Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
31 Cards in this Set
- Front
- Back
What are the common Control Frameworks? |
- COSO (american) - CoCo (canadian) - Guidance for Directors on the Combined Code (UK) - COBIT (IT) - eSAC (IT) |
|
What is another name of the Guidance for Directors on the Combined Code? |
Turnbull Report |
|
What does the Turnbull report require for sound governance? |
separate individuals for the CEO and chairperson |
|
What is COSO's definition of internal control? |
process designed to achieve objectives in
- effectiveness and efficiency of operations - reliability of financial reporting - compliance with laws "Everything Really Counts" |
|
What are COSO's five components of internal control?
|
- Control Activities
- Risk Assessment - Information and Communication - Monitoring - Control Environment "CRIME" |
|
What do effectiveness and efficiency of operations concern?
|
performance, including attainment of earnings and safeguarding of assets
|
|
What are Control Activities?
|
policies and procedures
|
|
What is Risk Assessment? |
identification and analysis of relevant risks to achievement of objectives |
|
What is Monitoring? |
assessment of the quality of internal control system's performance over time (e.g. analysis of gross margin data and investigation of significant deviations) |
|
What does Control Environment do? |
sets the tone of an entity and influences the control consciousness of personnel
|
|
What is senior management responsible for in the creation of a proper control environment?
|
establishing a proper organizational culture and specifying a system of internal control
|
|
What are CoCo's four components?
|
- Purpose
- Commitment - Capability - Monitoring and Learning "Police Can Catch Many Lawbreakers" |
|
What is CoCo best suited for?
|
internal auditing purposes
|
|
What is COBIT?
|
control and governance framework for IT
|
|
What are COBIT 5's key principles?
|
- Meeting stakeholder needs
- covering the enterprise end-to-end - applying a single, integrated framework - enabling a holistic approach - separating governance from management |
|
According to COBIT5: what is every enterprise's goal?
|
creation of stakeholder value
|
|
According to COBIT5: By which three components is stakeholder value achieved?
|
- realization of benefits
- optimization of risk - optimal use of resources |
|
According to COBIT5: What are the two drivers behind stakeholder needs?
|
- internal factors
- external factors |
|
According to COBIT5: What is established in response to stakeholders needs?
|
enterprise and IT goals
|
|
According to COBIT5: What do support the pursuit of IT-related goals?
|
enablers
|
|
According to COBIT5: What is the nature of enablers
|
enablers are interconnected
|
|
According to COBIT5: What should be separated in modern enterprises?
|
governance and management
|
|
According to COBIT5: What is governance about?
|
setting objectives and the monitoring of progress toward those objectives
|
|
According to COBIT5: What is governance associated with?
|
board of directors
|
|
According to COBIT5: What is management about?
|
carrying out of activities in pursuit of enterprise goals
|
|
What are soft controls?
|
- ethical values
- mutual trust |
|
How can soft controls be audited?
|
through control self-assessment (CSA)
|
|
What are eSAC's broad control objectives? |
- effectiveness and efficiency of operations - reporting of financial information - compliance with laws - safeguarding of assets |
|
What are eSAC IT business assurance objectives?
|
- Availability |
|
What is a quality assurance program?
What should the manager of that program be? |
- a form of internal assessment of operations
- independent of the operations assessed |
|
What are the seven elements of the COSO internal control environment? |
- integrity and ethical values - commitment to competence - board of directors or audit committee - management's philosophy and operating style - organizational structure - assignment of authority and responsibility - human resource policies and practices |