Organisational Control and Audit Flashcards
(26 cards)
Who has created the framework for internal controls?
COSO
What are the eight components for the framework of controls?
- Control environment
- Objective setting
- Event identification
- Risk assessment
- Risk response
- Control activities
- Information and communication
- Monitoring
What is the control environment?
Culture that directors create in relation to the value and importance of internal controls, the philosophy and risk appetite of the company
What is the objective setting?
Ensure objectives and strategies are aligned with the company risk appetite
What is event identification?
Environmental scanning to identify events internally and externally that could prevent the company achieving its objectives
What is risk assessment?
Assessment of risk based on its likelihood and impact
What is risk response?
Using TARA
What is control activities?
Relates to policies and procedures that are in place to mitigate risk
What is information and communication?
Relates to the reporting arrangements within the organisations and with external parties - good communication to mitigate risk (detailed vs summary)
What is monitoring?
Relates to the fact that internal controls need to be monitored for their efficiency and effectiveness
What following factors does COSO identify which constitute the control environment?
Corporate culture Management style Organisational structure Risk appetite Ethical values and philosophy
What should the objectives of an organisation support?
An organisation’s mission and should be consistent with risk appetite
With regards to internal reporting, why is it important?
It is vital that it is communication to the staff in a way it is easy to understand and conveys their importance
With regards to internal reporting, what impacts how staff implement controls?
Culture and overall control environment
What is vital for internal reporting?
Monitoring and feedback for recommendations and improvements
Name the first main element of the UK Turnbull report?
Board should maintain a sound system of internal control to safeguard shareholders’ investment and company’s assets
Name the second main element of the UK Turnbull report?
The directors should at least annually conduct a review of the effectiveness of the group’s sound system of internal control and should report to the shareholders that they have done so
The review should cover all controls including:
- Financial
- Operational and compliance controls
- Risk management
The board is NOT required to provide detailed information about the review and so is NOT required to provide shareholders with an assessment of its effectiveness
What is the third main element of the UK Turnbull report?
Companies which do not have an internal audit function should from time to time review the need for one
Name some circumstances when you would need an internal audit department?
- Unexpected things are happening
- Significantly larger than last year
- More complex
- Change
What is Sarbanes Oxley?
Annual report of stock market companies to include a statement on internal control that includes an assessment of the effectiveness of the IC system and procedures for FR.
The IC report relates to financial controls only but it must provide an evaluation of those controls.
Any material weaknesses in financial controls must be disclosed.
Describe SOX Section 302
CEO and CFO prepare a statement certifying the appropriateness of the FS
Describe SOX Section 404
Annual report contains an IC report that:
- States management’s responsibility for maintaining IC
- Verifies director’s assertions
- Includes as assessment of the effectiveness of IC
Auditors audit this (Attestation report)
Identify framework used to assess the internal controls (COSO)
What is the acronym for control activities?
SOAPSPAM
What is the breakdown of SOAPSPAM?
- Segregation of duties
- Organisation
- Authorisation
- Physical controls
- Supervision
- Personnel
- Arithmetical/accounting
- Management
