1 - Internal Control Frameworks Flashcards
(120 cards)
1
Q
COSO issued the “internal Control - Integrated Framework” to assist organizations do what?
A
develop comprehensive assessments of IC effectiveness
This framework is also often referred to as “the framework”
2
Q
How does the principles-based approach support an effective system o internal control under the COSO framework?
A
An EFFECTIVE system of IC requires the use of judgment in determining the sufficiency of controls, applying the proper controls, and assessing the effectiveness of the system of controls.
The principles-based approach of the COSO framework emphasizes the importance of MGT JUDGMENT
MS: One framework for controls does not fit all companies because every company is different (i.e. in size, its business, process, etc), and as such mgt must use judgment
3
Q
Define “internal control”
A
a process that is designed and implemented by an organization’s management, board of directors, and other employees to provide REASONABLE ASSURANCE that the organization will achieve its OPERATING, REPORTING, and COMPLIANCE objectives
4
Q
What are the objectives of internal controls
A
- financial Reporting
- effective & efficient Operations
- Compliance with laws & regulations
5
Q
What is comprised in the “COSO Cube”
A
ORC - 3 main objectives
CRIME - 5 I/C components
Organizational structure
6
Q
Describe the Operations objective
A
relates to the effectiveness and efficiency of an entity’s operations.
Want to ensure the assets of the org. are adequately safeguarded against potential losses
7
Q
Describe the Reporting objective
A
pertains to the RELIABILITY, TIMELINESS, and TRANSPARENCY of an entity’s external & internal financial AND nonfinancial reporting as established by regulators
8
Q
Describe the Compliance objective
A
established to ensure the entity is adhering to all applicable laws and regulations
9
Q
What are the five components of internal control
A
Control environment Risk assessment Information & communication Monitoring Controls Existing Control activities
“CRIME”
10
Q
What things are needed in order to achieve the 3 objectives of I/C?
A
ALL 5 components (CRIME) and the 17 principles that are relevant to be both PRESENT & FUNCTIONING
11
Q
Describe Control Environment
A
Tone at the top - ethics
includes the processes, structures, and standards that provide the foundation for an entity to establish a system of I/C.
12
Q
What are the principles related to Control Environment?
A
“EBOCA”
- Commitment to ETHICS & Integrity — establish standards/code of conduct
- Board Independence & Oversight — independent and knowledgeable
- Organizational Structure — reporting lines, the authority and responsibilities are all appropriate
- Commitment to Confidence — there is a commitment to hire, develop, and retain competent employees
- Accountability — establish performance measures, incentives, and rewards without excessive pressure
13
Q
Describe Risk Assessment
A
an entity’s identification and analysis of risk to the achievement of its objectives
14
Q
What principles are related to Risk Assessment
A
Make an entity “SAFR”
- Specify objectives — identify and assess risks related to those (not achieving ) objectives
- Identify and ASSESS Changes — the org identifies and assesses changes that could significantly affect I/C such as change in external environment, business model, and leadership
- Consider potential for FRAUD — assess fraud triangle
- Identify and analyze RISKS — determine how risks should me managed (Enterprise Risk Management)
15
Q
Describe the Information & Communication component
A
these systems support the identification, capture, and exchange of information (b/t internal and external parties) in a timely and useful manner.
