Exam 1 Study Guide Flashcards
(67 cards)
1
Q
COSO
A
Top: Operations Financial Reporting Compliance Side: Monitoring Information and Communication Control Activities Risk Assessment Control Environment
2
Q
Monitoring
A
internal auditors
3
Q
information & Communication
A
ERP system, policies and procedures that tell employees how to act
4
Q
control activities
A
putting in place activities that prevent fraud
5
Q
risk assessment
A
Entity Level Objectives - organizational view
Activity Level Objectives - activity view
Risks- make assertions, likelihood, impact
Controls - activities that prevent fraud
6
Q
system
A
a network of parts that work together to make something
7
Q
information system
A
converts data into information
8
Q
batch processing
A
.requires that all similar transactions are grouped together for a specified time, and then this group of transactions is processed as a batch
9
Q
Real Time/OL
A
the transaction is processed immediately
10
Q
data levels
A
bit, byte, field, file/tables, relational
11
Q
management information system
A
provides info that tells how the managers are doing
12
Q
accounting information system
A
comprises the processes, procedures, and systems that capture accounting data from business processes; record the accounting data in the appropriate records; process the detailed accounting data by classifying, summarizing, and consolidating; and report the summarized accounting data to internal and external users
13
Q
COSO
A
Committee of Sponsoring Organizations
14
Q
COBIT
A
.Control Objectives for Information and related Technology
15
Q
ERM
A
Enterprise risk management, includes methods to manage risk
16
Q
AIS Flow
A
Source Documents Journals: special, general Ledgers: sub, GL Closing Reporting
17
Q
Audit Trail
A
source document, involves numbering of documents and authorization
18
Q
Control Environment
A
tone of the organization, code of ethics elements: integrity and ethical values Corp governance Management Philosophy Org Structure Assignment of Authority HR Policy and Practices
19
Q
corporate governance
A
an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process
20
Q
Audit Commitee
A
structures: component of the board that is independent of the company, not paid by the organization
roles: hires external/internal auditors and oversees audit activity
21
Q
Code of Ethics
A
SOX requires that all public companies have a code of ethics stated
22
Q
Whistleblowing
A
Dodd Frank,
SOX 806: made a way for whistleblowers to tell on their companies
23
Q
Risk Prevention what can we do
A
Have Stewardship(safeguarding of assets)
Provide fair and transparent and full reporting and disclosure
Design and implement internal controls
Enforce a code of Ethics
24
Q
Types of fraud
A
misstatement
misappropriation
25
misstatement
manipulation of records
26
collusion
two people working together to commit fraud
27
misappropriation
taking assets
28
fraud triangle
Incentive Opportunity and rationalization
29
categories of fraud
management - override
employee - taking assets
customer - returning stolen goods
vendor - shipping, getting paid more than earned
30
Examples of fraudulent financial reporting
```
smooth earnings - saving earnings for next quarter
revenues - making it up
omitted disclosures/exp
Window dressing
Pad assets
Off balance sheet
```
31
examples of why people commit fraud
```
company man
promotion
bonus
keep bank off back
meet analyst
```
32
types of employee fraud
take inventory take cash(skimming - before being entered, larceny - after entered), AP manipulation, AR manipulation, payroll fraud, expense account/purchase card
33
customer fraud
credit cards, bad checks, refunds
34
vendor fraud
duplicate invoices, collusion/bribes, push unwanted inventory, bill for goods/services not delivered
35
Internal Computer fraud
improper access, change account info, change financial info
36
External Computer Fraud
hacking, spoofing/phishing
37
Code of Ethics
```
required by SOX 2002,
obey laws and regs
honest, fair trustworthy conduct
avoid conflicts of interest
safe work environment
protect external environment
books and records
signed statement
```
38
internal control objectives
safeguard assets
accurate and fair accounting
operational efficiency
comply with laws/ regs
39
types of controls
preventative
detective
corrective
40
COSO framework
```
Monitoring
Info and Comm (AIS)
Control Activities
Risk Assessment
Control Environment
```
41
risk can we get rid of it?
we can't reduce it to zero, but we can mitigate it
42
risk assessment
entity-wide objectives - organization objectives
Activity wide objectives - department objectives
Risks - what is the likelihood and impact
Managing Change - keeping up with changes
43
process
```
procedures that originate, transfer or change accounting data
ex:
take an order
calculate payroll
apply standard costs
prepare financial statements
```
44
controls
procedures designed to prevent or detect errors resulting from the processing of accounting information.
