COSO and ERM framework Flashcards Preview

Undeleted > COSO and ERM framework > Flashcards

Flashcards in COSO and ERM framework Deck (58)
Loading flashcards...
1
Q

3 areas SOX addresses

A
  1. C-orporate responsibility
  2. E-nhanced Financial Disclosures
  3. F-raud
2
Q

What is the primary roles of the audit committee?

A
  1. Report-Auditor reports directly to the audit committee

2. Resolving disputes

3
Q

Assertions made by CEO CFO signing F/S’s

A
4. R-esponsibility assumed for controls
                               -
6. C-hanges significant
7.  R-eviewed Report
3. O-missions- none
2. U-ntrue statements none
5. D-isclosures to auditor's and audit committee
3. S-tandingF/S fairly represent financial of company
4
Q

Enhanced Financial Disclosures

A
  1. R-eports(Periodic)-disclosures
  2. C-onflict of interest provisions-Disclosures
  3. T-ransactions involving Management and principal Stocholders Disclosures
  4. I-nternal Control assessment by management
  5. I-nvestment Companies are exempt
  6. C-ode of Ethics for Senior Officers disclosure
  7. A-udit Committee Financial Expert disclosure
  8. S-EC enhanced review of periodic disclosures by issuer
5
Q

Code of ethics standards promote?

A
  1. Honest and Ethical conduct
  2. Full, Fair, Accurate, and timely disclosures(periodic F/S)
  3. Compliance with laws, rules, and regulations
6
Q

Knowledge of the Financial Expert should include

A
  1. UNDERSTANDING of audit committee functions
    -
  2. P-reparation experience or auditing of F/S for comparable issuers
  3. U-nderstanding of GAAP
  4. G-AAP application
  5. E-xperience with Internal Controls
7
Q

What is COSO?

A

COSO (Treadway Commission) : an independent private sector initiative, was initially established in the mid-1980s to study the factors that lead to fraudulent financial reporting. The private “ Sponsoring organizations” include the 5 major financial associations in the US.

8
Q

What is the COSO Framework?

A

Widely regarded as an appropriate and comprehensive basis to document the assessment of IC over financial reporting.

9
Q

What is the definition of IC?

A

Process-effected by those charged with governance, management, and other personnel-designed to provide reasonable assurance about the achievement of the entity’s objectives. Objectives represent what an entity strives to achieve.

10
Q

3 categories of an entities objectives

A
  1. R-eliability of financial reporting
  2. E-ffectiveness and efficiency of operations
  3. C-ompliance with applicable laws and regulations
11
Q

5 Components of COSO

A
  1. C-ontrol environment
  2. R-isk Assessment
  3. I-nformation and Communication Systems
  4. M-onitoring
  5. E-xisting Control Activities
12
Q

Control Environment definition

A

The overall tone of the organization

13
Q

Risk Assessment definition

A

Management’s identification of risk

14
Q

Information and Communication Systems definition

A

A means of recording transactions and communicating responsibilities

15
Q

Monitoring Definition

A

Assessment of internal control performance over time

16
Q

Existing Control Activities definition

A

Control policies and procedures

17
Q

Control Environment 7 principles

A
  1. P-hilosophy and operating style of management
  2. H-uman Resources
  3. R- eporting Competencies(Financial)
  4. A-uthority and Responsibility
  5. S- tructure of the organization
  6. E-thical values and integrity
  7. D-irectors(Board)
18
Q

Philosophy and operating style of management definition

A

The shared belief and attitudes of management that impact the entire organization are defined by the risk management philosophy

19
Q

Human resources attributes

A

The commitment to hiring the most qualified people will influence the internal environment. Minimum educational and experience requirements, background checks, and the like demonstrate the commitment and promote individual and corporate accountability.

20
Q

Reporting Competencies attributes(Risk Appetite)

A

The amount of risk an organization will accept in the pursuit of value is defined by risk appetite. Factors heavily into balancing strategy with return

21
Q

A-uthority and Responsibility attributes

A

The degree to which individuals are given appropriate authority to handle their responsibilities and the degree to which they are held accountable influences the internal environment

22
Q

Structure of the organization

A

The organizational structure should support the entity’s enterprise risk management system

23
Q

Directors(Board) attributes

A

The degree of involvement and appropriate oversight provided by the board of directors establishes an organization-wide tone that recognizes authority and accountability

24
Q

Risk assessment attributes

A
  1. GAAP accordance
  2. Financial Reporting Objectives
  3. F/S reporting risks
  4. Fraud Risk
25
Q

Information and Communication attributes

A

Definition: Identify, capture, process, and distribute information supporting the accomplishment of financial reporting objectives.

Attributes

  1. Financial Reporting:Current, accurate, timely
  2. IC Information: IC designed to capture compliance data and trigger responses where appropriate
  3. Internal Communication: communication with personnel and outside the normal chain of command
  4. External Communication: Open communication with everyone involved with the organization
26
Q

Monitoring Attributes

A

Definition: Provides an assessment of the performance of the system of IC over time.

