Flashcards in Corporate Governance and Internal Controls Deck (35):
Define the "SOX Clawback provision".
This provision allows firms to reclaim incentive and bonus payments to officers that turn out to have been made based on wrongdoing by those officers.
Pro forma financial statements must be reconciled with what?
They must also include comparable GAAP numbers.
List prohibitions observed by corporate insiders and outside auditors.
They must observe the following prohibitions:
Under the Sarbanes-Oxley Act of 2002, what are the requirements and responsibilities of Audit Committees?
1) All directors must be independent;
2) New role: select, compensate, fire outside auditor;
3) set up whistleblower procedures.
Describe the three levels of the corporate pyramid.
Bottom: shareholders (vote for directors);
Middle: directors (select officers and set broad policies);
Top: officers (run firm day-to-day).
Define "preventive controls."
"Before the fact" controls designed to stop an error or irregularity from occurring. Examples of preventive controls include locks on building and doors, password protected access to files, and segregation of duties.
Define "detective controls."
"After the fact" controls designed to detect an error after it has occurred (though preferably before the erroneous information is used to update the database or appears in reports). Examples of detective controls include data entry edits (field checks, limit tests) and reconciliation of batch control totals.
Define "corrective controls."
Paired with detective controls, they attempt to reverse the effects of the error or irregularity which has been detected. Examples of corrective controls include maintenance of backup files, disaster recovery plans, and insurance.
Define "application controls."
Controls over specific data input, data processing, and data output activities. Designed to ensure the accuracy, completeness, and validity of transaction processing. As such, application controls have a relatively narrow focus on those accounting applications that are involved with data entry, update, and reporting.
Define "general controls."
Controls over the environment as a whole. Apply to all functions, not just specific accounting applications. General controls help ensure that data integrity is maintained.
Define "feed-forward controls."
A process in which future results are projected based on current and past information and, if the future results are undesirable, the inputs to the system are changed to avoid the projected outcome. Many inventory ordering systems are essentially feed-forward controls: the system projects product sales over the relevant time period, identifies the current inventory level, and orders inventory sufficient to fulfill the sales demand.
Define "feedback controls."
A procedure in which the results of a process are evaluated and, if the results are undesirable, the process is adjusted to correct the results; most detective controls are also feedback controls.
Define "internal control."
A process, effected by the entity's Board of Directors, management, and other personnel, that is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
List the three elements that constitute "Mandatory" Guidance in the Institute of Internal Auditors' (IIA) International Professional Practices Framework.
1) Definition of Internal Auditing;
2) Code of Ethics;
3) International Standards.
List the three elements that constitute "Strongly Recommended" Guidance in the Institute of Internal Auditors' (IIA) International Professional Practices Framework.
1) Position papers;
2) Practice advisories;
3) Practice guides.
What is the Institute of Internal Auditors' (IIA) definition of internal auditing?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.
List the four principles of the Institute of Internal Auditors' (IIA) Code of Ethics (Framework for the 12 Rules of Conduct).
List the two basic categories of standards that comprise the International Standards for the Professional Practice of Internal Auditing.
1) Attribute Standards;
2) Performance Standards.
What are attribute standards?
These standards involve the characteristics ("attributes") of organizations and of the individuals performing internal audit services.
What is the purpose of "Interpretations" of the International Standards?
Interpretations clarify the terms/concepts within the Attribute and Performance Standards (Interpretations are an integral part of the International Standards).
Define implementation standards.
These standards differentiate the requirements specifically applicable to "assurance" activities and "consulting" activities within the Attribute Standards and the Performance Standards.
What is the distinction between "Assurance" and "Consulting" activities in internal auditing?
Assurance involves three parties (the process owner; the user; and the internal auditor), whereas consulting only involves two parties (the client and the internal auditor).
Define "Quality Assurance and Improvement Program (Standard 1300)".
(Attribute Standard #4) "The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity."
Define "Proficiency and Due Professional Care (Standard 1200)".
(Attribute Standard #3) "Engagements must be performed with proficiency and due professional care."
Define "Independence and Objectivity (Standard 1100)".
(Attribute Standard #2) "The internal audit activity must be independent, and internal auditors must be objective in performing their work."
Define "Purpose, Authority, and Responsibility (Standard 1000)".
(Attribute Standard #1) "The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval."
List the four primary themes of Attribute Standards.
1) Purpose, Authority, and Responsibility.
2) Independence and Objectivity.
3) Proficiency and Due Professional Care.
4) Quality Assurance and Improvement Program
List the seven primary themes of Performance Standards
(1) Managing the Internal Audit Activity;
(2) Nature of Work;
(3) Engagement Planning;
(4) Performing the Engagement;
(5) Communicating Results;
(6) Monitoring Progress; and
(7) Resolution of Senior Management's Acceptance of Risks.
Define "Managing the Internal Audit Activity (Standard 2000)".
(Performance Standard #1) "The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization."
Define "Nature of Work (Standard 2100)".
(Performance Standard #2) "The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes, using a systematic and disciplined approach."
Define "Engagement Planning (Standard 2200)".
(Performance Standard #3) "Internal auditors must develop and document a plan for each engagement, including the engagement's objectives, scope, timing, and resource allocations."
Define "Performing the Engagement (Standard 2300)".
(Performance Standard #4) "Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement's objectives."
Define "Communicating Results (Standard 2400)".
(Performance Standard #5) "Internal auditors must communicate the results of engagements."
Define the "Monitoring Progress (Standard 2500)".
(Performance Standard #6) "The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management."