Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPA - Business Environment > B1 - Corporate Governance and Financial Risk Management > Flashcards

B1 - Corporate Governance and Financial Risk Management Flashcards

(168 cards)

Start Studying
1
Q

What are the five major financial professional associations in the US that are part of the private sponsoring organizations?

A
  1. The American Accounting Association (AAA)
  2. The American Institute of Certified Public Accountants (AICPA)
  3. The Financial Executive Institute (FEI)
  4. The Institute of Internal Auditors (IIA)
  5. The Institute of Management Accountants (IMA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is the Committe on Sponsoring Organization (COSO) an independent private initiative?

A

Yes, COSO is an independent private initiative established in 1980’s to study the factors that can lead to fraudulent financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is COSO also referred to?

A

COSO is sometimes referred to as the Tradeway Commission after the Original Chairman, James Tradeway, Jr., an executive in the private sector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the nature of the board of directors’ relationship to the company?

A

The board of director has a fiduciary responsability to act on the best interest of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the existance of published code of ethics and periodic acknowledgment that ethical values are understood represents?

A

A published code of ethics and periodic acknowledgement that ethical values are understood is evidence of sound integrity, ethical values are developed and understood and set the standard of conducting for financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the three main objectives of COSO - Internal Control Framework?

A
  1. Operations
  2. Reporting
  3. Compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the operational objective intends to achieve?

A

Efficient and effective operations that meet profit goals (financial and operations performance goals) and properly safeguard assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the reporting objective intends to achieve?

A

Reporting objectives pertain to the reliability, timeliness, and transparency of an entity’s external and internal financial and non-financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the compliance objective intends to achieve?

A

Compliance with laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the principles that support the Risk Assessment component of the COSO Internal Control Framework?

A

S - Setting objectives
I - Identify and analyze risk
C - Consider potential for fraud
I - Identify and assesses changes (change mgmt.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 3 types of risk that support the assessment of risk principle?

A
  1. Operational Risk
  2. Reporting Risk
  3. Compliance Risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the ongoing and/or separate evaluation principle from the monitoring component refers to?
O - ongoing and/or separate evaluation
C

A

The organization selects, develops, and performs ongoing and/or separate evaluation to ascertain whether the components of internal control are present and functioning.
- One point of focus is to consider establishing baseline understandings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does monitoring activities refer to?

A

It involves ongoing or separate evaluations to determine whether the components of internal control are present and functioning properly (effectively) as well as reporting and correcting deficiencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

is the act of approving high-dollar transactions by supervisors a monitoring activity?

A

No, the act of approving high-dollar transactions is an internal control, not a monitoring activity under the COSO framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the two monitoring principles?

A

O - ongoing/periodic and/or separate evaluation
C - Communication of deficiencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 3 principles of the Information and Communication component of the COSO internal control framework?

A

O - Obtain and use information (Quality)
C - Communicate with external parties (external)
I - Internally Communicate Information (internal)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does communication of deficiencies from the monitoring component relates to?
O
C - communicates deficiencies

A

The organization evaluates and communicates internal control deficiencies in a timely manner to parties responsible for taking corrective action. Examples:
- Reporting to the audit committee represents reporting of deficiencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is change control?

A

Change control considers the manner in which management monitors an authorizes changes to a variety of information technology matters including software application programs.
- Only authorized individuals should be allowed to move changes into production and the function of making the changes should be segregated from the function of putting the change into production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the 3 principles of the control activities component of the COSO internal control framework?

A
  1. Risk Reduction - selection and development of control activities
  2. Technology controls - development of technology controls
  3. Policies and Procedures - implementation of policies and procedures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are inherent limitations of internal controls (framework)?

A
  1. Human failure (errors)
  2. Bad decisions based on faulty judgement or biased judgement
  3. External events beyond the entity’s control
  4. Collusion-two or more plot to rip off the company
  5. Management over-ride of controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are not inherent limitations?

A
  1. Cost benefit consideration - constraints: prevent management from investing more in internal control than the perceived benefit
  2. Incompatible functions: collusion due to lack of segregation of duties.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is value creation?

A

Value is created when benefits of value exceed the cost of resources used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does uncertainty means in Enterprise Risk Management (ERM)?

