The COSO Internal Control Framework

Question 1

What is internal auditing?

Answer 1

Independant, objective assurance and consulting activity designed to add value/improve on organization’s operations.

Question 2

Who do internal auditors report to ?

Answer 2

Board & senior managament within organization governance structure

Question 3

What is the objective of internal audit?

Answer 3

Brings a systematic, disciplined approach to evaluate/improve effectiveness of risk management, control, and governance processes. Bring assurance to help board fulfill their duties to org

Question 4

What does internal audit cover?

Answer 4

All categories of risk, their management and reporting on them

Question 5

What are the responsibilities for improvement ?

Answer 5

Fundamental to purpose of internal auditor. Done by advising, coaching, facilitating in order to not undermine responsibility of management

Question 6

What are 3 examples of internal audit activities?

Answer 6

1)Evaluating controls/advising managers at all lvls
2)Evaluating risks
3)Analysing operations

Question 7

What is COSO?

Answer 7

Committee of sponsoring organizations of the Treadway Commission: joint initiative of the 5 private sector professional accounting, auditing and finance organization and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk managament, internal control and fraud deterrence

Question 8

What is internal control?

Answer 8

process effected by BofD, managament, and other personnel, designed to provide reasonable assurance of objective

Question 9

In what does internal control provide assurance in? (3)

Answer 9

1)Effectiveness/efficiency of operations
2)Reliability of financial reporting
3)COmpliance with applicable laws/regulations

Question 10

What are the 3 levels of organization of the COSO?

Answer 10

1)Business entity-level controls
2)Division and function controls
3)Business unit activities

Question 11

What is the Control environment?

Answer 11

set of standards, processes, stuctures that provide basis/stucture for carrying out effective IC activities across enterprise

Question 12

What are the control environment elements to consider? (6)

Answer 12

1) Tone at the top
2)Actions of BofD and senior management
3)Ethical values
4)Does management take business risk to achive objective ? (achieve at all cost attitude or encourage risk?)
5Does management attempt to manipulate performance measures so they appear more favorable?
6)Is management open and honest with employees about performance and results?

Question 13

What COSO internal control component is prevasive ?

Answer 13

The control environment

Question 14

What is the risk assessment component?

Answer 14

Process for determining how all lvls of risks will be managed, and a precondition to risk assessment is the establishment of risk related onjectives, linked at different lvls of enterprise operations

Question 15

What are the risk assessment elements to consider ? (4)

Answer 15

1) Specify objective with sufficient clarity to enable ientification/assessment of risks relating to those obj
2)Identify risk to achievement of its obj, across the entity and should analyze if risks as a basis for determining how those risks should be managed
3)Consider potential for fraud in assessing risks
4)Identify/assess changes that could impact its system of IC

Question 16

What are Internal control activities ?

Answer 16

Actions established through enterprise policies/procedures that help ensure that management’s directives to mitigate risks to achieve objectives are carried out

Question 17

What are the 6 types of internal control activities?

Answer 17

1)Verifications
2)Reconciliations
3)Authorizations/approvals
4)Physical controls
5)Controls over standing data
6)Supervisory controls

Question 18

What are the 2 types of information and communication?

Answer 18

1)internal communication
2)External communication

Question 19

What is internal communication?

Answer 19

The mean by which info is disseminated throughout enterprise, flowing up/down and across entity

Question 20

What is the purpose of internal communication ?

Answer 20

Enables personnel to receive clear messages from senior management that control responsibilities must be taken seriously

Question 21

What is external communication?

Answer 21

Enables inbound communication of relevant external info & provide info to external parties in response to requirements/expectations (goes/comes from outside)

Question 22

What is the overall concept of Information and communication ?

Answer 22

Enterprise needs to develop and deliver many forms/types of competent information, from and to management

Question 23

What are monitoring activities?

Answer 23

Assess whether each of the other objective or components of COSO IC are present and functioning

Question 24

What do internal auditor do?

Answer 24

Monitor activities

Question 25

What are the 2 components of monitoring activities?

Answer 25

1)Organization selects, develops, and performs ongoing and/or sepparate evaluation to ascertain whether the components of IC are present and functionning 2)Organization evaluate and communicate IC deficiencies in timely manner to those parties responsible for taking corrective action.