Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
internal controls
|
policies/procedures that are implemented by the company to provide reasonable assurance that objectives can be met
|
|
1. assets including data are safeguarded
2. records are kept in sufficient detail to correctly represent transactions 3. info. systems generate reliable and accurate information 4. financial statements prepared according to GAAP 5. operation efficiency promoted/encouraged 6. organization compliant with laws/regulations 7. policies and procedures are followed by employees |
internal control objectives - 7
|
|
1. preventive
2. detective 3. corrective |
3 types of internal controls
|
|
1. COSO framework
2. ERM framework |
2 types of internal controls frameworks
|
|
COSO Framework
|
committee of sponsoring organizations 1992 - provides guidance to companies for designing and implementing internal controls system. #1 source
|
|
1. control environment
2. control activities 3. risk assessment 4. information and communication 5. monitor |
5 components to COSO framework
|
|
ERM Framework
|
enterprise risk management framework; improve and update original framework
|
|
1. internal environment
2. objective setting 3. event identification 4. risk assessment 5. risk response 6. control activities 7. information/communication 8. monitor |
8 components to ERM framework
|
|
internal environment
|
foundation of the ERM framework; most important. (contains seven parts)
|
|
1. management philosophy, operating style, risk appetite
2. board of directors 3. commitment to ethical values 4. organizational structure 5. methods of assigning responsibility/authority 6. human resources standards 7. external factors |
internal environment 7 components
|
|
audit committee
|
committee within the board of directors that should be made up of independent directors only
|
|
organizational chart
|
organizational structure example - shows who reports to whom within a company
|
|
objective setting
|
company should have clearly defined objectives representing the reason it exists (ex. mission statement)
|
|
event identification
|
management should identify events that could hinder meeting company objectives (ex. risks)
|
|
inherent risk
|
natural risk of an event; risk of an event occurring assuming no internal controls
|
|
residual risk
|
risk of an event happening after internal controls have been implemented
|
|
1. reduce risk - implement informal controls
2. avoid risk - don't engage in activity 3. accept risk - no controls 4. share the risk with a third party |
4 risk responses
|
|
1. identify events
2. assess likelihood of occurring 3. identify internal controls 4. identify cost/benefits of identified controls 5. determine risk response |
risk assessment and response process
|
|
control activities
|
actual policies/procedures implemented by a company that represent their internal controls
|
|
1. authorization
2. recording 3. custody |
segregation of duties - 3
|
|
authorization
|
ability to approve transactions, invoices, source documents
|
|
recording
|
maintaining journals, ledgers, putting authorized transactions into accounting records
|
|
custody
|
actual possession of company assets
|
|
collusion
|
2 or more people work together to override the controls and commit fraud
|