A

Uncertainty is a state of not knowing how or whether events may occur and the impact they may not have on an organization if they occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is inherent risk and how is this used?

A
  1. Inherent risk is used to assess the severity of risk
  2. Inherent risk is the risk to an entity in the absence of any direct or focused actions by management to alter its severity (“in the absence of any actions management might take”).
    - Managing risk such that it aligns with risk appetite is an appropriate component of the framework.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What are the 5 components of the Enterprise Risk Management (ERM) Framework?
G - Governance and Culture O - Objective setting and Strategy P - Performance R - Review and revision O - Ongoing Information, communication, and reporting
26
What are the 5 principles supporting Governance and Culture under the ERM Framework?
D - Define desired culture - desired behavior and ethical values O - Oversight (Exercises board oversight) V - Values (commitment to core values) E - Employee (capable) - Attract, develop, and retain capable individuals with knowledge, skill, and experience. S - Structure (operating) is established - centralized or decentralized
27
What are the 4 principles supporting Strategy and objective-setting under the ERM Framework?
S - Strategies (Alternatives) are evaluated O - Objectives (business) are formulated A - Analyze business context R - Risk appetite is defined
28
What are the principles supporting Performance under the ERM Framework?
V - View portfolio; Develop portfolio view A - Assess severity of risk P - Prioritize risk I - Identify risk R - Risk response
29
How is the risk assessment for severity determined under Performance?
The risk assessment for severity is computed as follows: Risk assessment (severity) = likelihood (%) * severity ($ amount) - ranking is determined based on the different risks that are assessed.
30
What is operating structure?
it describes how an entity organizes and carries out its day-to-day operations and contributes to the alignment of risk management practices with core values. - It could be centralized and decentralized - it has no bearing on the level of diversity of the entity's workforce.
31
What is not a goal of the Enterprise Risk Management (ERM) framework?
Avoid adverse publicity and damage the entity's reputation
32
What is a Sarbanes-Oxley Act requirement related to the board of directors's audit committee?
The board of directors must have an audit committee composed entirely of members who are independent and not influenced by management. independence criteria: 1. cannot accept compensation for consulting or advisory services 2. May not be an affiliated person of the company (a person with the ability to influence financial decisions).
33
What does high quality of information means?
1. Information needs to be relevant, timely, current, accurate, verifiable, protected, and retained. 2. The entity needs to obtain and generate high quality information within the internal control component level.
34
When are events determined?
Events can only be identified after the organizational objectives are identified. Events will either favorably or unfavorably impact the achievement of objectives.
35
What are the 5 components of COSO Framework - Internal Control?
C - Control Environment R - Risk Assessment I - Information and Communication M - Monitoring E - Existent Control Activities
36
What is the purpose of the COSO framework - Internal Control?
it is a tool used to help organizations develop and maintain effective systems of internal control. The framework takes a principle-based approach, in which 17 principles are grouped into 5 integrated components.
37
What is the purpose of the Public Company Accounting Oversight Board (PCAOB)?
The PCAOB was established by Congress, through the Sarbanes-Oxley Act of 2002, to oversee public companies and broker/dealer audits.
38
What does the existence of a written code of conduct do to the control environment of the organization?
it promotes (among other things) honest/ethical conduct, teamwork, compliance, and appropriate disclosure.
39
What are the standards that the code of ethics promotes?
1. Honest and ethical conduct (including handling of conflict of interest) 2. Full, fair, accurate, and timely disclosures in periodic financial reports. 3. Compliance with laws, rules, and regulations.
40
What knowledge is required to qualify as a financial expert of an issuer's audit committee?
1. Understanding of GAAP 2. Experience in the preparation or auditing of financial statements for comparable issuers. 3. Application of GAAP 4. Experience with internal controls 5. Understanding of audit committee functions.
41
What disclosure should an issuer make with regards to the code of conduct?
Issuers must disclose whether it adopted a code of conduct for senior officers (e.g., CEO, CFO, controller, and chief accoutnant). If no code of conduct has been adopted, the issuer must disclose the reasons.
42
What is the purpose of the risk assessment component of the COSO Internal Control Framework?
It captures how an entity identifies and analyzes risk that may impact the achievement of objectives.
43
What is the purpose of the information and communication component of the COSO Internal Control Framework?
It entails obtaining and using information to support the internal control functioning.
44
What is the purpose of the monitoring component of the COSO Internal Control Framework?
