Corporate Governance

Question 1

What is the primary duty of the board of directors?

Answer 1

To monitor management behavior.

Question 2

What is the responsibility of the Nominating or Corporate Governance Committee of the board of directors?

Answer 2

Oversees the board

Responsible for hiring new CEO

Question 3

What is the responsibility of the audit committee of the board of directors?

Answer 3

The audit committee appoints and oversees the external auditor.

Question 4

What is the duty of the compensation committee of the board of directors?

Answer 4

The compensation committee handles the CEO’s compensation package.

Question 5

What does the NYSE and NASDAQ require of the board of directors?

Answer 5

They require the board to be independent.

Question 6

What is the main goal in an executive compensation package?

Answer 6

The package should ensure that the goals of management should match those of the shareholders.

Question 7

How can an executive compensation package ensure that goals of management align with those of shareholders?

Answer 7

Executive compensation should create an incentive for management to govern in a shareholder-friendly way that doesn’t sacrifice the long-term success of the enterprise for short-term gain.

Question 8

Which influences help mold the direction that management takes?

Answer 8

They range from internal (Board of Directors- Audit Committee- Internal Control) to external (Creditors- SEC- IRS)

These influences should not be tainted by undue influence from management or have financial ties to management such as compensation-related duties

Question 9

What is shirking?

Answer 9

When management doesn’t act in the best interest of shareholders.

It can be alleviated by tying compensation to stock performance or company profit.

Question 10

What requirements are imposed on a public company under Sarbanes-Oxley?

Answer 10

Management must submit a report on the effectiveness of Internal Control in the 10K.

Management must disclose significant Internal Control deficiencies.

CEO/CFO must certify that the financial statements comply with securities laws and fairly present the financial condition of the company.

Question 11

What characteristics are promoted by the COSO framework on Internal Control?

Answer 11

Reliable financial reporting

Effective and efficient operations

Compliance

Question 12

What are the elements of the control environment? I/C - COSO……EBOCA

Answer 12

• Ethics & Integrity
• Board of Directors & Audit Committee - independence and oversight of board of director for development and maintenance of I/C
• Organizational Structure - reporting lines, authorities, and responsibilities
• Competence - hire, develop, retain competent employees
• Accountability for I/C responsabilities

Question 13

What are control activities?

Answer 13

A component of Internal Control that includes actions being taken to promote the control environment.
Policies and procedures : can be preventive, detective. Segregation of duties

1) select and develop control activities to mitigate risks to acceptable lvl
2) select and develop IT controls - general control activities to support achieving goals
3) policies and procedures

Question 14

What are the basic elements of Internal Control? COSO I/C CRIME

Answer 14

Control Environment
Risk Assessment
Information and Communication
Monitoring
Existing Control Activities

Question 15

What is the significance of the Information and Communication aspect of Internal Control?

Answer 15

Management must have access to relevant and timely information to make good decisions. - timely and useful

1) Obtain and use info - relevant, high quality info to support functioning of IC
2) Internally communicate info - internal auditors, audit committee, mgmnt
3) external parties - CPA firm, external auditors, ect

Question 16

How does Monitoring affect Internal Control?

Answer 16

Internal Control activities must be constantly monitored and evaluated for effectiveness.

1) Ongoing and/or separate evaluations - to know if controls are present and functioning
2) Communications of deficiencies in timely manner to parties to take corrective actions

Question 17

What activities does the COSO framework for enterprise risk management include?

Answer 17

Identifies Risk Factors
Promotes Risk Response Decisions
Compares Management Risk vs. Shareholder Goals
Aids in evaluating opportunities
Promotes Quicker Capital movement

Does NOT eliminate all risk

Question 18

What are possible responses to risk under the COSO framework for enterprise risk management?

Answer 18

Avoid or Reduce

Share or Accept

Question 19

COSO - I/C - Risk Assessment

Answer 19

Identify and analyse risks to achieve objectives

a) specify/create objectives that allow for identification and assessment of risks related to objectives
b) identify and analyze risks - to determine how risks should be managed
c) consider potential for fraud in assessing risks
d) identify and assess changes that could impact the system of I/C

Question 20

COSO - committee on sponsoring organizations

Answer 20

Study factors that lead to fraudulent financial reporting

COSO - IC - framework: assist org in developing comprehensive assessment of I/C effectiveness

17 principles within 5 components (CRIME)

Question 21

Who uses COSO - I/C - framework

Answer 21

Management and board of directors to obtain understanding of what constitutes an effective I/C system and to provide insight when it is being properly applied.
Framework provides confidence to external stakeholders that org has a I/C system in place to achieve its objectives

Question 22

Internal Control Definition and objectives (ORC)

Answer 22

Process designed and implemented by org’s mgment, board of director, and other employees to provide reasonable assurance that org will achieve its compliance, operating, and reporting objectives.

Question 23

COSO - I/C - objectives (ORC)

Answer 23

• operations obj : effective and efficient entity operations; financial and ops performance goals; assets safeguard from potential loss
• reporting obj : reliability, timeliness, and transparency of org’s external and internal financial and non-financial reporting as established by regulators, standard setters, or firm internal policies
• compliance obj: adhering to all applicable laws and regulations

Question 24

Effective I/C and limitations

Answer 24

17 principles and 5 components are both present (included in design and implementation of I/C system) and Functioning (operating as designed)
All 5 components work together as integrated system to reduce risks to acceptable lvl that org will not achieve its objectives.

