Internal Control

Question 1

The system established by the BOD and Management for the accomplishment of the corporation’s
objectives, the efficient operation of its business, the reliability of its financial reporting, and
faithful compliance with applicable laws, regulations and internal rules.

Answer 1

Internal Control

Question 2

The framework under which internal controls are developed and implemented (alone or in concert with other policies or procedures) to manage and control a particular risk or business activity, or combination or risks or business activities, to which the corporation is exposed.

Answer 2

Internal Control System

Question 3

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal
Control-Integrated Framework, originally issued in 1992 and refreshed in 2013 (ICIF-2013 or
Framework), was developed as guidance to help improve confidence in all types of data and
information.

Answer 3

COSO Cube

Question 4

COSO Cube

Answer 4

The Committee of Sponsoring Organizations of the Treadway Commission

Question 5

▪︎ This evolution is not revolutionary of the 1992 Framework.

▪︎ The 2013 Framework retains the definition of internal control and the COSO Cube, including the five components of internal control: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities.

Answer 5

COSO’S 2013 Internal Control - Integrated Framework

Question 6

as defined in the 2013 Framework, “a process effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

Answer 6

Internal Control

Question 7

CATEGORIES OF OBJECTIVES

Answer 7

• Operations Objectives
• Reporting Objectives
• Compliance Objectives

Question 8

CATEGORIES OF OBJECTIVES
related to the effectiveness and efficiency of the entity’s operations,
including operational and financial performance goals, and safeguarding assets against loss.

Answer 8

Operations Objectives

Question 9

CATEGORIES OF OBJECTIVES
related to Internal and External financial and non-financial reporting to stakeholders, which would encompass reliability, timeliness, transparency, or other terms as established by regulators, standard setters, or the entity’s policies.

Answer 9

Reporting Objectives

Question 10

CATEGORIES OF OBJECTIVES
- related to adhering to laws and regulations that the entity must follow

Answer 10

Compliance Objectives

Question 11

are the actions established by the policies and procedures to help ensure that
management directives to mitigate risks to the achievement of objectives are carried out. Control
activities are performed at all levels of the entity, at various stages within business processes, and
over the technology environment.

Answer 11

Control activities

Question 12

Types of Control Activities

Answer 12

• Preventive Controls
• Detection controls
• Hard controls
• Soft controls
• Manual controls
• Automated controls
• Key controls
• Secondary controls

Question 13

Types of Control Activities
attempt to deter or stop an unwanted outcome before it occurs. Examples
include passwords, approval, policies, and procedures.

Answer 13

Preventive Controls

Question 14

Types of Control Activities
attempt to uncover errors or irregularities that may already have occurred.
Examples include reconciliations, monitoring of actual expenses vs. budget, prior periods and
forecasts.

Answer 14

Detection controls

Question 15

Types of Control Activities
are formal and tangible. Examples include organizational structure, policies,
procedures and segregation of duties.

Answer 15

Hard controls

Question 16

Types of Control Activities
are manually performed, either solely manual or IT-dependent, where a system generated report is used to test a particular control.

Answer 16

Manual controls

Question 17

Types of Control Activities
are informal and intangible. Examples include tone at the top, ethical climate
integrity, trust and competence.

Answer 17

Soft controls

Question 18

Types of Control Activities
are performed entirely by the computer system

Answer 18

Automated controls

Question 19

Types of Control Activities
must operate effectively to reduce the risk to an acceptable level.

Answer 19

Key controls

Question 20

Types of Control Activities
are those that help the process run smoothly but are not essential.

Answer 20

Secondary controls

Question 21

The seven factors relating to an effective control environment are

Answer 21

• integrity and ethical values;
• commitment to competence;
• board of directors or audit committee;
• management’s philosophy and
  operating style;
• organizational structure;
• assignment of authority and responsibility;
• human resource policies.

Question 22

Components of Internal Controls

Answer 22

• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring

Question 23

Level of Organizational Structure

Answer 23

• Function
• Operating Unit
• Division
• Entity

Question 24

It is consists of infrastructure (physical and hardware components), software, people, procedures,
and data.

Answer 24

Information and Communication System

Question 25

17 Principles of Internal Control according to COSO's 2013 Framework

Answer 25

CONTROL ENVIRONMENT 1. Demonstrates commitment to integrity and ethical values. 2. Exercise oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability RISK ASSESSMENT 6. Specifies suitable objectives 7. identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change CONTROL ACTIVITIES 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures INFORMATION & COMMUNICATION 13. Uses relevant information 14. Communicates internally 15. Communicates externally MONITORING 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies

Question 26

The Fraud Triangle

Answer 26

- Pressure - Opportunity - Rationalization

Question 26

Fraud is an intentional act involving the use of deception that results in a material misstatement of the financial statement.

Answer 26

Fraud

Question 27

▪︎ Fraud happens when people who are entrusted to manage the assets of an organization steal from it. ▪︎ Fraud involves third parties or employees in an organization who abuse their position to steal from it through fraudulent activity. ▪︎ It can also be known as insider fraud.

Answer 27

Asset Misappropriation

Question 28

Types of Misstatements

Answer 28

1. Misstatement arising from asset misappropriation 2. Misstatement arising from fraudulent financial reporting

Question 29

The Fraud Diamond Theory

Answer 29

- Opportunity - Capability - Rationalization - Motivation

Question 29

▪︎ The intentional manipulation of reported financial results to misstate the economic condition of the organization.

Answer 29

Fraudulent Financial Reporting