CPA: BEC 1
The components of Internal Control (5) Correct Answer: Control Environment
Risk Assessment
Information and Communication
Monitoring
Existing Control Activities
Control Environment Correct Answer: Tone at the Top. EBOCA.
Ethics and Integrity
Board Independence and oversight
Organizational structure
Commitment to Competence
Accountability
Risk assessment Correct Answer: Managements identification of risk of F/S misstatement or fraud.
EAR
Event Identification
Assess Risk
Respond to Risk
Information and Communication systems Correct Answer: A means of recording transactions and
communicating responsibilities.
FACT - Fair, Accurate, Complete, Timely
Monitoring Correct Answer: Assessment of internal control performance over time.
Efficiencies of internal controls, report deficiencies.
Existing Control Activities Correct Answer: Control policies and procedures, including technology
controls.
Explain the SOX requirement for an issuer's audit committee financial expert. Correct Answer: An
issuer's audit committee must have at least one financial expert, or disclose why the role is not filled.
Must also disclose the existence of the financial expert.
Understand the difference between Risk Sharing, Acceptance, Reduction and Avoidance. Correct
Answer: Sharing - Insurance
Acceptance - Aware and accepting the risks. No action.
Reduction - Reducing the risk in some way like diversification
Avoidance - complete disposal of a business unit/line/segment.
Understand inherent risk and residual risk Correct Answer: Inherent risk - The risk without taking action
Residual risk - The additional risk that remains after management has responded to the risk
What are the four stages of the change continuum according to COSO? Correct Answer: 1 - control
baseline
The components of Internal Control (5) Correct Answer: Control Environment
Risk Assessment
Information and Communication
Monitoring
Existing Control Activities
Control Environment Correct Answer: Tone at the Top. EBOCA.
Ethics and Integrity
Board Independence and oversight
Organizational structure
Commitment to Competence
Accountability
Risk assessment Correct Answer: Managements identification of risk of F/S misstatement or fraud.
EAR
Event Identification
Assess Risk
Respond to Risk
Information and Communication systems Correct Answer: A means of recording transactions and
communicating responsibilities.
FACT - Fair, Accurate, Complete, Timely
Monitoring Correct Answer: Assessment of internal control performance over time.
Efficiencies of internal controls, report deficiencies.
Existing Control Activities Correct Answer: Control policies and procedures, including technology
controls.
Explain the SOX requirement for an issuer's audit committee financial expert. Correct Answer: An
issuer's audit committee must have at least one financial expert, or disclose why the role is not filled.
Must also disclose the existence of the financial expert.
Understand the difference between Risk Sharing, Acceptance, Reduction and Avoidance. Correct
Answer: Sharing - Insurance
Acceptance - Aware and accepting the risks. No action.
Reduction - Reducing the risk in some way like diversification
Avoidance - complete disposal of a business unit/line/segment.
Understand inherent risk and residual risk Correct Answer: Inherent risk - The risk without taking action
Residual risk - The additional risk that remains after management has responded to the risk
What are the four stages of the change continuum according to COSO? Correct Answer: 1 - control
baseline
