Module 40: Corporate Governance, Internal Control, and Enterprise Risk Management Flashcards

Question 1

Q

Corporate governance can be divided into 3 categories to control management, which are…

Answer

A

1) Policies
2) Procedures
3) Mechanisms

Question 2

Q

The 10 major controls over management include…

Answer

A

1) Compensation Systems
2) Boards of directors
3) Major committees
4) External Auditors
5) Internal Auditors
6) Attorneys
7) Regulators
8) Creditors
9) Securities Analysts
10) Internal Control Systems

Question 3

Q

Internal Control defined by COSO

Answer

A

A process effected by the entity’s board of directors, managements, and other personnel designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

Question 4

Q

What are the 5 components of COSO’s internal control?

Answer

A

1) Control Environment
2) Risk Assessment
3) Control Activities
4) Information and Communication
5) Monitoring Activities

Question 5

Q

What are the 3 limitations to COSO’s internal control?

Answer

A

1) Management can override internal control that rely on segregation of duties can be circumvented with collusion
2) Internal control can break down due to bad judgment or misunderstanding of duties
3) Internal control cannot be perfect because its cost cannot exceed its benefits.

Question 6

Q

Enterprise Risk Management (ERM)

Answer

A

A process designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Question 7

Q

What are the 8 interrelated components of ERM?

Answer

A

1) Internal Environment
2) Objective Setting
3) Event Identification
4) Risk Assessment
5) Risk Response
6) Control Activities
7) Information and Communication
8) Monitoring

Question 8

Q

What does effective corporate governance involve?

Answer

A

Developing an appropriate legal structure, establishing appropriate incentives, and monitoring devices to prevent inappropriate activity.

Question 9

Q

How is a corporation legal structure formed?

Answer

A

With the filing of the articles of incorporation with the secretary of state.

Question 10

Q

What should the articles of incorporation include in order to file it with the Secretary of State?

Answer

A

1) Proposed name
2) Initial address
3) Purpose
4) Powers
5) Name of the registered agent (management)
6) Name and address of each incorporator
7) Number of authorized shares of stock
8) Types of stock

Question 11

Q

What are the 6 bylaws of a corporations?

Answer

A

1) Bylaws set forth how the directors and/or officers are elected/selected.
2) How meetings are conducted
3) Types and duties of officers
4) Required meetings
5) Prescribe the process for bylaw amendment
6) Each officer/director receives a copy of the bylaws

Question 12

Q

How are articles of incorporation amended?

Answer

A

By the approval of the shareholders, either majority or 2/3 vote.

Question 13

Q

Common Shareholder

Answer

A

Provides the basic capital of the corporation and elect the board of directors.

Question 14

Q

Duties of the Common Shareholder

Answer

A

1) Votes on mergers and liquidations
2) Required to vote at least 1/yr
3) Amendment of articles of incorporation

Question 15

Q

Rights of the Common Shareholder

Answer

A

1) Last to receive capital in the event of liquidation
2) Receive dividends if declared by the board of directors
3) Subscribe to stock issues so that their ownership is not diluted as set forth in the articles of incorporation
4) Inspect books and records in good faith/proper purpose
5) Have cumulative voting rights

Question 16

Q

What are the situations in which a common shareholder can sue on behalf of the corporation?

Answer

A

1) Director violation of fiduciary duty
2) Illegal declaration of dividends
3) Fraud by an officer (Derivative Suit)

Question 17

Q

Rights of Preferred Shareholders

Answer

A

1) Vote only if they are a officer/director
2) Preference to dividends
3) Preference to receipt of capital upon liquidation of the company

Question 18

Q

Cumulative Voting Rights

Answer

A

In most cases, common shareholder have the right to cast 1 vote for each director for each share of stock they own allowing minority shareholders to have an opportunity to elect directors by voting all their votes for one or two directors.

Question 19

Q

Board of Directors

Answer

A

Runs the corporation on behalf of the shareholders and other stakeholders, responsible for providing strategic direction and guidance about the establishment of the key business objectives.

Question 20

Q

What are the 10 duties of the Board of directors?

Answer

A

1) Determining the mission of the corp.
2) Selection and removal of the CEO
3) Amending bylaws, unless this is the responsibility of the shareholders
4) Determining management compensation
5) Decisions regarding declaration and payment of dividends
6) Decisions regarding major acquisitions and capital structure
7) Advising management
8) Providing governance oversight, with the assistance of internal/external auditors
9) Ensuring accurate financial reporting
10) Risk Management

Question 21

Q

Business Judgment Rule

Answer

A

The direction may not be held liable for errors in judgment providing the director acted with good faith, loyalty, and due care.

Question 22

Q

Duty of Loyalty

Answer

A

The director must put the interest of the corporation before their personal interest.

Question 23

Q

Officer

Answer

A

Is delegated authority by the board of directors and is responsible for the fair presentation of the corp’s financial reports, including the financial statements. They have a fiduciary duty and are liable for their own torts. SOX prohibits personal loans to officers.

Question 24

Q

What is the key objective of compensation?

Answer

A

Align management’s decisions and actions with the long-term interest of shareholders.

Question 25

Q

What are the 2 problems with a Base Salary and Bonuses compensation system?

Answer

A

1) Problematic because accounting profit can be manipulated or managed.
2) Managers may put too much focus on short-term profits instead of focusing on maximizing the long-term wealth of shareholders

Question 26

Q

Base Salary and Bonuses Compensation System

Answer

A

Managers are compensated based on performance which is typically measured by accounting profit.

Question 27

Q

Stock Options Compensation System

Answer

A

Manage the corp. to increase the stock price, which is consistent with the goal of shareholders.

Question 28

Q

What are the 3 problems with a Stock Options Compensation System?

Answer

A

1) Managers may have an incentive to increase the stock price in short-term at the expense of long-term stock value, even by manipulating accounting income to increase stock price
2) May encourage management to take on risks that are in excess of shareholders’ risk appetite.
3) If the stock price falls substantially, the stock options may be so underwater that they no longer provide an incentive to management.

Question 29

Q

Stock Grants Compensation System

Answer

A

Involves issuing shares of stock as part of managements compensation.

Question 30

Q

What are 2 common types of stock grants?

Answer

A

1) Restricted Stock

2) Performance Shares

Question 31

Q

Restricted Stock

Answer

A

Stock that cannot be sold by the manager for a specific period of time, usually 10yrs.

Question 32

Q

Why is restricted stock grant compensation system effective?

Answer

A

It encourages managers to undertake operations that increase the long-term value of the corp’s stock price.

Question 33

Q

Performance Shares

Answer

A

Issuance of stock to management if certain levels of performance are met. If stock increases, compensation increases.

Question 34

Q

Executive Perquisites (Perks) Compensation System

Answer

A

Retirement benefits, use of corporate assets, golden parachutes, corporate loans, etc.

Question 35

Q

What is the best form of compensation?

Answer

A

A combination of fixed compensation and incentive compensation that is related to long-term stock price.

Question 36

Q

What is a balanced scorecard?

Answer

A

A performance system based on a composite of performance measures in addition to net profit, such as the amount of research and development expenditures, the corp’s market share, the number of new product developed, and/or the percentage of stock held by institutional investors.

Question 37

Q

What are the 12 monitoring devices that monitor management?

Answer

A

1) Board Oversight
2) NYSE/NASDAQ
3) Internal Auditors
4) External Auditors
5) Investment banks
6) Securities Analysts
7) Creditors
8) Credit Rating Agencies
9) Attorneys
10) SEC
11) IRS
12) Corporate Takeovers

Question 38

Q

Board Oversight as a Monitoring Device

Answer

A

Ensures that board members are competent and that the majority is independent. The board should also have a set of governance guidelines that are revised/reviewed annually.

Question 39

Q

Inside Directors

Answer

A

Officers, employees or major stockholders who are on the board of directors.

Question 40

Q

What does Dodd-Frank require public corporations to disclose with regard to the board of directors?

Answer

A

To disclose why or why not the chairman of the board is also the CEO.

Question 41

Q

What is the actual name of Dodd-Frank?

Answer

A

Wall Street Reform and Consumer Protection Act of 2010

Question 42

Q

What are the 3 committees of an effective corporate governance?

Answer

A

1) Nominating/Corp. Governance committee
2) Audit committee
3) Compensation committee

Question 43

Q

What are the 4 duties of the nominating/Corp. Governance committee?

Answer

A

1) Oversees board organization and committee assignments
2) Determines director qualifications and training
3) Develops corp. governance principles
4) Oversees the CEO succession

Question 44

Q

How does SOX define the audit committee?

Answer

A

A committee established by and amongst the board of directors of an issuer for the purpose of overseeing the accounting and financial reporting processes of the issuer; and audits of the financial statements of the issuer.

Question 45

Q

What are the 6 characteristics of an audit committee?

Answer

A

1) Responsible for the appointment, compensation and oversight of the corp’s external auditor.
2) The committee is mandated by SOX, NYSE, and NASDAQ.
3) At least one member must be a financial expert and the names of this expert must be disclosed. If no financial expert, then must provide an explanation.
4) External auditors must report directly to the audit committee
5) Internal auditors should have direct access to the audit committee.
6) Should establish procedures for the receipt and treatment of complaints regarding accounting/auditing matters. (Whistle-blowers).

Question 46

Q

What are the 4 attributes a financial expert should have?

