B1 - Corporate Governance and Financial Risk Management Flashcards

Question 1

Q

What are the five major financial professional associations in the US that are part of the private sponsoring organizations?

Answer

A

The American Accounting Association (AAA)
The American Institute of Certified Public Accountants (AICPA)
The Financial Executive Institute (FEI)
The Institute of Internal Auditors (IIA)
The Institute of Management Accountants (IMA)

Question 2

Q

Is the Committe on Sponsoring Organization (COSO) an independent private initiative?

Answer

A

Yes, COSO is an independent private initiative established in 1980’s to study the factors that can lead to fraudulent financial reporting.

Question 3

Q

How is COSO also referred to?

Answer

A

COSO is sometimes referred to as the Tradeway Commission after the Original Chairman, James Tradeway, Jr., an executive in the private sector.

Question 4

Q

What is the nature of the board of directors’ relationship to the company?

Answer

A

The board of director has a fiduciary responsability to act on the best interest of the organization.

Question 5

Q

What does the existance of published code of ethics and periodic acknowledgment that ethical values are understood represents?

Answer

A

A published code of ethics and periodic acknowledgement that ethical values are understood is evidence of sound integrity, ethical values are developed and understood and set the standard of conducting for financial reporting.

Question 6

Q

What are the three main objectives of COSO - Internal Control Framework?

Answer

A

Operations
Reporting
Compliance

Question 7

Q

What does the operational objective intends to achieve?

Answer

A

Efficient and effective operations that meet profit goals (financial and operations performance goals) and properly safeguard assets.

Question 8

Q

What does the reporting objective intends to achieve?

Answer

A

Reporting objectives pertain to the reliability, timeliness, and transparency of an entity’s external and internal financial and non-financial reporting.

Question 9

Q

What does the compliance objective intends to achieve?

Answer

A

Compliance with laws and regulations

Question 10

Q

What are the principles that support the Risk Assessment component of the COSO Internal Control Framework?

Answer

A

S - Setting objectives
I - Identify and analyze risk
C - Consider potential for fraud
I - Identify and assesses changes (change mgmt.)

Question 11

Q

What are the 3 types of risk that support the assessment of risk principle?

Answer

A

Operational Risk
Reporting Risk
Compliance Risk

Question 12

Q

What does the ongoing and/or separate evaluation principle from the monitoring component refers to?
O - ongoing and/or separate evaluation
C

Answer

A

The organization selects, develops, and performs ongoing and/or separate evaluation to ascertain whether the components of internal control are present and functioning.
- One point of focus is to consider establishing baseline understandings.

Question 13

Q

What does monitoring activities refer to?

Answer

A

It involves ongoing or separate evaluations to determine whether the components of internal control are present and functioning properly (effectively) as well as reporting and correcting deficiencies.

Question 14

Q

is the act of approving high-dollar transactions by supervisors a monitoring activity?

Answer

A

No, the act of approving high-dollar transactions is an internal control, not a monitoring activity under the COSO framework.

Question 15

Q

What are the two monitoring principles?

Answer

A

O - ongoing/periodic and/or separate evaluation
C - Communication of deficiencies

Question 16

Q

What are the 3 principles of the Information and Communication component of the COSO internal control framework?

Answer

A

O - Obtain and use information (Quality)
C - Communicate with external parties (external)
I - Internally Communicate Information (internal)

Question 17

Q

What does communication of deficiencies from the monitoring component relates to?
O
C - communicates deficiencies

Answer

A

The organization evaluates and communicates internal control deficiencies in a timely manner to parties responsible for taking corrective action. Examples:
- Reporting to the audit committee represents reporting of deficiencies

Question 18

Q

What is change control?

Answer

A

Change control considers the manner in which management monitors an authorizes changes to a variety of information technology matters including software application programs.
- Only authorized individuals should be allowed to move changes into production and the function of making the changes should be segregated from the function of putting the change into production.

