Show:
COSO Framework
Role and Types of Controls
IT Controls
Documentation
& Service Organization
Bonus Round
100

It would be a _______ to have poor internal controls.

CRIME

100
At what levels do internal controls exist?
Entity-level and transaction-level
100

What is automation bias?

The tendency to favor outputs generated from automated systems.

100

What is the most common form of internal control documentation?

Narratives

100
Borna is in charge of sending payment to vendors who have an AP balance. Bacob is the AP clerk and will record when payment is sent to the vendors. Berica is typically in charge of authorizing the payment, but she is on vacation. Payment is due so Borna decides to sign and send the check herself to meet the deadline. What control was violated?

Segregation of duties

200

What does CRIME stand for?

Components of Internal Controls:

Control Activities

Risk Assessment

Information and Communication

Monitoring Activities

Control Environment

200

What are the two types of internal controls? Define them.

Preventive: Stop errors or fraud from occurring

Detective: Identify and correct any errors or fraud that did occur

200

Name the 3 types of IT controls.

IT General Controls

IT Application Controls

IT-Dependent Manual Controls

200

What are the ways to document understanding of internal controls?

Flowcharts, narratives, questionnaires, and combination of flowcharts and narratives

200

Bimberly is the CEO of the company. Her and the board of directors have determined a core set of ethical values and adhere to them religiously. What is this positive ethical behavior by executives called AND what COSO component does it fall under?

Tone at the top - Control Environment

300

When performing segregation of duties, what does "separating the ARC" mean?

Authorization of transactions

Recording of transactions

Custody of assets

300

What are the two main objectives of ICFR?

1) Prevent misstatements in the financial statements

2) Detect and correct misstatements in the financial statements

300

What are the 3 types of IT Application controls

Input, processing, and output

300

What usually determines whether to use a narrative or flowchart for documentation?

The complexity of the reporting environment

More complex = Flowchart; Less complex = narrative

300

Bhiron is testing the controls of a client. The specific control he is testing reviews sales at the end of the day and develops a report of clients not found on a preapproved list. What would be the best description for this type of control?

Detective control

400

What are the Objectives and Organizational Structure of the COSO Framework?

Objectives:

Operations, reporting, compliance

Organizational Structure:

Entity, Division, Operating Unit, Function

400

What do preventive controls lack that makes assessing effectiveness difficult?

Physical evidence

400

What is the particular importance of IT General controls?

Controlling cybersecurity risks

400

What is the name of the document used to help build trust and confidence in services performed?

SOC 1 Report

400

A company wants to develop a control to help manage transactions within the revenue-receivable cycle, which is an automated process. To ensure the accuracy of information given to the system, what type of IT control should be used?

IT Application input control

500

Categorize the 17 Principles into the proper components (THEY ARE NOT IN ORDER).

- Enforces authority

- Communicates externally

- Evaluates and communicates deficiencies

- Selects and develops general controls over technology

- Identifies and analyzes significant change

- Establishes structure, authority, and responsibility

- Exercises oversight responsibility

- Uses relevant information

- Assesses fraud risk

- Demonstrates commitment to competence

- Conducts ongoing and/or separate evaluations

- Communicates internally

- Deploys through policies and procedures

- Demonstrates commitment to integrity and ethical values

- Specifies suitable objectives

- Selects and develops control activities

- Identifies and analyzes risk

Control Environment:

1) Demonstrates commitment to integrity and ethical values

2) Exercises oversight responsibility

3) Establishes structure, authority, and responsibility

4) Demonstrates commitment to competence

5) Enforces authority

Risk Assessment:

6) Specifies suitable objectives

7) Identifies and analyzes risk

8) Assesses fraud risk

9) Identifies and analyzes significant change

Control Activities:

10) Selects and develops control activities

11) Selects and develops general controls over technology

12) Deploys through policies and procedures

Information and Communication:

13) Uses relevant information

14) Communicates internally

15) Communicates externally

Monitoring Activities:

16) Conducts ongoing and/or separate evaluations

17) Evaluates and communicates deficiencies

500

What is the detective control that tests the completeness for shipment of goods being billed or recorded in sales journal/general ledger?

A comparison is done between the bills of lading with sales invoices. Any differences are generated in a report followed-up by the billing supervisor.

500

What are the 5 types of IT General controls

1) Data center and network operations controls

2) System software acquisition, change, and maintenance controls

3) Program change controls

4) Access controls

5) Application system acquisition, development, and maintenance controls

500

What is the difference between a Type 1 and Type 2 SOC 1 Report?

Type 1 only deals with the design of the controls, Type 2 deals with design and effectiveness of controls.

500

Do your best impersonation of the receiving clerk from the Alchemy, Inc videos.

Something along the lines of "I think I can count, why does someone need to supervise me? I know how to count!"