Answer

A

1) An understanding of GAAP and financial statements
2) Experience in preparing, auditing, analyzing, or evaluating financial statements of the complexity and breadth expected to be encountered at the corp.
3) An understanding of internal controls and procedures for financial reporting.
4) An understanding of audit committee functions.

Question 47

Q

With relation to the audit committee, what 4 certifications does SOX, section 302, require of CFOs and CEOs?

Answer

A

1) Reviewed the quarterly and annual financial reports filed with the SEC and believe they are fairly states and contain no material misstatements.
2) Responsible for establishing and maintain internal controls that designed to assure that relevant info. is made known to them.
3) Evaluated internal controls and believe controls are effective as indicated in management’s report on internal control.
4) Certify that they have reported to the auditors and the audit committee all significant deficiencies in internal control, and are not aware of any postevaluation changes that could significantly affect controls.

Question 48

Q

What are 3 duties of the compensation committee?

Answer

A

1) Reviews and approves CEO compensation based on meeting performance goals.
2) makes recommendations to the board with respect to incentive and equity-based compensation plans.
3) Attempts to align incentives with shareholder objectives and risk appetite.

Question 49

Q

With regard to the compensation committee, what are 3 requirements per Dodd-Frank?

Answer

A

1) All members of the committee of public companies much be independent.
2) Shareholders must be allowed a nonbinding vote on executive compensation at least every 3yrs,
3) Shareholder must be allowed a nonbinding vote on whether the vote on compensation should be held more often at least every 6yrs.
4) Requires nonbinding vote by shareholders on “golden parachutes” to be provided to executives as a result of major transactions.

Question 50

Q

As a monitoring device, what are the 6 requirements per the New York Stock Exchange (NYSE)?

Answer

A

1) Majority of independent directors on the board.
2) Make a determination of independence of members and provide info. to investors about the determination.
3) Identify certain relationships that automatically preclude a board member from being independent.
4) Have non-management directors meet at regularly scheduled executive sessions
5) Adopt a comprehensive code of conduct and distribute it to ALL employees/Board members/Officers. The code must be acknowledged periodically by all employees and must be reinforced with training sessions.
6) Have independent audit committees
7) Nominating/Corp. Governance and compensation decisions must be made by independent committees.

Question 51

Q

As a monitoring device, what are the 6 requirements per the NASDAQ?

Answer

A

1) Majority of independent directors on the board.
2) Make a determination of independence of members and provide info. to investors about the determination.
3) Identify certain relationships that automatically preclude a board member from being independent.
4) Have non-management directors meet at regularly scheduled executive sessions
5) Adopt a comprehensive code of conduct and distribute it to ALL employees/Board members/Officers. The code must be acknowledged periodically by all employees and must be reinforced with training sessions.
6) Have independent audit committees
7) Nominating/Corp. Governance and compensation decisions must be made by a majority of independent directors.

Question 52

Q

What are the 5 determinants for not being independent per the NYSE?

Answer

A

1) If they have been an employee of the corp. or an affiliate in the last 5yrs.
2) If a family member has been an officer of the corporation or affiliate in the last 5yrs.
3) If they were a former partner/employee of the corp’s external auditor in the last 5yrs.
4) If they/family member in the last 3yrs received more than $120,000, for a 12mo period, in payments from the corp. other than for director compensation.
5) If they are an executive of another entity that receives significant amounts of revenue from the corp.

Question 53

Q

What are the 5 determinants for not being independent per the NASDAQ?

Answer

A

1) Not independent if they have been an employee of the corp. or an affiliate in the last 3yrs.
2) If a family member has been an officer of the corporation or affiliate in the last 3yrs.
3) If they were a former partner/employee of the corp’s external auditor in the last 3yrs.
4) If they/family member in the last 3yrs received more than $120,000, for a 12mo period, in payments from the corp. other than for director compensation.
5) If they are an executive of another entity that receives significant amounts of revenue from the corp.

Question 54

Q

Internal auditors

Answer

A

Perform audits of the risk management activities, internal control, and other governance processes for the corp. (aka Assurance services).
Required by the NYSE with listed companies.

Question 55

Q

What are the two main types of services provided by internal auditors?

Answer

A

1) Assurance Services

2) Consulting Services

Question 56

Q

What do internal audit assurance services involve?

Answer

A

Providing an independent assessment of governance, risk management or control processes of an organization.

Question 57

Q

What do internal audit consulting services involve?

Answer

A

Advisory-related services to improve an organization’s governance, risk management or control processes.

Question 58

Q

Internal audit performance standards

Answer

A

Relates to the quality of the internal audit activities

Question 59

Q

Internal audit implementation standards

Answer

A

Relates to the attribute and performance standards

Question 60

Q

Per the International Standards for the Professional Practice of Internal Auditors, what are 3 aspects of the internal audit charter?