Question 19

Q

What are the 3 principles of the control activities component of the COSO internal control framework?

Answer

A

Risk Reduction - selection and development of control activities
Technology controls - development of technology controls
Policies and Procedures - implementation of policies and procedures.

Question 20

Q

What are inherent limitations of internal controls (framework)?

Answer

A

Human failure (errors)
Bad decisions based on faulty judgement or biased judgement
External events beyond the entity’s control
Collusion-two or more plot to rip off the company
Management over-ride of controls

Question 21

Q

What are not inherent limitations?

Answer

A

Cost benefit consideration - constraints: prevent management from investing more in internal control than the perceived benefit
Incompatible functions: collusion due to lack of segregation of duties.

Question 22

Q

What is value creation?

Answer

A

Value is created when benefits of value exceed the cost of resources used.

Question 23

Q

What does uncertainty means in Enterprise Risk Management (ERM)?

Answer

A

Uncertainty is a state of not knowing how or whether events may occur and the impact they may not have on an organization if they occur.

Question 24

Q

What is inherent risk and how is this used?

Answer

A

Inherent risk is used to assess the severity of risk
Inherent risk is the risk to an entity in the absence of any direct or focused actions by management to alter its severity (“in the absence of any actions management might take”).
- Managing risk such that it aligns with risk appetite is an appropriate component of the framework.

Question 25

Q

What are the 5 components of the Enterprise Risk Management (ERM) Framework?

Answer

A

G - Governance and Culture
O - Objective setting and Strategy
P - Performance
R - Review and revision
O - Ongoing Information, communication, and reporting

Question 26

Q

What are the 5 principles supporting Governance and Culture under the ERM Framework?

Answer

A

D - Define desired culture - desired behavior and ethical values
O - Oversight (Exercises board oversight)
V - Values (commitment to core values)
E - Employee (capable) - Attract, develop, and retain capable individuals with knowledge, skill, and experience.
S - Structure (operating) is established - centralized or decentralized

Question 27

Q

What are the 4 principles supporting Strategy and objective-setting under the ERM Framework?

Answer

A

S - Strategies (Alternatives) are evaluated
O - Objectives (business) are formulated
A - Analyze business context
R - Risk appetite is defined

Question 28

Q

What are the principles supporting Performance under the ERM Framework?

Answer

A

V - View portfolio; Develop portfolio view
A - Assess severity of risk
P - Prioritize risk
I - Identify risk
R - Risk response

Question 29

Q

How is the risk assessment for severity determined under Performance?

Answer

A

The risk assessment for severity is computed as follows:
Risk assessment (severity) = likelihood (%) * severity ($ amount)
- ranking is determined based on the different risks that are assessed.

Question 30

Q

What is operating structure?

Answer

A

it describes how an entity organizes and carries out its day-to-day operations and contributes to the alignment of risk management practices with core values.
- It could be centralized and decentralized
- it has no bearing on the level of diversity of the entity’s workforce.

Question 31

Q

What is not a goal of the Enterprise Risk Management (ERM) framework?

Answer

A

Avoid adverse publicity and damage the entity’s reputation

Question 32

Q

What is a Sarbanes-Oxley Act requirement related to the board of directors’s audit committee?

Answer

A

The board of directors must have an audit committee composed entirely of members who are independent and not influenced by management.
independence criteria:
1. cannot accept compensation for consulting or advisory services
2. May not be an affiliated person of the company (a person with the ability to influence financial decisions).

Question 33

Q

What does high quality of information means?

Answer

A

Information needs to be relevant, timely, current, accurate, verifiable, protected, and retained.
The entity needs to obtain and generate high quality information within the internal control component level.

Question 34

Q

When are events determined?

Answer

A

Events can only be identified after the organizational objectives are identified. Events will either favorably or unfavorably impact the achievement of objectives.

Question 35

Q

What are the 5 components of COSO Framework - Internal Control?

