Flashcards in Chapter 4 - Main Aspects Of Corporate Governance Deck (54):
The five areas of the 2018 UK corporate governance code are...
- Board leadership and company purpose
- Division of responsibilities
- Composition succession and evaluation
- Audit risk and internal control
The Turnbull guidance sets out what...
Best practice for internal control for UK listed companies, and assists them in applying the section of the UK corporate governance code that deals with internal control.
The FRC's guidance on board effectiveness published July 2018 relates primarily to leadership and effectiveness of the board. The institute of chartered secretaries and administrators developed guidance on the FRC's behalf and it deals with what topics:
Board leadership and company purchase
Division of responsibilities
composition succession and evaluation
Audit risk and internal control
In the USA a different approach is taken, companies with a listing on the stock exchange in the USA are required to comply with the requirements of what Act
Sarbanes Oxley Act 2002
The two key provisions of the Sarbanes Oxley act are in what sections?
302 and 404
What does Section 302 of the Sarbanes Oxley act do?
Mandates a set of internal procedures designed to ensure accurate financial disclosure.
What is Section 404 of the Sarbanes Oxley act?
Requires management and external auditor to report on the adequacy of the company's internal control over financial reporting.
The main legislation covering limited companies is...
The Companies Act 2006
Every registered company has the legal obligation to provide companies house with what two items annually.
An up to date confirmation statement (annual return), and in most cases, annual accounts including a directors statement
If a company is to issue shares to the public it must have at least what value of share capital?
Share capital of at least £50,000
The registration documents for companies house set out. what
-whether the company is a private or public company
-whether the liability of the members of the company is to be limited
-directors and officers and
-articles of association
Every company must deliver a confirmation statement how frequently ?
Once every 12 months.
For most companies, what three element will the annual accountsinclude...
-a balance sheet signed by a director
-a directors report signed by a director or the company secretary
All companies have to keep accounting records and all limited companies must send their accounts to. where
How long do both private companies and public companies each have to file their accounts with companies house?
Private companies have within nine months of the year end and public companies must file within six months.
The Companies Act 2006 requires all public companies have what officer?
A company secretary
The company secretary should maintain the statutory registers, these are...
-register of members (the shareholders)
-register of directors and secretaries
-register of director interests
-register of charges
-register of interests in shares (for public companies)
The first line of defence is?
Front line managers
The risk management department forms the what line of defence?
Second line of defence
What are the three lines of defence?
1. First line of defence includes - risk and control owners and business managers
2. Second line of defence includes - risk oversight, risk management, compliance, health and safety and security
3. Third line of defence includes - risk assurance, internal and external audit regulators
In regards to risk management controls, give some examples for the finance department:
-daily reconciliation between ledgers and bank accounts
-limited authorities for authorising accounts payable
-anti money laundering measures
In regards to risk management controls give examples for IT:
-back up records on a daily basis
-relocation contingency plans
-anti virus and intrusion software
-data security and quality management
What falls under the risk category, strategic risks?
Competitors, other market changes
What falls under the risk category, insurance and reserving?
Potential for the loss ratio to be higher that which was assumed, adequacy of pricing I.e premiums.
What falls under the risk category, investment/market?
Includes losses due to the reduction in value of investments or returns
What falls under the risk category, credit?
Risks relating to premium payments by clients and also for reinsurance recoveries.
What falls under the risk category, operational?
The risks include property damage to the insurers offices and equipment, fraud by employees, beach or regulatory rules, injury or illness to staff or visitors, IT interruptions or security failures.
What falls under the risk category, group?
Risks within this ceremony emerge when a firm is part of a wider group.
Give three examples of key risk indicators
-examples of fraud
-complaints by number, department and type
-property loss or damage, by location, type of loss and value
-Employee injury or illness by location, type of injury and estimated cost.
An important part of strategy and business planning is for the senior management to decide on the risks it wishes to seek. This is called...?
