COSO
COSO
ERM
ERM
OTHER
100
1. Control environment 2. Control activities 3. Risk assessment 4. Information and communication 5. Monitoring
What are the 5 internal control aspects of COSO?
100
A private sector group that consists of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute
What is COSO?
100
The amount of risk a company is willing to accept to achieve goals/objectives
What is risk appetite?
100
- 5 COSO elements - Setting objectives - Event identification - Risk response
What are the 8 parts of the ERM model?
100
A positive or negative incident or occurrence from internal or external sources that affect the implementation of strategy or the achievement of objectives
What is event identification?
200
Some examples are: proper authorization, segregation of duties, change in management controls, safeguarding assets, etc.
What are control activities?
200
No single employee should have too much responsibility.
What is the segregation of duties?
200
Shared beliefs or attitudes of a firm
What is the management's philosophy?
200
The company culture that is the foundation for all other ERM components as it influences how organization establish strategies and objectives
What is internal environment?
200
It helps us evaluate the internal control systems and ensure they are operating effectively
What does the Event/Risk/Response Model do?
300
Risk that exists before any plans are made to control it.
What is inherent risk?
300
Remaining risk after controls are in place to reduce it
What is residual risk?
300
1. Strategic (high-level goals) 2. Operational (effectiveness and efficiency) 3. Reporting (improve decision making) 4. Compliance (laws and regs are followed)
What are the 4 main components of ERM objective setting?
300
High-level goals that are aligned with the company’s mission, support it, and create shareholder value, are set first.
What are strategic objectives?
300
An audit trail
What is a path that allows a transaction to be traced through a data processing system?
400
Evaluate internal control framework, effective supervision, responsibility accounting system, monitor system activities, track purchased software and mobile devices, conduct periodic audits, implement a fraud hotline, etc.
What is monitoring?
400
The idea that a company must protect cash and physical assets as well as information
What is safeguarding assets, records, and data?
400
Help the company comply with all applicable laws and regulations
What are compliance objectives?
400
1. Reduce 2. Accept 3. Share 4. Avoid
What are the four ways management can respond to risk?
400
These are all things the internal environment consists of
What are Management’s philosophy and operating style, and risk appetite, the board of directors, commitment to integrity, ethical values, and competence, organizational structure, methods of assigning authority and responsibility, HR standards, and external influences?
500
The three ways a company can separate an employee's duty.
What is authorization, recording, and custody?
500
The percentage of companies that report employee/insiders accessing data without proper authorization
What is 50%?
500
Helps ensure the accuracy, completeness, and reliability of company reports; improve decision making, and monitor company activities and performance
What are operations objectives?
500
The model that includes setting objectives and event identification.
What is ERM model?
500
The 5 primary purposes of AIS
What is to gather, record, process, summarize, and communicate?
M
e
n
u