Answer

A

C - Control Environment
R - Risk Assessment
I - Information and Communication
M - Monitoring
E - Existent Control Activities

Question 36

Q

What is the purpose of the COSO framework - Internal Control?

Answer

A

it is a tool used to help organizations develop and maintain effective systems of internal control. The framework takes a principle-based approach, in which 17 principles are grouped into 5 integrated components.

Question 37

Q

What is the purpose of the Public Company Accounting Oversight Board (PCAOB)?

Answer

A

The PCAOB was established by Congress, through the Sarbanes-Oxley Act of 2002, to oversee public companies and broker/dealer audits.

Question 38

Q

What does the existence of a written code of conduct do to the control environment of the organization?

Answer

A

it promotes (among other things) honest/ethical conduct, teamwork, compliance, and appropriate disclosure.

Question 39

Q

What are the standards that the code of ethics promotes?

Answer

A

Honest and ethical conduct (including handling of conflict of interest)
Full, fair, accurate, and timely disclosures in periodic financial reports.
Compliance with laws, rules, and regulations.

Question 40

Q

What knowledge is required to qualify as a financial expert of an issuer’s audit committee?

Answer

A

Understanding of GAAP
Experience in the preparation or auditing of financial statements for comparable issuers.
Application of GAAP
Experience with internal controls
Understanding of audit committee functions.

Question 41

Q

What disclosure should an issuer make with regards to the code of conduct?

Answer

A

Issuers must disclose whether it adopted a code of conduct for senior officers (e.g., CEO, CFO, controller, and chief accoutnant). If no code of conduct has been adopted, the issuer must disclose the reasons.

Question 42

Q

What is the purpose of the risk assessment component of the COSO Internal Control Framework?

Answer

A

It captures how an entity identifies and analyzes risk that may impact the achievement of objectives.

Question 43

Q

What is the purpose of the information and communication component of the COSO Internal Control Framework?

Answer

A

It entails obtaining and using information to support the internal control functioning.

Question 44

Q

What is the purpose of the monitoring component of the COSO Internal Control Framework?

Answer

A

It involves evaluating the quality of internal controls by assessing the system of designs and operations and taking necessary corrective actions.

Question 45

Q

What is the purpose of the control activity component of the COSO Internal Control Framework?

Answer

A

Control activities are established by an entity to ensure that directives are initiated by management to mitigate risk

Question 46

Q

What is cross-footing (processing control)?

Answer

A

Cross-footing is testing the sum of a column of row totals to the sum of a row of column totals to verify identical results provides some assurances as to accuracy.

Question 47

Q

What is not a management concern as it relates to the effectiveness of the monitoring process of an entity regarding internal controls over financial statement preparation?

Answer

A

There is no assurance that an entity will meet its operating and financial expectations, and internal controls are not put into place to ensure that these expectations are met.

Question 48

Q

What is the criminal penalty for an individual who attempts to alters, falsify, destroy, conceal, cover up, or make false entry in any record with the intent to impede, obstruct, or influence an investigation?

Answer

A

The individual will be fined, imprisioned for not more than 20 years, or both.

Question 49

Q

What timeline is the auditor required to retain all audit and review workpapers?

Answer

A

The auditor is required to retain the audit and review workpapers for up to 7 years. Failure to do so results in fine, imprisionment for not more than 10 years, or both.

Question 50

Q

What is section 404 of the Sarbanes-Oxley Act?

Answer

A

Section 404 is management’s assessment of internal controls (COSO framework - Internal Controls).

Question 51

Q

How is the management’s assessment documented in the annual report to comply with section 404?

Answer

A

The annual report is required to contain management’s assessment of the effectiveniess of internal controls structure and procedures for financial reporting.
Auditor’s attestation to management’s assessment of internal controls.
Management is not required to include a statement related to disagreements with the auditor.

Question 52

Q

What does the annual report contains to comply with section 404?

