Professional Documents
Culture Documents
AUD 1206 Assignment Number 4
AUD 1206 Assignment Number 4
2018053911
Operations Auditing
1. What are objectives? What three categories of objectives are set forth in the
COSO framework?
- The COSO framework is one of the most widely used and significant models
used to design, implement, maintain, and evaluate internal control before we get
into the question's objectives.It is acknowledged as the industry standard for
evaluating an organization's internal control effectiveness.The three goals of the
COSO Framework are as follows:
● First is the Operation - These pertain to the entity's operational efficacy and
efficiency, including financial and operational performance goals and asset loss
prevention.
● Second is the Reporting - These apply to both internal and external financial and
non-financial reporting, and they cover reliability, timeliness, transparency, and
any other criteria that are specified by regulators, standard-setters, or the entity's
policies.
● Last one is the Compiance - These involve adhering to the rules and laws that
the company must follow.
- The guidelines by which the board of directors can carry out its governance
oversight responsibilities, the organizational structure and delegation of authority,
the method for finding, developing, and keeping qualified personnel, and the
stringency surrounding performance indicators, rewards, and incentives to
encourage performance accountability are all aspects of the organization's moral
character and ethics.
3. What are control activities? What types of control activities are present in a
well-designed system of internal controls?
- actions taken by management, the board, and other parties to cut down on risk
and make it more likely that the goals and objectives that have been set will be
achieved. The actions under control are as follows:
● Performance reviews and follow-up activities.
● Authorizations (approvals).
● IT access control activities.
● Documentation (rigorous and comprehensive).
● Physical access control activities.
● IT application (input, processing, output) control activities.
● Independent verifications and reconciliations.
- The COSO definition of risk is "...the possibility that an event will occur and
adversely affect the achievement of an objective," while the ISO definition is
"effect of uncertainty on objectives."
- "The types and amount of risk that an organization is willing to accept on a broad
level in pursuit of value" is the definition of risk appetite in the COSO Enterprise
Risk Management—Integrating with Strategy and Performance1 standard.There
are a few important points in this definition.
9. What are some ERM assurance activities the internal audit function may
perform? What are some ERM consulting activities the internal audit function
may perform if appropriate safeguards are implemented? What ERM activities
should the internal audit function not perform?
Consulting activities the internal audit function may perform if appropriate safeguards
are implemented: