B1: Corporate Governance and Operations Management Flashcards
Board of Directors
primary role: safeguard company’s assets and maximize shareholder return + others:
- elect, remove, and supervise officers
- setting mgmt compensation
- bylaws
- initiating fundamental changes to corp’s structure
- no individual authority
- acts as a group if quorom- majority vote, duly constituted
- sole discretion to declare Distributions/dividends
- Fiduciary Duties: must always act in best interest of the corp
- will not be liable if decisions made in good faith w care of ordinarily prudent person in a like position
- only liable for negligent acts or omissions
a) Right to Rely
- director entitled to rely on info from corp officers, employees, committee, legal counsel, accountants, etc
b) Liability for Unlawful Distributions
- renders comp bankrupt
- corp cant pay it’s debts as they become due
c) Duty of Loyalty
- must act in best interest of corp
- can’t compete, but can have conflicts if full disclosure
d) Corporate Opportunity Doctrine
- prohibits director from taking business opportunity for themself, must present to corp first - Indemnification- corps allowed for any lawsuit brought against them in corporate capacity
- Limitation on Indemnification
- bad faith/unethical - Manage Principal-Agent Conflict
- b/w shareholders (principal) and management (agent)
- supervisor officers
Officers
are individual agents who manage day to day operations and may bind corp to contracts made on it’s behalf
Selection and Removal
- selected and removed by directors w or w/o cause, even if there is a contract
Authority
- actual: oral/written instruction
- apparent: title
- officers have apparent authority to enter into contracts and act on behalf of corp
Fiduciary Duties and Indemnification
- subject to fiduciary duties
- may be indemnify, unless acts in bad faith
Also May Serve as Directors
- but good corp governance = majority of the BoD independent though
Not Required to be Shareholders
- but may be
Sarbanes-Oxley Act of 2002
3 focus: corp responsibility, enhanced financial disclosures, fraud
had profound effect on financial reporting requirements of public companies
- expanded disclosures
Title III - Corporate Responsibility
Sarbanes-Oxley Act of 2002
- Audit Committee
a) directly responsibile for appointing, compensating, and overseeing work of public accounting firm
- auditor reports directly to audit committee
- resolves disputes b/w auditor and management
b) audit committee members must be members of BoD, but otherwise independent
c) establish procedures to accept reports of complaints regarding audit, accting, or internal control issues
- anonymous reports - CEO/CFO representations
must sign certain representations in annual and quarterly reports
a) reviewed the report
b) doesn’t contain untrue statements or omit material info
c) FSs fairly presented
d) assumed responsibility for internal controls (COSO)
- internal controls designed to ensure material info is available
- evaluated for effectiveness as of date w/i 90 days of report
- conclusions as to effectiveness of ICs
e) signing asserts they’ve made the following disclosures to the issuer’s auditors and audit committee
- all sig. deficiencies in ICs
- any fraud (regardless of materiality) involving mgmt or any employee w sig. roles in IC - No Improper Influence on Conduct of Audits
- Forfeiture of Certain Bonuses and Profits
- CEO/CFO pay for restatement
- if restatement required, CEO/CFO reimburses issuer for
a) bonuses or incentive-based or equity based compensation
b) gains on sale of securities during that 12 month period
Title IV- Enhanced Financial Disclosures
Sarbanes-Oxley Act of 2002
Disclosures in Periodic Reports
- FS disclosures intended to ensure the application of GAAP
- transactions are transparent to reader:
a. all material correcting adjustments identified by the auditor
b. all material off-BS transactions - operating leases, contingent obligations/lawsuits, related party transactions
c. pro forma FSs
d. use of special purpose entities (SPEs)
Conflicts of Interest
- issuers generally prohibited from making personal loan to directors or executive officers
- exception: if in ordinary course of business, no preferential treatment
Disclosure of Transactions Involving Mgmt and Principal Stockholders
- > 10% of any class of equity = principal stockholder
- any buying or selling