Answer

A

A statement communicating management’s responsability to establish and maintain an adequate internal control structure and procedures for financial reporting.
An assessment, at the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures for financial reporting

Question 53

Q

What is risk averse?

Answer

A

Investors seek returns but they seek no additional risk unless the return will offset the additional risk. Higher return for higher risk. Most investors are risk averse.

Question 54

Q

What is risk indifferent?

Answer

A

The investor is seeking the highest level of return regadless of risk.

Question 55

Q

What is risk seeking?

Answer

A

investor is seeking the highest risk, regardless of return.
Risk seeking managers are willing to settle for a lower expected return just to be able to take on the additional risk.
Risk exceeds the expected return.

Question 56

Q

What is market/systematic risk?

Answer

A

Risk that cannot be eliminated through the diversification of a portfolio. Examples include:
1. high interest rates (prime)
2. high inflation
3. recession/depression
4. war
5. political events
6. pandemic
7. international crisis

Question 57

Q

what are unsystemactic/firm risks?

Answer

A

Risks that can be diversified using a portfolio of assets (e.g., labor strikes).

Question 58

Q

What is the formula to compute the required rate of return?

Answer

A

Required rate of return = risk-free rate + market risk premium + inflation premium (purchasing power risk premium) + liquidity risk premium + Default risk premium.

Question 59

Q

What is credit risk?

Answer

A

Credit risk impacts borrowers.
The inability of a company to secure financing or secure favorable credit terms as a result of poor credit ratings.

Question 60

Q

how to compute the actual interest rate?

Answer

A

Actual interest = bank loan * stated interest rate * term

Question 61

Q

How to compute the interest earned in a checking account?

Answer

A

interest earned = compensating balance * interest earned rate

Question 62

Q

How to compute the net interest cost?

Answer

A

net interest cost = actual interest - interest earned

Question 63

Q

How to compute the loan proceeds?

Answer

A

loan proceeds = bank loan - compensating balance

Question 64

Q

How to compute the effective interest rate in the bank loan?

Answer

A

effective interest rate = net interest cost/actual cost / loan proceeds

Answer 65

A

determine the actual interest
Actual interest (bank loan * stated interest rate * term)
determine the cash proceeds as follows:
cash proceeds = bank loan - actual interest
compute the effective interest rate
effective interest rate = actual interest/cash proceeds

Answer 66

A

nominal dollar (FV) = real dollar (PV) * (1+inflation rate (interest))^n

Answer 67

A

A put option gives its owner the right to sell a specific security at fixed conditions of price and time.

Answer 68

A

A highly leveraged client implies that the client is heavily utilizing debt in the capital structure. If the prime interest rate rise, debt becomes more expensive.

Answer 69

A

if we need more units of a domestic currency (e.g., dollar) to buy 1 unit of a foregin currency (e.g., euro), it means that the price of the domestic currency is depreciating (weakening) against the foreign currency.
Example:
1 euro = $.50
1 euro = $.75
We need more dollars to buy 1 euro.
FCU appreciates -> domestic currency weakens, domestic currency (dollar) goes up, exports become cheaper and imports more expensive.

Answer 70

A

if we need less units of the domestic currency (e.g., dollar) to buy 1 unit of a foreign currency (e.g., euro), it means that the price of the domestic currency is appreciating (stronger) against the foreign currency as there is a larger purchasing power for the domestic currency.
Example:
1 euro = .$50
1 euro = $.25
We need less dollars to buy 1 euro.
FCU depreciates -> domestic currency appreciates, domestic currency (dollar) goes down, exports become more expensive and imports are cheaper.

Answer 71

A

It is the correct position to take when a company has sold goods and payment is coming due in foreign currency.

Answer 72

A

A call option is purchased when you are an importer and have a payable outstanding denominated in the foreign currency. You will buy the call option if you fear that the price of the foreign currency will go up. You have to pay a premium to purchase the call option. if the spot price remains the same at settlement date, you can let the option to expire.

Answer 73

A

A put option is purchased when you are an exporter and have a receivable outstanding denominated in the foreign currency. You will buy a put option if you fear that the price of the foreign currency will go down. You have to pay a premium to purchase the put option. If the spot price remains the same at settlement date, you can let the option to expire.

Answer 74

A

No, the premium does not have any influence in deciding to exercise the option or not. The premium is considered a sunk cost (loss).

Answer 75

A

Net savings = (spot rate at settlement dateunits) - [(option price + premium)units]

Answer 76

A

Net preserved value = (spot rate at settlement dateunits) - [(option price - premium)units]

Answer 77

A

A forward contract allows to hedge against volatility by locking in a purchase price several months in advance of the actual purchase.
generally they’re settled on a settlement date without a daily mark-to-market feature that would automatically help offset this risk.

Answer 78

A

Securing lower prices in a rising price environment.
Allows to set notional amounts and settlement dates that are flexible with the other party entering the contract.

Answer 79

A

if falling prices, the strategy can result in a potential loss
credit risk. the counterparty not fulfilling their end of the contract.

Answer 80

A

product design and engineering
Product development
Manufacturing and scheduling
Manufacturing operations
Manufacturing and fixed asset accounting and reporting.

Answer 81

A

Organizational Charts
Hiring guidelines
Supervision
Formal Approval Controls

Answer 82

A

Develop strict hiring guidelines so that only compentent and capable employees are hired to perform key business processes.

Answer 83

A

It is the ability of an entity to withstand the impact of large-scale events.

Answer 84

A

Value is realized when benefits created by the organization are received by the stakeholders in either monetary and nonmonetary form.

Answer 85

A

increased profitability and stock prices for company owners.
increased customer satisfaction
consistent product and brand usage
market leadership
consistent innovation
dividends

Answer 86

A

Checks the accuracy of input data by using it to receive and display other relevant information (data entry input control) (e.g., company would have entered the customers account number first and would have only been able to apply the payment to the correct customer and not another customers’ account)

After data has been entered, the computer sends data back to the terminal for comparison with data originally sent.

Answer 87

A

It is to verify that the internal control system remains adequate to address changes in risk. Internal controls should be monitored for the purpose of addressing changes in risk.

Answer 88

A

Acknowledgement of employee handbook and code of conduct ensure ethical values are understood and taken seriously.

Answer 89

A

Action is taken to remove the risk (e.g., leaving a line of business, etc.). It is appropriate when the entity cannot identify a risk response that will help mitigate the risk of not meeting objectives.

Answer 90

A

An action is taken to reduce the severity of the risk. Management designs risk mitigation techniques to reduce risk (e.g., diversification of products offerings).

Answer 91

A

it is the amount of risk that an entity prefers to assume in the pursue of strategy objective. This is the risk that remains after management has taken actions to mitigate negative events.

Answer 92

A

residual risk = inherent risk - impact of management actions

Answer 93

A

A list provided to the warehouse or inventory function detailing the items and quantities that should be picked, packaged and sent to the shipping department for an order. This is part of the revenue process.

Answer 94

A

Sales order
Pick ticket
Packing slip
Bill of landing
Sales invoice
Receipt
Remittance advice

Answer 95

A

No action is taken to change the severity of the risk (e.g., monitoring political events without taking any action or self-insuring).

Answer 96

A

Action is taken that accepts increased risk to achieve improved performance.

Answer 97

A

Action is taken to reduce the severity of the risk by involving an outside party (e.g., insurance company) to share some of the risk burden.

Answer 98

A

Management needs to set objectives with sufficient clarity to enable the identification and assessment of risks that threaten the achievement of the objectives. Point of focus is to identify objectives that reflect management’s choices while complying with applicable accounting standards, laws, and regulations

Answer 99

A

Operational objectives (e.g., meeting sales targets)
Financial reporting objectives is to have fair accurate, complete, and timely, financial reports.
Compliance objectives is to comply with all labor laws and other regulations.

