Section 1 B&C Flashcards

1
Q

What are the three COSO ERM (Enterprise Risk Management) frme work that cites esveral trends will continue to have effect on an ERM?

Adapting to the ___ of data
Leveraging ___ __ and automation
Managing the cost of ____ ___
Building stronger ____

A

Proliferation (internal & external data sources to be structured in new ways)
Art intelligence
Risk Managemnet
Organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The updated COSO Enterprise Risk Management (ERM) framework’s Executive Summary lists the following benefits that can be achieved when entities integrate ERM throughout the organization:

Increased range of ____
Improved identifications and managment of ___ entiy-wide
Increased ___ outcomes and reduce ___ surprises
Improve ___ deployment
Enhanced ____ resilience
Reduce ___ Variability

A
opportunities
risk
positive, negative
resource
enterprise
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

COSO issued an update to the enterprise risk management (ERM) framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance, which addresses the evolution of ERM and the need for entities to what?

A

improve their approach to managing risk to meet the demands of an evolving business environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Definition: The Committee of Sponsoring Organizations of the Treadway Committee (COSO) issued the Enterprise Risk Management—Integrated Framework in 2004, and defined enterprise risk management (ERM) as follows:

“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its ____, to provide reasonable assurance regarding the achievement of entity x____.”

A

risk appetit, risk appetite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Enterprise risk management (ERM) components help the entity achieve its objectives. These interrelated components need to be both present and functioning effectively (i.e., no material weaknesses) in order to have an effective ERM system. ERM consists of eight components: (CRIMER.IO)

THIS IS THE FRAMEWORK OF ERM

A
Control Activities
Risk Assessment 
Internal Environment
Monitoring
Event Identification
Risk Response

Information & Communication
Objective Setting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

These are the 8 components of Enterprise Risk Management (ERM)…what are they

Control Activities
Risk Assessment 
Internal Environment
Monitoring
Event Identification
Risk Response

Information & Communication
Objective Setting

A

Control activties- Management risk response are effectively carried out. Polices are implemented

Risk Assessment - Identified risks are evaluated
Internal Environment - Tone at top
Monitoring -Processes monitored - deficiencies reported
Event ID - Identify positive & negative events to detremine risks/opportunities

Risk Response - Avoid, reduce, share, or accept risks
Information & Communication - Info about ERM components need to be communicated to mgmt

Objective Setting - Mgmt places processes to formulate objectives to help company assess/respond to risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The revised COSO Enterprise Risk Management (ERM) framework is designed to assist boards of directors in fulfilling their risk oversight role, which includes the following:

____,, ___, __with management
Approving management ___and remuneration
Participating in __ and __relations

A

Reviewing, challenging, and concurring
incentives
investor and stakeholder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The internal auditor who works in ERM sets the risk appetite of the organization

A

False - this is generally done by the board of directors and/or executive management.

Internal auditors do coordinate ERM activities across the organization, evaluate the risk management process, and give assurance that the risks of the organization are correctly evaluated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

____do coordinate ERM activities across the organization, evaluate the risk management process, and give assurance that the risks of the organization are correctly evaluated.

A

Internal auditors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who ensures that the organization’s risk responses align with the defined risk appetite.

A

Internal Auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

According to COSO, which of the following components of enterprise risk management addresses an entity’s integrity and ethical values?

Information and communication
Internal environment
Risk assessment
Control activities

A

Internal Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

COSO ERM Framework takes a risk base or control base appraoch?

ERM assists ___in effectively dealing with uncertainty and its related risk and opportunity, thus building stakeholder value in the entity.

The ____, is charged with the responsibility of finding a balance between growth and profit while using resources in an efficient and effective manner.

ERM helps ensure that ___ and ___laws and regulations are met, and assists in protecting the entity’s reputation.