16
Q
List the principles included in Information and Communication
A
“OIE”
- Obtain and use information — obtains or generates and uses RELEVANT, HIGH QUALITY information to support functioning of IC
- Internally communicate information – information necessary to support functioning of I/C is communicated in a flow of information up, down, and across the organization
- Communicate with external parties — two way external communication channels using a variety of methods and channels (i.e. CPA firm or consultants)
17
Q
Describe Monitoring Activities
A
process of assessing the quality of I/C performance over time by assessing the design and operation of controls on a timely basis and taking the necessary corrective actions
18
Q
What principles relate to Monitoring Activities
A
“SOD”
- SO = Ongoing and/or Separate Evaluations — on whether the comoponent’s of I/C are present and functioning (the frequency of testing is dictated by RISK)
- Communication of deficiencies —report deficiencies in a timely manner and make sure corrective action is taken
19
Q
Describe Existing Control Activities
A
the controls set forth by an entity’s policies and procedures to ensure that the directives initiated by mgt to mitigate risks are performed
Control activities may be detective or preventive
Segregation of duties is usually a big one
20
Q
What principles relate to Existing Control Activities
A
“CAT PP”
- Select and develop CONTROL ACTIVITIES
- Select and develop TECHNOLOGY controls
- Deployment of POLICIES & PROCEDURES
21
Q
Define present and functioning
A
present - included in the design and implementation of the I/C
functioning - operating as designed in the I/C system
22
Q
What specific requirements must I/C have in order to be considered and EFFECTIVE SYSTEM?
A
Senior mgt and the board must have reasonable assurance that the entity:
- achieves effective and efficient operations
- complies with all applicable rules, regulations, laws, etc.
- prepares reports that are in conformity with the entitiy’s reporting objectives and standards.
23
Q
What results when there is an ineffective I/C
A
= greater risk that ORC is not achieved
GAAS uses the terms “material weakness” and “Significant deficiency”
COSO uses the term “major deficiency”
24
Q
Describe a “major deficiency” and what results if one exists
A
represents a material I/C deficiency that significantly reduces the likelihood that an organization can achieve its objectives
if identified, the entity may NOT conclude that it has met the requirements for an effective I/C system under the COSO framework
25
List some inherent I/C limitations
```
human failure
faulty or biased judgment
external events
collusion
mgt override
suitability of entity objectives
```
26
What is comprised in applying the internal control framework
1. manage application
2. evaluate effectiveness
3. deficiency assertions
27
How will mgt use the COSO framework to document its IC assessment
"COPS"
Follow these steps:
Overall assessment
(which are supported by..)
Component evaluations (which are supported by...)
Principal evaluations (which serve as the source for isolating and defining internal control deficiencies)
Summary of IC deficiencies (if any)
28
What are the common risks normally identified using the COSO framework
material omission
fraud
mgt override of controls
illegal acts
29
What is the underlying premise of ERM
the underlying premise of ERM is that every entity exists to provide value for stakeholders and that all entities face risk in the pursuit of value for their stakeholders.
value = increased stock price and/or pay dividends
30
Define "risk" according to COSO
Risk is the possibility that events will occur and affect the achievement of strategy and business objectives
31
How is value developed
"CPER"
creation
preservation
erosion (don't want this)
realization
32
Describe value creation
your benefit has to exceed your resource costs
ROIC > Cost of Capital
+NPV
need to create a profit
costs = people, financial capital, technology, process and brand and value must outweigh this
33
Describe value preservation
want to have SUSTAINABLE operating profit (not a one time deal, ongoing)
34
Describe value erosion
we don't want the value of the business to go down (i.e when cost > benefit)
stock price goes down
ROIC < cost/hurdle rate
-NPV
35
Describe value realization
when benefits are received by stakeholders either monetary or nonmonetary in form
Dividends or stock price/capital gain
Customer satisfaction
36
Describe mission
represents the CORE PURPOSE of the entity. Represents the WHY the company exists and what it hopes to accomplish
37
Describe vision
represents the aspirations of the entity and WHAT it hopes to achieve over time (
38
Describe core values
represent an organization's beliefs and ideals about what is good or bad
the HOW the org plans to achieve goals (ethics, culture, core values)
39
What elements are included in Enterprise Risk Managment
CCPIS
Culture
Capabilities (competitive advantage)
Practices
Integration with strategy setting and performance
40
Describe culture as it relates to ERM
represents COLLECTIVE THINKING of the people within an org.