Answer 100

A

Company should identify specific risks that are applicable and assess the risk involved. Risk can be either internal or external risks, and would be risks that can result in fraud or errors.

Risk identified:
1. Operational risk - What do we do about mitigating the risk (e.g., risk as theft of merchandise)
2. Financial Reporting Risk - Are there risks out there that would make it difficult to apply GAAP? how are we going to respond to this risks?
3. Compliance Risk - how to deal with the risk of not complying with laws, rules, and regulations.

Answer 101

A

The organization considers the potential for fraud in assessing risk. It includes assessing incentives and pressures, opportunities and attitudes, and rationalization.

Answer 102

A

Incentive and pressure
Opportunity
Ability to rationalize and sell it to themselves (this sometimes needs to be observed in a person’s behavior).

Answer 103

A

The organization identifies and assesses changes that could significantly affect the system of internal control. This include assessing changes in the external environment (e.g., customer buying more goods online), business model, and leadership.

Answer 104

A

Members of the audit committee are board members but are otherwise independent from management. They cannot be the company’s lawyer or the consultant for the company, and cannot influence the entity.

Answer 105

A

No, an audit committee member may not accept compensation from the issuer for consulting or advisory services.

Answer 106

A

Transaction exposure is defined as the potential that an organization could suffer economic loss or experience economic gain upon settlement of individual transactions as a result of changes in the exchange rate (e.g., Imports and exports).

Answer 107

A

Transaction exposure is measured in relation to currency variability or currency correlation.

Answer 108

A

Project foreign currency inflows and foreign currency outflows. obtain the net amount.
Estimate the variability (risk) associated with the foreign currency.

Answer 109

A

Identify and assess the risk that may affect an organization from achieving its strategic and business objectives.
Risk is prioritized according to severity and consideration of risk appetite.
Risk response and monitoring for change.

Answer 110

A

Organization identify risks that affect meeting strategic and business objectives. Once risk is identified, they must determine how severe those risks are.

Answer 111

A

Helps prioritize risk
Risk assessment includes the concept of inherent risk, target and actual residual risks.
Includes assessing the likelihood of the risk occurring (risk severity) and the impact if it does occur.

Answer 112

A

Risk assessment (severity) = likelihood (%) * severity ($ amount)

Answer 113

A

As basis to select response to risk
Risk deemed severe at the operating level might be less of a concern at the entity level.
Entity identifies and selects risk responses as a result of prioritizing risks.

Answer 114

A

Taking no action and simply accepting risk
Divesting or exiting a line of business to avoid a risk
Appropriate when no risk response will mitigate (outdated business model)
Share or transfer the risk by purchasing insurance
Reduce the risk by hedging a foreign currency transaction
install cameras and purchase alarms to reduce theft risk
Pursue risk if you expect a greater return for pursuing the additional risk.

Answer 115

A

Implement risk response are classified as:
1. Accept
2. Avoid
3. Pursue
4. Reduce
5. Share

Answer 116

A

Risk deemed severe at the operating level (e.g., products may become obsolete) may be less of a concern at the entity level to a well-diversified parent company.

Answer 117

A

Translation exposure refers to the gain or loss generated from the conversion of financial statements from one currency to another based on different exchange rates.

Answer 118

A

It is the tone at the top. It includes the processes, structures, and standards, that provide the foundation for an entity to establish a system of internal controls.

Answer 119

A

The organization demonstrates commitment to attract, develop, and retain competent individuals as well as prepares for turnover and succession planning (e.g., financial reporting competencies).

Answer 120

A

Organizations need to hold employees accountable for their internal control responsibilities, needed to measure performance, possible incentives and rewards as appropriate, disciplinary actions as appropriate. Risk of excessive pressure. Baseline for performance.

Answer 121

A

Board oversees internal control from initial development of controls to maintaining performance oversight.

