Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPA BEC > BEC 2 - Corporate Governance, Internal Control & Enterprise Risk Management > Flashcards

BEC 2 - Corporate Governance, Internal Control & Enterprise Risk Management Flashcards

(42 cards)

Start Studying
1
Q

Corporate Governance (2)

A
  • It is the role of corporate governance to make certain that objectives of the entity are met while needs & concerns of stakeholders are addressed.
  • Corporate governance consists of the systems that are applied to control & to direct a corporation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Articles of Incorporation (8)

A

Articles of Incorporation - Upon formation, a corporation will file with the secratary of state & create bylwas. It includes such info as the:

  • Name of the corporation
  • Nature & Purpose
  • Term Life of the corporation (indefinite duration)
  • Capitalization - Amount & types of stock
  • Name & Address of each Incorporator
  • Initial Board - Names of the people in the Board
  • Registered Agent - the place where the state may serve a court order if corporation is being sued or needs legal action
  • By-Laws - Rules & regulations of the corporation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Board of Directors

What are the responsibilities of the Board?

A

A group of individuals, normally elected by shareholders of a corporation, that determine the direction of a corporation based on responsibilities established in the bylaws.

  • Board members have a fiduciary duty to:
    • Act Loyally in the best interest of the corp & shareholders which includes not putting thier interest above the company & acting without personal economic conflict.
    • Act with a Duty of Care to act with care & diligent when making company decisions.
    • Act with Due Diligence which means using reasonable care when entering into agreements.
  • Amending the bylaws if necessary
  • Strategic planning & development of objectives
  • Duty to hire CEO/Officers
  • Management oversight & determining its compensation
  • Establishing Dividend policies
  • Reacquiring Treasury Stocks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 3 committees that are established by the Board?

(CAN)

A

Committees are established by the Board in order to disburse the Board’s responsiblities. The three required are:

  1. Nominating Committee
  2. Audit Committee
  3. Compensation Committee.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Business Judgement Rule

A

A director has some protection against liability when decisions do not provide anticipated results. The Business Judgement Rule was established as a result of a case law which requires a director to act in good faith, be loyal, & apply due care.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Nominating Committee

A

Nominating Committee is responsible for the overall corporate governance of the corporation. Primary duty is to determine who is suitable for service on the board of directors. Also, it is charged on overseeing CEO sucession.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Audit Committee

&

Financial Expert (5)

A
  • Audit Committee is responsible for overseeing the financial reporting process.
  • Under SOX Title 4, Audit Committee is responsible to oversee the establishment of appropriate internal controls.
  • Under SOX Title 4, audit committee is required to be made up of independed directors & atleast one is a financial expert.
    • A financial expert has the follwing qualities,
      • An understanding of GAAP & FS
      • Experience in preparing or auditing FS
      • Experience with Internal Controls
      • An understanding of the functions of the audit committee
      • Doesn’t need to be a CPA

NOTE: Correct! SOX requires every issuer to have a financial expert on the audit committee. If there is no financial expert on the audit committee, that fact and the reasons are required to be disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compensation Committee

A
  • Made of independent directors that is responsible for establishing payment policies for directors & executives.
  • Has responsibilties that include: (Per SEC, NYSE, NASDAQ)
    • Developing a compensation approach or philosophy
    • Establishing compensation for the CEO & other executive officers
    • Use outside experts, as appropriate
    • Receive & evaluate proposals reagarding executive compensation put forward by shareholders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Under the Dodd-Frank Act, what are the 4 significant provisions that is directly related to the compensation committee of the board of directors?

(Say-on-pay,Independence,Disclosure,Clawbacks)

A
  • Although Dodd Frank Act was designed to regulate financial services industry, there are 4 siginificant provisions regarding compensation committe:
    • Say on Pay - Stockholders are required to be allowed to vote on executive officer compensation
    • Independence - Committee members must be independend
    • Disclosures - Executive salary must be disclosed
    • Clawbacks - Recoupment of compensation if FS are restated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 2 types of Management compensation?

A

Fixed Compensation - A set amount for salary payments plus perks (perquisites) including health/life insurance, retirement benefits, and company vehicle usage.

