Shared Flashcard Set

Details

Accounting Information Systems Internal Controls
UMass Lowell AIS 303
49
Accounting
Undergraduate 3
06/21/2014

Additional Accounting Flashcards

 


 

Cards

Term

With regard to Financial Statements, management makes assertions as to three aspects of information. 

 
Definition

Account balances 

 

 Transactions 

 

Presentation and disclosure

Term

Auditing Standard No. 15, issued by the PCAOB, states in paragraph 11: 

In representing that the financial statements are presented fairly in conformity with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation, and disclosure of the various elements of financial statements and related disclosures. Those assertions can be classified into the following categories: 

 
Definition

Existence or occurrence 

 

Completeness

 

Valuation or allocation

 

Rights and obligations

 

Presentation and disclosure

Term

How does management make sure that the assertions are proper and that the financial statements do fairly present, in all material respects, financial position, results of operations and cash flow in conformity with US GAAP? 

Definition
INTERNAL CONTROLS
Term
Definition of Internal Controls
Definition

Internal controls is a process, effected by the board of directors, management, and other personnel that provides reasonable assurance regarding achievement of controls in the following categories: 

 

Effectiveness and efficiency of operations;

 

Accuracy of financial reports; and

 

Compliance with applicable laws and regulations.

Term
Two components to risk that relevant assertions by management regarding Financial Statements are mistated are:
Definition

Inherent Risk

 

Control Risk

Term
The susceptibility of an assertion to misstatements that could be material, assuming there are no related controls, and the likelihoood that a material misstatement exists in the financial statements without the consideration of internal controls are the definition of:
Definition
Inherent Risk
Term
That a material misstatement that could occur in an assertion will not be prevented, detected and corrected on a timely basis by an entity's internal controls, and function of the effectiveness of the design and operation of internal control in achieving the entity's objectives relative to Financial Statements are the definition of:
Definition
Control Risk
Term
Internal Control Objectives
Definition

Recorded transactions are valid and documented. 

 

All valid transactions are recorded, and none are omitted. 

 

Transactions are authorized according to company policy. 

 

Transactions are properly classified in the accounts. 

 

Transactions are recorded in the proper period. 

 

Transaction dollar amounts are properly calculated. 

 

Transaction accounting is complete.

Term
Why reasonable assurance for internal controls and not absolute assurance?:
Definition

1) Human error

 

2) Employee collusion

 

3) Management override

 

4) Cost/Benefit

Term
Categorize internal controls by function:
Definition

1) Preventive controls 

 

2) Detective controls 

 

3) Corrective controls

Term

 Categorize internal controls by scope for computer-based systems: 

 
Definition

1) general controls – refers to entire control environment

 

2) application controls – specific to application programs 

 
Term

The requirement for an effective internal control system is further strengthened through 2 federal 

laws. They are: 

Definition

1) FCPA of 1977 

 

2) Sarbanes-Oxley Act of 2002. 

SOX requires a company to base its evaluation of its internal control structure for 

financial reporting on a recognized control framework. Most companies are using 

COSO. 

 
Term

3 Control Frameworks: 

 
Definition

1) COBIT – controls for IT 

 2) COSO – issued its report in 1992 – all controls, not just IT.

 3) COSO’s Enterprise Risk Management 

Term
Composition of the COSO Committee:
Definition
Term

COSO Framework – The 5 Components of Internal Control Structure are:  

 
Definition

1. Control Environment 

 

2. Risk Assessment

 

3. Control Activities

 

4. Information and Communication

 

5. Monitoring

Term
COSO Control Environment, the umbrella or foundation of all other components, consists of:
Definition

a) Management philosophy & operating style

 

b) Integrity and ethical values

 

c) Commitment to competence

 

d) Board of Directors and audit committee

 

e) Organizational Structure/Assigning Authority and Responsibility

 

f) Human Resources Standards

Term

Which of the 5 components of the COSO Framework Internal Control Structure control environment is described as "tone at the top”, management’s attitude toward internal controls; excessive risk takers; centralized decision making. 

 Ex. CFO requesting check without documentation 

 
Definition
Management Philosophy and Operatiing Style
Term

Which of the 5 components of the COSO Framework Internal Control Structure control environment is described as where management must create a culture within the organization of right and wrong/honesty. Must be COMMUNICATED in writing to employees. Pressure to meet financial goals regardless of the method. Require reporting of dishonest behavior. 

 
Definition
Integrity and ethical values
Term
Which of the 5 components of the COSO Framework Internal Control Structure control environment is described where the firm must recruit employees with knowledge and skills to accomplish their responsibilities.
Definition
Commitment to competence
Term

Which of the 5 components of the COSO Framework Internal Control Structure control environment is described where only outside directors allowed on the audit committee. In adherence to the SOX Act of 2002 – hire external auditors; meet with internal and 

external auditors; whistleblower procedures; general oversight of internal control structure and financial reporting. At least one member of the audit committee has to be a financial expert. 

 
Definition
Board of Directors and audit committee
Term

Which of the 5 components of the COSO Framework Internal Control Structure control environment is described with lines of authority, responsibility and reporting. Layers of reporting versus teams; job 

descriptions, employee training, budgets, performance reports. 

