| Term | Definition |
|---|
| enterprise risk management | allows us to identify risks and allows us to fulfill our entity objectives; every organization should create value; value is created by mgt decisions; allows mgt to deal with uncertainty, increase opportunities and reduce risk |
| categories of erm | strategic, operations, reporting, compliance |
| cube | breaks down strategic, operations, reporting, and compliance on the subsidiary business unit, division and entity levels |
| categories of cube | internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, monitoring |
| internal environment | establish company philosophy regarding mgt, establish risk culture and consider how corporate actions affect it (expected and unexpected) |
| objective setting | form risk appetite - how much risk is mgt willing to accept |
| event identification | knowing that risk exists so we should change our behavior, if they aren't identified they can't be mitigated, identify by word of mouth |
| risk assessment | appetite for risk and capacity for risk |
| risk response | how to manage risk; avoid, accept, share, control or reduce |
| control activities | do not spend more than expected risk, procedures are put in place to monitor risk |
| information and communication | effective communication flows down, across, and up the entity |
| monitoring | accomplished through ongoing mgt activities, SOX, providing flowcharts, etc. |
| coso cube | designed to provide reasonable, but not absolute assurance regarding the achievement of objectives in effectiveness and efficiency of operations, financial reporting, compliance with law, and mitigate the risk, but not eliminate |
| process | series of actions or operations leading to a particular and usually desirable result |
| reasonable assurance | internal control provides this so that the organization will reach its objectives |
| internal control | process affected by an entity's mgt designed to provide reasonable assurance regarding the achievement of objectives in effectiveness/efficiency of operations, financial reporting, and compliance |
| organizational governance | begins with establishing mission, vision, and purpose, then strategy and objectives directed t the mission, then objectives and opportunities and risks are identified |
| fraud | deliberate act or untruth intended to obtain unfair or unlawful gain |
| elements of fraud | material false statement, knowledge that statement is false, reliance on statement by the victim, damages resulting from reliance on statement |
| abuse | a deceitful act, corrupt practice, or custom just as damaging as frauds |
| fraud triangle | pressure, opportunity, rationalization |
| red flags of mgt fraud | unruly aggressive earning targets that the mgt compensation is based on |
| fraud process | theft of something, conversion to cash, the concealment |
| characteristics of perpetrators | enjoyment, turn into gamblers, done once so it's hard to stop, escalates |
| social engineering | hardest technique of computer fraud to stop |
| tone at the top | responsible to detect fraud, detected by random chance, luck, anonymous comments |
| control matrix | designed to assist you in evaluating the potential effectiveness of controls in a business process by matching control goals with relevant control plans |
| column headings | control goals of the operations process and control goals of the info process |
| row headings | recommended control plans, present controls and missing controls |
| input validity | data that represents actual economic events and objects |
| input completeness | concerned with the actual number of events or objects to be processed |
| input accuracy | relates to the vaious data items that usually constitute a record of an event, such as a source document |
| update completeness | all events entered into a system must be reflected in the respective master data |
| update accuracy | data entered into a system must be reflected correctly in the respective master data |
| control plans | reflect information processing policies and procedures that assist in accomplishing control goals |
| pervasive control plans | relate to a multitude of goals and processes |
| business process control plans | applied to a particular business process such as billing or cash receipts |
| preventative control plans | stop problems from occuring |
| ethics | a part of control environment, right v. wrong is an individual decision |
| utilitarian approach | produce the most good and do the least amount of harm |
| rights approach | don't impair rights or choices of people (Bill of Rights) |
| fairness or justice approach | treat everyone equally or proportionally |
| common good | decision that is best for the common good |
| virtue approach | action being consistent with being your best |
| decision making | make a decision and test it, act then reflect on the decision later |
Combine with other sets
Share on Facebook
Share on MySpace
!