- disclosure made by filing a statement: at time of registration, when person achieves 10% ownership, if there has been change in ownership
Mgmt Assessment of ICs
- aka Section 404 includes:
a. statement that mgmt is responsible for establishing and maintaining ICs
b. an assessment, as of end of most recent fiscal year, of effectiveness of ICs - auditor must attest to mgmt’s assessment of ICs
- investment companies are exempted from this act
Code of Ethics for Senior Officers
- “tone at the top”
- disclose whether or not issuer has code of conduct, if not then must disclose the reasons
- code of ethics promote:
a. honest and ethical conduct (handling of conflicts of interest)
b. full, fair, accurate, timely disclosures
c. compliance w laws, rules, and regulations
Disclosure of Audit Committee Financial Expert
- at lease 1 member should be financial expert and disclose existence, but not name, or lack of existence and why
- very liberal qualifications for financial expert
Enhanced Review of Periodic Disclosures by Issuers
- SEC req. to review disclosures
- don’t test for accuracy, tests for completeness
- when scheduling reviews, considers: material restatements, sig volatility in stock prices, largest market capitalization, disparities in price to earnings ratios, operations sig affect any material sector of economy
Title VIII- Corporate and Criminal Fraud Accountability
Sarbanes-Oxley Act of 2002
Altering Documents
- individuals who alter, destroy, etc documents: fined or imprisoned for 20 yrs or both
- auditors retain work papers for 7 years: fine, imprisonment for 10 years or both
Statute of Limitations for Securities Fraud
- earlier of 2 years after discovery or 5 years after violation
Whistle-Blower Protection
- can’t be messed w and if they are, compensatory damages
- reinstatement w same status, back pay w interest, and compensation for special damages
Criminal Penalties for Securities Fraud
- fined, imprisoned 25 years or both
Title IX- White-Collar Crime Penalty Enhancements
Sarbanes-Oxley Act of 2002
mail fraud, wire fraud, violations of Employee Retirement Income Security Act (ERISA)
B1-9
Failure of Corp Officers to Certify Financial Reports
- periodic reports filed w SEC must have:
- written statement that report complies w Securities Exchange Act of 1934
- written statement that info contained is fairly presented
- written statement signed by cEO and CFO
- if signed knowing it does not satisfy requirements
- certifies: fined 1,000,000 and/or imprisoned 10 years or
- willfully certifies: 5,000,000 and/or imprisoned 20 years
Title XI - Corporate Fraud Accountability
Sarbanes-Oxley Act of 2002
Tampering w Record or Impeding an Official Proceeding
- 20 year prison
Temporary Freeze Authority for SEC
- if potential violation of federal securities laws and SEC determines it’s likely that issuer will be required to make penalty payments
- then SEC may petition a federal district court to require issuer to escrow payments in an interest-bearing account for 45 days
SEC to Prohibit Persons from Serving as Officers or Directors
- for any cease-and-desist proceedings, if individual has violated securities rules and SEC determines individual is unfit to continue to serves as officer/director
Retaliation Against Informants (whistle-blower protection)
- criminal act, 10 years in jail
Internal Control
COSO to avoid financial reporting “CRIME”
- COSO independent private sector initiative to study factors that lead to fraudulent financial reporting
- 5 major professional associations B1-11
- issued Internal Control- Integrated Framework to assist orgs in developing comprehensive assessment of IC effectiveness
- 17 principals and 5 major IC components
- COSO’s framework regarded as appropriate and comprehensive basis to document the assessment of ICs over financial reporting
Intro to COSO Framework
Internal Control
used by
- management and BoD: to understand what constitutes an effective system of internal control
- external stakeholders/stockholders: to provide confidence that org has system of ICs in place conductive to achieving it’s objectives
an effective system of ICs requires more than adherence to rules, it requires use of mgmt judgement in applying the principals
- principles-based approach, not rules-based*
Application to Mgmt and Board
- effectively applying IC
- requirements of effective system of ICs
- allowing judgement, principle based
- identify and analyze risks
- eliminate ineffective controls