Incentive Compensation - Payments that are based on company performance or some other criteria. Some of the most common include:

  • Bonuses
  • Share-based Compensation
    • Stock options
    • Shared appreciation rights
    • Restricted shares
    • Perfomance shares
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are fixed & incentive compensation?

What are the 4 types of Share-Based compensation?

(Stock Options,Shared App Rights,Restricted Shrs,Performance shrs)

A

Fixed Compensation - A set amount for salary payments plus perks (perquisites) including health/life insurance, retirement benefits, and company vehicle usage.

Incentive Compensation - Payments that are based on company performance or some other criteria. Some of the most common include:

  • Bonuses
  • Share-based Compensation
    • Stock Options - gives the officer the ability to buy shares at a fixed price for a specific period of time.
    • Shared Appreciation Rights - same as stock options, but gives an officer cash payments resulting from increases in stock price.
    • Restricted Shares - shares of stock that may not be disposed of for a period of time, in which officers are given the incentive/strive to increase the stock price.
    • Perfomance Shares - shares that are issued to mgmt if specific performance objectives are met.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How may the Board monitor management? (7)

A

There are various ways in which the Board can monitor management. One of the most common & effective is through the use of Internal Auditors. Below are other examples:

  1. The Board of Directors
  2. Internal Audit
  3. External Auditors
  4. Investment Banks & Securities Analysts
  5. Creditors & Credit Agencies
  6. Attorneys
  7. SEC (1933/1934)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Internal Audit Function

What are the 3 components of IPPF?

A

The Institiue of Internal Auditors (IIA), an international professional association that many internal auditors beling to, has developed an International Professional Practicves Framework (IPPF) that consists of the three follwing:

  1. The Definition of Internal Auditing
    • ​​Internal auditing is an independent, objective assurance & consulting activity designed to add value & improve an org’s operations. It helps an org accomplish its objectives by bringing a systematic, disciplined approach to evaluate & improve the effectiveness of risk mgmt, control & goverment process.
  2. The Code of Ethics
    • Principles
      • Integrity, objectivity, confidenciality, competency
    • Rules
      • Integrity, objectivity, confidenciality, competency
  3. Internal Standards for the Professional Practice of Internal Auditing (ISPPIA)
    • Attribute Standards (4)
      • Purpose, Authority, Responsiblity
      • Independence & Objectivity
      • Proficiency & Due Professional Care
      • Quality Assurance & Improvement
    • Performance Standards (7)
      • Managing the Internal Audit Activity
      • Nature of Work
      • Engagement Planning
      • Performing the Engagement
      • Communication of the Results
      • Monitoring Progress
      • Communicating the Acceptance of Risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

External Auditors

(DISAPPROVE)

A

In addition to auditors, external auditors are potentially effective in contributing to the monitoring of management.

GAAS req’s the external auditor to communicate with those charge with governance regarding certain matters (DISAPPROVE):

  • Disagreements with management
  • Illegal Acts, noncompliance w/ laws & regulations
  • Significant accounting policies
  • Adjustments
  • Prior discussions w/ management
  • Problems
  • Responsibilities
  • Other Information regarding responsibilities
  • Views of other accountants
  • Estimates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internal Control

Whare the Internal Control objectives? (ACE)

What is the most commonly used framework in the US?

A

Internal Control - An entity’s policies & procedures designed to enable it to achive its objectives of efficient & effective operations, compliance with applicable laws & regulations, and reliable FS reporting.

  • The most commonly used framework in the US?
    • Internal Control - Integrated Framework created by COSO (The Committee of Sponsoring Organizations of the Treadway Commission).
  • Internal Control Objectives: ACE
    • Accurate, reliable GAAP FS
    • Compliance w/ laws & reg
    • Effectiveness & efficiency of operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What the 5 components of Internal Control?

