Corporate Governance, IC, ERM

Question 1

What is necessary to be an audit committee financial expert according to the criteria specified in the Sarbanes-Oxley Act of 2002

Answer 1

Experience with internal accounting controls

Question 2

5 components of COSO’s ERM framework

Answer 2

Manages uncertainty/risk tolerance {ESPRI}:

1. Governance and culture
2. Strategy and Objective setting
3. Performance
4. Review and Revision
5. Information, Communication, Reporting

Question 3

The proper sequence for monitoring IC?

Answer 3

1. ID, evaluate design effectiveness of company level controls
2. Examine financial reporting elements, ID assertions relevant
3. ID supporting process underlying the account
4. Risk assessment and ID key control objectives, testing design and operating effectiveness of key controls

Question 4

Which is the most useful risk when being prioritized?

Answer 4

Expected value (bc its compared with expected value of risks associated with alternative decisions)

Question 5

Duties of BOD

Answer 5

Fiduciary duty to:
Act loyally
Act with a duty of care
Act with due diligence

Question 6

How is a director NOT independent

Answer 6

• Recently employed/affiliate
• Former partner or EE of external auditor or family member was officer of entity (5 yrs for NYSE, 3 yrs for NASDAQ) or rec > 120,000 for any 12 month period within last 3 yrs

Question 7

Name the various committees

Answer 7

Audit, Compensation/Benefits, Nominating, Finance, Regulatory, Science

Question 8

What are the Institute of Internal Auditors (IIA) 3 components?

Answer 8

1. Definition of internal auditing
2. Code of ethics
3. Int’l Standrads for the Professional Practice of Internal Auditing (ISPPIA)

Question 9

Control Environment (COSO)

Answer 9

Foundation for all other components 
5 Principles:
1.  Integrity and ethical values
2. Independent BOD oversees IC 
3. Org structure aligned with company values
4. Competent employees
5. Enforce IC accountability

Question 10

Risk Assessment (COSO)

Answer 10

ID, evaluate, manage risk relevant to financial reporting
4 Principles:
1. Clear objectives that promote risk assessment and ID
2. Risks that are obstacles to objectives are analyzed and managed
3. Fraud considered in risk assessment
4. Assessment of potential changes that could affect IC

Question 11

Control Activities (COSO)

Answer 11

May be preventative or detective; controls fall into General, Application, Physical
3 Principles:
1. Appropriate activities for risk mitigation
2. General controls objective achievement
3. Clear set of policies and procedures for activities

Question 12

Information and Communication (COSO)

Answer 12

Communicate info in timely manner internal and external

1. Relevant and quality info used to support IC
2. Strong internal communication about objectives of IC
3. Strong external communication about IC functions

Question 13

Monitoring (COSO)

Answer 13

Evaluate whether 5 IC components are present and functioning
2 Principles:
1. Conducts ongoing evaluations of IC
2. Timely communication of deficiencies to TCWG

Question 14

Risk Strategy

Answer 14

How entity responds to risk to align with its risk appetite.
Avoidance- don’t engage
Reduction- Implement control to offset risk (buy insurance)
Sharing- establish a joint venture
Acceptance- assume all risk

Question 15

Corporate governance is defined as

Answer 15

the framework of rules and practices which ensures accountability, fairness, and appropriate disclosure in a corporation’s relationship with all its stakeholders. This framework consists of explicit and implicit contracts with owners, creditors, customers, employees, government, and the community

Question 16

For willfully defective certifications, executives can be fined up to

Answer 16

$5 million or 20 years in prison, or both

Question 17

Audit Committee typical functions

Answer 17

1. Oversee financial reporting process
2. Monitor choice of accounting policies/principles
3. Monitor IC process
4. Appoint, compensate oversee auditors
   * * Meets with int/ext auditors without mngmt present to discuss fin reporting, IC, sig comments, etc

Question 18

ERM Governance and Culture

Answer 18

1. Exercises Board risk oversight
2. Establishes operating structures
3. Defines desired culture
4. Demonstrates core values
5. Attracts capable individuals

Question 19

ERM Strategy and Objective Setting

Answer 19

1. Analyzes business context
2. Defines risk appetite
3. Evaluates alternative strategies
4. Formulates business objectives

Question 20

ERM Performance

Answer 20

1. Identifies risk
2. Assesses severity of risk
3. Prioritizes risk
4. Implements risk response
5. Develops portfolio view

Question 21

ERM Review and Revision

Answer 21

1. Assess substantial change
2. Review risks and performance
3. Pursues improvement in Enterprise Risk Management

Question 22

ERM Information, Communication, Reporting

Answer 22

1. Leverages information and technology
2. Communicates risk information
3. Reports on risk, culture, and performance

Question 23

The four categories of entity objectives in the ERM framework are…

Answer 23

Strategic – High-level goals aligned with and support of the entity’s mission
Operations – Effective and efficient use of the entity’s resources
Reporting – Reliability of reporting
Compliance – Compliance with applicable laws and regulations
** IC implementation NOT part of this

Question 24

Internal auditor who works in ERM performs each of the following activities…

Answer 24

1. Giving assurance that the risks of the organization are correctly evaluated
2. Evaluating the risk-management process
3. Coordinating ERM activities
   * does not set risk appetite or organization

Question 25

What are the 3 categories of objectives of COSO - IC Integrated Framework

Answer 25

1. Operations- efficiency, financial performance goals
2. Reporting- internal/external and financial/nonfinancial (reliability, timeliness)
3. Compliance- laws adhered to via strong IC