1 - Internal Control Frameworks Flashcards

Question 1

Q

COSO issued the “internal Control - Integrated Framework” to assist organizations do what?

Answer

A

develop comprehensive assessments of IC effectiveness

This framework is also often referred to as “the framework”

Question 2

Q

How does the principles-based approach support an effective system o internal control under the COSO framework?

Answer

A

An EFFECTIVE system of IC requires the use of judgment in determining the sufficiency of controls, applying the proper controls, and assessing the effectiveness of the system of controls.

The principles-based approach of the COSO framework emphasizes the importance of MGT JUDGMENT

MS: One framework for controls does not fit all companies because every company is different (i.e. in size, its business, process, etc), and as such mgt must use judgment

Question 3

Q

Define “internal control”

Answer

A

a process that is designed and implemented by an organization’s management, board of directors, and other employees to provide REASONABLE ASSURANCE that the organization will achieve its OPERATING, REPORTING, and COMPLIANCE objectives

Question 4

Q

What are the objectives of internal controls

Answer

A

financial Reporting
effective & efficient Operations
Compliance with laws & regulations

Question 5

Q

What is comprised in the “COSO Cube”

Answer

A

ORC - 3 main objectives
CRIME - 5 I/C components
Organizational structure

Question 6

Q

Describe the Operations objective

Answer

A

relates to the effectiveness and efficiency of an entity’s operations.

Want to ensure the assets of the org. are adequately safeguarded against potential losses

Question 7

Q

Describe the Reporting objective

Answer

A

pertains to the RELIABILITY, TIMELINESS, and TRANSPARENCY of an entity’s external & internal financial AND nonfinancial reporting as established by regulators

Question 8

Q

Describe the Compliance objective

Answer

A

established to ensure the entity is adhering to all applicable laws and regulations

Question 9

Q

What are the five components of internal control

Answer

A

Control environment
Risk assessment
Information &amp; communication
Monitoring Controls
Existing Control activities

“CRIME”

Question 10

Q

What things are needed in order to achieve the 3 objectives of I/C?

Answer

A

ALL 5 components (CRIME) and the 17 principles that are relevant to be both PRESENT & FUNCTIONING

Question 11

Q

Describe Control Environment

Answer

A

Tone at the top - ethics

includes the processes, structures, and standards that provide the foundation for an entity to establish a system of I/C.

Question 12

Q

What are the principles related to Control Environment?

Answer

A

“EBOCA”

Commitment to ETHICS & Integrity — establish standards/code of conduct
Board Independence & Oversight — independent and knowledgeable
Organizational Structure — reporting lines, the authority and responsibilities are all appropriate
Commitment to Confidence — there is a commitment to hire, develop, and retain competent employees
Accountability — establish performance measures, incentives, and rewards without excessive pressure

Question 13

Q

Describe Risk Assessment

Answer

A

an entity’s identification and analysis of risk to the achievement of its objectives

Question 14

Q

What principles are related to Risk Assessment

Answer

A

Make an entity “SAFR”

Specify objectives — identify and assess risks related to those (not achieving ) objectives
Identify and ASSESS Changes — the org identifies and assesses changes that could significantly affect I/C such as change in external environment, business model, and leadership
Consider potential for FRAUD — assess fraud triangle
Identify and analyze RISKS — determine how risks should me managed (Enterprise Risk Management)

Question 15

Q

Describe the Information & Communication component

Answer

A

these systems support the identification, capture, and exchange of information (b/t internal and external parties) in a timely and useful manner.