Answer 122

A

The organizational structure, centralized, decentralized, tailored to the entity. The reporting relationship should not undermine the commitment to effective financial reporting and internal control (e.g., the credit manager reports to the VP of sales, this is a conflict of interest).

Answer 123

A

Commitment to ethics from up down through behavior, a code of conduct that would require reporting of gifts received, prohibition against self dealing.
- Presence of a written code of conduct provides that competent evaluators are implementing and monitoring internal controls.
- A written code of conduct helps management set the tone of the organization; existence promotes honest/ethical conduct, teamwork, compliance, and appropriate disclosure.

Answer 124

A

visually depicts the logical flow of data for business processes.

Answer 125

A

Flowcharts visualize both the logical and physical flow of data. When identifying risk and control deficiencies, this is the best approach to use.

Answer 126

A

A written description, not a visual depiction of a process.

Answer 127

A

It focus on the interfacing of clients and systems and does not depict the logical flow of information.

Answer 128

A

Yes, members of the audit committee are board members. They can receive compensation for their board of directors’ duties. However, if an audit committee member is the CEO or CFO and receives a salary, then this violates independence.

Answer 129

A

Continuous assessment of how well the ERM capabilities and practices have increased value over time and will continue to drive value in light of substantial change.

The entity reviews performance and considers risk after the fact to determine whether the actions taken were effective in mitigating risk (e.g., purchase of a hedge to mitigate a falling foreign currency)

Answer 130

A

S - substantial change (assesses)
I - Improvement in Enterprise Risk Management
R - Reviews risk and performance

Answer 131

A

The entity identifies and assesses changes that may substantially affect strategy and business objectives. Assessment may include internal and external environmental changes.

Answer 132

A

Organization reviews entity performance and considers risk, including the capabilities and practices of the organization.

Answer 133

A

Potentially incorrect assumptions
Poorly implemented practices
entity capabilities
cultural factors.

Answer 134

A

Organizations pursues improvement of ERM. Opportunities to revisit and improve efficiency and usefulness may occur in an area.

Answer 135

A

Performance variability is reduced as a result of the ERM framework.

Answer 136

A

Variability creates risk, and effective risk management is designed to help an entity reduce and better manage variability.

Answer 137

A

Risk capacity is the maximum amount of risk an entity can absorb in the pursuit of its strategic and business objectives. Effective risk management is not designed to reduce this capacity.

Answer 138

A

Annual report requires the following:
1. A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
2. An assessment over the effectiveness of internal controls over financial reporting as of the end of the most recent fiscal year.
3. Auditor must attest to management’s assessment of internal controls
4. Management is not required to include a statement related to disagreements with the auditor.

Answer 139

A

CEO/CFO must certify they’re responsible for establishing and maintaining their company’s internal control over financial reporting.
They have designed those controls
They have within 90 days to evaluate the effectiveness of those controls
they have presented in the report their conclusion about the control effectiveness.

Answer 140

A

Organizations will understand the current controls in place
Organization will understand the controls that can be implemented to enhance the internal control framework.
Organization will focus only on key components of the COSO framework.
External Auditor’s opinion will add confidence to external stakeholders, vendors, and other 3rd parties.

Answer 141

A

Control baseline
Change identification
Change management
Control revalidation/update

Answer 142

A

It is the starting point of the company’s internal control design. Monitoring helps to increase the understanding of the baseline

Answer 143

A

Relates to making sure the changes that are identified through continual monitoring of the control. Monitoring can be used to address risk assessment components ability to identify and address control changes.

Answer 144

A

It is when new baseline is established. Monitoring determines that changes are managed, and new baseline is established.

Answer 145

A

This is periodically revalidating the operation of internal control is the absence of changes. Monitoring re-validates control operations.

Answer 146

A

The company obtains relevant information (quality) and applies it to support everyday operations. Quality information means that it has to be relevant, timely, current, accurate, verifiable, protected and retained.