A

Risk Based

management

chief executive officer

reporting and compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

. The objective of the ERM framework is to achieve all the goals of the control framework and help the organization to:

attain reasonable assurance that company objectives and goals are ___,

continuously assess risks and identify the appropriate action to take and the resources to allocate to ___

achieve its ____targets, and

avoid adverse ___and damage to the entity’s reputation.

A

achieved and problems and surprises are minimized

overcome or mitigate risk,

financial and performance

publicity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

“process effected by an entity’s board of directors, management, and other personnel.” … What is this?

A

Defintion of COSO - ERM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

COSO ERM Framework consists of 5 interrelated components – what are they?
(GRIPS) - COSO grips ERM

A
Governance/Culture
Review/Revision
Information/Reporting
Performance
Strategy/Objective Setting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

COSO ERM - GRIPS…What are they (Defintion)

Governance/Culture
Review/Revision
Information/Reporting
Performance
Strategy/Objective Setting
A

Gov - Sets Tone & upholds ethical values/behaviors

Review - Review performance and analyze ERM component functions

Information - Sharing info from all sources across org
Performance - Risks need to be identified and assesed.

Strategy - ERM & Objective setting works together to establish a risk appetite/objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

COSO ERM - GRIPS Have principles dedicated to each.

What are the principles for GOV & Review

A

GOV

  1. Establish Board risk oversight
  2. Establish operating structure
  3. Define Culture
  4. Commitment to Core Values
  5. Attract/retain capable individuals

REVIEW
Assess Substantial Change
Review Risk/Performance
Pursue Improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

COSO ERM - GRIPS Have principles dedicated to each.

List Information, Strategy/Objectives, & Performance(PAIID)

A

INFO
Leverage Info Systems
Communicate Risk Info
Report Risk/Performance

PERFORMANCE (PAIID)
Identify risk
Assess risk
Prioritize risk
Implemnet Risk Response
Develop Portfolio View
STRATEGY
Analyze Biz context
Define Risk Appetite
Evaluate Alt. Strategies
Formulate(create) Biz Objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

_____ is the process used by organizations to manage risk and seize opportunities to achieve the goals of the organization. It provides a framework for risk management, determines response strategy, and monitors the progress

A

Enterprise risk management (ERM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ompany management, including the risk officer and financial executives, are responsible for establishing the ____ and implementing ____procedures

A

internal control system, monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The COSO ERM (Enterprise Risk Management) framework is designed to help an entity’s management achieve its objectives, grouped into four overlapping categories: (ROCS)

A

Reporting - reliable reporting
Operations - resources used effectively
Compliance -Compliance w/ laws/reg
Strategic - High lvl goals support entity’s mission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

OBJECTIVE OF COSO ERM
The COSO ERM (Enterprise Risk Management) framework is designed to help an entity’s management achieve its objectives, grouped into four overlapping categories: (ROCS). Define Them

Reporting
Operations
Compliance
Strategic

A

Reporting - reliable reporting
Operations - resources used effectively
Compliance -Compliance w/ laws/reg
Strategic - High lvl goals support entity’s mission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

According to COSO, which of the following identifies the group directly responsible for the implementation and development of the enterprise risk management framework?

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The return on an individual stock, or a portfolio of stocks, should equal its ___

A

cost of capital.

You want to have it equal at least the cost of what you put in. You dont want anything less b/c you’ll be negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

____ is the cornerstone for developing an investment portfolio.

___ is the core beliefs of the investor that may be used to devise an investment strategy.

A

Investment Philosophy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

____involves deciding which assets to include in the portfolio given the goals of the investor and the changing economic conditions within which the portfolio is being managed.

A

Portfolio management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

According to COSO, the position or internal entity that is best suited, as part of the enterprise risk management process, to devise and execute risk procedures for a particular department is the internal auditor.

A

False - it should be a manager within the department

“A manager with the department” is the correct answer choice because a manager within the department has the most detailed knowledge of risks in that department.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Enterprise risk management (ERM) components help the entity achieve its objectives. These interrelated components need to be both present and functioning effectively (i.e., no material weaknesses) in order to have an effective ERM system. ERM consists of eight components.

