B1 - Corporate Governance and Financial Risk Management Flashcards
What are the five components of Internal Control?
CRIME!
C = Control Environment.
R = Risk Assessment.
I = Information and communication.
M = Monitoring.
E = Existing Control Activities.
What are the 5 principles related to the control environment component?
BOCCA!
1. Board Independence and Oversight. POF: Establishing oversight reponsibilities.
2. Organizational Structure. POF: Establishing reporting lines.
3. Commitment to Competence. POF: Hire, retain, develop and train competent employees.
4. Commitment to Ethics and Integrity. POF: Setting tone at top.
5. Accountability. POF: Establishing performance reviews, incentives and rewards.
What are the 4 principles related to the Risk Assessment component?
SICI!
1. Specify Objectives. POF: Identifying objectives that reflect mgmt’s choices, while being compliant.
2. Identify and Analyze Risks. POF: Analyzing internal and external factors.
3. Consider Potential for Fraud. POF: Assessing fraud triangle.
4. Identify and Assess Changes. POF: Assessing external changes and business changes.
What are the 3 principles related to the Information and Communication component?
OCI!
1. Obtain and Use Information. POF: Identifying and defining info requirements for internal control.
2. Communicate With External Parties. POF: Mgmt with open communication channels.
3. Internally Communicate Information. POF: Flow of info up and down,
What are the 2 principles related to the Monitoring Activities component?
OC
1. Ongoing and/or Separate Evaluations. POF: Establishing a baseline.
2. Communication of Deficiencies. POF: Monitoring corrective actions.
What are the 3 principles related to the Existing Control Activities component?
DSS!
1. Deployment of Policies and Procedures. POF: Establishing responsibilities and accountability.
2. Select and Develop Control Activities. POF: Integrating with risk assessment when selecting activities.
3. Select and Develop Technology Controls. POF: Include determining dependencies between the use of tech and establishing relevant tech for control activities.
What is the fraud triangle?
The fraud triangle represents the 3 primary factors that lead to fraud in the workplace:
1. Incentive/Pressure.
2. Rationalization.
3. Opportunity.
What is the nature of the relationship between the BOD and the company?
Fiduciary - It has a responsibility to safeguard the company.
What should be done when monitoring at top level management becomes difficult due to business growth?
Move the monitoring to lower levels.
What is ERM?
The culture, capabilities and practices, integrated with strategy-setting performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
What are the two words in ERM that are linked together?
Core Values = Culture
What are the components of ERM?
GO PRO!
G = Governance and Culture.
O = Objective Setting and Strategy.
P = Performance.
R = Review and Revision.
O = Ongoing Information, Communication and Reporting.
What are the 5 principles related to the Governance and Culture component?
DOVES!
D = Defines Desired Culture.
O = Oversight (Excercises Board Oversight).
V = Values (Commitment to Core Values).
E = Employees (Capable).
S = Structure (operating) is Established.
What are the 4 principles related to the Objective Setting and Strategy component?
SOAR!
S = Strategies (Alt) are Evaluated.
O = Objectives (Bus) are Formulated.
A = Analyzes Bus Context.
R = Risk Appetite is Defined.
What are the 5 principles related to the Performance component?
VAPIR!
V = View; Develops Portfolio View.
A = Assesses Severity of Risk.
P = Prioritizes Risk.
I = Identifies Risk.
R = Risk; Implements Risk Responses.
What are the 3 principles related to the Review and Revision component?
SIR!
S = Assesses Substantial Changes.
I = Improvement in ERM.
R = Reviews Risk and Performance.
What are the 3 principles related to the Ongoing Information, Communication and Reporting component?
TIP!
T = Leverages Info Technology.
I = Communicates Risk Information.
P = Reports on Risk, Culture and Performance.
What is value preservation?
A company’s ability to maintain market share with high customer satisfaction and sustained profitability.
What are the 5 responses to risk under COSO ERM?
APRAS!
A = Acceptance: No action is taken to change the risk.
P = Pursue: Accepts the increased risk to improve performance.
R = Reduce: Action is taken to reduce risk.
A = Avoid: Action is taken to remove risk.
S = Share: Action is taken to reduce risk by outsourcing. i.e. Insurance.
What are the 3 risks that are considered part of risk assessment under COSO ERM?
- Inherent.
- Actual Residual.
- Target Residual.
When does event identification happen?
After the development of the objectives. Must know objectives first so we can assess which events willl impact the achievement of objectives.
When does a company exceeds its risk appetite?
When the likelihood and impact of negative events > residual risk.
What is inherent risk?
When management doe nothing to alter the likelihood or impact of a negative event.
What is residual risk?
The risk that is left to an organization after management takes actions to reduce the likelihood or impact of a negative event.
What is organizational sustainability?
The ability of an entity to withstand the impact of large-scale events.
How do you rank risk?
Likelihood % * Severity
Greater to lower.
What is the formula for Net Benefit?
Net Benefit = Potential loss * (Overall Threat % - Risk of loss).
What’s the big no-no for officers and directors when it comes to conflict of interest?
Accepting a personal loan.
What is the one thing that SOX does not provide?
Provide transparency on adequacy of internal controls.
What is a financial expert?
A person that has education/experience as an auditor or finance officer, and has an understading of:
1. GAAP.
2. Application of GAAP.
3. Internal Controls.
4. Understanding of Audit Committee Functions.
