Answer (D) is correct . An organization’s control environment encompasses the attitudes and actions of the board of directors and upper management regarding the significance of control, i.e., the “tone at the top.”? One of the components of the control environment is the assignment of authority and responsibility. For example, management defines key areas of authority and responsibility by placing the information technology, financial accounting, and treasury functions under separate officers. When the management of one department can override the internal controls of another, authority and responsibility have not been properly assigned.
Answer (A) is incorrect because Risk management is the ongoing process of designing and operating internal controls that mitigate the risks identified in the organization’s risk assessment.
Answer (B) is incorrect because Information and communication are ongoing processes in every organization; they are not the basis for internal control.
Answer (C) is incorrect because Monitoring cannot prevent damage done due to a system design flaw, such as one department being able to override another’s internal controls.
|