Culture plays an important role in SHAPING DECISIONS regarding risk
correlate with core values
41
Describe capabilities as it relates to ERM
Competitive advantage
produces value for an entity
exploitation of competitve advantage and adaptation to change are skill sets embedded within ERM
42
Describe practices as it relates to ERM
continually applied at all levels of the entity (not just the board or officers, the entire entity)
43
Describe integration with strategy setting and performance as it relates to ERM
Why do you exist? Ie what is your mission?
&
What's your vision? strategy?
44
Describe risk appetite
represents the types and amounts of risk, on a broad level, than an organization is willing to accept in pursuit of value
it's a range rather than a specific limit and provides guidance encouraging a firm to pursue or not pursue certain endeavors
expressed first in mission and vision
varies between products, business units, or over time
45
what is the relationship of value and risk appetite
directly related
Greater the risk, greater the expected return
46
What is the application of ERM intended to do?
provide management with a REASONABLE EXPECTATION of success
47
Define risk inventory
all risk that could impact an entity
| could be societal, economic, demographic, or legal risk etc
48
Define reasonable expectation as it relates to ERM
the amount of risk of having strategy and business objectives that is appropriate for an entity, recognizing that no one can predict risk with precision
49
Define risk profile
a composite view of the risk assumed at a PARTICULAR level of the entity or aspect of the business (product line, geographic area, customer) to consider the TYPES, SEVERITY, & INTERDEPENDENCE of risk
50
describe portfolio view
entity wide risks
more of a holistic view
are we diversified
at the parents as opposed to the product level
51
organization sustainability
the ability of an entity to withstand the impact of a large-scale event
i.e. financial crisis
52
What are the components of ERM
5 components
"GO PRO"
1. Governance and culture (similar to control environment, tone at the top)
2. Strategy and objective -setting (mission/vission, define your risk appetite)
3. Performance (evaluate, id and respond to risk using ARTS)
4. Review and Revision
5. Information, communication, and Reporting (ongoing)
53
What are the principles of ERM
20!
| See pg 20 in the book. Have to write it to remember it. Not worth making flashcards for but you HAVE to review it
54
What are Risk Responses as it relates to ERM
ARTS
Avoid (high frequency & high severity risks)
Reduce (high frequency & low severity) - hedge/derivatives/security alarms
Transfer/Share (High severity and low frequency) - buy insurance
Self-insure/Accept (Low frequency and low severity) - you chose to be in that industry
55
What are the three main components of the Sarbanes Oxley Act of 2002?
Corporate Responsibility
Enhanced Disclosures
Fraud - how to deal with it
56
Who does Sarbanes Oxley affect
the financial reporting of PUBLIC companies
57
Who is typically included in "Corporate Responsibility"?
Audit Committee
and
CEO/CFO representations
58
Who does the auditor of an engagement report to?
the audit committee
59
What are the responsibilities of the audit committee?
it is directly responsible for the appointment, compensation, and oversight of the work of the public accounting firm employed by the public company
also responsible for resolving disputes between the auditor and management
are to be members of the issuer's board of directors BUT are otherwise completely INDEPENDENT (they may not accept compensation from the issuer for consulting/advisory services)
Must establish procedures to accept reports of complaints regarding regarding things (whistleblower hotlines)
60
What representations must the CEO and/or CFO sign regarding annual and quarterly reports?
- they have reviewed the report
- the report does not contain untrue statements or omit material information
- the F/S fairly present in all material respects the financial condition and results of operations of the issuer
- **CEO and CFO sign off that THEY are responsible for internal controls (regarding I/C DESIGN, EVALUATIONS of effectiveness, their CONCLUSIONS as to the EFFECTIVENESS of I/C based on evaluation)
- **CEO and CFO sign of that they made disclosures to the issuer's auditors and audit committee regarding (1) all SD and MW in the design or operation of I/C that might adversely affect F/S and (2) ANY fraud regardless of materiality that involves management or any other employee with a significant role in I/C
- **CEO and CFO must also disclose any significant changes to internal controls
61
What does the improper influence on the conduct of audits relate to
No officer or director may take any action that would fraudulently influence, coerce, mislead or manipulate the auditor in a manner that would make the F/S materially misstatement
in other words, they must cooperate with the auditor
62
If an issuer is required to prepare an accounting restatement due to material noncompliance with any financial reporting requirement, what happens?
