|
Activity Level
One of two levels at which internal controls can operate. The control is applied at the point of an activity. An example is a bank reconciliation to control cash movements.
ALM
Application Lifecycle Management
Application Controls
A type of control activity. Typically involve controls over processing of individual applications, ensure transactions are valid, properly authorized, completely and accurately processed.
Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, policies and procedures.
Control Activities
One of five components of internal control according to the COSO Internal Control Framework. Also known as Control procedures.
Control Environment
One of five components of internal control according to the COSO Internal Control Framework
Senior management have to set the tone at the top, that positively influences the control control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components of internal control.
COSO
Committee Of Sponsoring Organizations of the Treadway Commission
COSO Framework
Most widely used framework to assess the effectiveness of internal control.
EPA
Environmental Protection Agency
ERM
Enterprise Risk Management
Firm Infrastructure
Support activity in the value chain analysis. General management, planning, finance, accounting, legal, government affairs and quality management are all activities.
General Controls
A type of control activity. Typically involve controls over data center operations, system software acquisition, system maintenance and access security.
Human Resource Management
Support activity in the value chain analysis. Included are recruitment, hiring, training, development, and compensation of all personnel required for the entity or company.
IAPP
International Association of Privacy Professionals
Inbound Logistics
Element in primary activities dealing with receiving, storing and disseminating inputs to the product. Materials handling, warehousing, inventory control and supplier returns. First stage in the value chain analysis.
Information and Communication
One of five components of internal control according to the COSO Internal Control Framework
Systems surrounding the control activities. The accounting system counts as information and communication. Information needed to manage, control and conduct operations are captured by the entity.
Information Processing
In the context of Control Activities and Sec 404, performed to check accuracy, completeness and authorization of transactions. Broadly break down into two groups:- Application controls and general controls.
Information Systems Audit and Control Association
Publisher with Information Technology Governance Institute of the IT Control Objectives for Sarbanes-Oxley.
Information Technology Governance Institute
Publisher with Information Systems Audit and Control Association of the IT Control Objectives for Sarbanes-Oxley.
A positive example is BP which sets a high bar for ethical behaviour by employees. To back this policy up they make mention of it and its effectiveness in financial reports.
Negative examples of integrity and ethics are the infamous Enron and WorldCom scandals.
Integrity and Ethics
Reside under the Control Environment. The senior management need to set the tone for the company. Whilst they might be considered "soft" and "intangible" concepts, they affect the design, administration and monitoring of other internal controls. According to COSO, the actions of management is more important than having them written down.
Internal Control - Integrated Framework
Formal name of the COSO Framework
Internal Control Deficiency
Occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
ISACA
Information Systems Audit and Control Association
ITGI
Information Technology Governance Institute
Marketing and Sales
Element in primary activities dealing with providing a mechanism for attracting buyers and enabling them to purchase the products or service. Included are, advertising, promotion, sales force, quoting and pricing. Fourth in the value chain of primary activities for busines process activities, lying between outbound logistics and service.
Material Weakness
A significant deficiency that, by itself, or in combination with other significant deficiencies, results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.
Monitoring
One of five components of internal control according to the COSO Internal Control Framework
The means through which the control process is monitored and improved via modification.
Objectives
The COSO Framework defines three broad categories:- compliance with laws and regulations, financial reporting and operations. In relation to Sarbanes-Oxley the important one is financial reporting.
Operations
Element in primary activities dealing with transforming inputs into the final product. Maching, assembly, packaging, testing and faciltiy activities are all covered. Second stage in the value chain of primary activities. Lies between inbound logistics and outbound logistics.
Outbound Logistics
Element in primary activities dealing with collected, storing and physically distributing the product to buyers. Including finished goods, warehousing, materials handling, delivery, order processing and scheduling. Third stage in the Value Chain of primary activities between operations and Marketing and sales.
PCAOB
Public Company Accounting Oversight Board
Physical Controls
A type of control activity. They involve the physical security of assets. They ensure adequate safeguards over access to assets and records.
Policy
1) Establishes what should be done. Part of the Control activities.
Primary Activities
Business process activities in physical creation of a company's product, sale, transfer and after-sales service to the customer. Part of the value-chain analysis. Important in the analysis of activity level controls.
Private Securities Litigation Reform Act of 1996
US legislation allowing companies avoid liability of inaccurate forward-looking statements as long as the statement is identified as forward-looking and are accompanied by "meaningful cautionary statements".
Procedure
1) Actions of people to implement the stated policies.
Procurement
Support activity in value chain analysis. Mainly the purchase of inputs throughout the value chain. Encompasses elements throughout the primary and support activities.
PSLRA
Private Securities Litigation Reform Act of 1996
Public Company Accounting Oversight Board
Organisation set up under Sarbanes-Oxley Act 2002 to regulate auditing of public companies and auditors.
Risk Assessment
One of five components of internal control according to the COSO Internal Control Framework
Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.
Rule 13a-15 (e)
SEC rule which defines Disclosure Controls and Procedures.
Rule 13a-15 (f)
SEC rule which defines Internal Control over Financial Reporting
SEC
Securities and Exchange Commission.
Section 302
Section of the Sarbanes-Oxley Act of 2002 requiring a certification to accompany each quarterly and annual report filed with the SEC.
Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.
Segregation of Duties
A type of control activity. Different people are assigned responsibilities for authorizing transactions, recording transactions and maintaining custody of assets. The purpose is to inhibit the perpetration and concealment errors or irregularities, by reducing the opportunity to do so in the course of people's everyday work.
Service
Business process activities dealing with providing service to enhance or maintain the value of the product, once obtained by the buyer. Installation, repair and supplying parts are all covered. Considered to be a primary activity in the value chain analysis. Lies last after market and sales.
Significant Deficiency
An internal control deficiency that adversely affects the entity's ability to initiate, record, process, or report external financial data reliably in accordance with generally accepted accounting principles (GAAP). A significant deficiency could be a single deficiency or a combination of deficiencies, that results in more than a remote likelihood that a misstatement of the annual or interim financial statements that is more than inconsequential in amount will not be prevented or detected.
Support Activities
Part of business process activities support the primary activities in the value chain. Providing purchased inputs, human resources, technology and entity wide functions. Under value chain analysis support activities include firm infrastructure, human resource management, technology development and procurement.
Technology Development
Support activity in value chain analysis. Included are basic research, product design and servicing procedures. The aim is to improve products, services and processes.
Top-Level Review
Type of Control Activity. Including actual performance against budget, forecasts and prior-period performance. Preparation of the review or report is not a control activity. Follow up by management is.
|