Answer

A

1) Formally defining the purpose, authority, and responsibility of the internal audit activity.
2) The charter should recognize the need to adhere to the Code of Ethics and International Standards for the Professional Practice of Internal Auditors.
3) Standards apply to individual internal auditors and internal audit activities.

Question 61

Q

Per the International Standards for the Professional Practice of Internal Auditors, what are 4 aspects of the independence and objectivity?

Answer

A

1) Auditors can’t be influenced by the management of the functional areas that they audit.
2) The chief audit executive should report functionally to the audit committee and administratively to the CEO.
3) Functional reporting such as approval of the internal audit charter, budget or resource plan, risk-based audit plan, etc.
4) Individual internal auditors must have an impartial, unbiased attitude and avoid conflicts of interest.

Question 62

Q

Per the International Standards for the Professional Practice of Internal Auditors, what are 4 aspects regarding the performance of internal audits?

Answer

A

1) Must be performed with proficiency and due professional care.
2) Auditors must possess the knowledge, skills, and competencies needed to perform their individual responsibilities.
3) Sufficient knowledge of key IT risks, control, and audit techniques.
4) Sufficient knowledge to evaluate fraud risk

Question 63

Q

To enhance the internal auditor’s knowledge and skills with continuing education, the chief audit executive should develop what two quality assurance and improvement programs?

Answer

A

1) Internal assessments that include ongoing monitoring of performance and periodic reviews through self-assessment or review by other qualified individuals w/in the organization.
2) External assessments at least once every 5yrs by qualified independent assessors.

**The chief audit executive should communicate the results of the quality assurance and improvement program to senior management and the board.

Question 64

Q

Per the International Standards for the Professional Practice of Internal Auditors, what are 4 aspects specifically related to the chief audit executive?

Answer

A

1) Must establish risk-based plans to determine audit priorities, must effectively deploy internal audit resources to achieve the plan, and establish effective policies and procedures to guide audit activities.
2) Should share info. and coordinate work with other internal auditors and external auditors.
3) Should periodically report to senior executives and the board on the internal audit activities purpose, authority, responsibility, and performance relative to its plan. This must include significant risk exposures and control issues, including fraud risk and governance issues.
4) Must establish and maintain a system to monitor the disposition of audit results communicated to management.

Answer 65

A

1) Must evaluate the effectiveness and contribute to the improvement of the corp’s risk management processes.
2) Must assess and make appropriate recommendations for improving the governance process in its accomplish objectives.
3) Must evaluate the effectiveness and contribute to the improvement of risk management process
4) Must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.

Answer 66

A

1) Promoting appropriate ethics and values within the organization
2) Ensuring effective organizational performance management and accountability.
3) Communicating risk and control information to appropriate areas of the organization.
4) Coordinating the activities of and communicating info. among the board, external and internal auditors, and management.

Answer 67

A

1) Should be adequately planned
2) Appropriate identification of objectives and scope.
3) Work programs should be developed
4) Audit work should be adequately supervised
5) Should be assigned adequate resources
6) Sufficient info. should be collected and analyzed to achieve the audit objective
7) Results should be effectively communicated

Answer 68

A

Responsible for performing an audit of the corp’s financial statements and internal control in accordance with standards of the Public Company Accounting Oversight Board (PCAOB)

Answer 69

A

Establishing adequate internal control over financial reporting and provide an assessment in the annual report of the effectiveness of internal control.

** Large public corps. (accelerated filers) are required to attest to management’s report on internal control as part of the audit of the financial statements.

Answer 70

A

1) Auditor responsibility to form and express an opinion
2) An audit does not relieve management or the audit committee with their responsibilities for governance
3) Planned scope and timing of the audit
4) Significant audit findings
5) Material correct misstatements
6) significant issues discussed with management
7) Auditor’s views about significant matters on which management consulted with other accountants
8) Written representation the auditor is requesting
9) Significant deficiencies and material weaknesses in internal control

Answer 71

A

1) Auditor views of qualitative aspects of significant accounting practices
2) Significant difficulties encountered during the audit
3) Disagreements with management
4) Other findings or issues which the auditor believe are significant or relevant
5) Uncorrected misstatements other than those that are trivial.

Answer 72

A

Knowingly destroying, mutilating, or concealing records or documents to impede or influence the investigation of any department or agency of the US.

**Penalty of up to 20yrs in prison and or a fine.

Answer 73

A

Help issue equity and debt offerings, as well as evaluate the company prior to becoming involved in selling the securities.

Answer 74

A

Analyze companies to attempt to develop recommendations to buy, hold, or sell a particular corp’s stock. They use financial and nonfinancial info., including info. about corporate management to make their recommendations.

Answer 75

A

Potential conflicts of interest.

The SEC is attempting to control these conflicts by requiring analysts to certify that their compensation will not be impacted by their recommendations.

Answer 76

A

Debt agreements contain covenants (requirements) that must be complied with to prevent the creditor from taking actions such as accelerating payment terms.

Answer 77

A

They monitor largely based on info. provided by management.

Creditors often engage external auditors to perform procedures to provide assurance about the corp’s compliance with certain covenants of the loan agreements.

Answer 78

A

Rate the creditworthiness of corporate bonds and analyze companies to attempt to develop recommendations to buy, hold, or sell a particular corp’s bonds. They use financial and nonfinancial info., including info. about corporate management to make their recommendations.

Answer 79

A

They may improperly set the initial rating and are slow to downgrade the rating once the corp gets in financial difficulty.

Answer 80

A

Review security filings and provide management advice on legal matters.

Answer 81

A

Responsible for protecting investors; maintaining fair, orderly, and efficient markets; and facilitating capital formation. The activities of the SEC act as an important monitoring device for corp. government.

Answer 82

A

1) Division of Corporate Finance
2) Division of Enforcement
3) Office of the Chief Accountant

Answer 83

A

Reviews documents of publicly held companies that are filed with the SEC. Through the review process, the Division check to see if companies are meeting disclosure requirement and seeks to improve the quality of the disclosures by companies.

Answer 84

A

Assists the SEC in executing its law enforcement function by recommending the commencement of investigations of securities law violations, recommending which cases to take to court, and prosecuting these cases on behalf of the SEC.

Answer 85

A

Advises the SEC on accounting and auditing, oversees the development of accounting principles, and approves the auditing rules put forward by the PCAOB.

Answer 86

A

1) SOX, section 906, the CFO and CEO are required to certify the accuracy and truthfulness of periodic financial reports filed with the SEC. 10-20yrs imprisonment/fined up to $5m.
2) SOX requires public companies to disclose in their filing whether they have established a code of ethics for senior financial officers
3) SOX - Anyone who knowingly perpetrates or attempts a scheme to defraud any other person by misrepresenting or making false claims in connection with the purchase or sale of securities can be fine and/or imprisoned up to 25yrs.
4) SOX- Destruction, mutilation, alteration, concealment, or falsification of documentation with the intent to obstruct or influence an ongoing investigation or an being considered for investigation is subject to 20yrs in prison and/or fine.
5) SOX prohibits any acts of retaliation against employees who alert the government to possible violations of securities laws (Whistle-blowers). Up to 10yrs in prison and/or fine.

Answer 87

A

1) They are eligible to receive 10-30% of the monetary sanction if the info. is derived from independent knowledge or analysis of the whistle-blower and not known to the government from any other source.
2) Tips can be anonymously (through an attorney) with the whistle-blower only being identified to the SEC after determination that an award will be given (can be in excess of $1m - paid by the SEC).
3) Employees, customers, suppliers are all eligible
4) Encouraged to report the info. through the normal internal corporate governance system of the company by an indication that doing so may increase the amount of the award.
5) SOX includes provisions to discourage retaliation against whistle-blowers which were strengthened by Dodd-Frank.

Answer 88

A

1) Officers, directors, trustees, or partners of an entity, when those individuals learned of info. about the misconduct from another person or in connection with the company’s processes for identifying potential illegal conduct.
2) Employees whose main job functions involve compliance or internal audit, or person who are employed by a firm hired to perform audit or compliance functions or to investigate possible violations of the law.
3) Employees of public accounting firms performing an engagement required by the securities laws.

Answer 89

A

1) If it appears that the company is attempting to behave in a way that would harm investors or inhibit an investigation
2) 120 days has passed since they notified the company of the violation.

Answer 90

A

Exempts “emerging growth companies” for a max of 5yrs from the date of their initial public offering from certain requirements that apply to large public companies.

Answer 91

A

1) Certain disclosure requirements
2) The requirement for an integrated audit of internal control
3) The requirements regarding shareholder votes on executive compensation

Answer 92

A

Requires certain accounting info. on the copr’s income tax return, audits corp’s tax returns and enforces penalties for filing false tax returns.

Answer 93

A

If management is performing poorly, the corp. may be subject to takeover by a firm that believe it can more effectively utilize the corp’s resources.

Answer 94

A

A strategy used to prevent corporate takeover. Triggers an option for the shareholders to purchase additional shares at a discount if someone attempts to acquire a controlling interest in the corp.

**Controversial because they inhibit an active market for corp. control.

Answer 95

A

The most commonly used framework in the US.

A process, effected by the entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.

Answer 96

A

1) Operations
2) Reporting
3) Compliance

Answer 97

A

The organization achieves effective and efficient operations when significant external events can be predicted and their potential effects mitigated, or the organization understand the extent to which operations can be managed when the effect of significant events cannot be mitigated. This category of objectives includes safeguarding assets

Answer 98

A

The organization prepares internal and external financial and nonfinancial reports in conformity with applicable laws, rules, regulations, standards, and internal policies.