For Risk Response, What are the 4 principles

A

Risk Avoidance
Risk Reduction
Risk Sharing
Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the definitons

Risk Avoidance
Risk Reduction
Risk Sharing
Risk Acceptance

A

Risk Avoidance - not to engage
Risk Reduction - mitigating control to offset risk
Risk Sharing - share risk w/ another org. Can create a Joint Venture this way

Risk Acceptance - assume all risk b/c its acceptable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Each of the following is a limitation of enterprise risk management (ERM), except: T/F

ERM deals with risk, which relates to the future and is inherently uncertain.

ERM operates at different levels with respect to different objectives.

ERM can provide absolute assurance with respect to objective categories.

ERM is as effective as the people responsible for its functioning.

A

True
True
False - Reasonable Assurance, not absolute
True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Executive Officers are agents of the corporation and have a fiduciary responsibilities similar to those of the board. T/F

President of company is usually known as the ___

A

True

CEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The Sarbanes-Oxley Act of 2002, Section 302, requires that CEOs and CFOs of a corporation include certifications that:

Signing Officers ___ the reports
Signing officers are evaluating the internal controls within ___ days and reporting their findings
all __in internal controls are being reported.

negative impacts on internal controls are being reported and corrected. T/F

Stating the financials do not contain untrue statements or material misstatements.

the financial statements present fairly the financial condition of the company.

A
review
90 days
deficiencies 
True
True
True
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

For the Sarbanes Oxley act of 2002,

The officers are permitted to reincorporate the activities of a company to attempt to avoid these requirements. T/F

They are also not permitted to move the activities outside of the United States to attempt to avoid these requirements. T/F

Senior staff is responsible for the specific internal control functions employed in the various areas. T/F

Without properly implemented internal controls, members of management have the ability to __ necessary controls, enabling potential dishonest dealings or recording of transactions.

A

False - They are NOT permitted

True

True

override

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Who is required to make special certification statements regarding the establishment of internal control systems on Form 10-K?

A

Both the principal executive officer and the principal financial officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

The purpose of the ___ is for the company to analyze the internal controls currently in place and to assess the effectiveness of those controls to avoid material misstatement in the firm’s financial reporting.

A top-down risk assessment (TDRA) is done in order for a company to be in compliance with ___

A

TDRA (Top Down Risk Assessment)

SOX 404.

36
Q

Two important definitions related to the internal control process are those for control precision and control sufficiency. Define Them

A

Control Precision - alignment between risk & Control activity designed to mitigate the risk.

Control Sufficiency - Grp of controls to achieve a control objective.

37
Q

Section ___of the Sarbanes-Oxley Act of 2002 (SOX) requires that all publicly traded firms establish internal controls related to financial reporting that are documented, tested, and maintained.

A

404

38
Q

In order to be in compliance with SOX 404, a company needs to:

(3)

A

Document existing controls and list procedures associated w/ financial reporting

Test effectiveness of documented controls

Provide details of any deficiencies in controls

39
Q

Each financial report that contains financial statements prepared in accordance with GAAP must reflect all material ___that have been identified by the external auditors.

Pro forma financial information cannot contain an untrue statement of a material fact or omit to state a material fact necessary in order to make the pro forma financial information not misleading. T/F

Annual and quarterly financial reports should disclose all material off-balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the issuer with unconsolidated entities or other persons, that may have a material current or future effect on financial condition, Tf

A

correcting adjustments

True

True

40
Q

The BOD has a fiduciary duty to act in the best interests of the corporation. As fiduciaries, board members are held to a higher standard of care than would be exercised in discharge of those people’s personal affairs. Directors may not put themselves in a position where their interests and duties conflict with the duties that they owe to the company. T/F

Fiduciary duties fall within three categories:

A

True

Duty of Care -Act in good faith. Belief their decisions is whats best for the entity

Duty of Loyalty - undivided loyalty. Put interests of shareholders above their own

Duty of Due Diligence - Refers to the care a reasonable person should make before entering an agreement/transaction. This is a way to prevent harm.