(CRIME)

A
  • Control Environment
    • CHOPPER
  • Risk Assessment
    • Specifies suitable objectives
    • Identifies & analyzes risks
    • Assesses fraud risk
    • Identifies & analyzes significant changes
  • Control Activities (PIPS)
    • Performance Reviews - Actual vs Budget
    • Information Processing - General vs. Application Ctrls
    • Physical Controls - Acces to assets
    • Segregation of Duties - ARRC
  • Information & Communication
    • Uses relevant information
    • Communicates internally
    • Communicates externally
  • Monitoring
    • Conducts ongoing &/or separate evaluations
    • Evaluates & communicates deficiencies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Control Environment

(CHOPPER)

Study These Flashcards
A

Control Environment - sets the tone of an organization, influencing the control consciousness of its people. It is the foundation of all other components of internal control, providing discipline & factors. (CHOPPER)

  • Commitment to competence
    • Employees posses skills & knowledge essential to performing their jobs
  • Human resource policies & practices
    • Effective policies & practives for hiring, training, evaluating, etc. of employees
  • Organizational structure
    • Provides a basis for planning, directing, cotrolling operations.
  • Participation of those charged w/ Governance
  • Philosophy of mgmt & operating style
    • Manner in which mgmt runs the organization can have a significant effect on the control environment.
  • Ethical values & integrity
  • Responsibility assignment
    • Communicated throug documents such as job descriptions & organizational charts. Personnel are made aware of their responsibilities.
18
Q

Risk Assesment

Study These Flashcards
A

Identification & analysis of the internal & external risks that may interfere with the achievement of management’s objectives, including the requirement for reliable financial reporting & the preparation of fairly presented FS.

“How to Identify, Analyze & Manage risk?”

19
Q

Control Activities

(PIPS)

(ARCC-S)

Study These Flashcards
A

Control Activities - Policies & procedures that help insure that management directives are carried out.

Types of control activities include: (PIPS)

  • Performance reviews - Actual vs. budget FS
  • Information processing - IT vs application ctrls
  • Physical Controls - Acces to assets (who has it)
  • Segregation of duties (ARCC-S)
    • Authorization of transactions
    • Recoding (posting) of transactions
    • Custody of assets (who has access)
    • Comparisons (reported vs. recorded/reconciliations)
20
Q

Information & Communication

Study These Flashcards
A

The means by which information is obtained & disseminated by management throughout the entity & with appropriate business relationships such that control ativities will more likely be understood and followed and nd so that management will receive feedback as to their effectiveness.

Refers to the I.D, retention, & transfer of info in a timely manner allowing personnel to perform their responsibilities.

  • Info System - consists of the methods & records used to record, process, summarize & report FS
  • Communication - involves establishing idividual duties & responsibilities relating to internal control & making them known to personnel.
21
Q

Monitoring Activities

Sequence of Activities, what are the 4 steps?

(Baseline,Identification,Management,Revalidation/Update)

Study These Flashcards
A

The ongoing evaluation of internal controls to make certain that they are effective, functioning as intended, & that they remain relevant.

Evaluators - Individuals that monitor controls w/in an organization that should be both compent & objective.

Monitoring sequence of activities: (TESTED)

  1. Control baseline - delvelopment of undertanding of how I/C was designed & implemented
  2. Change identifictation - use of ongoing & separate evaluations to identify the effectiveness of I/C
  3. Change in management - determination of when changes to I/C are needed
  4. Control revalidation/update - understanding of a new baseline or updated/revised system
22
Q

What are the Limitations of Internal Control?

(COCCO)

Study These Flashcards
A
  • Collusion
  • Override by management
  • Competence - errors or mistakes, poor human judgement
  • Cost/Benefit constraints
  • Obsolescence - change in operations or size
23
Q

What are the basic change control processes components? (5)

(Request,Analysis,Decisions,Plan/Implement,Monitor)

Study These Flashcards
A

The basic change control processes components includes:

  1. Change Requests - when change is needed
  2. Change Analysis - evaluating the change
  3. Change Decisions - deciding on the change
  4. Planning & Implementing the Change - developing a new plan
  5. Monitoring & Tracking the Change - if new change is properly executed & having intended effects
24
Q

What is Enterprise Risk Mgmt (ERM)?

What is the purpose?

What are the 8 components?

Study These Flashcards
A

ERM is a system encompassing an entity’s strategy to identify events that may affect the entity, and to manage those risks in accordance with the entity’s risk appetitie, that incorporates 8 components, including the 5 components of internal control (CRIME).

The purpose of ERM is to find the balance between minimizing or managing risk & maximizing the return & opportunities that can be provided to stake holders.