 
Definition
Organizational Structure/Assigning Authority and Responsibility
Term

Which of the 5 components of the COSO Framework Internal Control Structure control environment is described as addressing:

 

hiring – background checks; compensating; promoting; 

 

training – including fraud and ethics; vacations; job rotations; fidelity bonding; discharging employees; counseling; handling of identified fraud 

 
Definition
Human Resources Standards
Term
The potential for the occurrance of a Hurricane is an example of __________ risk.
Definition
External Risk
Term
Fraud perpretrated by a cybercriminal who obtains company resources by hacking a vunerability in the company's sales website is an example of an _____________ risk.
Definition
Internal Risk
Term
COSO Risk Assessment component for internal controls structure for internal and external threats includes the following elements:
Definition

Must identify the risk and then decide how to handle it –  

Look at threat: nature, likelihood, and impact. Then decide how to respond – reduce/accept/share/avoid risk. 

 
Term
COSO Risk control activities component for internal controls structure includes the following five elements:
Definition

Proper authorization of activities and transactions

 

Segregation of duties

 

 Adequate Documents and Records

 

Safeguard Assets, Records, and Data

 

Independent Checks on Performance

Term

The COSO Risk control activity describing uses of signatures, initials, authorization codes; general and specific authorization; ties back to IC; and the objective that all transactions are authorized according to company policy is known as (6 words): 

 
Definition
Proper authorization of activities and transactions
Term
The COSO Risk control activity describing 4 functions of a manual system always separated for a given application as authorization, recording, custody of assets,and independent verification; and the separation of management (systems, network, security, change management), users, systems analysis, programming, computer operations, information system library, and the data control group in a computer based system is known as (3 words):
Definition
Segregation of Duties
Term
The COSO Risk control activity requiring an adequate audit trail is known as (4 words):
Definition
Adequate Documents and Records
Term
The COSO Risk control activity requiring that physical and logical access must be restricted to authorized individuals, including blank source documents; individual checks on performance; that  physical counts match records; that off-site storage of backups/copies of files/records/documents exist is known as (5 words).
Definition
Safeguard Assets, Records, and Data
Term

The COSO Risk control activity describing AIS responsibility for providing information to decision-makers and the communication within the organization of responsibilities such as budgets and performance reporting is known as: 

 
Definition
Information and Communication
Term

The COSO Risk Control activity that requires consideration of whether controls are operating as intended and that they are modified as appropriate for changes in conditions, and is often the work of the Internal audit department is known as: 

 
Definition
Monitoring
Term

ALTHOUGH THE TEXTBOOK PRIMARILY GIVES EXAMPLES OF FRAUD TO 

EXPLAIN THE CONSEQUENCES OF WEAKNESSES IN OR LACK OF INTERNAL 

CONTROLS, THE MAJORITY OF NONCOMPLIANT EVENTS ARE

Although the textbook primarily gives examples of fraud to explain the consequences of weaknesses in or lack of internal controls, the marority of noncompliant events are:

Definition
Unintentional
Term
Four functions always separated in a manual system to prevent fraud are:
Definition

Authorization 

 

Recording

 

Custody of Assets

 

Independent Verification

Term
Deter problems before they arise using these controls:
Definition
Preventative Controls
Term
Discover problems that are not prevented using these controls:
Definition
Detective Controls
Term
Identify and correct problems as well as correct and recover from the resulting errors using these controls:
Definition
Corrective Controls
Term
Two categories into which internal controls are often segregated are:
Definition

General Controls

 

and

 

Application Controls 

Term
The category of controls that make sure an organization's control environment is stable and well maintained is known as:
Definition
General Controls
Term
The category of controls that makes sure transactions are processed correctly with concern for accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported are known as:
Definition
Application Controls
Term
Professor Robert Simons four levels of control to help management reconcile the conflict between creativity and control:
Definition

1. Belief System

 

2. Boundary System

 

3. Diagnostic Control System

 

4. Interactive Control System

Term
One of Professor Robert Simons four levels of control describes how the company creates value, helps employees understand management's vision, communcates core values, inspires virtuous employee behavior. Name it:
Definition
Belief System
Term
One of Professor Robert Simons four levels of control promotes ethical acts by setting boundaries on employee behavior, not by telling them what to do, but by encouraging creative problem solving and meeting customer needs while adhering to minimum performance standards, avoiding prohibited activities, and protecting their reputation. Name it:
Definition
Boundary System
Term
One of Professor Robert Simons four levels of control is a system that measures, monitors, and compares actual progress to goals and budgets. Its feedback is used by management to fine tune inputs and processes to move future results closer to goals. Name it:
Definition
Diagnostic Control System
Term
One of Professor Robert Simons four levels of control helps leadership keep workers focused on the most important elements of their jobs and loop feedback and advice of workers back to leadership, usually in face to face meetings. Name it:
Definition
Interactive Control System
Term
FCPA is:
Definition
The Foreign Corrupt Practices Act of 1977. It makes it a crime for US entities to give bribes to foreign government officials in exchange for business.
Term
Some of the most important aspects of the Sarbaines-Oxley Act are:
Definition

Creation of the Public Company Accounting Oversight Board (PCAOB)

 

New Rules for Auditors

 

New roles for Audit Committees

 

New rules for management

 

New internal control requirements

Term
COSO is:
Definition
The Committee of Sponsoring Organizations. This includes the American Accounting Association, The American Institute of CPAs, the Institute of Internal Auditors, Institute of Management Accountants, and the Financial Executives Institute.
Term
Principles of COSO ERM Integrated Framework are:
Definition

*Companies are formed to create value for their owners
*Management must to decide how much uncertainty it will accept as it  creates value.
*Uncertainty results in risk, which is the possibility that something  negatively affects the company's ability to create or preserve value. 
*Uncertainty results in opportunity, which is the possibility that  something positively affects the company's ability to create or  preserve value. 

*The ERM framework can manage uncertainty as well as create and preserve value.

Supporting users have an ad free experience!