It involves evaluating the quality of internal controls by assessing the system of designs and operations and taking necessary corrective actions.
45
What is the purpose of the control activity component of the COSO Internal Control Framework?
Control activities are established by an entity to ensure that directives are initiated by management to mitigate risk
46
What is cross-footing (processing control)?
Cross-footing is testing the sum of a column of row totals to the sum of a row of column totals to verify identical results provides some assurances as to accuracy.
47
What is not a management concern as it relates to the effectiveness of the monitoring process of an entity regarding internal controls over financial statement preparation?
There is no assurance that an entity will meet its operating and financial expectations, and internal controls are not put into place to ensure that these expectations are met.
48
What is the criminal penalty for an individual who attempts to alters, falsify, destroy, conceal, cover up, or make false entry in any record with the intent to impede, obstruct, or influence an investigation?
The individual will be fined, imprisioned for not more than 20 years, or both.
49
What timeline is the auditor required to retain all audit and review workpapers?
The auditor is required to retain the audit and review workpapers for up to 7 years. Failure to do so results in fine, imprisionment for not more than 10 years, or both.
50
What is section 404 of the Sarbanes-Oxley Act?
Section 404 is management's assessment of internal controls (COSO framework - Internal Controls).
51
How is the management's assessment documented in the annual report to comply with section 404?
1. The annual report is required to contain management's assessment of the effectiveniess of internal controls structure and procedures for financial reporting. 2. Auditor's attestation to management's assessment of internal controls. 3. Management is not required to include a statement related to disagreements with the auditor.
52
What does the annual report contains to comply with section 404?
1. A statement communicating management's responsability to establish and maintain an adequate internal control structure and procedures for financial reporting. 2. An assessment, at the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures for financial reporting
53
What is risk averse?
Investors seek returns but they seek no additional risk unless the return will offset the additional risk. Higher return for higher risk. Most investors are risk averse.
54
What is risk indifferent?
The investor is seeking the highest level of return regadless of risk.
55
What is risk seeking?
1. investor is seeking the highest risk, regardless of return. 2. Risk seeking managers are willing to settle for a lower expected return just to be able to take on the additional risk. 3. Risk exceeds the expected return.
56
What is market/systematic risk?
Risk that cannot be eliminated through the diversification of a portfolio. Examples include: 1. high interest rates (prime) 2. high inflation 3. recession/depression 4. war 5. political events 6. pandemic 7. international crisis
57
what are unsystemactic/firm risks?
Risks that can be diversified using a portfolio of assets (e.g., labor strikes).
58
What is the formula to compute the required rate of return?
Required rate of return = risk-free rate + market risk premium + inflation premium (purchasing power risk premium) + liquidity risk premium + Default risk premium.
59
What is credit risk?
1. Credit risk impacts borrowers. 2. The inability of a company to secure financing or secure favorable credit terms as a result of poor credit ratings.
60
how to compute the actual interest rate?
Actual interest = bank loan * stated interest rate * term
61
How to compute the interest earned in a checking account?
interest earned = compensating balance * interest earned rate
62
How to compute the net interest cost?
net interest cost = actual interest - interest earned
63
How to compute the loan proceeds?
loan proceeds = bank loan - compensating balance
64
How to compute the effective interest rate in the bank loan?
effective interest rate = net interest cost/actual cost / loan proceeds
65
How to compute the effective interest rate in a discounted note?
1. determine the actual interest Actual interest (bank loan * stated interest rate * term) 2. determine the cash proceeds as follows: cash proceeds = bank loan - actual interest 3. compute the effective interest rate effective interest rate = actual interest/cash proceeds
66
How to compute the nominal dollar amount?
nominal dollar (FV) = real dollar (PV) * (1+inflation rate (interest))^n
67
What is a put option?
A put option gives its owner the right to sell a specific security at fixed conditions of price and time.
68
What does it means when a client is highly leveraged?
A highly leveraged client implies that the client is heavily utilizing debt in the capital structure. If the prime interest rate rise, debt becomes more expensive.
69
How to determine if the domestic currency is depreciating (weakening) compared to the foreign currency?
if we need more units of a domestic currency (e.g., dollar) to buy 1 unit of a foregin currency (e.g., euro), it means that the price of the domestic currency is depreciating (weakening) against the foreign currency. Example: 1 euro = $.50 1 euro = $.75 We need more dollars to buy 1 euro. FCU appreciates -> domestic currency weakens, domestic currency (dollar) goes up, exports become cheaper and imports more expensive.