  1. Internal Environment
    • Integrity/Ethics
  2. Objective Setting
    • Strategic, Operational, Reporting, Compliance
  3. Event Identification
  4. Risk Assessment
    • Balance sheet approach
    • Process approach
    • Event identification approach
  5. Risk Response
    • Acceptance
    • Sharing - Use of Insurance
    • Reducing/Mitigation - Relocation
    • Avoidance
  6. Control Activites
    • ARCSS
  7. Info & Communication
  8. Monitoring
25
Internal Environment | (ERM)
The internal environment ***sets the tone for the organization***. It *establishes* a ***basis for*** the ***analysis of risk***, incorporating ***management's philosophy***, the entity's ***risk appetite***, & the values that are important to the entity such as ***integrity & ethical values***.
26
Objective Setting (ERM) What are the 4 areas of Objective Setting? (Strategic,Operational,Compliance,Reporting)
The conversion of an entity's mission into specific objectives, the progress toward which can be measured incorporating operating objectives, compliance objectives, & reporing objectives. What are the four areas in which ERM can assist the entity in achieving its objectives? * **Strategic Objectives** - sets the direction for the entity. * **Operational Objectives** - What is the goal, operationally & the effective use of the resources available. * **Compliance Objective** - make certain that division operate within approperate regulation & laws. * **Reporting Objectives** - how is the strategic objectives going to be reported/communicated.
27
Event Identification (ERM) What are the 7 techniques for identifying relevant events?
The process used for *identifiying those events, both external and internal, that have the potential of affecting the entity's ability to achieve its objectives* so that those representing opportunities can be taken advantage of and and those threats can be avoided or prepared for. ERM identifies 7 technique for identifying relevant events: 1. Event Inventories 2. Internal analysis 3. Escalation or threshold triggers 4. Facilitated workshops or interviews 5. Process flow analysis 6. Leading event indicators 7. Loss event data methologies
28
_ERM - Event Identification Techniques:_ Leading Event Indicators & Loss Event Data Methologies
**Leading Event Indicators -** Identifying data that is indicative of a pending event, such as a decline in interest rates being indicative in the demand for housing **Loss Event Data Methologies -** collections of info regarding past losses used to prevent repeating actions that would likely result in further losses.
29
Risk Response (ERM) What are the 4 ways mgmt may deal with certain risks? (Acceptance,Sharing,Reduction,Avoidance)
An assessment by management of how identified risk in ERM should be dealth with. Options are: * **Acceptance** - where the entity would take NO action & simply allow the event to occur. * **Sharing** - where the entity might use insurance or fidelity bonds, entering into arrangement w/ another entity to share the risk, or outsourcing an activity. * **Reduction** - where an entity be required to change of internal environment or change in control activities. * **Avoidance** - where an entity may change an internal process, elimanate the line of business/product, stop using a particular raw material or buying from a specific supplier, or discontinue selling to a particular customer.
30
What are the 3 approaches ERM uses to Quantify Risks? (Benchmarking,Probabilistic Models,Non-probabilistic Models)
1. **Benchmarking** - which compares expected outcomes to common measures. 2. **Probabilistic** Models - which develop expected values using probabilities of possible outcomes. 3. **Non-Probabilistic** Models - which uses subjective assumptions to measure possible outcomes.
31
When deciding on the appropriate Risk Response, what 3 types of Risk must be considered? (Inherent,Residual,Event)
**Inherent Risk** - is the risk to the entity if NO action is taken. **Residual Risk** - is the risk to the entity that would remain IF action is taken & contrals are taken into account. **Event Risk** - is the risk that an unforseen event will negatively impact the company, such as a fire.
32
What are the 3 approaches ERM uses to Asses Risk? (BS, Process,Even Identification)
1. **Balance Sheet Approach** - Entity should identify the resources within its control & determine which ones might be vulnerable (which assets). 2. **Process Approach** - Involves evaluating the processes that are used to acieve the entity's objectives. 3. **Event Identification Approach** - evaluating by viewing the entity from a competition standpoint.
33
What are 3 Inherent Limitations of ERM?
* The **future**, by nature, **cannot be predicted with certainty** * Some **events are beyond management control** & due tot the need to allocate scare resources, the entity will not necessarily be able to pursue all objectives to the extent desired * No system processs, regardless of how well designed & managed will necessarily always accomplish what it is inteded to do **(no absolute assurance)**
34
Balanced Score Card (4) TESTED (Financial,Customer,Internal,Innovation)
