Internal Control Components Overview

Questions and Answers

PDF Questions PDF Answers

What is the first component of internal control?

Control Activities

Control Environment (correct)

Monitoring Activities

Risk Assessment

Which component involves the ongoing evaluation of internal controls?

Information and Communication

Risk Assessment

Monitoring Activities (correct)

Control Activities

What is the main purpose of Risk Assessment in internal control?

To ensure compliance with laws

To report financial statements

To identify and analyze risks (correct)

To assign tasks to employees

Which of the following components is necessary for communication in internal control?

Information and Communication

What type of objectives can be included in the flow of organizational objectives?

Sub-Objectives

Control Activities are established by what means?

Policies and procedures

What does the Control Environment primarily provide?

A framework of standards and processes

Which component of internal control helps ensure management directives are carried out?

Control Activities

What role does management play in establishing internal controls?

Management establishes structures and reporting lines with board oversight.

How does the organization address the risk of fraud?

By assessing fraud as part of the general risk assessment process.

What is required for the deployment of control activities?

Policies that establish expectations and procedures.

How does the organization manage changes that could impact internal control?

By identifying and assessing changes that may significantly impact the system.

What is emphasized in the communication of responsibilities for internal control?

Prompt communication of deficiencies to relevant parties.

Who is involved in taking corrective action for internal control deficiencies?

Senior management and the board of directors.

What is a key factor in the organization's commitment to internal control?

Developing and retaining competent individuals in alignment with objectives.

What aspect do external communications regarding internal control involve?

Addressing matters that affect internal control functionality.

What is the focus of the risk function perspective in COBIT 5?

To establish efficient core risk governance and management activities

What was issued by COSO in 2004 related to risk management?

Enterprise Risk Management — Integrated Framework

Which of the following is NOT an objective of Enterprise Risk Management (ERM)?

Improving customer satisfaction

Which process is aided by COBIT 5 enablers according to the risk management perspective?

Identifying, analyzing, responding to, and reporting on risk

Which key outcome is stated as an integral part of the strategy selection process in ERM?

Identifying, assessing, and managing risks

What could be a reason for the increase in control risks in organizations?

Lack of awareness about potential threats

How is internal control defined?

A process designed for reasonable assurance in achieving organizational objectives

What is NOT a characteristic of internal control?

Providing absolute assurance

What are the three main objectives of internal control?

Compliance objectives, reporting objectives, operational objectives

Which of the following best describes the adaptability of internal control?

It should be adaptable to the entity structure

What has led managers to skip vital control processes?

High productivity and cost reduction pressures

Which of the following does NOT contribute to the rising threats to AIS?

Enhanced training for IT personnel

What is one of the preconditions for an effective internal control system?

Clear organizational missions and visions

What is a key change in the COSO ERM framework from 2004 to 2017?

Changed the structure to five components

Which of the following is NOT a component of the COSO ERM 2017 framework?

Event Identification

What does the COSO ERM 2017 framework promote in organizations?

Integration of ERM practices throughout an organization

What is one of the four categories of objectives in the COSO ERM framework?

Strategic objectives

Which aspect is focused on improving decision-making in the COSO ERM 2017 framework?

Alignment with strategy setting

What did organizations find challenging about the COSO ERM 2004 framework?

The complexity and lack of clarity

How many principles does the COSO ERM 2017 framework consist of?

20 principles

Which component of the COSO ERM 2017 framework involves resource allocation?

Strategy and objective setting

Study Notes

Internal Control Components

• The organization evaluates internal controls to ensure they are effective in minimizing risks to the achievement of its objectives.
• Control activities are implemented to support the functioning of internal controls and are communicated to those responsible for taking corrective action, including senior management and the board of directors.
• Management must demonstrate commitment to attracting, developing, and retaining competent individuals aligned with organizational objectives to support internal control.
• The organization considers the potential for fraud when assessing risks.
• The organization communicates with external parties regarding matters affecting the functioning of internal controls.
• The organization deploys control activities through policies and procedures that put policies into action.
• There are five components of internal control: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities.
• The control environment provides the basis for carrying out internal controls across an organization.
• Risk assessment is a dynamic and iterative process that identifies and analyzes risks that could impair the achievement of objectives.
• Monitoring activities are ongoing evaluations of internal control effectiveness and can be done through separate evaluations, a combination of the two, or ongoing monitoring.

Control & AIS Threats

• Control risks have been increasing in recent years.
• Threats are underestimated, and controls are not always well understood.
• Productivity and cost reduction pressures contribute to increased risks.

Internal Control Definition

• Internal control is a process designed to provide reasonable assurance to achieve organizational objectives relating to operations, reporting, and compliance.

Understanding Internal Control

• Internal control is an ongoing process.
• It is effected by people.
• It aims at providing reasonable assurance (not absolute assurance).
• It is adaptable to the entity's structure.

Internal Control Objectives

• Internal control aims to achieve three objectives: Operations Objectives, Reporting Objectives, and Compliance Objectives.

COBIT 2019

• COBIT 2019 provides two perspectives on how to use it within a risk context: the Risk function perspective, and the Risk management perspective.
• The Risk function perspective describes what is needed in an organization to build and sustain efficient and effective risk governance and management.
• The Risk management perspective describes how the core risk management process of identifying, analyzing, responding to, and reporting on risk can be assisted by COBIT.

COSO ERM

• COSO ERM is a detailed framework for Enterprise Risk Management developed by the Committee of Sponsoring Organizations of the Treadway Commission.
• COSO ERM focuses on identifying, assessing, and managing risks to effectively create and protect value.
• The first publication of the ERM framework was in 2004.
• COSO ERM 2004 included eight components: Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information and Communication, and Monitoring.
• The second publication of the COSO ERM framework was in 2017.
• COSO ERM 2017 has five components including: Governance and culture, Strategy and objective setting, Performance, Review and revision, and Information, communication, and reporting.
• COSO ERM 2017 is principle-based and has 20 principles.
• The COSO ERM 2017 framework promotes integration of ERM practices throughout an organization.
• The COSO ERM 2017 framework aligns with strategy setting and performance.
• The COSO ERM 2017 framework focuses on improving decision-making in governance, strategy, objective setting, and day-to-day operations.
• The COSO ERM 2017 framework emphasizes allocating resources according to predetermined principles.
• The COSO ERM 2017 framework includes Governance and culture, Strategy and objective setting, Performance, and Review and revision.

Description

This quiz focuses on the essential components of internal control systems within organizations. It explores evaluation methods, implementation of control activities, management commitment, and communication channels related to internal controls. Understand the framework designed to minimize risks and achieve organizational objectives effectively.