, Financial Reporting, and Compliance
Define competence in context of designing internal control
A commitment to attract, develop, and retain highly qualified individuals consistent with achieving organizational objectives. Includes establishing policies, assessing competencies, and planning for turnover and succession.
Define accountability in context of designing internal control
Holding individuals accountable for their internal control responsibilities
Define risk assessment materiality
The determination of how large of a risk poses a threat to objectives.
Define organizational policies
The organization's control activities that establish stakeholder expectations regarding conduct and operations.
Define inbound communications
Communications w outsiders to the organization, including customers, suppliers, external auditors, regulators, financial analysts, and others
What's a whisteblower hotline
A useful fail-safe communications medium to enable anonymous, confidential communication.
It contributes to both internal and external communications.
Monitoring - control principles:
1. Ongoing & periodic evaluations
2. Addressing control deficiencies
Risk Assessment - control principles:
1. Organizational objectives
2. Risk assessment
4. Change management
Info and Communications - control principles:
1. Quality info supporting controls
2. Internal Communications
3. External Communications