Exam #2 Outline

Chapter 7 – Introduction to Internal Control

1. ERM – how to manage risk

8 components of the framework

 Internal environment: Encompasses the tone of the organization & sets the basis for how risk is viewed & addressed by an entity’s people.

 Objective setting: Ensures that MGMT has a process in place to set objectives and that the chosen objectives support and align with the entity’s mission & are consistent with its risk appetite.

 Event identification: Internal and external events must be identified to distinguish between risks & opportunities.

 Risk assessment: Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed.

 Risk response: Avoiding, accepting, reducing, or sharing risk

 Control activities: Policies & procedures are established to ensure risk responses are carried out.

 Information & communication: Relevant info is identified, captured, & communicated in a form & time frame to help them carry out their responsibilities.

 Monitoring: Ongoing MGMT activities.

2. Discussion of Internal Control

 SOX: Created a new accounting oversight board (the PCAOB),strengthened auditor independence rules, increased accountability of company officers & directors, mandated upper MGMT to take responsibility for the co.’s internal control structure, enhanced the quality of financial stmts, & built up crime penalties.

o Section 404 mandates the annual filing of an internal control report regarding evaluation of the design, gathering & evaluation of evidence, presentation of a written assessment, & testing of the system.

 COSO Framework = CRIME: Control activities, risk assessment, information & communication, monitoring, & internal environment

o Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives – effectiveness & efficiency of op., reliability of financial reporting, & compliance.

 Fraud & Internal Control: An organization’s...