the CEO and CFO may be required to reimburse the issuer for:
- --bonuses or incentive-based or equity-based compensation
- --gains on sale of securities during that 12 month period
63
What are "enhanced financial disclosures" otherwise known as
Title IV
64
What are the enhanced financial disclosures for Periodic reports (quarterly or annually)
- all material correcting adjustments identified by the auditor
- all material OFF-BALANCE SHEET transactions (operating leases, contingent obligations, relationships with unconsolidated subsidiaries (equity method))
65
What are the enhanced financial disclosures for conflicts of interest
issuers are generally prohibited from making personal loans to directors or executive officers
--exceptions apply when credit loans are made in the ordinary course of business
66
Descibr the enhanced financial disclosure for transactions involving management and principal stockholders
related parties!!
disclosures are required for persons who generally have direct or indirect ownership of more than 10% ownership of the company
67
Descibe Section 404
Each annual report is required to contain a report that includes:
- - statement that management is repsonsible for establishing and maintaining adequate internal control structure and procedures for financial reporting
- - an assessment as of the most recent fiscal year of the issuer, of the effectiveness of I/C structure and procedures for financial reporting
68
What should be included in the code of conduct/ethics? (be familiar!)
- honest and ethical conduct (including handling of conflicts of interest)
- full, fair, accurate, and timely disclosures in periodic financial reports (FACT)
- compliance with laws, rules, and regulations
69
Describe the disclosure of audit committee financial expert
at least one member of the audit committee should be a financial expert. The issuers financial reports must disclose the EXISTENCE of a financial expert on the committee OR the reasons why the committee does not have one (i.e. the guy just died)
70
What knowledge must the "financial expert(s)" on the audit committee have?
- understanding of GAAP
- experience in the preparation or auditing of financial statements for comparable issuers
- application of GAAP
- experience with I/C
- understanding of audit committee functions
this experience with allow the to help resolve disputes between management and the auditor
71
What are the responsibilities of the SEC as it relates to disclosures?
SEC is required to review disclosures made by ISSUERS, including those in from 10k, on a regular and systematic basis for the protection of investors
72
How frequently should the SEC schedule reviews?
SEC should consider
- historically has the issuer had a material restatements
- has the issuer experienced significant volatility in their stock price compared to other issuers
- issuers with large market cap
- issuers whose operations significantly affect any material sector of the economy ("too big to fail") -- big insurance co's/banks etc.
- -emerging companies with disparities in PE ratios
73
What happens when individuals alter destroy, conceal, cover up, falsify, etc. with the intent to impede, obstruct, or influence an investigation?
They will be fined, imprisoned for not more than 20 years or both
74
How long should auditors of issuers retain audit and review workpapers?
seven years from the end of the fiscal period in which the audit or review was conducted
failure to do so will result in a fine, imprisonment (for not more than 10 years or both)
75
What is the statue for securities fraud?
no later than the EARLIER OF 2 years after the discovery of the facts constituting the violation or 5 years after the violation
2+5
76
Describe whistle-blower protection
a whistleblower who lawfull provides evidence of fraud may NOT be discharged, demoted, suspended, threatened, harassed, or in any other matter discriminated against for providing such information.
If the above occurs, the employee may be provided compensatory damages including:
- reinstatement with the same seniority status they would have had
- back pay with interest
- compensation for any special damages (i.e. litiation costs, expert witness fees, reasonable attorney fees)
77
Any issuer F/S filed with the SEC must be accompanied by what?
