4/30 Flashcards
(36 cards)
Requirements of Audit Committees
SOX requires 1 financial expert w/ understanding of GAAP and Fin Stmts & exp in preparing or auditing F/S & experience with internal auditing controls & understanding of audit committee functions
What did Dodd-Frank do re: a whistleblowers right to sue for retaliation accorded by SOX?
- Extended time to file a complaint with OSHA from 90 to 180 days
- Extended right to sue to whistleblowing employees of private subsidiaries controlled by public companies.
- Granted whistleblowers the right to a jury trial in retaliation cases that are properly filed in federal court
Reward under Doddd-Frank act in providing info to authorities in re: to fraud in company
10%-30% of sanctions imposed
By amending SOX, Dodd-Frank protects whistleblowers in nonpublic subsidiaries of public companies from retaliation.
fact
Can SEC enforce the whistleblower retaliation provisions of Dodd-Frank?
Yes!
General Control
Apply to all functions, not just specific accounting applications. General controls help ensure that data integrity is maintained.
Detective Control
“After the fact” controls. ie data entry edits, recon of batch control totals
Preventive Control
“Before the fact” controls designed to stop an error or irregularity from occurring. Examples of preventive controls include locks on building and doors, password protected access to files, and segregation of duties.
Corrective Control
Allows users to recover from a problem once identified ie. disaster recover plans, insurance, backup files
Feed-Forward Controls
A process in which future results are projected based on current and past information and, if the future results are undesirable, the inputs to the system are changed to avoid the projected outcome. Many inventory ordering systems are essentially feed-forward controls: the system projects product sales over the relevant time period, identifies the current inventory level, and orders inventory sufficient to fulfill the sales demand.
Feedback Controls
A procedure in which the results of a process are evaluated and, if the results are undesirable, the process is adjusted to correct the results; most detective controls are also feedback controls.
Risk Assesment
This is the process of identifying, analyzing, and managing the risks involved in achieving the organization’s objectives.
Which is the component of I.C. that concerns testing the system and data
Monitoring
COSO cube Model?
Monitoring, Control Activities, Risk Assesment, Info
& Communications, control environment
Control Objectives
- Compliance
- Operations
- Reporting
Control Activities
Policies & procedures that ensure actions taken are to address risks related to achievment of mgmts objectives, technology controls, and policies
Risk Assesment
Relates to organizational objectives, risk assessment, fraud, and change mgmt
Monitoring - COSO control Principal
Relates to establishing ongoing and periodic evaluations, & addressing control deficiencies
Most core, underlying control.
Info & Comm - COSO control principal
Relates to quality of information supporting controls, and internal and external communication
Risk Response
Managements decision to avoid, accept, reduce, or share risk and to develop set of actions to align risk with entity’s risk preferences
How many objectives does COSO model have? COSO ERM?
5,8
What is expected value?
calculates and integrates likelihood of losses w/amt of losses.
What are the two main attributes of effective evaluators that are identified by COSO?
Competence and Objectivity
What is compensating Control?
A control that accomplishes the same objective as another control