Question 16

Q

List the principles included in Information and Communication

Answer

A

“OIE”

Obtain and use information — obtains or generates and uses RELEVANT, HIGH QUALITY information to support functioning of IC
Internally communicate information – information necessary to support functioning of I/C is communicated in a flow of information up, down, and across the organization
Communicate with external parties — two way external communication channels using a variety of methods and channels (i.e. CPA firm or consultants)

Question 17

Q

Describe Monitoring Activities

Answer

A

process of assessing the quality of I/C performance over time by assessing the design and operation of controls on a timely basis and taking the necessary corrective actions

Question 18

Q

What principles relate to Monitoring Activities

Answer

A

“SOD”

SO = Ongoing and/or Separate Evaluations — on whether the comoponent’s of I/C are present and functioning (the frequency of testing is dictated by RISK)
Communication of deficiencies —report deficiencies in a timely manner and make sure corrective action is taken

Question 19

Q

Describe Existing Control Activities

Answer

A

the controls set forth by an entity’s policies and procedures to ensure that the directives initiated by mgt to mitigate risks are performed

Control activities may be detective or preventive

Segregation of duties is usually a big one

Question 20

Q

What principles relate to Existing Control Activities

Answer

A

“CAT PP”

Select and develop CONTROL ACTIVITIES
Select and develop TECHNOLOGY controls
Deployment of POLICIES & PROCEDURES

Question 21

Q

Define present and functioning

Answer

A

present - included in the design and implementation of the I/C

functioning - operating as designed in the I/C system

Question 22

Q

What specific requirements must I/C have in order to be considered and EFFECTIVE SYSTEM?

Answer

A

Senior mgt and the board must have reasonable assurance that the entity:

achieves effective and efficient operations
complies with all applicable rules, regulations, laws, etc.
prepares reports that are in conformity with the entitiy’s reporting objectives and standards.

Question 23

Q

What results when there is an ineffective I/C

Answer

A

= greater risk that ORC is not achieved

GAAS uses the terms “material weakness” and “Significant deficiency”

COSO uses the term “major deficiency”

Question 24

Q

Describe a “major deficiency” and what results if one exists

Answer

A

represents a material I/C deficiency that significantly reduces the likelihood that an organization can achieve its objectives

if identified, the entity may NOT conclude that it has met the requirements for an effective I/C system under the COSO framework

Question 25

Q

List some inherent I/C limitations

Answer

A

human failure
faulty or biased judgment
external events
collusion
mgt override
suitability of entity objectives

Question 26

Q

What is comprised in applying the internal control framework

Answer

A

manage application
evaluate effectiveness
deficiency assertions

Question 27

Q

How will mgt use the COSO framework to document its IC assessment

Answer

A

“COPS”
Follow these steps:

Overall assessment
(which are supported by..)
Component evaluations (which are supported by…)
Principal evaluations (which serve as the source for isolating and defining internal control deficiencies)
Summary of IC deficiencies (if any)

Question 28

Q

What are the common risks normally identified using the COSO framework

Answer

A

material omission
fraud
mgt override of controls
illegal acts

Question 29

Q

What is the underlying premise of ERM

Answer

A

the underlying premise of ERM is that every entity exists to provide value for stakeholders and that all entities face risk in the pursuit of value for their stakeholders.

value = increased stock price and/or pay dividends

Question 30

Q

Define “risk” according to COSO

Answer

A

Risk is the possibility that events will occur and affect the achievement of strategy and business objectives

Question 31

Q

How is value developed

Answer

A

“CPER”

creation
preservation
erosion (don’t want this)
realization

Question 32

Q

Describe value creation

Answer

A

your benefit has to exceed your resource costs

ROIC > Cost of Capital
+NPV

need to create a profit

costs = people, financial capital, technology, process and brand and value must outweigh this

Question 33

Q

Describe value preservation

Answer

A

want to have SUSTAINABLE operating profit (not a one time deal, ongoing)

Question 34

Q

Describe value erosion

Answer

A

we don’t want the value of the business to go down (i.e when cost > benefit)

stock price goes down

ROIC < cost/hurdle rate

-NPV

Question 35

Q

Describe value realization

Answer

A

when benefits are received by stakeholders either monetary or nonmonetary in form

Dividends or stock price/capital gain
Customer satisfaction

Question 36

Q

Describe mission

Answer

A

represents the CORE PURPOSE of the entity. Represents the WHY the company exists and what it hopes to accomplish

Question 37

Q

Describe vision

Answer

A

represents the aspirations of the entity and WHAT it hopes to achieve over time (

Question 38

Q

Describe core values

Answer

A

represent an organization’s beliefs and ideals about what is good or bad

the HOW the org plans to achieve goals (ethics, culture, core values)

Question 39

Q

What elements are included in Enterprise Risk Managment

Answer

A

CCPIS

Culture
Capabilities (competitive advantage)
Practices
Integration with strategy setting and performance

Question 40

Q

Describe culture as it relates to ERM

Answer

A

represents COLLECTIVE THINKING of the people within an org.