41
Q

Which of the following organizations was established by the Sarbanes-Oxley Act of 2002 to control the auditing profession?

A

PCAOB

42
Q

The financial statements are required to be audited by an independent CPA firm that is certified by the ___to perform audits of corporations under the jurisdiction of the SEC.

The independent auditor is hired by and interacts directly with the board of directors’____

This committee should include independent directors, including stockholders & officers, and should be chaired by someone with significant financial reporting qualifications and experience.

A

PCAOB

audit committee.

False - (not stockholders or officers)

43
Q

According to the Sarbanes-Oxley Act of 2002, a chief executive officer or chief financial officer who misrepresents the company’s finances may be penalized by being:

fined, but not imprisoned.

imprisoned, but not fined.

removed from the corporate office and fined.

fined and imprisoned.

A

Fine & imprisoned - can be fined, imprisoned for not more than 20 years, or both.

. Penalties include fines of not more than $1,000,000, imprisonment for not more than 10 years, or both for certification violations;

and fines of not more than $5,000,000, imprisonment for not more than 20 years, or both for willful certification violations.

44
Q

The Sarbanes-Oxley Act has the authority to remove individuals from corporate office. T/F

A

False - That is a responsibility of the corporate board of directors or the stockholders.

45
Q

. Penalties include fines of not more than $1,000,000, imprisonment for not more than 10 years, or both for ___violations;

and fines of not more than $5,000,000, imprisonment for not more than 20 years, or both for ___

A

certification

willful certification violations.

46
Q

Audit committee members of issuers are required, under the Sarbanes-Oxley Act of 2002, to maintain which of the following traits?

Integrity

Diligence

Independence

Proficiency

A

Independence

47
Q

____oversee the financial reporting process; monitor the choice of accounting policies and principles; monitor the internal control process; appoint, compensate, and oversee the external auditors; and receive communications and audit reports directly from the external auditors.

___ is when individuals who alter, destroy, mutilate, or conceal records, documents, etc., with the intent to impair objectivity or availability of use, or otherwise obstruct, influence, or impede any official proceeding, will be fined, imprisoned for not more than 20 years, or both.

A

audit committees

Tampering

48
Q

In any cease-and-desist proceeding, the Securities and Exchange Commission (SEC) can issue an order to prohibit any person who has violated certain security laws, rules, and regulations, from serving as ___

A

an officer or director of the issuer.

49
Q

The Sarbanes-Oxley Act (SOX) was enacted to enhance the transparency of a company and hold its officers more accountable. Which of the following is not part of SOX Title XI, “Corporate Fraud Accountability”?

Tampering
Certification violations
Retaliation against informants
Prohibiting persons from serving as officers

A

Certification violations

50
Q

SOX Title XI “Corporate Fraud Accountability” Consists of 3 components

A

Tampering
Retailiation Against Informations
Prohibiting Persons from serving as officers

51
Q

A top-down risk assessment (TDRA) is used to identify and assess:
(4)
__

A

Identify financial reporting items, transaction level controls, & entity level controls

risks related to financial reporting.

internal control procedures to limit the identified risks.

Analyze NTE of evidence

52
Q

According to the Sarbanes-Oxley Act of 2002, when an issuer’s board of directors selects members to be on the company’s audit committee, the board of directors must select individuals who:

receive consulting fees, but not advisory fees, from the company.
are members of the company’s board of directors.
are employed by the company in a financial management role.
are affiliated persons of the company’s subsidiary.

A

are members of the company’s board of directors.

Each member of the audit committee must be a member of the board of directors and must otherwise be independent.

Audit committee members may not accept any consulting, advisory, or other compensation from the issuer or be an affiliated person of the issuer.

