Corporate Governance, Internal Control & Enterprise Risk Management

Question 1

audit committee

Answer 1

are members of board of directors

independent

Question 2

inherit limitations

Answer 2

COCO

collusion (2 or more ppl conspire to circumvent control)
override by mgmt
cost/benefit restraint
obsolescence

Question 3

Dodd frank act (Wall Street Reform and Consumer Protection Act of 2010)

Answer 3

dodd frank was passed to promote fin. stability in U.S.

improve accountability and transaparency of fin. systems

end "too big to fail"
end bailouts (GM, citigroup, chrysler)

protect consumers from abusive fin. serv. practices

Question 4

The Enterprise Risk Management–Integrating with Strategy and Performance Framework

Answer 4

risk-based approach designed to help management evaluate the interrelated impacts of decisions and deal with multiple risks.

It is separate from and additional to the COSO internal control framework and is a process effected by an entity’s board of directors, management, and other personnel

Question 5

Codes of conduct

Answer 5

1. must be comprehensive,
2. must be periodically acknowledged,
3. must communicate what constitutes both proper and improper behavior,
4. must provide courses of action in the event of improper behavior,
5. should be acknowledged by employees periodically

Question 6

Consumer Financial Protection Bureau (CFPB)

Answer 6

budget is financed by Fed
financed by Fed reserve
housed within fed but operates independently
oversees most federal consumer financial protection issues (fair lending from credit cards, mortgage)

Question 7

who is required to register w the SEC

Answer 7

hedge fund with over $150mill in assets

private equity funds with over $150 mill in assets

Question 8

except to register with SEC

Answer 8

family offices

venture capital firms

Question 9

cpa that destroys documents to impede investigation can be

Answer 9

Fined and/or imprisoned not more than 20 years

Question 10

primary factor in measuring risk exposure is

Answer 10

expected value

risks are prioritized in terms of their likelihood of occurrence and their expected impact on the company. The expected value of the risk is considered important because it will be compared to the expected values of risks associated with alternative decisions in order to determine risk priority.

Question 11

order of monitoring of internal control

Answer 11

1. control baseline: understand of how IC was designed and implemented
2. identify the need to make changes
3. manage the changes
4. revalidate or update the baseline

Question 12

Revised Model Business Corporation Act requires articles of incorporation to contain a corporation’s name and the nature and purpose purpose of a corporation’s business

Answer 12

corporate name,
number of authorized shares,
name and address for the registered agent
name and address of each incorporator
nature and purpose purpose of a corporation’s business

Question 13

internal control

Answer 13

CRIME

control activities
risk assessment
information and communication
monitoring
control Environment

Question 14

control activities

Answer 14

1. selects and develops control activities
2. selects and develops general control over technology
3. deploys through policies and procedures

Question 15

risk assessment

Answer 15

1. specifies suitable objectives
2. identifies and analyzes risk
3. assesses fraud risk
4. ID and analyzes significant change

Question 16

information and communication

Answer 16

1. use relevant information
2. communicates internally
3. communicates externally

Question 17

monitoring

Answer 17

1. conducts ongoing and or separate evaluations
2. evaluates and communicates deficiencies

ensures that internal control continues to operate effectively by evaluating its effectiveness on an ongoing basis, using separate evaluations, or both to identify when it is not

Question 18

control environment

Answer 18

1. demonstrates commitment to integrity and ethical values
2. exercise oversight responsibilities
3. est. structure, authority and responsibilities
4. demonstrate commitment to competence
5. enforces accountability

Question 19

control environment

Answer 19

CHOPPER

C-ommitment to competence
H-uman resource policies and practices
O-rganizational structure
P-articipation of those charged w governance
P-hilosophy of management and mgt operating style
E-thical values and integrity
R-esponsibility assignment

Question 20

control activities

Answer 20

PIPS

performance reviews (actual v. budget, financial to nonfinancial)
information processing
physical control
segregation of duties (ARCCS)

Question 21

ARCC

Answer 21

authorization
record
custody
comparions (reconciliation)

Question 22

The 3 principles associated with the control activities component of internal control

Answer 22

1. Selection and development of control activities contribute to reducing risks to the achievement of the entity’s objectives
2. general controls over technology are developed to support the achievement of the entity’s objectives
3. policies identify expectations and procedures convert policies into actions.