Culture plays an important role in SHAPING DECISIONS regarding risk

correlate with core values

Question 41

Q

Describe capabilities as it relates to ERM

Answer

A

Competitive advantage

produces value for an entity

exploitation of competitve advantage and adaptation to change are skill sets embedded within ERM

Question 42

Q

Describe practices as it relates to ERM

Answer

A

continually applied at all levels of the entity (not just the board or officers, the entire entity)

Question 43

Q

Describe integration with strategy setting and performance as it relates to ERM

Answer

A

Why do you exist? Ie what is your mission?
&
What’s your vision? strategy?

Question 44

Q

Describe risk appetite

Answer

A

represents the types and amounts of risk, on a broad level, than an organization is willing to accept in pursuit of value
it’s a range rather than a specific limit and provides guidance encouraging a firm to pursue or not pursue certain endeavors

expressed first in mission and vision

varies between products, business units, or over time

Question 45

Q

what is the relationship of value and risk appetite

Answer

A

directly related

Greater the risk, greater the expected return

Question 46

Q

What is the application of ERM intended to do?

Answer

A

provide management with a REASONABLE EXPECTATION of success

Question 47

Q

Define risk inventory

Answer

A

all risk that could impact an entity

could be societal, economic, demographic, or legal risk etc

Question 48

Q

Define reasonable expectation as it relates to ERM

Answer

A

the amount of risk of having strategy and business objectives that is appropriate for an entity, recognizing that no one can predict risk with precision

Question 49

Q

Define risk profile

Answer

A

a composite view of the risk assumed at a PARTICULAR level of the entity or aspect of the business (product line, geographic area, customer) to consider the TYPES, SEVERITY, & INTERDEPENDENCE of risk

Question 50

Q

describe portfolio view

Answer

A

entity wide risks

more of a holistic view

are we diversified

at the parents as opposed to the product level

Question 51

Q

organization sustainability

Answer

A

the ability of an entity to withstand the impact of a large-scale event

i.e. financial crisis

Question 52

Q

What are the components of ERM

Answer

A

5 components

“GO PRO”

Governance and culture (similar to control environment, tone at the top)
Strategy and objective -setting (mission/vission, define your risk appetite)
Performance (evaluate, id and respond to risk using ARTS)
Review and Revision
Information, communication, and Reporting (ongoing)

Question 53

Q

What are the principles of ERM

Answer

A

20!

See pg 20 in the book. Have to write it to remember it. Not worth making flashcards for but you HAVE to review it

Question 54

Q

What are Risk Responses as it relates to ERM

Answer

A

ARTS

Avoid (high frequency & high severity risks)

Reduce (high frequency & low severity) - hedge/derivatives/security alarms

Transfer/Share (High severity and low frequency) - buy insurance

Self-insure/Accept (Low frequency and low severity) - you chose to be in that industry

Question 55

Q

What are the three main components of the Sarbanes Oxley Act of 2002?

Answer

A

Corporate Responsibility
Enhanced Disclosures
Fraud - how to deal with it

Question 56

Q

Who does Sarbanes Oxley affect

Answer

A

the financial reporting of PUBLIC companies

Question 57

Q

Who is typically included in “Corporate Responsibility”?

Answer

A

Audit Committee
and
CEO/CFO representations

Question 58

Q

Who does the auditor of an engagement report to?

Answer

A

the audit committee

Question 59

Q

What are the responsibilities of the audit committee?

Answer

A

it is directly responsible for the appointment, compensation, and oversight of the work of the public accounting firm employed by the public company

also responsible for resolving disputes between the auditor and management

are to be members of the issuer’s board of directors BUT are otherwise completely INDEPENDENT (they may not accept compensation from the issuer for consulting/advisory services)

Must establish procedures to accept reports of complaints regarding regarding things (whistleblower hotlines)

Question 60

Q

What representations must the CEO and/or CFO sign regarding annual and quarterly reports?

Answer

A

they have reviewed the report
the report does not contain untrue statements or omit material information
the F/S fairly present in all material respects the financial condition and results of operations of the issuer
**CEO and CFO sign off that THEY are responsible for internal controls (regarding I/C DESIGN, EVALUATIONS of effectiveness, their CONCLUSIONS as to the EFFECTIVENESS of I/C based on evaluation)
**CEO and CFO sign of that they made disclosures to the issuer’s auditors and audit committee regarding (1) all SD and MW in the design or operation of I/C that might adversely affect F/S and (2) ANY fraud regardless of materiality that involves management or any other employee with a significant role in I/C
**CEO and CFO must also disclose any significant changes to internal controls

Question 61

Q

What does the improper influence on the conduct of audits relate to

Answer

A

No officer or director may take any action that would fraudulently influence, coerce, mislead or manipulate the auditor in a manner that would make the F/S materially misstatement

in other words, they must cooperate with the auditor

Question 62

Q

If an issuer is required to prepare an accounting restatement due to material noncompliance with any financial reporting requirement, what happens?

Answer

A

the CEO and CFO may be required to reimburse the issuer for:

–bonuses or incentive-based or equity-based compensation
–gains on sale of securities during that 12 month period

Question 63

Q

What are “enhanced financial disclosures” otherwise known as

Question 64

Q

What are the enhanced financial disclosures for Periodic reports (quarterly or annually)

Answer

A

all material correcting adjustments identified by the auditor
all material OFF-BALANCE SHEET transactions (operating leases, contingent obligations, relationships with unconsolidated subsidiaries (equity method))

Answer 64

A

issuers are generally prohibited from making personal loans to directors or executive officers
–exceptions apply when credit loans are made in the ordinary course of business

Answer 65

A

related parties!!

disclosures are required for persons who generally have direct or indirect ownership of more than 10% ownership of the company

Answer 66

A

Each annual report is required to contain a report that includes:

- statement that management is repsonsible for establishing and maintaining adequate internal control structure and procedures for financial reporting
- an assessment as of the most recent fiscal year of the issuer, of the effectiveness of I/C structure and procedures for financial reporting

Answer 67

A

honest and ethical conduct (including handling of conflicts of interest)
full, fair, accurate, and timely disclosures in periodic financial reports (FACT)
compliance with laws, rules, and regulations

Answer 68

A

at least one member of the audit committee should be a financial expert. The issuers financial reports must disclose the EXISTENCE of a financial expert on the committee OR the reasons why the committee does not have one (i.e. the guy just died)

Answer 69

A

understanding of GAAP
experience in the preparation or auditing of financial statements for comparable issuers
application of GAAP
experience with I/C
understanding of audit committee functions

this experience with allow the to help resolve disputes between management and the auditor

Answer 70

A

SEC is required to review disclosures made by ISSUERS, including those in from 10k, on a regular and systematic basis for the protection of investors

Answer 71

A

SEC should consider

historically has the issuer had a material restatements
has the issuer experienced significant volatility in their stock price compared to other issuers
issuers with large market cap
issuers whose operations significantly affect any material sector of the economy (“too big to fail”) – big insurance co’s/banks etc.
-emerging companies with disparities in PE ratios

Answer 72

A

They will be fined, imprisoned for not more than 20 years or both

Answer 73

A

seven years from the end of the fiscal period in which the audit or review was conducted

failure to do so will result in a fine, imprisonment (for not more than 10 years or both)

Answer 74

A

no later than the EARLIER OF 2 years after the discovery of the facts constituting the violation or 5 years after the violation

2+5

Answer 75

A

a whistleblower who lawfull provides evidence of fraud may NOT be discharged, demoted, suspended, threatened, harassed, or in any other matter discriminated against for providing such information.