53
Q

The audit committee should contain at least one ___

A

financial expert ———If an issuer does not have an audit committee financial expert, that issuer must disclose the reason why the role is not filled

Financial expertise includes an understanding of generally accepted accounting principles and financial statements, experience in the preparation or auditing of financial statements of generally comparable issuers, experience with internal accounting controls, and understanding of audit committee functions.

54
Q

The Sarbanes-Oxley Act requires financial issuers to publish what kind of information?

The immaterial condition of the company
Internal control performance relative to industry best practice benchmarks
Only positive impacts on internal controls
The scope and capabilities of the internal control structure

A

The scope and capabilities of the internal control structure

Issuers must include the scope and capabilities of the internal control system and include procedures for financial reporting in their annual reports.

55
Q

The Sarbanes-Oxley Act changed the way financial reports are treated. What section of the act requires the CEO to review the financial statements?

A

302

Section 302 of the Sarbanes-Oxley Act requires that CEOs and CFOs certify the accuracy of the financial statements and the reliability of internal controls prior to the statements being signed.

56
Q

The treasurer makes disbursements by check and reconciles the monthly bank statements to accounting records. Which of the following best describes the control impact of this arrangement?

Internal control will be enhanced since these are duties that the treasurer should perform.

The treasurer will be in a position to make and conceal unauthorized payments.

The treasurer will be able to make unauthorized adjustments to the cash account.

Controls will be enhanced because the treasurer will have two opportunities to discover inappropriate disbursements.

A

The treasurer will be in a position to make and conceal unauthorized payments.

Having the treasurer in a position to make and conceal unauthorized payments is an example of inadequate segregation of functions. The functions of disbursing funds and reconciling the related cash account should be assigned to different personnel.

57
Q

The Enterprise Risk Management—Integrated Framework of the Committee of Sponsoring Organizations (COSO) is best defined as a:

process that takes a control-based approach to an organization.

process effected by an entity’s board of directors, management, and other personnel.

process that replaces the COSO internal control framework.

serial process in which one component affects only the next component.

A

process effected by an entity’s board of directors, management, and other personnel.

“A process effected by an entity’s board of directors, management, and other personnel” is correct because the board of directors has overall responsibility for managing enterprise risk and can delegate parts of the process to entity personnel.

58
Q

COSO issued an update to the ERM (enterprise risk management) framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance. The revised ERM framework is designed to assist boards of directors (BOD) in fulfilling their risk oversight role, which includes all of the following except:

reviewing, challenging, and concurring with management on various topics.

approving management incentives and remuneration.

participating in investor and stakeholder relations.

improving resource deployment.

A

improving resource deployment.

59
Q

According to COSO’s enterprise risk management framework, which of the following is an essential element of the internal environment?

Ethical values

Risk assessment

Control activities

Event identification

A

Ethical values

60
Q

___:, management plans, organizes, leads, and controls the organization’s activities in order to minimize risks and cut back on costs.

A

enterprise risk management

61
Q

Risk response. Management can choose to avoid, reduce, share, or accept risks after careful analysis.

Risk avoidance. Choosing not to engage in an activity

Risk reduction. Implementing some compensating or mitigating control to offset the risk of an activity

Risk sharing. Sharing the risk with another organization such as establishing a joint venture
R
isk acceptance. Assuming all of the risk because it is deemed acceptable

A

Avoid
ReductionS

Share

Accept

62
Q

A financial institution looking to assess its investment portfolio’s exposure to price changes most likely would use which of the following techniques?

Market value at risk analysis

Cash flow at risk analysis

Back testing analysis

Earnings at risk analysis

A

Market value at risk analysis

63
Q

COSO issued an update to the 2004 ERM framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance. Which of the following is not one of the five interrelated components of the framework?

