Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
Process implemented to provide assurance that a business objective is achieved.
|
Internal Control
|
|
Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or organization.
|
Threat or Event
|
|
The potential dollar loss should a particular threat become a reality.
|
Exposure or Impact
|
|
The probability that the threat will happen
|
Likelihood
|
|
Exposure x Likelihood
|
Expected Contingency
|
|
-Safeguard Assets
-Maintain records in sufficient detail to accurately and fairly reflect company assets -Provide accurate and reliable information -Provide reasonable assurance that financial reporting is prepared in accordance with GAAP. -Promoting and improving operational efficiency -Encouraging adherence to prescribed managerial policies -Complying with laws and regulations |
Common Control Objectives
|
|
1. Identify and record all valid transactions
2. Properly classify transactions 3. Record transactions in their proper monetary value 4. Record transactions in the proper accounting period 5. Properly present transactions and related disclosures in the financial statements. |
The 5 Primary Control Objectives of an AIS
|
|
ie: Locking Doors
|
Types of Controls: Preventative
|
|
ie: An alarm going off in your house, alerting you to something bad.
|
Types of Controls: Detective
|
|
ie: Correcting the activity from happening
|
Types of Controls: Corrective
|
|
Control pertains to the entire entity. ie: ID badge for entrance at the Pentagon.
|
Types of Controls: General
|
|
ie: A password on a computer
|
Types of Controls: Application
|
|
Importance: to establish internal controls.
Two main provisions: 1. Bribing foreign officials is illegal 2. Accounting records needed to be maintained for publicly traded companies (ie: accrual method and GAAP) |
Foreign Corrupt Practices Act 1977
|
|
Applies to publicly held companies and their auditors.
Intended to prevent financial statement fraud, make financial reports more transparent, provide protection to inventors, strengthen the internal controls, and punish executives who perpetuate fraud. |
Sarbanes Oxley Act of 2002
|
|
COBIT
|
Control Objectives for Information and related Technology
|
|
COSO
|
Committee of Sponsoring Organizations
|
|
ERM
|
Enterprise Risk Management
|
|
A private-sector group consisting of the American Accounting Association, the AICPA, the institute of internal auditors, the institute of management accountants, and the financial executives institute. Issued the Internal Control - Integrated Framework in 1992.
|
COSO
|
|
1. Control Environment
2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring |
5 Crucial Components of COSO
|
|
Risks before anything is done to control it. (ie: casinos)
|
Inherent Risk
|
|
The risk that is left after the controls are in place.
|
Residual Risk
|
|
1. Estimate likelihood and impact
2. Estimate costs/benefits 3. Determine cost/benefit effectiveness |
Estimate Risk
|
|
"SARA"
1. Share the risk 2. Accept the risk 3. Reduce the risk (control) 4. Avoid the risk |
Available Risk Responses
|
|
"ARC"
1. Authorization 2. Recording 3. Custody |
Segregation (Separation of Duties)
|
|
Actively reviewing the entire internal control process.
|
Monitoring
|
|
-Companies are formed to create value for owners
-Management must decide how much certainty -Uncertainty results in risk -The framework helps management manage uncertainty and its associated risk and opportunity. |
Basic Principles of the Enterprise Risk Management Framework
|
|
1. Internal Environment
2. OBJECTIVE SETTING 3. EVIDENT IDENTIFICATION 4. Risk Assessment 5. RISK RESPONSE 6. Control Activities 7. Information and Communication 8. Monitoring |
ERM: 8 Interrelated Risk and Control Components
AKA: COSO Framework + 3 |
|
Management sets the company's objectives: why the company exists, what it hopes to achieve
|
ERM - Objective Setting
|
|
"An incident or occurrence emanating from internal or external sources that affects implementation strategy or achievement objectives.
|
Definition of COSO
|
|
"SARA": How a firm will respond to each identified material risk.
|
ERM - Risk Response
|
|
More rightly sided
|
COSO
|
|
New, hollistic
|
ERM
|
|
1. Identify Objectives
2. Assess the Internal Environment 3. Identify (Material Negative) Events 4. Assess Risk 5. Risk Response (SARA) 6. Create Control Activities 7. Establish Information and Communication Needs 8. Set Monitoring Plan Example: To arrive on class on time everyday as a teacher. |
Practical Application to Create an Internal Control System using ERM?
|