BEC 1 - Corporate Governance and Internal Control Flashcards
(39 cards)
A public company audit committee must have at least one “financial expert” and they must have all of the following:
(a) an understanding of GAAP and financial statements; (b) experience in preparing or auditing F/S; (c) experience with internal auditing controls; and (d) an understanding of audit committee functions
Under SOX, it is a crime to punish a public company whistleblower who provides truthful information relating to
any federal offense
Under the SOX retaliation cause of action, it is a crime to punish a public company whistleblower who provides truthful information relating to
federal securities law violations only
Under Dodd-Frank, if the SEC determines to impose penalties above $1 million, what percentage would be within the range of mandatory rewards?
Between 10-30% of sanctions imposed.
Public companies must adopt a code of ethics for:
senior financial officers.
CFOs, comptrollers, principal accounting officers, and others performing similar functions.
T/F: Detective controls are more costly than preventive and corrective controls.
True
Detective controls have to be continually performed to be effective, whereas, preventive controls are pretty much set once they have been put into place.
T/F: Application controls are controls over the computing environment as a whole.
False.
General controls are controls over the environment as a whole helping to ensure that data integrity is maintained.
Application controls are controls over specific data input, data processing and data output activities ensuring the accuracy, completeness, and validity of transaction processing. Narrowly focused on those accounting applications that are involved with data entry, updates, and reporting.
Preventive controls attempt to stop an error or irregularity before it occurs. They are typically “passive.” Meaning, once they are in place, they simply need to be activated to be effective. Examples include:
Locks on buildings and doors, use of username and password to gain access to computer resources, and building segregation of duties into the organizational structure.
Detective controls attempt to detect an error after it has occurred. They are typically “active” as they must be continually performed in order to be effective. Examples include:
Data entry edits (checks for missing data, values that are too large or too small), reconciliation of accounting records to physical assets (bank recs, inventory counts), and tests of transactions to determine whether they comply with management’s policies and procedures (audits).
Note they can take on preventive characteristics. Surveillance cameras
Corrective controls are always paired with detective controls. They attempt to reverse the effects of the observed error or irregularity. Examples include:
Maintenance of backup files, disaster recovery plans, and insurance.
The COSO “cube” model for internal control contains 5 fundamental components, which are:
C - Control activities R - Risk assessment I - Information and communication M - Monitoring E - Control environment
Which of the 5 fundamental components of the COSO “cube” model is described as:
* Management’s philosophy toward controls, organizational structure, system of authority and responsibility, personnel practices, policies, and procedures. This component is the core or foundation of any system of internal control.
Control Environment
Which of the 5 fundamental components of the COSO “cube” model is described as:
* The process of identifying, analyzing, and managing the risks involved in achieving the organization’s objectives. This topic is covered in greater depth in the “Risk Management Policies and Procedures” lesson.
Risk assessment
Which of the 5 fundamental components of the COSO “cube” model is described as:
* The information and communication systems that enable an organization’s people to identify, process, and exchange the information needed to manage and control operations.
Information and communication
Which of the 5 fundamental components of the COSO “cube” model is described as:
* In order to ensure the ongoing reliability of information, it is necessary to monitor and test the system and its data.
Monitoring
Which of the 5 fundamental components of the COSO “cube” model is described as:
* The policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives.
Control Activities
T/F: The COSO model was developed to help guide efforts to articulate and improve accounting controls.
True.
T/F: A sustainability report is primarily an external, nonfinancial report.
True
In the COSO "cube" model, each of the following is a control objective except A. Compliance. B. Monitoring. C. Operations. D. Reporting.
B. Monitoring is correct because it is not a control objective in the COSO model.
T/F: Management should establish oversight of outsourcing service providers.
True
Under COSO Internal Control Principles, what are the 5 principals of control under control environment?
- The organization demonstrates a commitment to integrity and ethical values.
- The board of directors demonstrates independence of management, and oversees the development and monitoring of internal control
- Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities to achieve objectives, including integrating organizational structures and services including outsourced service providers.
- Competence – The organization demonstrates a commitment to attract, develop, and retain competent individuals consistent with achieving organizational objectives.
- Accountability – The organization holds individuals accountable for their internal control responsibilities
Under COSO Internal Control Principles, what are the 4 objectives under risk assessment?
- Objectives – The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks that threaten the achievement of objectives.
- Assessment – The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risk should be managed.
- Fraud – The organization considers the potential for fraud in assessing risks to the achievement of objectives.
- Change management – The organization identifies and assesses changes in the external environment, business model and organizational leadership that could impact the system of internal control.
Under COSO Internal Control Principles, what are the 3 principals of control under control activities?
- Risk reduction – Organizational control activities mitigate (i.e., reduce) the risks to the achievement of objectives to acceptable levels.
- Technology controls – The organization selects and implements general controls over technology which support the achievement of its objectives.
- Policies – The organization’s control activities inform policies that establish stakeholder expectations. Established procedures ensure the implementation of these policies.
Under COSO Internal Control Principles, what are the 3 principals of control under information and communication?
- Quality – Relevant, high-quality information supports the internal control processes.
- Internal – Internal communication supports internal control processes.
- External – Communication with outsiders supports internal control processes.
