ACC – Internal Control System – Flashcards
Unlock all answers in this set
Unlock answersquestion
threat/event
answer
potential adverse occurrence
question
exposure/impact
answer
potential dollar loss
question
likelihood
answer
probability that the threat will happen
question
internal controls
answer
processes implemented to provide reasonable assurance that control objectives are met
question
Internal control functions
answer
- Preventive - Detective - Corrective
question
preventive controls
answer
hiring qualified personnel, segregation of duties, controlling physical access
question
detective controls
answer
(discover problems that are not prevented) duplicate checking of calculations and preparing bank reconciliations and monthly trial balances
question
corrective controls
answer
maintaining backup copies of files, correcting data entry errors, resubmitting transactions
question
internal control categories
answer
- general - application
question
general controls
answer
make sure an organization's control environment is stable and well managed. Ex: security, IT infrastructure, software acquisition, development and maintenance controls
question
application controls
answer
prevent, detect, and correct transaction errors and fraud in application programs. They're concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported.
question
SOX
answer
-Prevent financial statement fraud -Make financial reports more transparent -Protect investors -Strengthen internal controls in publicly-held companies -Punish executives who perpetrate fraud
question
COSO's Internal Control Framework
answer
private sector group consisting of: The American Accounting Association, The AICPA, The Institute of Internal Auditors, The Institute of Management Accountants, The Financial Executives Institute
question
COBIT framework
answer
framework of generally applicable information systems security and control practices for IT control.
question
COSO internal control framework
answer
-Defines internal controls. -Provides guidance for evaluating and enhancing internal control systems. -Widely accepted as the authority on internal controls.
question
Enterprise Risk Management framework (ERM)
answer
An enhanced corporate governance document. Takes a risk-based, rather than controls-based, approach to the organization. Oriented toward future and constant change. Incorporates rather than replaces COSO's internal control framework
question
COSO's components
answer
- control environment - risk assessment - control activities - information and communication - monitoring
question
control environment
answer
ethical values, responsibility, structure and authority, competence, accountability
question
risk assessment
answer
suitable objectives, identify/analyze risk, change
question
control activities
answer
control activities, technology controls, policies and procedures
question
information and communication
answer
relevant information, external and internal communication
question
monitoring activities
answer
evaluations, find deficiencies
question
risk appetite
answer
amount of risk a company is willing to accept to achieve its goals and objectives
question
inherent risk
answer
susceptibility of a set of accounts or transactions to significant control problems in the absence of internal controls
question
residual risk
answer
risk that remains after management implements internal controls
question
expected loss
answer
= impact ($ loss) * likelihood (probability)