Definition of Internal Control – the process implemented to provide reasonable assurance that the following control objectives are achieved: safeguard assets, maintain detailed records, provide accurance and reliable info, prepare financial reports in accordance w/established criteria, promote operational efficiency, encourage adherence to prescribed managerial policies, comply w/ applicable laws Preventive controls – deter problems before they arise. Examples: hire qualified personnel, segregating employee duties, and controlling physical access to assets and info. General controls – make sure an organization’s control environment is stable and well managed. Examples: security, IT infrastruction, software acquisition, development, and maintenance controls Application controls – make sure transactions are processed correctly. They are concerned with accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported SOX – applies to publicly held companies and their auditors and was designed to prevent financial statement fraud, make financial reports more transparent, protect invesstors, strengthen internal controls, and punish executives who perpetrate fraud. PCAOB – public company accounting oversight board – SOX created this to control the auditing profession. They set and enfoce auditing, quality control, ethics, independence, and other auditing standards Roles for Audit Committee – must be on the company’s board of directors and be independent of the company. One member of the committee must be a financial expert. The committee hires, compensates, and oversees the auditors, who report directly to them. Who is responsible for establishing IC’s – senior management COBIT-control objectives for info and related technology framework – consolidates control standards from 36 different sources into one framework that allows management to benchmark security and control practices, users to be assured that adequate IR security and control exist, and auditors substantiate their internal control options. Consists of three vantage points: business objectives – info must conform to seven categories of criteria that map into the objectives established by the COSO to satisfy business objectives. IT resources – includes people, application systems, technology, facilities, and data. IT Processes – broken into 4 domains: planning and organizing, acquisition and implementation, delivery and support, and monitoring and evaluation. 5 elements of COSO Integrated Framework – Committee of sponsoring organizations: 1. Control environment, control activities, risk assessment, info and communication, and monitoring. 8 Elements of ERM Model – internal environment, event identification, risk assessment, risk response, control activities, info and communication, and monitoring Strategic objectives – high-level goals that are aligned with the company’s mission, support it, and create shareholder value. They are first set Operation objectives – deal with the effectiveness and efficiency of company operations, determine how to allocate resources. Reporting objectives – help ensure the accuracy, completeness, and reliability of company reports; improve deicison making, and monitor company activities and performance. Compliance objectives – help the company comply with all applicable laws and regulations Residual Risk – what remains after mamangement implements internal controls or some other response to risk. ERM responses:
Accept – accept the likelihood and impact of the risk
Share – share risk or transfer it to someone else by buying insurance, outsourcing an activity, or entering into hedging transactions Avoid – avoid risk by not engaging in the activity that produces the risk. This may require the company to sell a division, exit a product line, or not expand as anticipated
Integrity-the info must be produced in a cost-effective manner...
Please join StudyMode to read the full document