Definitions
A process that helps an entity achieve objectives in operations, reporting, and compliance
What is internal control
The group that designs and implements internal control
Who is management
The foundation for internal control including ethics and structure
What is the control environment
SEC’s recommended approach when evaluating control over financial reporting
What is a top down risk based approach
Matching vendor bills to purchase orders and receipts
What is three way match, a control activity
The level of assurance internal control provides
What is reasonable assurance
The group that oversees internal control and tone at the top
Who are the board or who are those charged with governance
Identifying and analyzing risks to objectives
What is risk assessment
A risk many frameworks require management to consider explicitly
What is fraud risk
Reviewing user access lists every quarter
What is a monitoring and IT access control activity
The most widely used framework for internal control
What is the COSO Internal Control Integrated Framework
The people who carry out control activities in daily work
Who is everyone or who is all personnel
Policies and procedures that mitigate risk
What is the control environment
The idea that changes in systems or environment must be identified and addressed
What is assessing change or change management
Daily cash counts with a second person and documentation
What is a reconciliation and segregation of duties example
The three broad objective areas of internal control
What are operations, reporting, and compliance
The role that issues interpretive guidance for management’s evaluation of control over financial reporting in public companies
Who is the SEC
Internal and external flow of quality information
What is information and communication
The reason internal control cannot give absolute certainty
What are inherent limitations including cost benefit and possible collusion
Communicating policy updates so staff can perform controls correctly
What is information and communication
The concept that internal control must be embedded in daily activities and culture
What is the control environment foundation
The federal publication that sets internal control standards for agencies
What is the GAO Green Book
Ongoing and separate evaluations with remediation
What is monitoring activities
The three objective categories that risk assessment is performed against in the Green Book
What are operations, reporting, and compliance
Doing separate evaluations of control effectiveness and fixing gaps
What is monitoring with timely remediation