If the above occurs, the employee may be provided compensatory damages including:

reinstatement with the same seniority status they would have had
back pay with interest
compensation for any special damages (i.e. litiation costs, expert witness fees, reasonable attorney fees)

Answer 76

A

a WRITTEN statement that the periodic report fully complies with the Sec. Exchange act of 1934
a WRITTEN statement that the info contined in report FAIRLY presents, in all material respects, the financial condition and operating results of the issuer
the WRITTEN statements above must be signed by the CEO and CFO

Answer 77

A

he or she will be fined and/or imprisoned. Specifically a party who:

certifies & knows it doesn’t comply = $1M fine and/or imprisoned no more than 10 years
WILLINGLY certifes & knows it doesn’t comply (fraud, intentional) = $5M fine and/or nor more than 20 years imprisoned

Answer 78

A

directly related

Answer 79

A

Both market conditions AND the risk preferences

Answer 80

A

Risk-indifferent behavior
Risk-averse behavior
Risk-seeking behavior

Answer 81

A

you’re the exception if this is your behavior.

an attitude toward risk in which an increase in the level of risk does not result in an increase in management’s required rate of return

You seek the highest rate of return

Answer 82

A

the general rule

most people exude this behavior

an attitude toward risk in which an increase in the level of risk results in an increase in managements’s required rate of return

Answer 83

A

exception - VERY unusual

attitude toward risk in which an increase in the level of risk results in a DECREASE in management’s required rate of return

very rare

Answer 84

A

aka “Yield Risk”

As the interest rate increases, the value of fixed income goes down (inverse relationship)

Fluctuations in the value of the instrument in response to changes in interest rates (ex: I have a bond that pays a fixed rate. If interest rates go, other people can get bonds that pay out higher rates. As such, the value of my bond will go down)

Answer 85

A

fluctuations in value as a result of operating within an economy

Unavoidable

Ex: war, inflatiion, international incident, political events

Answer 86

A

nonmarket

represents the portion of a firm’s or industry’s risk that is associated with random causes and can be eliminated through DIVERSIFICATION

Attributed to firm-specific/industry-specific events

Ex: strikes, lawsuits, regulatory actions, or the loss of a key account

Answer 87

A

affects borrowers (the cost of borrowing)

Includes a company’s inability to secure financing OR secure favorable credit terms as a result of poor credit ratings.

Relationships:

As credit risk goes up, the cost of borrowing goes up.

If your credit rating goes down, you’re a greater credit risk and your cost of borrowing goes up

If you have a poor credit rating, lenders will demand a higher interest rate (collateral may also be required)

Answer 88

A

affects lenders

the possibility that debtors may not repay the principal or interest as it becomes due on a timely basis

historically, US treasury securities have the lowest default risk (i.e. risk free rate = tbill)

Answer 89

A

affects lenders (investors)

lenders/investors are exposed to liquidity risk when they desire to sell their security but cannot do so in a timely manner OR when material PRICE CONCESSIONS have to be made to do do

Ex: “not publicly traded” items, real estate

Answer 90

A

affects investors

the exposure that investors have to a decline in the value of their individual securities or portfolios

price risk is diversifiable (can be diversified away)

Answer 91

A

given

aka nominal rate

always on an annual basis and before any compounding

Answer 92

A

periodic rate - can be paid annual (1), semiannual (2), quarterly (4), etc.

