components of internal control

 

5.7, isn't this the COSO thing? yea:

so, 

1. control environment
2. risk assessment
3. control activities
4. monitoring
5. information and communication 

5.8, looks like this is the "tone at the top," which is "pervasive"

oh and it looks like there was a figure

5.9, these are independent members?

so it's a subcommittee of the board with independent members

5.10, looks like there's a figure / table for risk assessment too

this seems important too, this is an internal control thing not technically an auditing thing, well I'll walk that back, since you're auditing for internal control too, but management is assessing its own risks through an ERM?

yes ERM

***********************************************************************************

5.11,

5.12,

an example? 

• PC= separation of duties?
• DC=bank recs?

it's saying that a planned schedule is an example of detective, hmmm, maybe good hiring would be preventative,  

5.13,oh missed this

it just says different departments, not necessarily FOUR different people or different departments

*******************************************************************************

5.14, that's how

5.15, 

that actually wasn't super helpful, this is better

5.16, cf. cost/benefit aspect of reasonable assurance