70
How to determine if the domestic currency is appreciating compared to the foreign currency?
if we need less units of the domestic currency (e.g., dollar) to buy 1 unit of a foreign currency (e.g., euro), it means that the price of the domestic currency is appreciating (stronger) against the foreign currency as there is a larger purchasing power for the domestic currency. Example: 1 euro = .$50 1 euro = $.25 We need less dollars to buy 1 euro. FCU depreciates -> domestic currency appreciates, domestic currency (dollar) goes down, exports become more expensive and imports are cheaper.
71
What does a short position in a derivatives contract means?
It is the correct position to take when a company has sold goods and payment is coming due in foreign currency.
72
When is a call option purchased?
A call option is purchased when you are an importer and have a payable outstanding denominated in the foreign currency. You will buy the call option if you fear that the price of the foreign currency will go up. You have to pay a premium to purchase the call option. if the spot price remains the same at settlement date, you can let the option to expire.
73
When is a put option purchased?
A put option is purchased when you are an exporter and have a receivable outstanding denominated in the foreign currency. You will buy a put option if you fear that the price of the foreign currency will go down. You have to pay a premium to purchase the put option. If the spot price remains the same at settlement date, you can let the option to expire.
74
Does the premium price have any influece in decising to exercise the option or not?
No, the premium does not have any influence in deciding to exercise the option or not. The premium is considered a sunk cost (loss).
75
How is the net savings calculated when a call option is purchased?
Net savings = (spot rate at settlement date*units) - [(option price + premium)*units]
76
How is the net preserved value when buying a put option calculated?
Net preserved value = (spot rate at settlement date*units) - [(option price - premium)*units]
77
What is a forward contract?
1. A forward contract allows to hedge against volatility by locking in a purchase price several months in advance of the actual purchase. 2. generally they're settled on a settlement date without a daily mark-to-market feature that would automatically help offset this risk.
78
What are the advantages of a forward contract?
1. Securing lower prices in a rising price environment. 2. Allows to set notional amounts and settlement dates that are flexible with the other party entering the contract.
79
What is the disadvantage of a forward contract?
1. if falling prices, the strategy can result in a potential loss 2. credit risk. the counterparty not fulfilling their end of the contract.
80
What are the 5 steps to the manufacturing process?
1. product design and engineering 2. Product development 3. Manufacturing and scheduling 4. Manufacturing operations 5. Manufacturing and fixed asset accounting and reporting.
81
What are supervisory and monitoring controls?
1. Organizational Charts 2. Hiring guidelines 3. Supervision 4. Formal Approval Controls
82
What are the hiring guideliness control related to?
Develop strict hiring guidelines so that only compentent and capable employees are hired to perform key business processes.
83
What does organizational sustainability from Enterprise Risk Management (ERM) means?
It is the ability of an entity to withstand the impact of large-scale events.
84
what is value realization?
Value is realized when benefits created by the organization are received by the stakeholders in either monetary and nonmonetary form.
85
What are examples of value realization?
1. increased profitability and stock prices for company owners. 2. increased customer satisfaction 3. consistent product and brand usage 4. market leadership 5. consistent innovation 6. dividends
86
What does the Closed-Loop Verification input edit check refers to?
Checks the accuracy of input data by using it to receive and display other relevant information (data entry input control) (e.g., company would have entered the customers account number first and would have only been able to apply the payment to the correct customer and not another customers' account) After data has been entered, the computer sends data back to the terminal for comparison with data originally sent.
87
What is the primary purpose of monitoring internal controls according to COSO?
It is to verify that the internal control system remains adequate to address changes in risk. Internal controls should be monitored for the purpose of addressing changes in risk.
88
What is the purpose of acknowledging the existence of the employee handbook and code of conduct in the organization?
Acknowledgement of employee handbook and code of conduct ensure ethical values are understood and taken seriously.
89
What is risk avoidance?
Action is taken to remove the risk (e.g., leaving a line of business, etc.). It is appropriate when the entity cannot identify a risk response that will help mitigate the risk of not meeting objectives.
90
What is risk reduction?
An action is taken to reduce the severity of the risk. Management designs risk mitigation techniques to reduce risk (e.g., diversification of products offerings).
91
What is residual risk?
it is the amount of risk that an entity prefers to assume in the pursue of strategy objective. This is the risk that remains after management has taken actions to mitigate negative events.