45
documentation of processes
internal control
46
data flow diagrams
use symbols to represent processes, etc, represents the logical elements of a system, not the physical system, the entity is a box the process is a N over a process description
47
document flowcharts
illustrate relationship among processes and the documents that flow between them, contains more detail than data flow diagrams, clearly depicts the separation of functions in a system
48
systems flowcharts
represent relationship between key elements input sources, programs, and output products of a computer system, have to know
hard copy symbol: rectangle with piece ripped off the bottom
computer process: complete rectangle
terminal input/output device: rectangle with the top cut off diagonally
direct access storage device - cylinder
49
assertions
revenue - existence
AP - Completeness
Inventory - existence
Inventory - valuation
50
How many members of a board must not be and cannot have been CPA's
3
51
How many audits must a firm conduct to require annual quality reviews by the PCAOB
100
52
To whom can document and info related to PCAOB investigations and proceedings be made available?
SEC, US Attorney General, and federal agencies
53
Penalties for certifying a misleading or fraudulent financial report?
20 yrs of prison 5M
54
If a foreign accounting firm only audits part of a US company and the primary auditor relies on their work, is the foreign firm subject to registrations with the board?
Yes
55
By whom are the boards findings and sanctions subject to review?
the SEC and any advisory groups convened in connection with standard setting
56
What are the 5 requirements a standard setting body must meet in order for the SEC to recognize its standards as “generally accepted”?
(1) be a private entity;
(2) be governed by a board of trustees (or equivalent body), the majority of whom are not or have not been associated persons with a public accounting firm for the past 2 years;
(3) be funded in a manner similar to the Board;
(4) have adopted procedures to ensure prompt consideration of changes to accounting principles by a majority vote;
(5) consider, when adopting standards, the need to keep them current and the extent to which international convergence of standards is necessary or appropriate.
57
```
What type of companies may make loans to its directors and executive officers?
Sec 402(a)
```
Consumer credit companies may make home improvement and consumer credit loans and issue credit cards to its directors and executive officers if it is done in the ordinary course of business on the same terms and conditions made to the general public.
58
How long do a director, officer, and 10% owner have to report transactions involving management and principal stockholders?
by the end of the second business day on which the transaction occured
59
When may the pre-approval requirement be waived for non-audit services?
Sec 201
The pre-approval requirement is waived with respect to the provision of non-audit services for an issuer if the aggregate amount of all such non-audit services provided to the issuer constitutes less than 5 % of the total amount of revenues paid by the issuer to its auditor (calculated on the basis of revenues paid by the issuer during the fiscal year when the non-audit services are performed), such services were not recognized by the issuer at the time of the engagement to be non-audit services; and such services are promptly brought to the attention of the audit committee and approved prior to completion of the audit.
60
payroll process
separate authorization, recording, and process
initiation - hiring an employee
authorization - something that starts this
processing
recording
custody - giving power to individuals, custody of assets, ex: power to get assets
review/recon
duty
61
control activities
authorization(preventative)
documentary controls(audit trail)
safeguarding of assets
reconciliation and review of analysis
62
revenue
```
existence assertion
risks
significance, likelihood
follow the cycle to see the document trail
cycle
assertion
risk
```
63
Management Assessment of Internal Controls.
Requires each annual report of an issuer to contain an "internal control report", which shall:
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
Each issuer's auditor shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this section shall be in accordance with standards for attestation engagements issued or adopted by the Board. An attestation engagement shall not be the subject of a separate engagement.
The language in the report of the Committee which accompanies the bill to explain the legislative intent states, "---the Committee does not intend that the auditor's evaluation be the subject of a separate engagement or the basis for increased charges or fees.
Directs the SEC to require each issuer to disclose whether it has adopted a code of ethics for its senior financial officers and the contents of that code.
Directs the SEC to revise its regulations concerning prompt disclosure on Form 8-K to require immediate disclosure "of any change in, or waiver of," an issuer's code of ethics.
64
Corporate Responsibility for Financial Reports.
The CEO and CFO of each issuer shall prepare a statement to accompany the audit report to certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer." A violation of this section must be knowing and intentional to give rise to liability.
65
Corporate Responsibility for Financial Reports
criminal penalties for certifying a misleading or fraudulent financial report. Under SOX 906, penalties can be upwards of $5 million in fines and 20 years in prison.
66
felony to knowingly
destroy financial documents
67
whistle blowers
are protected and they can go to an organization and let them know about the fraud