If a company says, we have no tolerance for claims that exceed 70% of premium, what risk type is this?
Insurance and reserving
If a company says, we have no tolerance for claims reserves to fall short of payments by more than 5%, this is an example of which type of risk?
Insurance and reserving
If a company says, we have a tolerance for credit losses up to 1% of premium income and up to 3% of reinsurance recoverable, this is what type of risk?
If a company says the following, what types of risk are these?
- we have zero tolerance for injuries to staff
- we have no tolerance for IT interruptions exceeding 30 minutes
- we have zero tolerance for theft by employees
- we have no tolerance for property damage exceeding £5,000 in costs
Other risk management standards include the ISO 31000 (and the associated ISO 31010 - risk identification techniques). This is an international standard that provides a framework, principles and a process for managing risk in organisations of ...
Good corporate governance requires that an organisation has an audit committee made of up NEDs,what are NEDS?
Non executive directors
The statutory external audit report must state clearly whether in the auditors opinion the annual accounts
- give a true and fair view, for a balance sheet at the end of the year, for the profit and loss account for the financial year, and in the case of group accounts of the state of affairs as the end of the financial year etc
- have been properly prepared in accordance with the relevant financial reporting framework and
What are 4 recommended guidelines to combatting insider dealing?
-limit the number of people who need to know about a deal to the minimum requirement and a requirement to justify adding people to the list of insiders/seniors level sign off.
-not passing information to individuals unless they are first clearly made aware of their responsibilities for handling sensitive information
-if members of staff are identified as needing to know some but not all of the deal information, then as far practical, limit their knowledge to only those parts that are necessary, rather than allowing them to access all information that is available.
-where appropriate, communicate to all other insiders when someone is removed from an insiders list.
Document submitted annually by all companies that contains a range of information about a company including registered address, business activities, directors
Confirmation statement/annual return
Comprise the regulations for the running of the company’s internal affairs and are known as?
Articles of association
Who keeps public records of companies registered in Great Britain has three statutory functions:
Incorporate and dissolve limited companies
Examine and store company information
Make this information available to the public
What must be provided to Companies House annually and contain :
Report and accounts
What are the key areas addressed by the FRC's Guidance on Audit Committees issued in 2018 which is intended to stimulate boards thinking on how they comply with Corporate Code of Governance?
Best practice on audit committee arrangements
Disagreement between audit committee and board resolved at level
Frank opening relationships required between executive management and internal and external auditors
Audit committee to be kept appropriately informed
Identify five roles of audit committee
Monitor integrity of financial statements
review internal financial controls
review and monitor internal audit function
review external auditor's independence and effective ness
report to board on improvements required
What guidance brings together the Financial Reporting Councils view on best practice in risk management?
Guidance on Risk Management, Internal Control and Business Reporting (formerly Turnbull) applies to all listed companies
Is compliance with the Corporate Governance Code a legal requirement
No it is part of the stock market listing rules. Companies have to state in their annual report whether they comply with the rules or explain why they do not - "Comply or explain"
Who dose the GDPR apply to?
Data controllers and processors
Identify seven types of sensitive personal data under GDPR
Ethnic or racial origin.
Religious beliefs or other beliefs of a similar nature.
Trade union membership.
Identify six data protection Principles under GDPR
Personal data must be:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept longer than necessary
Processed to ensure security
Identify eight data subject rights under GDPR?
The right to be informed.
The right of access.
The right to rectification.
The right to erasure.
The right to restrict processing.
The right to data portability.
The right to object.
Rights in relation to automated decision making and profiling
What are the main elements of the Data Protection Act 2018?
Implement and clarify GDPR
Clarify GDPR definitions
Ensure health, social care and education data can continue to be processed
Allow processing to continue where in public interest
Age for parental consent 13
What is a subject access request?
A requests from a data subject for a copy of the information held on them
Who is the data regulator?
Information Commissioners Office ICO