The balanced scorecard *assesses an organization's performance* by analyzing: 1. **Financial Information** 2. **Customer Satisfaction** 3. **Internal Processes** 4. **Innovation** ​**_NOTE_**: Correct! **Innovation** (sometimes called "Learning and Growth") is one of the four perspectives on the balanced scorecard.
35
Revised Business Model Act
Correct! The Revised Model Business Corporation Act requires a recommendation from the board of directors and subsequent approval of a majority of voting shareholders to voluntarily dissolve a corporation.
36
What/who is COSO?
The Committee of Sponsoring Organizations of the Treadway Commission (**COSO**) is a joint initiative of five private sector organizations, established in the United States, dedicated to providing thought leadership to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. ## Footnote *Created the framework for Internal Control.*
37
Vested, Inc. made some changes in operations and provided the following information: Year 2 Year 3 Operating Revenues $900,000 $1,100,000 Operating Expenses $650,000 $700,000 Operating Assets $1,200,000 $2,000,000 What percentage represents the return on investment for year 3?
You answered correctly Correct! Return on investment is typically computed as: (Revenues - Expenses) / (Average Assets). The average assets for Vested is $1,600,000 [($1,200,000 + $2,000,000) / 2]. Accordingly, the return on investment for year 3 is ($1,100,000 - 700,000) / ($1,600,000) = 25%.
38
To comply with a director’s duty of loyalty to a corporation, what action(s) should a director take when presented with a corporate opportunity? a. Reject the opportunity and not offer it to the corporation. b. Accept the opportunity and not offer it to the corporation. c. Accept the opportunity and disclose the acceptance to the corporation. d. Offer the opportunity to the corporation and accept it if the corporation rejects it.
You answered incorrectly Incorrect! A director must act in the best interest of the corporation. All opportunities should be first offered to the corporation. If the corporation doesn’t wish to pursue the opportunity, then the board member may consider pursuing the opportunity for their own benefit.
39
Which of the following is most useful when risk is being prioritized? a. Low and high probability exposures. b. Low and high-degree loss exposures. c. Expected value. d. Uncontrollable risks.
You answered correctly Correct! When applying Enterprise Risk Management (ERM) principles, risks are prioritized in terms of their likelihood of occurrence and their expected impact on the company. *The* ***expected value of the risk is considered important*** because it will be compared to the expected values of risks associated with alternative decisions in order to determine risk priority.
40
The Enterprise Risk Management-Integrated Framework of the committee of sponsoring organizations (COSO) is best defined as a a. Process effected by an entity’s board of directors, management, and other personnel. b. Serial process in which one component affects only the next component. c. Process that takes a control-based approach to an organization. d. Process that replaces the COSO internal control framework.
You answered correctly Correct! The Enterprise Risk Management-Integrated Framework is a risk-based approach designed to help management evaluate the interrelated impacts of decisions and deal with multiple risks. It is separate from and additional to the COSO internal control framework and is a ***process effected by an entity’s board of directors, management, and other personnel.***
41
According to COSO, the position or internal entity that is best suited, as part of the enterprise risk management process, to devise and execute risk procedures for a particular department is a. The internal audit department. b. The chief executive officer. c. A manager within the department. d. The audit committee.
You answered incorrectly Incorrect! According to COSO, a manager within the department is best suited, as part of the enterprise risk management (ERM) process, to devise and execute risk procedures for that department. At this procedural level, the CEO has limited or no involvement, and the independent audit committee of the board of directors has none. The internal audit department could possibly assist with devising departmental risk procedures for other departments, but would have little to no involvement with their execution.
42
A company has an online order processing system. The company is in the process of determining the dollar amount of loss from user error. The company estimates the probability of occurrence of user error to be 90%, with evenly distributed losses ranging from $1,000 to $30,000. What is the expected annual loss from user error? a. $13,050 b. $13,500 c. $13,950 d. $14,400
You answered incorrectly Incorrect! To calculate expected annual loss from user error, find the midpoint of the evenly distributed losses and multiply by the likelihood of losses. The midpoint of 1,000 and 30,000 is 15,500, calculated as (1,000 + 30,000)/2. Multiplying 15,500 by the 90% likelihood equals an expected annual loss from user error of $13,950.

CPA BEC (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions