2. Corporate Governance Flashcards
Board of Directors
Must act as a group Fiduciary duty to corp (best interest) 1. Hire/fire mgmt and officers 2. Dividend policy 3. Buy back Treasury stock 4. General operations (main/big decisions) 5. Budget approval, loan/financing 6. Need 3 committees: Audit, compensation, nomination
Officers (management)
Day to day operations
Agent of corp
Shareholders
Vote in BoDir
Audit Commitee
Members of board
Hire/fire auditor
Auditors report to committee
Need one financial expert (GAAP, internal acct controls)
Nominating Committee
Pick officers (CEO, COO, etc) Explain why/why not CEO is a Board member (or not)
Compensation Committee
How to pay officers (fixed, incentives) Dodd-Frank: 1. Shareholders vote on pay 2. Must be independent 3. Disclose fixed vs incentive use 4. Clawback of bonuses
Internal Auditors
Report to audit committee
Must be competent and objective
Not independent (can’t be cuz work there)
External Auditor
Must be independent
Stay confidential
Partner rotation - 5 years
Communicate with audit committee
In order to comply with a director’s duty of loyalty to a corp, what actions should be taken when presented with a corporate opportunity?
- Reject it and don’t offer it to the corp
- Accept it and don’t offer it to the corp
- Accept it and disclose it to the corp
- Offer it to the corp and accept if they reject
-Offer it to the corp and accept if they reject
What is a member of the board’s relationship to the company?
- Agent
- Executive
- Fiduciary
- Representative
-Fiduciary
In a large public corp, evaluating internal control procedures is a responsibility of:
- Accounting management staff, reporting to CFO
- Internal audit staff, reporting to BoD
- Operations management staff, reporting to COO
- Security mgmt staff, reporting to chief facilities officer
-Internal audit staff, reporting to BoD (more specifically the audit committee)
Which is necessary to be an audit committee financial expert?
- Limited understanding of GAAS
- Education and experience as a financial planner
- Experience with internal accounting controls
- Experience preparing tax records
-Experience with internal accounting controls
A CEO or CFO who misrepresents a companies finances may be penalized with:
- Fine, not imprisonment
- Imprisoned, not fined
- Removed from office and fined
- Fined and imprisoned
-Fined and imprisoned
Which is correct regarding the issuers audit committee financial expert?
- Current outside CPA firm partner must be the expert
- If there is not an expert, they must disclose why
- The expert must have experience in the industry
- Must also be the audit committee chair
-If there is not an expert, they must disclose why
PCAOB AS-5: Internal control standards
CEO/CFO sign off on it
Auditors look at them and give opinion
Internal Control: ACE
Accurate, Reliable, GAAP F/S
Compliance with laws
Effectiveness and efficiency
COSO: CRIME
Control ENVIRONMENT: Tone at top, oversight, authority, responsibility, competency (CHOPPER)
RISK Assessment: identify/analyze risk
CONTROL Activities: ARCCS (procedures and controls)
INFORMATION/communication: relevant, internal/external communication
MONITORING: ongoing/separate evaluations, then fix
Control Environment: CHOPPER (most important according to COSO)
Commitment to competency Human resources policies Organizational structure, hierarchy Philosophy and style of mgmt Participation of BoD, Audit committee Ethics and Integrity Responsibility and authority assigning
Control Activities: ARCCS
Authorized transactions Recorded properly Custody of assets is limited Comparison of book to physical Segregation within these
Limitations of Internal Controls (COCO)
Collusion
Override by management
Competency- errors, mistakes (cost/benefit constraints)
Obsolescence - change in operations or size
Which isn’t a component of internal control?
- Control Risk
- Control Activities
- Monitoring
- Control Environment
-Control Risk
It is “Risk Assessment”
According to COSO, the use of ongoing and separate evaluations to identify and assess changes in internal control effectiveness can be accomplished in which of the following stages of the monitoring-for-change continuum?
- Control baseline
- Change identification
- Change management
- Control revalidation/update
Change identification
M4C: Baseline, Identification, Management, Revalidation
Which is the most effective method to transmit a message of ethical behavior throughout an organization?
- Demonstrate by example
- Strengthen internal audit’s ability to deter behavior
- Remove pressures for unrealistic targets
- Specify the competence levels for all jobs
-Demonstrate by example
Which is designed to ensure that internal controls continue to operate effectively?
- Control environment
- Risk assessment
- Information and communication
- Monitoring
-Monitoring
An effective approach to monitoring internal controls involves each of the following steps, except:
- Establishing a foundation for monitoring
- Increasing reliability of financial reporting and compliance with applicable laws and regulations
- Designing and executing monitoring procedures that are made to achieve org goals
- Assessing and reporting the results, including following up on corrective action
-Increasing reliability of financial reporting and compliance with applicable laws and regulations
This would be developing controls, not monitoring
There is a lack of segregation of duties within the application environment, with programmers having access to development and production without monitoring or a quality assurance function. This is considered a deficiency in:
- Change control
- Management override
- Data integrity
- Computer operations
-Change control
This is part of your ARCCS
Data integrity: would be from something coming in
8 Components of Enterprise Risk Mgmt (basically expansion of CRIME)
Internal Environment: tone at top, chopper, ethics/ integrity
Objective Setting: Operating objectives, Reporting objective, compliance objectives
Event Identification: internal/external events with opportunities or threats
Risk Assessment: B/S approach, process approach, event identifier approach
Risk Response: Accept (do nothing), share (joint), reduce, avoid
Control Activities: ARCCS
Info & Communication:
Monitoring: effective or ineffective: design and implement changes
Inherent vs residual risk
Inherent - risk if no action is taken
Residual- risk that remains if action and controls are taken
Which is one of the 8 components of COSO’s ERM framework?
- Operations
- Reporting
- Monitoring
- Compliance
-Monitoring
A manufacturer is relocating its production facilities because of difficulty sourcing raw materials where they are. This is what kind of response to risk?
- Risk reduction
- Prospect theory
- Risk sharing
- Risk acceptance
-Risk reduction
Each of the following is a limitation of ERM except:
- ERM deals with risk, which relates to the future and is uncertain
- ERM changes with different objectives
- ERM can provide absolute assurance for objectives
- ERM is as effective as the people implementing it
-ERM can provide absolute assurance for objectives
REMEMBER THIS WAS AN EXCEPT QUESTION!
According to COSO which component of ERM addresses an entity’s integrity and ethical values?
- Information and communication
- Internal (control) environment
- Risk assessment
- Control activities
-Internal (control) environment
Tone at the top, integrity, ethics