- a WRITTEN statement that the periodic report fully complies with the Sec. Exchange act of 1934
- a WRITTEN statement that the info contined in report FAIRLY presents, in all material respects, the financial condition and operating results of the issuer
- the WRITTEN statements above must be signed by the CEO and CFO
78
if someoe certifies a periodic financial report KNOWING that it does not satisfy all the requriements, what are the repercussions?
he or she will be fined and/or imprisoned. Specifically a party who:
- certifies & knows it doesn't comply = $1M fine and/or imprisoned no more than 10 years
- WILLINGLY certifes & knows it doesn't comply (fraud, intentional) = $5M fine and/or nor more than 20 years imprisoned
79
What relationship does risk and return have?
directly related
80
What are risk and return a function of?
Both market conditions AND the risk preferences
81
What are the basic risk preference behaviors
Risk-indifferent behavior
Risk-averse behavior
Risk-seeking behavior
82
Describe risk-indifferent behavior
you're the exception if this is your behavior.
an attitude toward risk in which an increase in the level of risk does not result in an increase in management's required rate of return
You seek the highest rate of return
83
Describe risk-averse behavior
the general rule
most people exude this behavior
an attitude toward risk in which an increase in the level of risk results in an increase in managements's required rate of return
84
Describe risk-seeking behavior
exception - VERY unusual
attitude toward risk in which an increase in the level of risk results in a DECREASE in management's required rate of return
very rare
85
Interest rate risk
aka "Yield Risk"
As the interest rate increases, the value of fixed income goes down (inverse relationship)
Fluctuations in the value of the instrument in response to changes in interest rates (ex: I have a bond that pays a fixed rate. If interest rates go, other people can get bonds that pay out higher rates. As such, the value of my bond will go down)
86
Market/Systematic/Nondiversifiable Risk
fluctuations in value as a result of operating within an economy
Unavoidable
Ex: war, inflatiion, international incident, political events
87
Unsystematic/firm-specific/diversifiable risk
nonmarket
represents the portion of a firm's or industry's risk that is associated with random causes and can be eliminated through DIVERSIFICATION
Attributed to firm-specific/industry-specific events
Ex: strikes, lawsuits, regulatory actions, or the loss of a key account
88
Credit risk
affects borrowers (the cost of borrowing)
Includes a company's inability to secure financing OR secure favorable credit terms as a result of poor credit ratings.
Relationships:
As credit risk goes up, the cost of borrowing goes up.
If your credit rating goes down, you're a greater credit risk and your cost of borrowing goes up
If you have a poor credit rating, lenders will demand a higher interest rate (collateral may also be required)
89
Default risk
affects lenders
the possibility that debtors may not repay the principal or interest as it becomes due on a timely basis
historically, US treasury securities have the lowest default risk (i.e. risk free rate = tbill)
90
Liquidity risk
affects lenders (investors)
lenders/investors are exposed to liquidity risk when they desire to sell their security but cannot do so in a timely manner OR when material PRICE CONCESSIONS have to be made to do do
Ex: "not publicly traded" items, real estate
91
Price risk
affects investors
the exposure that investors have to a decline in the value of their individual securities or portfolios
price risk is diversifiable (can be diversified away)
92
Stated rate general characteristics
given
aka nominal rate
always on an annual basis and before any compounding
93
Effective interest rate characteristics
periodic rate - can be paid annual (1), semiannual (2), quarterly (4), etc.
94
compute effective interest rate
= interest paid per period / net proceeds of loan
interest paid per period = (Price X stated rate) / # periods
95
Define Maturity Risk Premium (MRP)
risk increases with the term to maturity
longer the term to maturity = the higher the required rate of return
the longer the maturity = more risk because you have greater exposure to interest rate risk over time
96
Define Purchasing Power Risk or Inflation Premium
used to calculate the nominal risk free rate
the compensation investors require to bear the risk that price levels will change and affect asset values
97
Describe liquidity risk premium
the risk an investment security cannot be sold on a short notice without making significant price concessions
98
describe default risk premium
risk that the issuer of the security will fail to pay interest and/or principal due on a timely basis
99
What can diversification help with?
unsystematic (firm-specific) risk
100
What is considered nondiversifiable risks?