92
What is the formula to compute residual risk?
residual risk = inherent risk - impact of management actions
93
What is a picking list/ticket?
A list provided to the warehouse or inventory function detailing the items and quantities that should be picked, packaged and sent to the shipping department for an order. This is part of the revenue process.
94
What are the common revenue process documents?
1. Sales order 2. Pick ticket 3. Packing slip 4. Bill of landing 5. Sales invoice 6. Receipt 7. Remittance advice
95
What does the risk response accept means?
No action is taken to change the severity of the risk (e.g., monitoring political events without taking any action or self-insuring).
96
What does risk response pursue means?
Action is taken that accepts increased risk to achieve improved performance.
97
What does the risk response share means?
Action is taken to reduce the severity of the risk by involving an outside party (e.g., insurance company) to share some of the risk burden.
98
What is the purpose of the setting objectives principle of the risk assessment component of the COSO internal control framework? S - Strategic objectives I C I
Management needs to set objectives with sufficient clarity to enable the identification and assessment of risks that threaten the achievement of the objectives. Point of focus is to identify objectives that reflect management's choices while complying with applicable accounting standards, laws, and regulations
99
What are some of the objectives supporting the setting objectives principle?
1. Operational objectives (e.g., meeting sales targets) 2. Financial reporting objectives is to have fair accurate, complete, and timely, financial reports. 3. Compliance objectives is to comply with all labor laws and other regulations.
100
What is the purpose of the identify and analyze risk principle of the risk assessment component from the COSO internal control framework and some of the risk supporting this principle? S I - Identify and analyze risk C I
Company should identify specific risks that are applicable and assess the risk involved. Risk can be either internal or external risks, and would be risks that can result in fraud or errors. Risk identified: 1. Operational risk - What do we do about mitigating the risk (e.g., risk as theft of merchandise) 2. Financial Reporting Risk - Are there risks out there that would make it difficult to apply GAAP? how are we going to respond to this risks? 3. Compliance Risk - how to deal with the risk of not complying with laws, rules, and regulations.
101
What is the purpose of the fraud risk principle of the risk assessment component from the COSO internal control framework? S I C - Considers potential for fraud I
The organization considers the potential for fraud in assessing risk. It includes assessing incentives and pressures, opportunities and attitudes, and rationalization.
102
How is the fraud triangle structured?
1. Incentive and pressure 2. Opportunity 3. Ability to rationalize and sell it to themselves (this sometimes needs to be observed in a person's behavior).
103
What is the purpose of the change management (identify and assess changes) principle of the risk assessment component from the COSO internal control framework? S I C I - Identify and assesses changes
The organization identifies and assesses changes that could significantly affect the system of internal control. This include assessing changes in the external environment (e.g., customer buying more goods online), business model, and leadership.
104
What are the members of the audit committee?
Members of the audit committee are board members but are otherwise independent from management. They cannot be the company's lawyer or the consultant for the company, and cannot influence the entity.
105
Can an audit committee member receive compensation from issuer?
No, an audit committee member may not accept compensation from the issuer for consulting or advisory services.
106
What is transaction exposure?
Transaction exposure is defined as the potential that an organization could suffer economic loss or experience economic gain upon settlement of individual transactions as a result of changes in the exchange rate (e.g., Imports and exports).
107
How is transaction exposure measured?
Transaction exposure is measured in relation to currency variability or currency correlation.
108
What are the two steps completed to measure transaction exposure?
1. Project foreign currency inflows and foreign currency outflows. obtain the net amount. 2. Estimate the variability (risk) associated with the foreign currency.
109
What is the purpose of the Performance component of the ERM framework?
1. Identify and assess the risk that may affect an organization from achieving its strategic and business objectives. 2. Risk is prioritized according to severity and consideration of risk appetite. 3. Risk response and monitoring for change.
110
What does the identify risk principle from the Performance component of the ERM framework refers to? V A P I - identifies risk R
Organization identify risks that affect meeting strategic and business objectives. Once risk is identified, they must determine how severe those risks are.
111
What does the assess severity of risk principle from the Performance component of the ERM framework refers to? V A - Assesses severity of risk P I R
1. Helps prioritize risk 2. Risk assessment includes the concept of inherent risk, target and actual residual risks. 3. Includes assessing the likelihood of the risk occurring (risk severity) and the impact if it does occur.
112
What is the formula to determine the risk severity?
Risk assessment (severity) = likelihood (%) * severity ($ amount)
113
What does the prioritize risk principle from the Performance component of the ERM framework refers to? V A P - Prioritizes risk I R
1. As basis to select response to risk 2. Risk deemed severe at the operating level might be less of a concern at the entity level. 3. Entity identifies and selects risk responses as a result of prioritizing risks.
114
What are types of risk responses used to prioritize risk?
1. Taking no action and simply accepting risk 2. Divesting or exiting a line of business to avoid a risk 3. Appropriate when no risk response will mitigate (outdated business model) 4. Share or transfer the risk by purchasing insurance 5. Reduce the risk by hedging a foreign currency transaction 6. install cameras and purchase alarms to reduce theft risk 7. Pursue risk if you expect a greater return for pursuing the additional risk.
115
What does the implement risk response principle from the Performance component of the ERM framework refers to? V A P I R - Risk response
Implement risk response are classified as: 1. Accept 2. Avoid 3. Pursue 4. Reduce 5. Share
116
What does the develop portfolio view principle from the Performance component of the ERM framework refers to? V - View portfolio, develop portfolio view A P I R
Risk deemed severe at the operating level (e.g., products may become obsolete) may be less of a concern at the entity level to a well-diversified parent company.
117
What is translation exposure?
Translation exposure refers to the gain or loss generated from the conversion of financial statements from one currency to another based on different exchange rates.
118
What is the purpose of the control environment component from the COSO internal control framework?
It is the tone at the top. It includes the processes, structures, and standards, that provide the foundation for an entity to establish a system of internal controls.
119
What does the competence principle from the Control Environment component of the COSO internal control framework refers to? B O C - commitment to competence C A
The organization demonstrates commitment to attract, develop, and retain competent individuals as well as prepares for turnover and succession planning (e.g., financial reporting competencies).
120
What does the accountability principle from the Control Environment component of the COSO internal control framework refers to? B O C C A - Accountability
Organizations need to hold employees accountable for their internal control responsibilities, needed to measure performance, possible incentives and rewards as appropriate, disciplinary actions as appropriate. Risk of excessive pressure. Baseline for performance.
121
What does the board of independence management principle from the Control Environment component of the COSO internal control framework refers to? B - Board oversight O C C A
Board oversees internal control from initial development of controls to maintaining performance oversight.
122
What does the lines of organizational structure principle from the Control Environment component of the COSO internal control framework refers to? B O - organizational structure C C A
The organizational structure, centralized, decentralized, tailored to the entity. The reporting relationship should not undermine the commitment to effective financial reporting and internal control (e.g., the credit manager reports to the VP of sales, this is a conflict of interest).
123
What does the Ethics principle from the Control Environment component of the COSO internal control framework refers to? B O C C - commitment to ethical values A
Commitment to ethics from up down through behavior, a code of conduct that would require reporting of gifts received, prohibition against self dealing. - Presence of a written code of conduct provides that competent evaluators are implementing and monitoring internal controls. - A written code of conduct helps management set the tone of the organization; existence promotes honest/ethical conduct, teamwork, compliance, and appropriate disclosure.
124
What is Data Flow diagram?
visually depicts the logical flow of data for business processes.
125
What is a flowchart?
Flowcharts visualize both the logical and physical flow of data. When identifying risk and control deficiencies, this is the best approach to use.
126
What are process narratives?
A written description, not a visual depiction of a process.
127
What is the system interphase diagram?
It focus on the interfacing of clients and systems and does not depict the logical flow of information.
128
Can audit committee members receive compensation for the board of directors' duties?
Yes, members of the audit committee are board members. They can receive compensation for their board of directors' duties. However, if an audit committee member is the CEO or CFO and receives a salary, then this violates independence.
129
What does the component of review and revision under the enterprise risk management framework refers to?
Continuous assessment of how well the ERM capabilities and practices have increased value over time and will continue to drive value in light of substantial change. The entity reviews performance and considers risk after the fact to determine whether the actions taken were effective in mitigating risk (e.g., purchase of a hedge to mitigate a falling foreign currency)
