Designed to prevent financial statement fraud, protect investors and punish executives who commit frauds.
What is Sarbanes-Oxley Act (SOX)?
100
The amount of risk that management will accept for goals.
What is risk appetite?
100
An incident or occurrence that comes from internal or external sources.
What is an event?
100
Policies and procedures to provide reasonable assurance that control objectives are met.
What are control activities?
100
The seventh component of COSO’s ERM model.
What is Information and Communication?
200
Two issues with Internal Control Integrated Framework.
What is too narrow of a focus and bias toward past problems and concerns?
200
Difficult, costly, and time-consuming to prove.
What is fraud?
200
The equation used to estimate the value of internal controls.
What is expected loss = impact X likelihood equation?
200
1.Preparing source documents
2.Entering data into an AIS
3.Maintaining accounting records
What is recording?
200
The eighth component of COSO’s ERM model.
What is monitoring?
300
Control framework that takes a risk-based, rather than controls-based, approach to the organization.
What is COSO’s Enterprise Risk Management framework (ERM)?
300
A hierarchy with multiple levels.
What is a "tall" hierarchy?
300
High level goals that are set first and support the company’s mission.
What is a strategic objective?
300
Approving transactions and decisions.
What is authorization?
300
This must be continuously monitored and modified as needed, and deficiencies must be reported.
What is the ERM process?
400
Two classifications of internal controls.
What is general and application controls?
400
Consistency in reward and punishment.
What is an endorsement of integrity?
400
An event that exists before management takes any steps to control the likelihood or impact of an event.
What is inherent risk?
400
Segregation of duties and safeguarding assets, records, and data are two categories of this.
What are control procedures?
400
Something that can be accomplished with a series of ongoing events or by separate evaluations.
What is monitoring?
500
The five crucial components of the Committee Of Sponsoring Organizations.
What is Control Environment, Control activities, Risk Assessment, Information and Communication &
Monitoring?
500
Explains proper business practices, document procedures, how to handle transactions, describes needed knowledge and experience, and lists resources provided.
What is the policy and procedures manual?
500
Four ways management can respond to risk.
What is reduce, accept, share, avoid?
500
This happens when no one employee should be given too much responsibility.
What is segregation of accounting duties?
500
The primary purpose of an AIS.
What is gather, record, process, store, summarize, and communicate information about an organization?