CPA Business Environment and Concepts (BEC) › COSO Framework
Per the COSO ICIF, the main purpose of monitoring internal controls is to confirm that the internal control system can adequately address changes in:
Risk Assessment
Control Environment
Monitoring
Information and communication
Risks constantly change in terms of likelihood and severity. Internal controls should be created and upheld to address changes in risks.
A company's management is experiencing a lack of segregation of duties within its application environment as its programmers have access to both development and production. The programmers have the ability to implement changes in code in production without monitoring or quality assurance. This is a deficiency in which area?
Change control
Data integrity
Computer operations
Management override
Programmers who have access to both instructions and live data can undermine management's control of data and their ability to verify that all changes have been performed in a manner consistent with their instructions.
Of the following positions, which best describes the nature of a company's Board of Directors in relation to the company?
Agent
Fiduciary
Representative
Executive
A company's board of directors has a fiduciary duty to act on behalf of and in the best interest of a corporation.
According to COSO, which of the following is included in the assess and report phase of an effective approach to monitoring internal controls?
Prioritize findings
Tone at the top
Identify controls
Prioritize risks
Findings result from monitoring internal controls.
The Treadway Commission was established by:
SOX 2002
The SEC
The Treadway Foundation
Private sponsoring organizations
The COSO was an independent private sector initiative.
Of the following components, which would not be included in Risk Assessment activities?
Consider the potential for fraud
Identify and assess changes
Specify objectives
These are all included
All of these components are required when conducting Risk Assessment under the COSO framework.