- extend IC application beyond organization’s financial reporting (efficient and effective operation + compliance)
Application to Stakeholders
- understanding of effective system of ICs
- confidence that mgmt will eliminate ineffective controls, that board has effective oversight of ICs, that org will achieve its objective
Definition of Internal Control
Internal Control
- process designed and implemented by an entity to provide reasonable assurance that the comp will achieve its compliance, operating, and reporting objectives
Framework Objectives
Internal Control
“ORC”
- Operations Objective
- effectiveness and efficiency of operations
- assets adequately safeguarded against potential losses - Reporting Objectives
- focus of COSO
- pertain to reliability, timeliness, and transparency of entity’s external and internal reporting - Compliance Objectives
- ensure entity is adhering to all applicable laws and regulations
Components of Internal Control
Internal Control
“CRIME”
there are 5 integrated components of ICs
- needed to achieve the 3 objectives ORC of ICs
- each component has principles associated that represent fundamental concepts
- Control Environment: tone at the top
- Risk Assessment: FS misstated or fraud
- Information and Communication: “FACT” fair, accurate, complete, timely
- Monitoring: effectiveness of ICs
- (Existing) Control Activities: policies/procedures
Control Environment
Components of Internal Control
Internal Control
processes, structures, and standards that provide foundation to establish a system of ICs
- “tone at the top”
“EBOCA” 5 principles
- commitment to Ethics and integrity
- Board independence and oversight
- board independent from mgmt and oversees development and performance of IC - Organizational structure
- Commitment to Competence
- commitment to hire, develop, and retain competent employees - Accountability
- individuals are held accountable for their IC responsibilities
Risk Assessment
Components of Internal Control
Internal Control
“EAR”
event ID
assess risk
respond
~4 principles
- Specify Objectives
- Assess risk
- Consider Potential for Fraud
- Identify and Assess Changes
Info and Communication
Components of Internal Control
Internal Control
b/w internal and external parties all must be “FACT”
~ 3 objectives
- obtain and use info
- uses relevant, high quality info - internally communicate info
- communicate w external parties
Monitoring Activities
Components of Internal Control
Internal Control
monitoring is process of assessing the quality of ICs over time
- regularly monitor for effectiveness
2 principles
- ongoing and/or separate evaluations
- freq. of testing dictated by risk - communication of deficiencies
- report and correct IC deficiencies in a timely manner
(Existing) Control Activities
Components of Internal Control
Internal Control
to mitigate risk
control activities may be detective or preventative
- segregation of duties is usually part of control activities
3 principles
- select and develop control activities
- that contribute to mitigation of risk - select and develop technology controls
- deployment of policies and procedures
- put policies into action
COSO Cube
Internal Control
direct relationship b/w 3 objectives ORC, its 5 integrated IC components CRIME, and all levels of organizational structure (entity level, division, operating unit, function)
Effective Internal Control
Internal Control
framework indicates an effective system of ICs provides “reasonable assurance” that objectives will be achieved
- all 5 components and 17 principles present and functioning
- present: components and principles are included in design and implementation of IC system
- functioning: components and principles are operating as designed
- 5 components operate together as an integrated system, to reduce risk to an acceptable level that entity will not achieve its objectives
Specific Requirements
- 5 components applies to all ORC, requires judgement in designing implementing and conducting ICs and assessing effectiveness
- B1-17
Ineffective Internal Control- COSO
- major deficiency significantly reduces likelihood that an org can achieve its objectives
- if identified, entity may not conclude that it has met requirements for an effective IC system under COSO
COSO Framework vs Audit Framework
Internal Control
5 components of COSO useful for identifying and evaluating ICs in an audit context
- but an external auditor focuses on how a control prevents/detects and corrects material misstatements in the entity’s financial reporting
