Definition & Importance
What are internal controls?
Processes designed to provide reasonable assurance that an organization’s operations, reporting, and compliance objectives are achieved.
Who is primarily responsible for establishing and maintaining internal controls?
Management
How many components are in the COSO Internal Control Framework?
five
What is the goal of risk assessment within internal control?
To identify and analyze potential risks that could prevent the organization from achieving its objectives.
What is the organization’s first step in establishing internal controls?
Define clear objectives for operations, reporting, and compliance.
Why are internal controls important?
They help prevent fraud, ensure accurate reporting, protect assets, and promote compliance with laws and policies.
Who provides oversight and ensures management is fulfilling its control responsibilities?
The Board of Directors or Audit Committee.
What is the first COSO component that establishes the foundation for all others?
The Control Environment.
What federal document connects Enterprise Risk Management (ERM) with internal controls?
OMB Circular A-123.
What is a key duty in maintaining effective internal controls?
Monitoring and promptly correcting control deficiencies.
What are the three key objectives of internal controls according to COSO?
Operations, reporting, and compliance.
Which federal law requires public companies to report on internal controls over financial reporting?
The Sarbanes-Oxley Act (SOX) Section 404.
Which COSO component includes policies and procedures that help ensure management directives are carried out?
Control activities
What type of risk must organizations specifically assess to prevent intentional wrongdoing?
Fraud risk
What documentation should organizations maintain related to internal controls?
Written policies, procedures, and records showing control design and performance
What does “reasonable assurance” mean in the context of internal controls?
Controls can reduce risks but cannot eliminate them entirely.
What is meant by the “tone at the top”?
The ethical attitude and integrity demonstrated by senior leadership that influences organizational culture.
What component involves collecting and sharing relevant, reliable information?
Information and Communication.
What is the benefit of linking risk assessment to internal control design?
It ensures that controls address the most critical risks first.
How should management communicate the importance of internal controls to staff?
Through training, consistent messaging, and visible support for ethical practices.
What U.S. government organization developed the “Green Book” for internal control standards?
The U.S. Government Accountability Office (GAO).
How can employees contribute to internal control effectiveness?
By following policies, reporting irregularities, and maintaining ethical conduct in daily work.
What does the Monitoring component of COSO focus on?
Evaluating the effectiveness of internal controls and correcting deficiencies.
Why must risk assessment be an ongoing process?
Because internal and external conditions change over time, creating new risks.
What should organizations do when significant control weaknesses are identified?
Report them, investigate the root cause, and implement corrective action.