Governance and culture

Strategy and objective-setting

Performance

Monitoring

A

Monitoring

Monitoring is from the original 2004 ERM (enterprise risk management) framework. The 2017 ERM framework itself consists of five interrelated components (which are supported by a set of 20 principles). The components are governance and culture; strategy and objective-setting; performance; review and revision; and information, communication, and reporting

64
Q

COSO’s 2017 updated ERM framework, Enterprise Risk Management—Integrating with Strategy and Performance, includes several trends that should be monitored by entities. Which of the following is not one of those trends?

Expand customer service to include texts and chatbots

Adapt to the proliferation of data

Manage the cost of risk management

Leverage artificial intelligence and automation

A

Expand customer service to include texts and chatbots

65
Q

Which of the following is not one of the five interrelated components of COSO’s 2017 updated ERM framework, Enterprise Risk Management—Integrating with Strategy and Performance?

Governance and Culture

Internal Control

Strategy and Objective-Setting

Performance

A

Internal Control

66
Q

According to COSO, which of the following provides oversight of an entity’s enterprise risk management?

The risk officer

Financial executives

The board of directors

Management

A

The board of directors

67
Q

Management has several options as to how they wish to respond to risk. Which of the following is not an option?

Risk sharing

Risk rejection

Risk avoidance

Risk reduction

A

Risk rejection

68
Q

COSO issued an update to the ERM (enterprise risk management) framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance. The updated framework focuses on the importance of considering risk in both the strategy-setting process and in driving performance. Which of the following in not addressed by the update?

Achieve its financial and performance target

Accommodate expectations for governance and oversight

Expand reporting for greater stakeholder transparency

Recognize the globalization of markets and the need to apply a common approach across geographies

A

Achieve its financial and performance target

69
Q

Which of the following is not a 2004 enterprise risk management framework component?

Risk assessment

Control activities

External environment

Objective setting

A

External environment

70
Q

A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following responses to the risk?

Risk acceptance

Risk reduction

Prospect theory

Risk sharing

A

Risk reduction

71
Q

The 2004 ERM (enterprise risk management) framework lists a number of components, one of which is event identification. Which of the following is not used by managers for event identification?

Perform data mining and analysis

Use comprehensive lists of potential events

Perform an internal analysis

Perform an external analysis

A

Perform an external analysis

72
Q

According to COSO, the four categories of entity objectives in the enterprise risk management framework include each of the following, except:

implementation of internal controls.

reliability of reporting.

compliance with applicable laws and regulations.

effective and efficient use of the entity’s resources.

A

implementation of internal controls.

73
Q

Which of the following items is one of the eight components of COSO’s enterprise risk management framework?

Operations

Reporting

Monitoring

Compliance

A

Monitoring

74
Q

COSO’s enterprise risk management framework encompasses each of the following, except:

seizing opportunities.

improving deployment of capital.

enhancing risk response decisions.

decreasing inherent risk appetite.

A

decreasing inherent risk appetite.

75
Q

COSO issued an update to the 2004 ERM framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance, which is designed to assist the board of directors (BOD) in fulfilling their risk oversight role. Which of the following is not one of the BOD’s obligations in terms of ERM?

Revising reporting options to improve stakeholder transparency

Approving management incentives and remuneration

Reviewing and challenging management of proposed strategy and risk appetite

Participating in investor and stakeholder relations

A

Revising reporting options to improve stakeholder transparency

76
Q

The Sarbanes-Oxley Act requires financial issuers to publish what kind of information?

Only positive impacts on internal controls

Internal control performance relative to industry best practice benchmarks

The scope and capabilities of the internal control structure

The immaterial condition of the company

A

The scope and capabilities of the internal control structure

77
Q

Pursuant to the Sarbanes-Oxley Act of 2002, an accountant who destroys documents to impede an investigation by a U.S. agency can be:

temporarily or permanently limited on the activities, functions, or operations conducted on behalf of a registered public accounting firm.

fined and/or imprisoned not more than 10 years.

suspended or barred from being associated with a registered public accounting firm or be required to end such association.

fined and/or imprisoned not more than 20 years.