Limitations : it does not prevent bad decisions or eliminate all external event that prevent org to achieve its goals. there are inherent limitations that may exist in effective I/C system. Human errors, biased judgement, events beyond org’s control, mgment override

Question 25

Ineffective I/C - COSO

Answer 25

• Major deficiencies - material I/C deficiencies that reduce likelihood that org can achieve its objectives

When major deficiency exists and its related to a principle or component - org CANNT conclude that it meets req for effective I/C system under COSO

Question 26

Enterprise Risk Management - ERM

Answer 26

Risks: possibility that an event will occur and adversely affect the achievement of objectives.

COSO - ERM framework assist orgs in developing comprehensive response to risk mgment

All entity face risks and mgment must determine how much uncertainty to accept as it strives to max shareholder value

Value maximized when strategy balances risks and returns; efficiency and effectiveness in accomplishing objectives.

Question 27

ERM definition

Answer 27

designed to identify potential events that may affect an entity, and manage risk to be within risk appetite (risk willing to assume), to provide reasonable assurance regarding achievement of its objectives

Question 28

ERM framework encompasse following themes

Answer 28

• Align risk appetite and strategy: willigness to bear risk, type of risk, mechanism to manage risk
• Enhance risk response decisions
• Reduce ops surprises and losses - early event ID and establishing reponses
• Identify and manage multiple and cross-enterprise risks : risk within org and across industry
• Seizing opportunities by knowing org’s strength and weakness and use them to max profitable opportunities
• Improve deployment of capital - capital investment and lvl of risks for given investment

Question 29

ERM objectives : 4 (SORC)

Answer 29

• Strategic: high lvl goals to achieve mission - Shareholder value max
• Operations: achieve obj thru effective and efficient use of resources
• Reporting: achieve reliable and consistent reporting
• Compliance: ensure compliance w laws and regs

Question 30

ERM - components [ IS EAR AIM ]

broader in scope - beyond financial and reporting objs

Answer 30

Internal environment
Setting objectives

Event identification
Assessment of risk
Risk response

Activities control
Information and communications
Monitoring

Question 31

ERM - IS EAR AIM

Internal Environment - tone at the top EBOCA+HR - 8 elements

Answer 31

a) Ethical values and integrity : adoption and demonstration of ethical values by mgment
b) Board oversight: tone that recognize their authority and promote accountability of management
c) Org structure : support ERM system
d) Competence: lvl for each job function; establishes expectation of individuals
e) Accountability: ppl given appropriate authority to handle responsibilities and held accountable influences the internal environment.
f) Risk management philosophy: beliefs and attitude of mgment; aggressive or conservative thinking
g) HR standards : hiring most qualified will influence internal environment; background checks, work experience, etc
h) Risk appetite: willingness to accept and bear risks in pursuit of value max

Question 32

ERM - IS EAR AIM

Objective Setting - set objectives and then identify events that may prevent achieving objectives

Answer 32

a) Strategic objectives: broad, mission-driven, established for longer corporate time frame. Build shareholder value
b) Related objectives: support strategic objectives; help identify critical success factors. 3 categories: operations (profit); reporting (external and internal related to financial and nonfinancial data timely and accurate); compliance: to laws, reg, associated w operations, financial reporting, workplace safety, environment, ect
c) Selected obj: and implemented must support mission and align w risk appetite
d) Risk appetite: balance of risk to achieve return and growth. Risk benchmark for strategy setting bcoz it impacts strategy and resources
e) Risk tolerance: risk willing to bear/ accepted lvl relative to achieve objectives

Question 33

ERM - IS EAR AIM

Event Identification: both negative risk and positive opportunities should be identified.

Answer 33

a) Events: internal and external occurrence that may or may not impact strategy or achievement of objectives. uncertainty along w potential severity/benefit drives risk assessment and response
b) Influencing factors: occurrences can come from anywhere; external: economic/recession; natural/storm; social/changes in society. Internal: technological choices, personnel, ect

c) Event ID techniques:
1) Event inventory: list events commons in a industry
2) Internal analysis: performed by internal staff, part of planning
3) Escalation or Threshold triggers: comparison of activities to predefined/budgeted/variations from standard may trigger identification of event

d) Event interdependencies - ex change in interest rate may impact exchange rate and affect supply/demand

e) Event categories:
1) External/ harder to control: economic, natural environment, political, social, technological.
2) Internal/some control: infrastructure, personnel, process, technology

f) Distinguishing Risks and Opportunities: negative event/risk prevent achieve objectives; positive event/opportunity that promote achieve of objs.

Question 34

ERM - IS EAR AIM

Risk Assessment : likelihood and severity and risk that continue after mgment taken actions

Answer 34

a) Inherent risk: exist if management takes no action to change impact of event and Residual Risk: exist after mgment takes action to mitigate risk
b) Establishing likelihood and impact: probability that it will occur; impact/consequence/severity of its occurrence; use same time horizon as strategic plans
c) Data sources : from past experiences w similar events; data trends, historical industry info, ect

d) Assessment technique:
1) Benchmarking - data from similar orgs
2) Probabilistic models: stats, historical data, ect
3) Non-probabilistic models: opinions/subjectives outcomes of lawsuites

e) Event relationship: individuals events related or unrelated.