For Wizard Kim - q&a

profiletkrmaslatwbha81
QuestionandAnswer.docx

Question and Answer:

1.

It seems that every article related to fraud, behavior, and employee lawsuits recommends the need to obtain commitment from top management to correct policies and procedures to avoid that particular activity in the future.  When top management reads that article or is contacted by the internal accountant, they may just put it on their ever-growing list of things to do.

Why should top management, including the Board of Directors pay attention when one of the COSO Internal Control principles has been violated and what should they do to make sure those standards are being followed.

2.

COSO defines risk as the possibility that an event will occur and adversely affect the achievement of objectives.  A direction from the Board of Directors to eliminate all risk would ensure that Principles 6 through 9 are met.  Do you agree or disagree?  Why?

3.

Large IT departments have traditionally been the focus of internal controls and its systems are tested as a normal function of an external audit.  Because those IT departments have always been expensive to maintain and slow to respond to implement new systems or changes to existing systems.  Since the advent of the personal computer in the 1980s, operating departments, especially accounting, have developed their own spreadsheets and small databases to meet their needs in a timely fashion.  What does COSO have to say about the error risk and associated controls of both of those technologies?