Answer 93

A

= interest paid per period / net proceeds of loan

interest paid per period = (Price X stated rate) / # periods

Answer 94

A

risk increases with the term to maturity

longer the term to maturity = the higher the required rate of return

the longer the maturity = more risk because you have greater exposure to interest rate risk over time

Answer 95

A

used to calculate the nominal risk free rate

the compensation investors require to bear the risk that price levels will change and affect asset values

Answer 96

A

the risk an investment security cannot be sold on a short notice without making significant price concessions

Answer 97

A

risk that the issuer of the security will fail to pay interest and/or principal due on a timely basis

Answer 98

A

unsystematic (firm-specific) risk

Answer 99

A

market, systematic risk

Answer 100

A

can mitigate by investing in floating rate debt securities (i.e. rather than invest in fixed income, invest in variable securities)

can mitigate by investing derivatives (.e. forwards or interest rate swaps)
-interest rate swaps –> if you think rates are going to go up (and hence, you’re fixed income will be worth less, you’ve want to enter into an agreement where you pay a fixed rate (ex: 8%) and the other party pays you a variable rate (ex: LIBOR + 1%)

Answer 101

A

very difficult because it’s inherent in the market and economy

aka systematic risk

it is nondiversifiable

investing in derivatives where you could profit when the market declines (and hence offset your losses) - SHORTS

Answer 102

A

minimized through diversification

-want to invest in assets that are either uncorrelated or inversely correlated

Answer 103

A

how to reduce the cost of borrowing (from the borrowing/debtor’s perspective)

how do I mitigate the risk that my credit rating goes down and I can’t favorable loans

ratio analysis (i.e. a high current ratio results in a higher credit rating) - want to improve your credit ratings. A high credit means you’re very credit worthy and will get loans at a lower interest rate.

Answer 104

A

from the Lendor/Creditor perspective

an entity may choose to lend only to borrowers with low risk of default

another option, adjust the interest rate charged to better reflect the risk of each borrower (a riskier borrower will have to pay a higher interest rate on the loan you give them)

Answer 105

A

mitigate by allocating a greater percentage of capital to investments that trade on ACTIVE MARKETS (invest more in stocks and bonds rather than real estate, which is not publicly traded)

Answer 106

A

mitigate through…

diversification

short selling or derivatives (hedging, put options - you buy the right to sell at a certain price)

Answer 107

A

exists because of the relationship between domestic and foreign currencies may be subject to volatility

Answer 108

A

trade factors and financial factors

Answer 109

A

relative to inflation rates

when domestic inflation exceeds foreign inflation, holders of domestic currency are motivated to purchase foreign currency to maintain the PURCHASING POWER of their money (ex: my USD 1 can buy me more in another country. I’m going to that country for vacation).

the increase in demand for foreign currency forces the value of the foreign currency to rise in relation to domestic currency

Answer 110

A

as income increases in one country realtive to another, exchange rates chase as a result of increased demand for foreign currencies in the country in which income is increasing

Answer 111

A

as opposed to freely fluctuating equilibrium

various trade and exchange barriers that artificially suppress the natural forces of supply and demand affect exchange rates.

ex: tariffs on imported goods would have the effect of discouraging the purchase of those imported goods thereby reducing the demand for that currency

Answer 112

A

interest rates create demand for currencies by motivating either domestic or foreign investments.

currency with the higher interest rate attracts investments thus there is greater demand for the currency, and the value of the currency goes up

Answer 113

A

relative inflation rates
relative income levels
government controls (trade restrictions)

Answer 114

A

relative interest rates

capital flow

Answer 115

A

Gain/Loss

the potential that an org could suffer economic loss or gain upon settlement of an INDIVIDUAL as a result of exchange rates

Answer 116

A

the potential that the PRESENT VALUE of an organization’s cash flows could increase or decrease as a result of changes in exchange rates

Answer 117

A

PV - Economic exposure

G/L - Transaction exposure

Answer 118

A

the risk that assets, liabilities, equity, or income of a CONSOLIDATED organization that includes foreign subsidiaries will change as a result of changes in exchange rates

Answer 119

A

the degree of foreign involvement (more = more risk)

Locations of foreign investments (the more volatile the exchange rate = the higher the translation risk)

Brainscape's Knowledge GenomeTM

1 - Internal Control Frameworks Flashcards

Brainscape's Knowledge Genome^TM