Answer 147

A

Organization effectively communicates information necessary to support the functioning of internal controls to internal parties including relevant objectives and responsibilities. Flow of information is up, down and across the organization. It also includes whistleblower hotline.

Answer 148

A

The organization communicate with external parties information that is relevant to the functioning of internal controls. Two-way communication channels such as:
1. Board of directors to receive relevant information from external parties.
2. IT security people to provide good information about network and IT securities.
3. External auditors
4. Whistleblower hotline from outside of the organization.

Answer 149

A

EAPR = {[1 + (interest (i)/period (p))]^ period (p)} - 1

Answer 150

A

Represents the stated rate that has been adjusted for the amount of compounding periods in a given 12-month year.

Answer 151

A

It is the exposure a company or organization has to factor(s) that will lower its profits or lead it to fail (e.g., company generates enough income to cover expenses).

Answer 152

A

A broad term describing the company’s balance of debt and equity financing. Risk to common shareholders because it requires payment before shareholders receive a return on their investment.

Answer 153

A

Invest in floating (variable) rate debt (floating/variable rate maintains a constant value. If rate change, the value of the debt will simply adjust).
Enter into a derivative contracts

Answer 154

A

Organization considers potential effects of business context on risk appetite (e.g., knowing economic cycles of the business). This principle determines how it fits within the industry and how the economy impacts the particular industry.

Answer 155

A

-The organization defines risk appetite in the context of creating, preserving, and realizing value for shareholders.
- The organization’s risk appetite has been exceeded when combined likelihood and impact of negative events significantly exceed residual risk.
- Risk appetite can be considered in qualitative or quantitative terms (e.g., “low appetite” or “high appetite”)
- Alignment of business objectives to strategy support the entity in achieving its mission and vision.

Answer 156

A

Mission: Represents the core purpose of the entity. Represents why the company exist and what it hopes to accomplish.
Vision: Represents the aspirations of the entity and what it hopes to achieve over time.

Answer 157

A

The organization evaluates alternative strategies and potential impact of risk profile.

Answer 158

A

The organization considers risk while establishing the business objectives at various levels that align and support strategy.
Business objectives are the measurable steps an organization makes to achieve its strategy.
They’re developed that are specific, measurable or observable, attainable, and relevant (to the achievement of strategy).

Answer 159

A

when the employee is setting, reviewing and reporting any issues (e.g., issues related to setting access parameters), the employee is self-monitoring.

Answer 160

A

When someone above the employee is reviewing the report/work, then oversight would be in place.

Answer 161

A

when the employee has a staff member perform or log issues related to a process (e.g., setting access parameter’s), and the employee is reviewing the report/work performed by the staff.

Answer 162

A

when the review is performed on an ongoing basis. If review is performed on a monthly basis, it’s not continuous/ongoing.

Answer 163

A

Business losses are considered the most distracting influencer on decision makers. Manager’s fear of continuous losses.

Answer 164

A

CEO/CFO must certify the following:
1. The quarterly and annual reports were reviewed and filed with the SEC.
2. The reports do not contain material untrue statements
3. Financial statements are fairly presented.

Answer 165

A

Develop documentation of existing internal controls and procedures associated with financial reporting.
Test the effectiveness of those controls and procedures.
Provide details on any deficiencies in the control and/or documentation

Answer 166

A

Responsible for ensuring that data entered in the system is listed in the master file.
(e.g., if we’re shopping online and entered a discount code that wasn’t listed as active or legitimate in the master file, the website will tell us that is invalid)

Answer 167

A

Used to verify that all required fields have data entered (e.g., we’re not missing the PO number when completing the order to process the shipping of the goods).

Answer 168

A

Must accommodate confidential, anonymous reports by employees of the issuer.
Must accommodate receipt and retention of complaints as well as a method to address those complaints.

Brainscape's Knowledge GenomeTM

B1 - Corporate Governance and Financial Risk Management Flashcards

Brainscape's Knowledge Genome^TM