Title | Acco 360 Coso framework 17 principles exercise for final |
---|---|
Course | Advanced Taxation |
Institution | Concordia University |
Pages | 6 |
File Size | 207.7 KB |
File Type | |
Total Downloads | 56 |
Total Views | 130 |
Acco 360 coso framework 17 principles.match phrase (32) with one or many of the 17 principles of the coso framework. Helpful for the final...
Column 1 COSO Component
Control Environment
Column 2 COSO Principle 1. The organization demonstrates a commitment to integrity and ethical values.
Column 3 Points of Focus The board of directors and senior management set the proper tone at the top
Column 4 Controls Present 15
Column 5 Missing or inadequate internal controls (i.e., gaps) There should be evidence that the board of directors is involved in, or reviews the results of, the annual Code of Conduct update.
Establishes standards of conduct Management or internal audit should test to ensure that all employees complete the annual re-assessment.
Evaluates adherence to standards of conduct
There should be a timeframe specified for addressing deviations from the standards of conduct.
Addresses deviations in a timely manner
2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
Establishes oversight responsibilities
3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
Considers all structures of the entity
4. The organization
Establishes policies and practices
Applies relevant expertise Operates independently
1, 3 (experts, independent), 17 (quarterly meetings), 27 (board oversees CEO)
No gaps however but - Something changed, there should be annual assessment for board members
Provides oversight for the system of internal control
Establishes reporting lines
19 , 20 (defines assigns and responsibilities)
NA
2, 16, 21 (policies),
There should be a proper procedure
Defines, assigns, and limits authorities and responsibilities
1
demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
Evaluates competence and addresses shortcomings Attracts, develops, and retains individuals experts at what they do CIA, CPA
5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
Plans and prepares for succession Enforces accountability through structures, authorities, and responsibilities Establishes performance measures, incentives, and rewards Evaluates performance measures, incentives, and rewards for ongoing relevance
22 (succession planning but nt document), 24 (employee evaluation), 26
20, 23 (performance goals are established), 24 (employee performance is reviewed), 25, 26, 27
to address the succession for C-level officer The succession planning should be done by BOD
There has to be evidence that compensation and performance objectives consider the impact of excessive pressures. Performance measures ong oign relevance
Same thing in green
Considers excessive pressures Evaluates performance and rewards or disciplines individuals
2
Risk Assessment
6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
Complies with applicable accounting standards Considers materiality
7 (u need objectives to talk about risks), 9 (reflect entity activities)
Materiality and is not being considered
7 (#2), 9 (#3), 29
Documentation of estimation of significance of risk
32
Create procedures in place consider the fraud triangle
7 , 29 (management changes etc.) for number 29
NA
Reflects entity activities Includes entity, subsidiary, division, operating unit, and functional levels risk in every level / across the organization
Consider the objectives and risks related to financial reporting (Accounting standards)
Analyzes internal and external factors Involves appropriate levels of management Estimates significance of risks identified
8. The organization considers the potential for fraud in assessing risks to the achievement of objectives.
9. The organization identifies and assesses changes that could significantly impact the system of internal control.
Determines how to respond to risks key controls Considers various types of fraud hotline, yes Assesses incentive and pressures Assesses opportunities Assesses attitudes and rationalizations - Assesses changes in the external environment - Assesses changes in the business model - Assesses changes in leadership
3
Control Activities
10. Selects and Develops Control Activities
Establishes controls responsive to the identified risk Controls are performed at the appropriate level within the business process reviewing by authorities
5, 10, 7 (establishes controls responses to identified risks), 11, 12, 13, 14, 30, 31
The precision of controls is appropriate (i.e., aligned with risk tolerance)
11. Selects and Develops General Controls over Technology
12. Deploys through Policies and Procedures
Segregation of duties is properly established with respect to controls only It personnel Security is managed all three
13. The organization obtains or generates
Integrating segregation of duties that should be implemented beyond sakes recording and IT Should be documented the exception reports
13, 6, 14
Establish controls over technology development and acquisition
Controls over technology development & acquisition are present
Establish controls over technology maintenance
Controls over technology maintenance are present
Passwords!! update passwords periodically
Control activities are documented and establish responsibility and accountability by an individual with appropriate skills and knowledge Controls are performed on a timely basis and the timing is appropriate
Information and
Performance of Risks should be aligned with risk tolerance
Controls include procedures for any necessary follow-up corrective actions exception report Identifies information requirements what is the quality of information
4, 10, 11, 12, revenue controller Gl gl person Sale amanger sales so #1 good
Should be documented the exception reports
Monthly, weekly (#2) yes
5, 10 (generating exception controls),
Should be documented the exception reports
4
Communication
and uses relevant, quality information to support the functioning of internal control. = data collection
required
11, 18 , 30 Quality of information should be considered
Captures internal and external sources of data sales data, sales price, minutes. no external
External data should be used
Processes relevant data into information exception reports
Cost and benefits should be considered
Maintains quality throughout processing exception reports 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control.
Considers costs and benefits Communicates internal control documentation
8, 9, 17, 20, 32,
There should be evidence of investigation of whistleblower reports.
Communicates with the board of directors Provides separate communication lines whistleblower Selects relevant method of communication phone line Communicates to external parties whistle blower (customer and vendors) Enables inbound communications coming in company
17, 32 There should be evidence of investigation of whistleblower reports.
Communicates with the board of directors #17 Provides separate communication lines phoneline Selects relevant method of communication bod and everything
5
Monitoring Activities
16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
Considers a mix of ongoing and separate evaluations annual assessment so not good
8
Company should be performing ongoing evaluations in addition to annual ones
Considers rate of change Establishes baseline understanding
The frequency of evaluations should be updated
Uses knowledgeable personnel Integrates with business processes (process lvl control)
The company should consider prior risk assessments and controls evaluation
Adjusts scope and frequency (u only do once a year)
17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Objectively evaluates management and internal auditors internal auditors are objective Assesses results budget to real, assessment of key controls, 8, 9, 17, 18, 28
Process for monitoring corrective actions
Communicates deficiencies presenting to board Monitors corrective actions
6...