Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

8 Cards in this Set

  • Front
  • Back
Five Components of internal control from COSO

Information & Communication

Control Activities

Risk Assessment

Control Environment
What is Internal Control
A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

Reliability of Financial Reporting

Effectiveness & Efficiency of Operations

Compliance with Applicable laws and regulations
Control Environment
Sets the tone of the organization, influencing the control consciousness of it's people. It is the foundation for all other components of internal control, providing discipline and structure.
Enterprise Risk Management
Process, effected by an entity's BOD, Management, and other personnel, applied in strategy setting across the enterprise designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of objectives.
Important concepts reflected in this definition of ERM:
It’s a process

It involves people at every level of the organization

It’s applied in strategy setting

It takes an entity-level portfolio view of risk

It’s designed to identify potential events (i.e., ‘negative’ risks and ‘positive’ opportunities) that may affect the entity and to manage risk within its risk appetite

It only provides reasonable assurance

It’s geared to the achievement of objectives in one or more separate but overlapping categories

ERM should be “built in” rather than “built on”
ERM Four Objectives
Strategic-high level goals, aligned with and supporting its mission

Operations-effective and efficient use of its resources


Compliance - with laws and regulations
Eight Components of Enterprise Risk management
1. Internal environment
2. Objective setting
3. Event identifications
4. Risk assessment
5. Risk response
6. Control activities
7. Information and communication
8. Monitoring
Prospect Theory
People do not want to put at risk what they already have or think they can have, but will have higher risk tolerances when they think they can minimize losses.