Attributes:

  1. Ongoing/Separate Evaluations and Reporting Evaluations (Scope and frequency of evaluations varies based on the significance of the risk b being controlled
  2. Metrics, Self-assessments, Computer network testing, internal auditing,
  3. Reporting deficiencies in IC report to appropriate leadership in a timely manner
27
Q

Existing Control Activities attributes

A

Definition: Generally represent the policies and procedures used to implement IC

Attributes:

  1. Designed to mitigate risk
  2. Selection and development
  3. policies and procedures
  4. IT
28
Q

ERM Definition

A

Enterprise Risk Management assists organizations in developing a comprehensive response to risk management. Intent of ERM is to allow management to effectively deal with uncertainty, evaluate risk acceptance, and build value. Value is maximized when strategy balances risks and returns as well as efficiency and effectiveness in accomplishing objectives

29
Q

ERM has the following themes

A
  1. Aligning Risk Appetite and Strategy
  2. Enhancing Risk Response Decisions
  3. Reducing Operational Surprises and Losses
  4. Identifying and Managing Multiple and Cross-Enterprise risks
  5. Seizing Opportunities
  6. Improving Deployment of Capital
30
Q

ERM defines enterprise objectives in 4 categories(S-etting Objectives in ERM)

A
  1. S-trategic
  2. O-perations
  3. R-eporting
  4. C-ompliance
31
Q

ERM Components in order

A
  1. I-nternal environment
  2. S-etting objectives
  3. E-vent objectives
  4. A- ssessment of risk
  5. R-isk response
  6. A-ctivities(Control)
  7. I-nformation and Communication
  8. M- onitoring
32
Q

ERM- Internal Environment elements

A
  1. P-hilosophy of risk management
  2. H-uman resources standards
  3. R-isk appetite and response
  4. A-uthority and responsibility
  5. S-tructure(organizational)
  6. E-thical values(Integrity)
  7. D-irectors
  8. C-ommitment to competence
33
Q

E-thical values and integrity definition

A

Adoption and demonstration of high ethical values by leadership will shape the internal environment

34
Q

C-ommiment to Competence

A

Management’s specification of required competency levels for each job function establishes the organization-wide expectation of individual and thus corporate competence.

35
Q

S-trategic objectives defined

A

The broad, mission-driven objectives of an organization are its strategic objectives. Remain the same year after year while the related objectives and the selected objectives are more dynamic

36
Q

O-perations objectives defined

A

Includes efficiency, effectiveness, and profitability objectives that are subject to management discretion or style.

37
Q

R-eporting Objectives Defined

A

External and Internal objectives associated with timeliness and accuracy are associated with both financial and non-financial data

38
Q

C-ompliance objectives defined

A

Includes adherence to the laws, rules, and regulations associated with operations, including tax and financial reporting compliance, workplace safety, environment regulations, and other laws.

39
Q

E-vent Identification defined

A

Events both negative(Risks) and positive(opportunities) should be identified. An internal or external occurrence that impacts strategy or the achievement of objectives. Categories include SWOT

Techniques

  1. Event Inventories
  2. Internal Analysis
  3. Escalation or Threshold triggers
40
Q

A-ssessment of Risk

A

Risks are analyzed in relation to their likelihood and their severity and the anticipated risks that continue even after management has taken action. Supported by Inherent and residual risks, likelihood of impact, data sources, and event relationships.

41
Q

Inherent risks

A

The risk to an organization that exists if management takes NO action to change the likelihood or impact of an adverse event.

42
Q

Residual Risks

A

The risk to an organization that exists AFTER management takes action to mitigate the adverse impact of the event.

43
Q

Data Sources

A

Generally drawn from past experiences with similar events.

44
Q

Benchmarking

A

Use of common data from organizations with similar characteristics.

45
Q

Probabilistic Models

A

Use of a range of events and impacts WITH likelihood estimated using assumptions.

46
Q

Non-probabilistic Models

A

Use of subjective assumptions to estimate event impact WITHOUT estimating
likelihood

47
Q

R-isk Response

A

Management’s response to risk must align with the organization’s overall risk appetite. Supported by the following key elements of risk avoidance, risk reduction, risk sharing, risk acceptance.

48
Q

Risk Avoidance

A

Management may elect to avoid or terminate risk.

49
Q

Risk Reduction

A

Management may elect to reduce or mitigate risk.

50
Q

Risk Sharing

A

Management may reduce risk by transferring risk

51
Q

Risk Acceptance

A

The company may take no action

52
Q

A-ctivities control(E in CRIME)

A

The policies and procedures used to effect management’s response to risk.

53
Q

I-nformation and Communication(I in CRIME)

A

Includes the identification, capture, and communication of information throughout the organization in an effective manner.

54
Q

M-onitoring(M in CRIME)

A

Used to manage risk

55
Q

Ongoing Monitoring activities

A

Operating or functional support managers provide ongoing monitoring activity to verify the effective operation of controls.

56
Q

Separate evaluations

A

A fresh look at the effectiveness of IC can be highly valuable. Internal audit staff or Ad Hoc can conduct the evaluation.

57
Q

Change Control Process

A

Consider the manner in which management monitors and authorizes changes to a variety of IT matters including software application programs, system software, database administration, networks and security, and job scheduling.

58
Q

Total Production Ratios(TPR)

A

The value of all output relative to the value of all input.