Question 23

Objectives may be divided into three categories,

Answer 23

(1) operations objectives,
(2) reporting objectives, or
(3) compliance objectives.

Question 24

insolvent

Answer 24

liabilities exceed assets

Question 25

audit committee financial expert should have knowledge of

Answer 25

GAAP, financial statements, and have experience with internal accounting controls

Question 26

how to dissolve a corp

Answer 26

Revised Model Business Corporation Act requires a recommendation from the board of directors and subsequent approval of a majority of voting shareholders to voluntarily dissolve a corporation

Question 27

who must make special certification statements regarding the establishment of internal control systems on Form 10-K

Answer 27

Both the principal executive officer and the principal financial officer

Question 28

Control activities

Answer 28

are the actions established by policies and procedures that help ensure that management’s directives are carried out

Question 29

Monitoring activities

Answer 29

are processes the entity uses to determine if all components of internal control are in place and are functioning as intended

Question 30

Information and communication

Answer 30

refer to the processes by which management obtains or generates and uses information and how it is disseminated through the entity

Question 31

Risk assessment

Answer 31

refers to an entity’s recognition of the fact that events may occur that pose risks to the achievement of the entity’s objectives and the process that is established to identify and evaluate those risks.

Question 32

greatest impact on management’s ability to make effective decisions

Answer 32

relevance

Relevance implies that the information is accurate, timely and useful for decision-making purposes.

Question 33

Exception orientation

Answer 33

is the reporting of unusual items or events

Question 34

inherit risk v. residual risk

Answer 34

Inherent risk exists because one engages in an activity; it may be mitigated with various safeguards.

Residual risk is the risk that remains after safeguards are employed

Question 35

if one takes action to reduce risk,

Answer 35

then the portion reduced is no longer a residual risk

Question 36

if theres no safeguard to reduce risk

Answer 36

then inherit risk equals residual risk

Question 37

Publicly-traded companies have to disclose purchases of conflict minerals that ultimately came from the Democratic Republic of Congo

Answer 37

If they are substantial users of conflict minerals

Title XV of Dodd frank act - miscellaneous provision

Question 38

4 categories of entity objectives in the enterprise risk management (ERM) framework are:

Answer 38

1. strategic, referring to high-level goals, supporting and aligned with the entity’s mission
2. operations, referring to efficient and effective use of the entity’s resources
3. reporting, referring to reliable reporting
4. compliance, which refers to compliance with applicable laws and regulations.

Question 39

An effective FRMP

Answer 39

1. initiates a visible and rigorous fraud governance process,
2. entails a thorough periodic fraud risk assessment, and
3. responds quickly to fraud allegations.

Question 40

bylaws

Answer 40

establish a corporation’s internal rules and procedures for corporate governance. Bylaws take effect after the corporation is created (through articles of incorporation) and generally have a larger impact on day-to-day operations.

Question 41

The Volcker rule

Answer 41

1. is named after a Federal Reserve chairman first appointed by Jimmy Carter.
2. limits banking entities’ ability to engage in proprietary trading
3. limits banking entities’ ownership of hedge funds and private equity funds

Question 42

The COSO framework outlines four responses to risk:

Answer 42

1. risk avoidance, (not doing activity at all to avoid risk)
2. risk sharing, ( buy insurance to share risk)
3. risk acceptance (take not action and accepting risk)
4. risk reduction (doing something to reduce risk)

Question 43

sifi

Answer 43

1. they are systemically-important financial institutions
2. required to engage in additional disclosures and risk-management practices (living wills and stress tests)
3. identified by the Financial Stability Oversight Council (FSOC)
4. The reference value for SIFIs is $50 billion

Question 44

title IX of dodd frank act

Answer 44

Title IX of the Dodd-Frank Act gives authorizes stockholders to vote to approve executive compensation every 3 years and to vote every 6 years to determine if voting to approve compensation every 3 years is frequent enough. It also authorizes them to vote to disapprove a “golden parachute” arrangement, although the vote is not binding

Question 45

clawback provision of dodd frank act

Answer 45

Require executives to return some compensation if their companies undergo accounting restatements due to either unintentional mistakes or fraud

Question 46

BOD

Answer 46

responsible for appointing the external auditor and has the authority to terminate the firm as well

can declare dividends.

