I've Been Framed
What does the acronym COSO stand for?
Committee of Sponsoring Organizations
In this component of internal control, the organization identifies changes that could significantly impact the system of internal control.
What is Risk Assessment
True or False: An internal control can support more than 1 component of COSO.
What is true?
One of the 17 COSO Principles of Internal Control, management establishes these, with board oversight.
What are structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives?
Name at least one indicator of a strong control environment.
• Clear lines of authority • Public code of conduct • Formal budget process • Low staff turnover • Effective board involvement • Internal audit functions
These are the three categories of objectives in the COSO framework.
What are operations, reporting and compliance
In this component of internal control, the board of directors demonstrates independence from management and exercises oversight over the development and performance of internal control.
What is the Control Environment.
True or false: Internal controls help provide reasonable assurance that the entity's objectives will be achieved.
What is true? Will provide reasonable assurance, not absolute.
This is the control objective in which "tone at the top" best fits.
What is control environment?
This is one of the common internal documents and/or files that are helpful to auditors examining the client's sales process.
What is:
Customer master file
Sales order
Bill of lading
Packing slip
Sales invoice
Sales cycle database
Monthly statements of receivable balances
Name two of the five “sponsoring organizations” of COSO. (Hint: all 5 are professional associations)
* American Accounting Association (AAA)
• American Institute of CPA (AICPA)
• Financial Executives International (FEI)
• Institute of Internal Auditors (IIA)
• The Institute of Management Accountants‐ IMA
The organization selects and develops these to contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
What are Control Activities
True or False: Sarbanes Oxley came into existence before the establishment of the COSO Framework.
What is false?
The organization considers the potential for this in assessing the risks to the achievement of objectives.
What is fraud?
Fill in the blanks: Regardless of the size of your organization, the same person should not be able to ______ checks, _______ checks, and reconcile the ___________.
Regardless of the size of your organization, the same person should not be able to write checks, sign checks, and reconcile the bank statement.
Name two of the five components of COSO internal controls system. It would be a "crime" not to know this.
What any two of the following:
Control Activities
Risk Assessment
Information and Communication
Monitoring Activities
Existing Control Environment
In this component of internal control, the organization obtains or generates and uses relevant, quality amounts of it regarding matters affecting the functioning of internal control.
What is Information and Communication.
True or False: Compliance Objectives pertain to internal and external financial and nonfinancial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized standard setters, or the entity’s policies.
What is false? Those are reporting objectives.
The organization evaluates and communicates this in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
What are internal control deficiencies?
An individual in the company with the ability to print checks and reconcile bank accounts should not also be able to do this.
What is should NOT have the ability to create or edit vendors in a company's accounting system?
These are the four types of organizational structures in the COSO Framework. Rhymes with node.
Function
Operating Unit
Division
Entity
In this internal control, the organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Monitoring
True or false: COSO determines which internal controls an organization should have to support an effective internal control system.
What is false? Management establishes the internal control system.
The organization demonstrates a commitment to these when considering the control environment.
What are integrity and ethical values?
This is the component of internal control that provides a foundation for an effective internal control structure.
What is control environment.