Keeping the Train on the Tracks
An organized process designed to provide reasonable assurance that an entity’s objectives (operations, reporting, compliance) will be achieved.
What is internal control?
According to the GAO, the group responsible for designing, implementing and evaluating internal controls at all levels.
Who is management?
The five interrelated components of the COSO internal control framework.
What are the control environment, risk assessment, control activities, information & communication, and monitoring?
The possibility that an event will occur and adversely affect achievement of objectives.
What is risk?
Duty that requires management to define the mission, strategic plan and objectives before designing controls.
What is setting clear objectives?
The three broad categories of objectives that internal controls help achieve.
What are operations, reporting and compliance?
The concept that the commitment to internal controls and ethical values starts with leadership.
What is “tone at the top”?
This component sets the tone for the organization and provides discipline and structure.
What is the control environment?
Why management needs to perform risk assessments both periodically and in real time.
What is to adapt to changes and identify emerging risks?
Reason policies and procedures must be documented and updated.
What is to ensure control activities are understood, carried out and effective?
This term describes the collection of plans, methods, policies and procedures used to fulfill an organization’s mission and goals.
What is an internal control system?
In Indiana University’s “three lines of defense,” this group is the first line responsible for establishing and monitoring internal controls.
What is department or operational management?
Component that involves identifying and analyzing risks to achieving objectives.
What is risk assessment?
Factors management should consider when analyzing risks, such as program complexity, staffing, IT limitations and external changes.
What are internal and external risk factors?
Maintaining ethical values and a positive control consciousness is part of this duty.
What is maintaining a strong control environment (tone at the top)?
The level of assurance internal controls provide—never absolute.
What is reasonable assurance?
The independent group that acts as the third line of defense by evaluating whether controls are operating as intended.
What is internal audit?
Policies and procedures designed to mitigate risks—examples include approvals, authorizations, and reconciliations.
What are control activities?
The term for risk that remains after management’s response is applied.
What is residual risk?
This duty ensures that communication flows in all directions and that deficiencies are reported upstream.
What is communicating and reporting?
Rather than a single event, internal control is described as this kind of ongoing series of actions throughout an organization.
What is a continuous process?
Phrase used to describe that everyone in an organization, not just management, has a part in internal control.
What is “internal control is everyone’s responsibility”?
Ensures that quality information is identified, captured, and communicated up, down and across the organization.
What is information and communication?
A question recommended by the Ohio auditor to highlight the purpose of risk assessment: “How do I avoid reading this headline while drinking my morning coffee?”.
What is “What could go wrong (and how can we avoid it)?”
Ongoing evaluations of control effectiveness and corrective actions taken as needed.
What are monitoring and continuous improvement?