Answer 99

A

The organization complies with applicable laws, rules, and regulations.

Answer 100

A

1) Control Environment
2) Risk Assessment
3) Control Activities
4) Information and Communication
5) Monitoring Activities

Answer 101

A

The set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.

Answer 102

A

The possibility that an event will occur and adversely affect the achievement of objectives in the area of operations, reporting, or compliance.

Answer 103

A

Policies and procedures that help ensure that management directives are carried out.

Answer 104

A

Supports all components of the framework. Considering the requirements of the users, the reliability captures internal and external sources of data, processes the data into info., and maintain quality throughout processing.

Answer 105

A

Assess whether each of the five components of the framework are present and functioning and may be achieved by performing ongoing activities or by separate evaluations.

Answer 106

A

1) Demonstrate commitment to integrity and ethical values
2) Exercise oversight responsibility
3) Establish structure, authority, and responsibility
4) Demonstrate commitment to competence
5) Enforce accountability

Answer 107

A

1) Specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives
2) Identifies risks to the achievement of tis objectives across the entity and analyzes risks as a basis for determining how the risks should be managed
3) Considers the potential for fraud in assessing risks to the achievement of objectives
4) Identifies and assesses changes that could significantly impact the system of internal control

Answer 108

A

1) Selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
2) Selects and develops general control activities over technology to support the achievement of objectives
3) Deploys control activities through polices that establish what is expected and in procedures that put policies into action

Answer 109

A

1) Obtains or generates and uses relevant, quality info. to support the functioning of internal control.
2) Internally communicates info., including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
3) Communicates with external parties regarding matters affecting the functioning of internal control.

Answer 110

A

1) Selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
2) Evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

Answer 111

A

1) Authorizations and approvals - Review of the validity of transactions
2) Verifications - Comparison of 2+ items with each other or with policy
3) Physical controls - Restriction of access to physical assets or performing periodic inventories
4) Controls over standing data - Accuracy, completeness and validity of data used in a transaction processing; eg. price master file used to record sales transactions.
5) Reconciliations - Comparison of 2+ data elements to identify an differences
6) Supervisory controls - High level controls to ensure other control activities are operating

Answer 112

A

1) General controls over technology

2) Transaction (application) controls

Answer 113

A

Support the reliability of 2+ types of transaction or processes; encompasses control activities 1) over technology infrastructure which are designed to ensure the completeness, accuracy, and availability of technology processing, 2) over access to technology to restrict access to authorized users, 3) over acquisition, development, and maintenance of technology and its infrastructure.

Answer 114

A

Designed to ensure that particular transactions are accurate, complete, and valid (authorized), and are segregated into 1) input controls to ensure that data are input accurately and completely and transactions are valid, 2) processing controls to ensure that data is processed accurately, 3) Output controls over the distribution of and accuracy of output.

Answer 115

A

1) Management should establish a tone at the top of the organization through directives, actions, and behavior that encourages appropriate behavior.
2) These should be communicated through a code/standard of conduct, official policies, directives and by example.
3) Individuals should be evaluated for adherence to standards and deviations should be addressed in a timely manner

Answer 116

A

Establish appropriate oversight of management and the system of internal control by collectively possess appropriate expertise and have sufficient members that are independent from management

Answer 117

A

1) Management should establish with board oversight, structures, reporting lines, and appropriate authorities and responsibilities.
2) Relationships with outsourced service providers may also affect the organizations structure.
3) Delegating authority increases risk. Therefore, management should establish appropriate limitations to authority.

Answer 118

A

1) Management adopts policies and practices that reflect expectations of stakeholders, and provide the foundation for defining competence needed within an organization, and the basis for executing and evaluating performance.
2) Commitment to competence is supported by human resource management process for attracting, developing, and retaining the right fit of management, other personnel, and outsourced service providers.
3) Succession planning for key managers as well as contingency plans for assignment of internal control responsibilities are also important.

Answer 119

A

1) Board of directors should hold CEO responsible for establishing the requisite system of internal control to support the achievement of organizational objectives.
2) Accountability for internal control should be established at all level and supported by appropriate performance measures, incentives, and rewards.
3) The board and senior management should be cognizant of the effects that undue pressure can have on behavior as it may cause individuals to circumvent processes or engage in fraudulent activities.

Answer 120

A

1) Acceptance
2) Avoidance
3) Reduction
4) Sharing

Answer 121

A

Dividing the responsibility of recording, authorizing, approving transactions, and handling the related asset.

Answer 122

A

1) Quality of info. depends on whether its accessible, correct, current, protected, retained, sufficient, timely, valid, and verifiable.
2) To be effective, info. must be communicated through the appropriate methods to management, other personnel, and board of directors.
3) Processes and channels must be established to facilitate communication to parties such as regulators, owners, financial analysts, and customers.
4) Processes and channels should also provide appropriate communication from external parties such as customers, suppliers, auditors, and regulators to management and the board.