market, systematic risk
101
How to mitigate interest rate risk
can mitigate by investing in floating rate debt securities (i.e. rather than invest in fixed income, invest in variable securities)
can mitigate by investing derivatives (.e. forwards or interest rate swaps)
-interest rate swaps --> if you think rates are going to go up (and hence, you're fixed income will be worth less, you've want to enter into an agreement where you pay a fixed rate (ex: 8%) and the other party pays you a variable rate (ex: LIBOR + 1%)
102
how to mitigate market risk
very difficult because it's inherent in the market and economy
aka systematic risk
it is nondiversifiable
investing in derivatives where you could profit when the market declines (and hence offset your losses) - SHORTS
103
how to mitigate unsystematic risk
minimized through diversification
| -want to invest in assets that are either uncorrelated or inversely correlated
104
how to mitigate credit risk
how to reduce the cost of borrowing (from the borrowing/debtor's perspective)
how do I mitigate the risk that my credit rating goes down and I can't favorable loans
ratio analysis (i.e. a high current ratio results in a higher credit rating) - want to improve your credit ratings. A high credit means you're very credit worthy and will get loans at a lower interest rate.
105
how to mitigate default riskq
from the Lendor/Creditor perspective
an entity may choose to lend only to borrowers with low risk of default
another option, adjust the interest rate charged to better reflect the risk of each borrower (a riskier borrower will have to pay a higher interest rate on the loan you give them)
106
how to mitigate liquidity risk
mitigate by allocating a greater percentage of capital to investments that trade on ACTIVE MARKETS (invest more in stocks and bonds rather than real estate, which is not publicly traded)
107
how to mitigate price risk
mitigate through...
diversification
short selling or derivatives (hedging, put options - you buy the right to sell at a certain price)
108
Why does exchange rate risk exist
exists because of the relationship between domestic and foreign currencies may be subject to volatility
109
What are the factors that influence exchange rates
trade factors and financial factors
110
Describe the "Trade Factor" relative to inflation rates
relative to inflation rates
when domestic inflation exceeds foreign inflation, holders of domestic currency are motivated to purchase foreign currency to maintain the PURCHASING POWER of their money (ex: my USD 1 can buy me more in another country. I'm going to that country for vacation).
the increase in demand for foreign currency forces the value of the foreign currency to rise in relation to domestic currency
111
Describe the "trade factor" relative to income levels
as income increases in one country realtive to another, exchange rates chase as a result of increased demand for foreign currencies in the country in which income is increasing
112
Describe trade factor - government controls
as opposed to freely fluctuating equilibrium
various trade and exchange barriers that artificially suppress the natural forces of supply and demand affect exchange rates.
ex: tariffs on imported goods would have the effect of discouraging the purchase of those imported goods thereby reducing the demand for that currency
113
Describe financial factors - relative interest rates and capital flows
interest rates create demand for currencies by motivating either domestic or foreign investments.
currency with the higher interest rate attracts investments thus there is greater demand for the currency, and the value of the currency goes up
114
What are the trade related factors as it relates to impacts on exchange rates
relative inflation rates
relative income levels
government controls (trade restrictions)
115
What are the financial factors as it relates to impacts on exchange rates
relative interest rates
| capital flow
116
Define "Transaction Exposure"
Gain/Loss
the potential that an org could suffer economic loss or gain upon settlement of an INDIVIDUAL as a result of exchange rates
117
Define "Economic Exposure"
the potential that the PRESENT VALUE of an organization's cash flows could increase or decrease as a result of changes in exchange rates
118
In terms of changes in foreign currency, what specifically does present value and G/L relate to
PV - Economic exposure
| G/L - Transaction exposure
119
Define "Translation Exposure"
the risk that assets, liabilities, equity, or income of a CONSOLIDATED organization that includes foreign subsidiaries will change as a result of changes in exchange rates
120
What affects translation exposure?
the degree of foreign involvement (more = more risk)
Locations of foreign investments (the more volatile the exchange rate = the higher the translation risk)
