Understanding internal control

Area 2: Assessing Risk and Developing a Planned Response (25-35%)

Your Progress

0 of 64 questions attempted

Topics

Components of internal control
Control environment evaluation
Information system and related controls
Entity-level controls and ITGC relationship

Lessons

Internal Controls

Study Frameworks

Internal Control Components (COSO)

Internal Control — Integrated Framework

Control Environment

Integrity & ethical values

Board oversight

Organizational structure

Risk Assessment

Identify risks

Analyze likelihood & impact

Assess fraud risk

Control Activities

Authorization

Segregation of duties

IT general controls

Information & Communication

Internal reporting

External reporting

Monitoring Activities

Ongoing evaluations

Separate evaluations

Report deficiencies

IT Controls Hierarchy

IT Controls

IT General Controls (ITGCs)

Access security (user IDs, passwords, MFA)

Program change management (test, approve, migrate)

Computer operations (backups, job scheduling)

Program development (SDLC, user acceptance testing)

Application Controls

Input controls (edit checks, validation rules)

Processing controls (run-to-run totals, limit tests)

Output controls (report distribution, reconciliation)

CAATs (Auditor Tools)

Test data

Integrated test facility (ITF)

Generalized audit software (GAS)

Embedded audit modules

IT Control Categories

Control Type	Scope	Examples
IT General Controls	IT environment (all applications)	Access security, change management, operations, development
Application Controls	Specific application/process	Edit checks, validation rules, run-to-run totals, output reconciliation
Manual Controls	Human-performed procedures	Supervisory review, reconciliations, physical counts

CRIMEControl environment, Risk assessment, Information & communication, Monitoring, Existing control activities

The five components of the COSO Internal Control Framework. Remember: without CRIME prevention, controls fail.

Practice These Topics(64 questions)