B1A1 -Internal Control Framework

1 / 38
Click the card to flip 👆
Terms in this set (38)
used by management/internal auditors, and the board to gain an understanding of what an effective system of internal controls would be and how to apply it. The framework also provides confidence to external stakeholders that the organization has a system in place that is conducive to achieving its objectives.
-Effectively applying internal controls
-Determining the requirements of an effective system of internal controls
-Allowing judgement and flexibility in the design and implementation in IC within all operational and functional areas
-Identifying and analyzing risk and then developing acceptable actions to mitigate or minimize these risk to an acceptable level
-Eliminating redundant, ineffective, or inefficient controls
-Extending internal control application beyond and organization's financial reporting
-Understanding of what constitutes an effective system of internal controls
-confidence that management will be able to eliminate ineffective, redundant, or inefficient controls
-Confidence that BOD has effective oversight of the organization's internal controls
-confidence that the organization will achieve its stated objectives and its capable of identifying, analyzing and responding to risk affecting the organization.
Existing Control Activities-Select and develop control activities -Select and develop technology controls -Deploy through policies and proceduresEffective Internal Control -General Requirements:-Provides reasonable assurance that the entity's objectives will be achieved -All five components and 17 principles that are relevant to be both PRESENT (included in the design) and FUNCTIONING (operaing as designed) -all components operate together as an integral system in order to reduce to an acceptable level, the risk that the entity will not achieve its objectivesEffective Internal Control -Specific Requirements:to be considered an effective internal control system, senior management and BOD must have reasonable assurance that the entity: -Archives effective and efficient operations -complies with applicable rules, regulations & laws -reports in conformity with entity's reporting objectivesIneffective IC (COSO) =Risk ORC Not Achieved -major deficiency existsMajor Deficiency-represents a material internal control deficiency, or combination of deficiencies, that significantly reduces the likelihood that an organization can achieve its objectivesWhen a major deficiency is identified, the entity may not conclude that it has met the requirements for an effective internal control systems under:COSO FrameworkInherent Limitations of Internal Control-human error -Faulty or biased judgement -external events -collusion/fraud -management overrideUsing the COSO Framework Document (COPS)C-Component Evaluation O-Overall Assessment P-Principal Evaluation S-Summary of deficiencies (if any)Common Risk Identified Using the COSO Framework:-Material Omission -Fraud -Mgt. Override of controls -Illegal ActsRisk that could individually or in combination result in material omission /misstatement of FS; risk vary as entity operate in:-multiple industries/markets/geographic areas -multiple environments with different standards -numerous contracts -merger, acquisition -dynamic technological environment -high executive turnoverFraud-Management bias in judgement -degree of estimates and judgments underlying accounting & reporting -incentives for Fraud -unusual transactions -management overrideManagement Override-override for personal gain -override of controls by management can lead to fraudIllegal ActsViolations of laws or government regulationsAssessment of potential illegal acts include:-investigations -regulatory examiners -Payments for unspecified services -Delinquent tax returnsControlsSelect, develop, deploy & respond to riskSelection and Development of Controls:-Use workshops or control activity inventories to map risk to controls -Implement control activities over outsourced functions (managing pension plan) -Consider the types of control activities -Consider alternative control to segregation of duties -Identify incompatible functionsSelection and Development of General Controls over Technology-Use risk-control matrices to document technology dependencies -Evaluate end-use computing -Implement or monitor control activities when outsourcing IT functions -Configure IT infrastructure to support restricted access & segregation of duties -Configure IT system to support complete, accurate, and valid processing of transactions and data -Administer security and accessdeploying controls through policies and procedures-Develop and document policies and procedures -deploy control activities through the business unit of functional leaders -Conduct regular and ad hoc assessments of control activitiesActive engagement by an audit committee in representing the BOD relative to all matters of internal and external audits is evidence of:the BOD's understanding of their oversight responsibility over financial reportingCommitment to Competence-commitment to hire develop and retain competent employeesThe financial reporting competencies principles of the control environment component of the internal control -Integrated Framework suggests stronger controls and:encourages the company to retain qualified personnel to handle financial reportingObtain and Use InformationThe organization obtains or generates and uses relevant, high-quality information to support the functioning of internal control. Points of focus include management identifying and defining information requirements within the internal control component level.The monitoring component or function of the internal control framework is designed to ensure that:internal controls continue to operate effectively, which is done to provide an assessment of the performance of the system of internal controls over timeRegular reporting to the audit committee represents:reporting of deficiencies, not ongoing monitoringThe is no assurance that an entity will meet its operating and financial expectations, and internal controls are not out into place to ensure that those expectations are met because:Expectations often differ from actual results and internal controls are not designed to prevent those differences from happening.Programmer access to development and production represents flawed segregation of duties that creates:deficiencies for change controlAn entity's recording and reporting processes are highly automated, and the information systems produces much of the information used for monitoring controls. Which statement is correct?any errors in the information provided by the system could lead management to the incorrect conclusion regarding controlsA system that matches price and vendor information to master pricing and vendor data is an effective control for ensuring:order entry accuracy