A

fined and/or imprisoned not more than 20 years.

78
Q

The Sarbanes-Oxley Act of 2002 (SOX) requires that all publicly traded firms establish internal controls related to financial reporting that are documented, tested, and maintained for the purpose of preventing fraud. Per SOX, a company needs to do all of the following except:

develop documentation of existing internal controls and procedures associated with financial reporting.

test the effectiveness of the existing internal controls and procedures.

provide information on deficiencies in the controls and/or documentation of those controls.

include all areas of potential risk to the misstatement of the financial statements in this documentation, testing, and reporting process.

A

include all areas of potential risk to the misstatement of the financial statements in this documentation, testing, and reporting process.

79
Q

Regarding the requirements of the Sarbanes-Oxley Act, officers of a company are not permitted to:

keep the organization transparent.

move the activities of the organization outside of the United States to avoid complying with the Sarbanes-Oxley Act.

report material misstatements.

report deficiencies of internal controls.

A

move the activities of the organization outside of the United States to avoid complying with the Sarbanes-Oxley Act.

80
Q

In relation to the internal control process, control sufficiency is:

the alignment between a risk and the control activity designed to mitigate that risk.

the testing of the effectiveness of a control procedure.

the group of controls with a variety of degrees of precision necessary to achieve a control objective.

the measurement of the effectiveness of a specific control in alleviating the defined risk.

A

the group of controls with a variety of degrees of precision necessary to achieve a control objective

81
Q

A top-down risk assessment (TDRA) is done in order for a company to be compliance with SOX 404. The purpose of a TDRA is to do all of the following except:

identify and assess the risks related to the financial reporting elements.

identify acts of fraud and embezzlement and assess the effect these items have had on company performance.

identify and assess financial reporting elements.

identify and assess the internal control procedures meant to limit the identified risks.

A

identify acts of fraud and embezzlement and assess the effect these items have had on company performance.

82
Q

Audit committee members of issuers are required, under the Sarbanes-Oxley Act of 2002, to maintain which of the following traits?

Integrity

Independence

Diligence

Proficiency

A

Independence

83
Q

Which of the following statements is correct regarding the requirements of the Sarbanes-Oxley Act of 2002 for an issuer’s board of directors?

The majority of members of the board of directors must be independent from management influence.

The board of directors must have an audit committee entirely composed of members who are independent from management influence.

The board of directors must have a compensation committee, a nominating committee, and an audit committee, each of which is entirely composed of independent members.

Each member of the board of directors must be independent from management influence, based on the member’s prior and current activities, economic and family relationships, and other factors.

A

The board of directors must have an audit committee entirely composed of members who are independent from management influence.

84
Q

As part of the TDRA, management will develop a list related to a particular account that would have a reasonable likelihood of ___, focusing on problems that have been encountered in the past and the solutions that were developed to avoid such errors in the future.

A

material misstatement

85
Q

According to the Sarbanes-Oxley Act of 2002, anyone who knowingly alters, destroys, covers up, or makes a false entry in any record or document with the intent to obstruct or influence the investigation of any matter within the jurisdiction of any department or agency of the United States may be fined and/or imprisoned for up to:

A

20 years.

86
Q

According to the Sarbanes-Oxley Act of 2002, a chief executive officer or chief financial officer who misrepresents the company’s finances may be penalized by being:

removed from the corporate office and fined.

fined, but not imprisoned.

fined and imprisoned.

imprisoned, but not fined.

A

fine and imprison

87
Q

According to the Sarbanes-Oxley Act of 2002, when an issuer’s board of directors selects members to be on the company’s audit committee, the board of directors must select individuals who:

are affiliated persons of the company’s subsidiary.

receive consulting fees, but not advisory fees, from the company.

are employed by the company in a financial management role.

are members of the company’s board of directors.

A

are members of the company’s board of directors.