Answer 123

A

1) Competent - knowledge of internal control and related processes, including how controls should operate and what constitutes deficiency.
2) Objective - Can evaluate the controls without concern about possible consequences of discovering deficiencies.

Answer 124

A

1) They are not designed or implemented properly
2) They are properly designed and implemented but the environment changes have occurred making the control ineffective.
3) They are properly designed and implemented but the way they operate has changed making the control ineffective.

Answer 125

A

The sequence of these activities:

1) Control baseline
2) Change identification
3) Change management
4) Control revalidation/update

Answer 126

A

Establishing a starting point that includes a supported understanding of the existing internal control system

Answer 127

A

Identifying through monitoring changes in internal control that are necessary because changes in the operating environment have take place, such as changes in regulations or changes in the economic environment.

Answer 128

A

Evaluating the design and implementation of the changes and establishing a new baseline.

Answer 129

A

1) Change requests
2) Change analyses
3) Change decisions
4) Change planning, implementation, and tracking

Answer 130

A

1) Its important that the change management process considers the effects on other areas of the organization and incorporates them into analysis, planning, and implementation phases of the change.
2) A system of documentation should be established to ensure that changes are authorized, communicated, and documented.
3) Changes should be thoroughly tested before being implemented.

Answer 131

A

1) Their failure could materially affect the area’s objectives, and other controls would not be expected to detect the failure on a timely basis.
2) Their operation might prevent or detect other control failures before they had an opportunity to become material to the organization’s objectives.

Answer 132

A

1) Direct evidence

2) Indirect evidence

Answer 133

A

Evidence obtained from observing the control and reperforming it.

Answer 134

A

Evidence that identifies anomalies that may signal control change or failure, such as: Evidence derived from operating statistics, key risk indicators (forward-looking metrics that serve to identify problems), performance indicators (metrics that reflect critical success factors), and comparative industry data.

Answer 135

A

Ongoing monitoring is best.

It operates continuously and can offer the first opportunity to identify and correct control deficiencies. Technology makes this a more effective an efficient option.

Answer 136

A

Internal auditors, objective evaluators, cross-functional evaluators, or through benchmarking/peer against comparable organizations.

Answer 137

A

They are performed by individuals in the same department and they are suitably supervised.

Answer 138

A

Serve to prevent misstatements from occurring in the first place

Answer 139

A

Serve to detect misstatement after they have occurred

Answer 140

A

Serve to correct misstatements after they are detected

Answer 141

A

Evaluate the results of a process and adjust the process if the result indicate the process is not operating effectively

Answer 142

A

Project results into the future and make changes to alter the projected results.

Answer 143

A

1) Human judgment in decision making can be faulty
2) Breakdowns can occur because of human failures such as simple errors or mistakes
3) Controls, whether manual or automated, can be circumvented by collusion
4) Management has the ability to override internal control
5) Cost constraints
6) Custom, culture, and the corp. governance system may inhibit fraud, but they are not absolute deterrents

Answer 144

A

1) A statement of managements responsibility for establishing and maintaining adequate internal control over financial reporting for the corp.
2) A statement identifying the framework used by management to conduct the required assessment of the effectiveness of the corp’s effectiveness over internal control
3) An assessment of effectiveness of the corp’s internal control over financial reporting as of the end of the company’s most recent fiscal year, which includes an explicit statement of whether internal control over financial reporting is effective and if there are any material weaknesses.
4) If applicable, a statement that the corp’s registered public accounting firm that audited the financial statements included in the annual report has issued an attestation report on management’s assessment of the company’s internal control over financial reporting.

Answer 145

A

Is a process, effected by an entity’s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Answer 146

A

1) Inaccurate or incomplete sales data and lack of security over sales order info.
2) Sales to customers that are not creditworthy
3) Maintaining too much or too litter inventory
4) Inaccurate filing of orders
5) Inaccurate billing of customers
6) Failure to bill for shipment
7) Errors or fraud in processing and depositing cash receipts
8) Accounts may be written off without authorization

Answer 147

A

1) Ordering unneeded goods
2) Purchasing goods from unauthorized vendors
3) Receiving goods that are damaged or inferior
4) Receiving goods that were not ordered
5) Payment for goods not received
6) Payment for purchase twice
7) Unauthorized cash payments
8) Loss or theft of assets

Answer 148

A

1) Identifying risks
2) Assessing risks
2) Prioritizing risks
4) Determining risk responses
5) Monitoring risk responses

Answer 149

A

Represents risks

Answer 150

A

Represents opportunities or may offset the negative impact

Answer 151

A

1) Internal environment
2) Objective setting
3) Event identification
4) Risk assessment
5) Risk response
6) Control activities
7) Information and communication
8) Monitoring

Answer 152

A

Is the basis of all other components of ERM, providing discipline, structure, organizational tone, integrity, ethical values, board oversight, and sets the basis for how risk is viewed and addressed by an organization’s people, including risk management philosophy and risk appetite,

Answer 153

A

1) Management sets the ethical tone by action and example, and communicates the tone through codes of conduct and established policies.
2) Management should avoid the use of incentives and temptations to engage in unethical behavior, unless effective controls are established to prevent such behavior.