130
What are the 3 principles under the review and revision component of the ERM framework?
S - substantial change (assesses) I - Improvement in Enterprise Risk Management R - Reviews risk and performance
131
What does the Assesses substantial change principle under the review and revision component of the ERM framework refers to? S - Substantial changes I R
The entity identifies and assesses changes that may substantially affect strategy and business objectives. Assessment may include internal and external environmental changes.
132
What does the review risk and performance principle under the review and revision component of the ERM framework refers to? S I R - Review risk and performance
Organization reviews entity performance and considers risk, including the capabilities and practices of the organization.
133
What are types of evaluations performed under the review risk and performance principle?
1. Potentially incorrect assumptions 2. Poorly implemented practices 3. entity capabilities 4. cultural factors.
134
What does the pursues improvement principle under the review and revision component of the ERM framework refers to? S I - Improvement in ERM R
Organizations pursues improvement of ERM. Opportunities to revisit and improve efficiency and usefulness may occur in an area.
135
How does the ERM framework impacts performance variability?
Performance variability is reduced as a result of the ERM framework.
136
What does variability mean?
Variability creates risk, and effective risk management is designed to help an entity reduce and better manage variability.
137
What is risk capacity?
Risk capacity is the maximum amount of risk an entity can absorb in the pursuit of its strategic and business objectives. Effective risk management is not designed to reduce this capacity.
138
What are the requirements of section 404 for compliance with Management assessment of Internal Controls?
Annual report requires the following: 1. A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. 2. An assessment over the effectiveness of internal controls over financial reporting as of the end of the most recent fiscal year. 3. Auditor must attest to management's assessment of internal controls 4. Management is not required to include a statement related to disagreements with the auditor.
139
What are the requirements of the Officers certification of internal controls?
1. CEO/CFO must certify they're responsible for establishing and maintaining their company's internal control over financial reporting. 2. They have designed those controls 3. They have within 90 days to evaluate the effectiveness of those controls 4. they have presented in the report their conclusion about the control effectiveness.
140
What are the benefits of implementing section 404?
1. Organizations will understand the current controls in place 2. Organization will understand the controls that can be implemented to enhance the internal control framework. 3. Organization will focus only on key components of the COSO framework. 4. External Auditor's opinion will add confidence to external stakeholders, vendors, and other 3rd parties.
141
What are the components of the monitoring-for-change continuum from the ongoing and separate evaluation principle of Monitoring component?
1. Control baseline 2. Change identification 3. Change management 4. Control revalidation/update
142
What does control baseline refers to?
It is the starting point of the company's internal control design. Monitoring helps to increase the understanding of the baseline
143
What does change identification refers to?
Relates to making sure the changes that are identified through continual monitoring of the control. Monitoring can be used to address risk assessment components ability to identify and address control changes.
144
What does change management refers to?
It is when new baseline is established. Monitoring determines that changes are managed, and new baseline is established.
145
What does control revalidation/update refers to?
This is periodically revalidating the operation of internal control is the absence of changes. Monitoring re-validates control operations.
146
What does the Obtain and Use information principle from the Information and Communication component of the COSO internal control framework refers to? O - Obtain and use information (quality) C I
The company obtains relevant information (quality) and applies it to support everyday operations. Quality information means that it has to be relevant, timely, current, accurate, verifiable, protected and retained.
147
What does the Internally Communicate information principle from the Information and Communication component of the COSO internal control framework refers to? O C I - Internal communication
Organization effectively communicates information necessary to support the functioning of internal controls to internal parties including relevant objectives and responsibilities. Flow of information is up, down and across the organization. It also includes whistleblower hotline.
148
What does the Externally Communicate principle from the Information and Communication component of the COSO internal control framework refers to? O C - communicate with external parties I
The organization communicate with external parties information that is relevant to the functioning of internal controls. Two-way communication channels such as: 1. Board of directors to receive relevant information from external parties. 2. IT security people to provide good information about network and IT securities. 3. External auditors 4. Whistleblower hotline from outside of the organization.