Directors are appointed by the stockholders, who would also have the authority to remove a director.

Question 47

CFO or CEO misrepresents the company’s finances may be penalized by being

Answer 47

imprisoned and fined

The penalties could range from $1 million and 10 years to $5 million and 20 years in prison

Question 48

whistle blower bounty program

Answer 48

can get monetary incentive for whistle blowing

to receive 10-30% of proceeds over $1mill

Question 49

TARP

Answer 49

troubled asset relief program

Question 50

ACFE

Answer 50

association of certified fraud examiners

Question 51

who usually uncovers fraud?

Answer 51

40% by whistle blower and tips
15% by mgmt and internal auditors
4% by external auditors

Question 52

audit committee’s role includes to

Answer 52

(1) consider the risk of management override of controls;
(2) monitor fraud risks throughout the entity (using internal auditor or other personnel);
(3) meets privately with appropriate individuals (e.g., internal auditor, external auditors);
(4) consider reputation risk when reviewing work of management, internal auditors, and external auditors;
(5) remain cognizant of the external auditor’s responsibilities pertaining to fraud; and
(6) seek counsel when responding to allegations of fraud.

Question 53

fraud losses

Answer 53

estimated 5% of revenue
(140k) duration of 18 months
highest impact on small entity

Question 54

fraud risk management program (FRMP)

Answer 54

1. establish governance policies
2. conduct comprehensive risk assessment
3. plan and execute preventative and detective control processes
4. perform timely and confidential investigations
5. monitor and assess program, periodically on and ongoing basis. or both. reporting results and improving the processes

Question 55

parties who manage fraud risk

Answer 55

1. those charged w governance (audit committee)
2. BOD
3. mgmt ( ceo, cfo coo)
4. internal auditors
5. employees

Question 56

business processes

Answer 56

1. initiation
2. authorization
3. execution
4. verification

Question 57

enterprise risk management (ERM)

in 2017 updated it and calls it enterprise risk management - integrating with strategy and performance

Answer 57

to strategically ID events that may affect the entity and to manage those risk in accordance with the entity’s risk appetite, to provide reasonable assurance of achieving the entity’s objective

Question 58

ERM framework has 5 components (COPe RR)

Answer 58

COPe RR

Culture and governance
Objective setting and strategy
Performance

Review and revision
Reporting, information, and communication

Question 59

Culture and governance

Answer 59

1. exercise board risk oversight
2. est. operating structures
3. define desired culture
4. demonstrate commitment to core values
5. attracts, develops, and retain capable ind.

Question 60

Objective setting and strategy

Answer 60

6. analyze business context
7. define risk appetite
8. evalutates alt. strategies
9. formulates business obj.

Question 61

performance

Answer 61

10. ID risk
11. assess severities of risk
12. prioritizes risk
13. implements risk response
14. develop portfolio view

Question 62

review and revision

Answer 62

15. assess substantial change
16. reviews risk and performance
17. pursues improvement in ERM

Question 63

reporting, info and communcation

Answer 63

18. leverage information systems
19. communicate risk information
20. reports on risk, culture, and performance

Question 64

inherit limitations of ERM

Answer 64

1. future cant be predicted w certainty
2. some events beyond mgmt control, may not be able to pursue all objectives to the extent desired
3. no system process, no matter how well designed, will always accomplish what its intended to accomplish (no absolute assurance)

Question 65

ERM provide reasonable assurance not absolute because

Answer 65

1. decisions made depend on human judgement, which is not perfect
2. system an suffer breakdowns due to change s in personnel, technology or failure
3. collusions (segr. of duties ignored)
4. cost vs benefits
5. mgmt overide