Answer 154

A

Is the amount of risk an organization is willing to accept to achieve its goals, and reflects the organization’s culture, operating style, and is directly related to the organizations strategy.

Answer 155

A

1) Qualitatively - Low, moderate, high

2) Quantitatively - In percentages

Answer 156

A

Relates to the organization’s objectives and is the acceptable variation with respect to a particular objective.

Answer 157

A

Objectives 1) must exist before management can identify potential events affecting their achievement 2) support and aligns with the organization’s mission, 3) consistent with risk appetite.

Answer 158

A

Is what the organization aspires to achieve.

Answer 159

A

1) Operations - Effectiveness and efficiency of operations
2) Reporting - Reliable reporting of internal/external, financial/nonfinancial info.
3) Compliance - Adherence to laws and regulations

Answer 160

A

They are high-level goals aligned with the organization’s mission, which are linked and integrated with the specific objectives established for various activities.

Answer 161

A

Potential internal and external events affecting achievement of an organization’s objectives must be identified, distinguishing between risks (negative events) and opportunities (positive events), and may affect implementation of strategy or achievement of objectives.

Answer 162

A

1) Economic events
2) Natural environmental events
3) Political events
4) Social events
5) Technological factors

Answer 163

A

1) Organization’s infrastructure
2) Personnel
3) Processes
4) Technology

Answer 164

A

1) Event inventories
2) Internal analysis
3) Escalation or threshold triggers
4) Facilitated workshops
5) Process flow analysis
6) Leading event indicators
7) Loss event data methodologies

Answer 165

A

Developing a detailed listing of potential events

Answer 166

A

May be done at staff meeting and involve using info. from other stakeholders.

Answer 167

A

Management predetermines limits that cause an event to be further assessed.

Answer 168

A

Involves soliciting info. about events from management and staff.

Answer 169

A

Involves breaking processes down into inputs, tasks, responsibilities, and outputs to identify events that might adversely affect the process.

Answer 170

A

Involves monitoring data correlated to events, to identify why the event is likely to occur.

Answer 171

A

Developing repositories of data on past loss events, management can identify event trends and the root causes of events,

Answer 172

A

Involves evaluating the occurrence of events that had negative effects and were unanticipated or viewed as highly unlikely.

Answer 173

A

Risks are analyzed, considering the likelihood and impact (eg. financial impact), as a basis for determining how they should be managed.

Answer 174

A

1) Qualitative - High, moderate, low

2) Quantitative - In percentages

Answer 175

A

Associate a range of events and the resulting impact with the likelihood of those events based on certain assumptions.

Answer 176

A

Use subjective assumptions in estimating the impact of events without quantifying an associated likelihood.

Answer 177

A

1) Value at risk
2) Cash flow at risk
3) Earnings at risk
4) Development of credit
5) Operational loss distributions

Answer 178

A

1) Sensitivity measures
2) Stress tests
3) Scenario Analysis

Answer 179

A

Are consistent with the risk appetite of the organization, and are:

1) Avoidance - Exiting the activity that gives rise to risk
2) Reduction - Taking action to reduce risk
3) Sharing - Transferring or sharing a portion of the risk
4) Acceptance - No action taken, consistent w/the risk appetite.

Answer 180

A

Policies and procedures should be established and implemented to help ensure the risk responses are effectively carried out.

Answer 181

A

Information - Relevant info. is identified, captured, and communicated to enable people to carry out their responsibilities.

Communication - Covey the importance and relevance of effective ERM, the org’s objectives, the org’s risk appetite and risk tolerances, a common risk language, and the roles and responsibilities of personnel in effecting and supporting the components of ERM.

Answer 182

A

Ongoing management activities, and separate evaluations, such as those performed by internal auditors.

Answer 183

A

1) Future is uncertain
2) Can’t provide reasonable assurance that objectives will be achieved.
3) Can’t provide absolute assurance to objective categories.

Answer 184

A

1) Limited to human ability and judgment
2) ERM can break down
3) Collusion
4) Cost-benefit constraints
5) Subject to management override

Brainscape's Knowledge GenomeTM

Module 40: Corporate Governance, Internal Control, and Enterprise Risk Management Flashcards

Brainscape's Knowledge Genome^TM