Management's Fraud-Related Responsibilities Flashcards
What is a control environment, according to COSO?
The control environment provides the foundation for the internal control system throughout the entire organization.
Established by the directors and senior management
sets the moral and ethical tone of an organization
What are the 5 principles of COSO?
Personnel at all levels demonstrate a commitment to integrity and ethical values.
The board of directors is independent from management and oversees the development and performance of internal control.
With board oversight, management establishes the structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of organizational objectives.
The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
What are the 5 interrelated components of internal control according to COSO and how can the effectiveness of these controls be determined??
Control environment
risk assessment
control activities
information and communication,
monitoring.
The effectiveness of internal controls can be determined from an assessment of whether (1) each of these five components is in place and functioning effectively and (2) the five components are operating together in an integrated manner.
What are the 7 factors that are required minimally for a corporate compliance program to be effective?
1 - established standards and procedures to prevent and detect criminal conduct
2 - proper assigned responsibility and oversight
3 - due dillegence in hiring to ensure discretion
4 - periodic and practical communication of compliance policy
5 - steps to ensure compliance effectiveness through monitoring, auditing and evalutation
6 - promotion and enforcement of program through incentives
7 - reasonable response to any discovered criminal conduct
What are the benefits of having board of directors oversee compliance program?
1 - involvement of BOD provides sense of authority
2 - provides oversight by personnel not involved in day to day
3 - efforts can be documented in meeting minutes which can prove useful if company ever has to defen its actions
4 - ensures board is knowledgeable about content and operation of program
When establishing a document retention policy, what should companies consider?
Any trade-specific rules for documenting and retaining records
Specific concerns related to electronic documents and data
Applicable laws and regulations regarding recordkeeping requirements
What are the principles pertaining to the information and communication component of COSO’s Internal Control framework?
The organization internally communicates information—including objectives and responsibilities for internal control—necessary to support the functioning of internal control
The organization obtains or generates and uses relevant, quality information to support the functioning of internal control
The organization communicates with external parties regarding matters affecting the functioning of internal control
What are the principles pertaining to the monitoring component of COSO’s Internal Control framework?
Monitoring is the process that assesses the effectiveness of a control system over time
This component should include both ongoing evaluations and periodic, separate evaluations, the findings of which should be evaluated against predefined criteria.
The following are the Framework principles supporting this component:
The organization selects, develops, and performs ongoing and separate evaluations to ascertain whether the components of internal control are present and functioning.
The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
When designing an effective compliance program, what factors should be considered?
Industry size and standards
Reccurence of similar conduct
Organisation size
What are control activities and the respective principles?
control activities are the policies and procedures that enforce management’s directives intended to mitigate risk
The following principles pertain to an organization’s control activities:
The organization selects and develops
1 - control activities that mitigate risk
2 - general control activities over technology
and
3 - deploys control activities through policies that establish what is expected and procedures that put policies into action.
What are the three objectives of internal control?
Operations objectives (effectiveness and efficiency of the operations)
Reporting objectives ( reporting of financial and nonfinancial information to internal and external parties)
Compliance objectives (adherence to the laws and regulations to which it is subject)
What is risk assessment and the risk assessment principles?
Risk assessment involves the identification and assessment of the risks the entity faces in achieving its organizational objectives
The risk assessment involves the following principles:
1 - Setting clear organizational objectives
2 - Identifies and analyzes risks as a basis for determining how risks should be managed.
3 - Considering the potential for fraud
4 - Assessing changes that could significantly impact the internal control system