149
How to compute the effective annual percentage rate (EAPR)?
EAPR = {[1 + (interest (i)/period (p))]^ period (p)} - 1
150
What does the effective annual percentage rate (EAPR) means?
Represents the stated rate that has been adjusted for the amount of compounding periods in a given 12-month year.
151
What is business risk?
It is the exposure a company or organization has to factor(s) that will lower its profits or lead it to fail (e.g., company generates enough income to cover expenses).
152
What is financial risk?
A broad term describing the company's balance of debt and equity financing. Risk to common shareholders because it requires payment before shareholders receive a return on their investment.
153
What are two ways a company can use to mitigate interest rate risk?
1. Invest in floating (variable) rate debt (floating/variable rate maintains a constant value. If rate change, the value of the debt will simply adjust). 2. Enter into a derivative contracts
154
What does the business context analysis principle under the strategy and objective setting component of the ERM framework refers to? S O A - Analyzes business context R
Organization considers potential effects of business context on risk appetite (e.g., knowing economic cycles of the business). This principle determines how it fits within the industry and how the economy impacts the particular industry.
155
What does the define risk appetite principle under the strategy and objective setting component of the ERM framework refers to? S O A R - Risk appetite is defined
-The organization defines risk appetite in the context of creating, preserving, and realizing value for shareholders. - The organization's risk appetite has been exceeded when combined likelihood and impact of negative events significantly exceed residual risk. - Risk appetite can be considered in qualitative or quantitative terms (e.g., "low appetite" or "high appetite") - Alignment of business objectives to strategy support the entity in achieving its mission and vision.
156
What does mission and vision mean?
Mission: Represents the core purpose of the entity. Represents why the company exist and what it hopes to accomplish. Vision: Represents the aspirations of the entity and what it hopes to achieve over time.
157
What does the evaluate alternative strategy principle under the strategy and objective setting component of the ERM framework refers to? S - Strategies (alternative) are evaluated O A R
The organization evaluates alternative strategies and potential impact of risk profile.
158
What does the formulate business objectives principle under the strategy and objective setting component of the ERM framework refers to? S O -objectives (business) are formulated A R
- The organization considers risk while establishing the business objectives at various levels that align and support strategy. - Business objectives are the measurable steps an organization makes to achieve its strategy. - They're developed that are specific, measurable or observable, attainable, and relevant (to the achievement of strategy).
159
When is self-monitoring used as a control?
when the employee is setting, reviewing and reporting any issues (e.g., issues related to setting access parameters), the employee is self-monitoring.
160
When is oversight monitoring used as a control?
When someone above the employee is reviewing the report/work, then oversight would be in place.
161
When is supervisory monitoring used as a control?
when the employee has a staff member perform or log issues related to a process (e.g., setting access parameter's), and the employee is reviewing the report/work performed by the staff.
162
When is continuous monitoring used as a control?
when the review is performed on an ongoing basis. If review is performed on a monthly basis, it's not continuous/ongoing.
163
What do business losses represent with regards to financial risk management?
Business losses are considered the most distracting influencer on decision makers. Manager's fear of continuous losses.
164
What are officer's certification of financial statements?
CEO/CFO must certify the following: 1. The quarterly and annual reports were reviewed and filed with the SEC. 2. The reports do not contain material untrue statements 3. Financial statements are fairly presented.
165
What is required to be in compliance with SOX 404?
1. Develop documentation of existing internal controls and procedures associated with financial reporting. 2. Test the effectiveness of those controls and procedures. 3. Provide details on any deficiencies in the control and/or documentation
166
What is a validity check?
Responsible for ensuring that data entered in the system is listed in the master file. (e.g., if we're shopping online and entered a discount code that wasn't listed as active or legitimate in the master file, the website will tell us that is invalid)
167
what is a completeness check?
Used to verify that all required fields have data entered (e.g., we're not missing the PO number when completing the order to process the shipping of the goods).
168
SOX 404 requires that audit committee establishes complaint procedures. What are these procedures?
1. Must accommodate confidential, anonymous reports by employees of the issuer. 2. Must accommodate receipt and retention of complaints as well as a method to address those complaints.

CPA - Business Environment (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions