ACC 325/525 Final Exam ch 3

ch 3,6,10,12,15,17

Define Internal Control

A process that specifically mitigate risks to the company’s financial information

What is a preventative control?

A control that prevents problems from happening

Examples of preventative controls

firewalls to prevent unauthorized access to an organization’s computer network

separation of duties

What is a detective control?

A control that alerts management to an issue once it has occurred

Examples of detective controls

physical inventory count

reconciliation

security log monitoring

What is a corrective control?

A control that changes undesirable outcome and occurs after the potential outcome of a risk has become a reality

Examples of corrective controls

activating sprinklers to manage fire

restoring data from backups following a ransomware attack

Define segregation of duties

A type of preventative control that reduces the risk of error and fraud by ensuring that different employees are responsible for the separate parts of a business activity

What 3 types of duties should be separated?

Authorizing

Recording

Custody

Define General Controls.

A control that applies to the entire operation of a system and its environment

Examples of General Controls

Multi-factor authentication (MFA)

User access reviews

change documentation

daily system backups

Define Application Controls

A control that only applies to a specific application, including all the business processes and accounts that are linked to it

Examples of Application Controls

Validity check that verifies whether the entered data is formatted correctly

IT control embedded in the computer system that assigns roles to separate the purchasing and approval responsibilities

What are manual controls?

A control that is executed by people or physical interactions so it is subject to human error or intentional manipulation and override

Examples of manual controls

physical inventory count

employee training

supervisor review and sign-off

What are internal audits

an independent function of the company whose primary objective is to test the internal controls to assure their effectiveness to executive management and the board of directors

What are external audits

outside parties who provide additional assurance to the company’s shareholders and management regarding the effectiveness of risk mitigation

What are the Control Objectives of COSO Internal Control framework?

Operations objectives

Reporting objectives

Compliance objectives

What are operations objectives?

relate to the effectiveness and efficient of the company’’s daily functions, allocation of resources, operation, and financial performance, and prevention of losses

What are reporting objectives?

relate to the reporting financial information internally and externally, and the reporting of non financial information

What are compliance objectives?

relate to internal control goals for adhering to applicable laws and regulations

What are the five components of the COSO Internal Control?

1. Control environment

2. Risk assessment

3. Control activities

4. Information and communication

5. Monitoring

What is control environment?

The foundation for other components, and includes the attitude of management concerning integrity and ethical behavior

What is risk assessment?

An assessment that identifies, categorizes, and prioritizes individual risks in a company

What is control activities?

consisted of the policies and procedures that address risk and support the achievement of the company’s objectives

What is information and communication?

consists of internal and external communication, including financial reports, policies, and procedures

What is monitoring?

assessing internal controls and determining whether changes should be made