- under auditing standards, 3 categories of IC deficiencies: a control deficiency, significant deficiency, and material weakness
Internal Control (Framework) Limitations
Internal Control
no guarantee, reasonable assurance
- does not prevent fraud
Enterprise Risk Management
strategy, balancing risk and return
COSO issued Enterprise Risk Management (ERM) - Integrated Framework to assist orgs in developing a comprehensive response to risk management
- intent of ERM is to allow mgmt to effectively deal w uncertainty, evaluate risk acceptance, and build value
- each enterprise is unique and has its own individual features. the ERM framework helps identify those features
Introduction
Enterprise Risk Management
COSO defines ERM as a process designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives
ERM framework encompasses the following themes
- aligning risk appetite and strategy
- enhancing risk response decisions
- reducing operational surprises and losses
- event ID - multiple and cross-enterprise risks
- apply framework at each level of a business identifies unique and common risks - seizing opportunities
- mgmt can better capitalize on opportunities when they know their own entity’s strengths and weaknesses - improving deployment of capital
- can maximize efficiency and effectiveness of capital investments when it has identified the max level of risk for a given capital investment
Objectives
Enterprise Risk Management
4 enterprise objectives “SORC”
- Strategic: high level goals designed to achieve the mission
- Operations: objectives through effective and efficient use of resources
- Reporting: achievement of reliable and consistent reporting
- Compliance: ensuring compliance w laws and regulations
Components of ERM
Enterprise Risk Management
similar to ICs but broader in scope, beyond just financial reporting objectives, addresses overall strategy of company and balancing risk and return
components are “IS EAR AIM”
- Internal environment (C)
- Setting objectives (SORC)
- Event ID (E in EAR from R in CRIME)
- Assessment of risk (A in EAR)
- Risk response (R in EAR)
- control Activities (E)
- Info and communication (I)
- Monitoring (M)
Internal Environment
Components of ERM
Enterprise Risk Management
“EBOCA + HR”
- commitment to Ethical values and integrity
- Board oversight
- Organizational structure
- commitment to Competence
- Accountability
- Risk Management Philosophy
- aggressive or conservative - Human resources standards
- commitment to hiring most qualified ppl - Risk Appetite
- amt of risk an org will accept in pursuit of value maximization
Objective Setting
Components of ERM
Enterprise Risk Management
S of SORC
- orgs set objectives and ID events that may prevent the achievement
- Strategic Objectives
- broad, mission-driven objectives
- established for longer time frame while related and selected objs are more dynamic - Related Objectives “ORC”
- support strategic objectives
a) Operations objectives
b) Reporting objectives
c) Compliance objectives - Selected Objectives
- objectives must not only support the mission, but also align w the entity’s risk appetite
Risk Appetite
- mgmt establishes the risk appetite w oversight of BoD
- benchmark for strategy setting
- balance of risk and return
- impacts strategy, in turn impacts resource allocation
Risk Tolerances
- accepted level of variation relative to the achievement of objectives
- measured in same units as those used to measure the relative objective
Event Identification
Components of ERM
Enterprise Risk Management
events, both negatives (risks) and positive (opportunities) should be identified
- internal and external risks
- prevent or promote achievement of objectives
Events
- internal or external
- positive or negative
Influencing Factors
- occurrences can come from anywhere
- external: economic, natural, social
internal: technology, personnel, etc
Event ID techniques
- brainstorming, workshops, analytics, etc
- event inventories: list of potential events common to companies in an industry
- internal analysis
- escalation or threshold triggers: comparison of activity to predefined criteria
Risk Assessment
Components of ERM
Enterprise Risk Management
likelihood and severity and anticipated risks after mgmt takes action
inherent risk: risk that exists if mgmt takes no action
residual risk: risk that exists after mgmt takes action to mitigate adverse impact
probability: likelihood an even will occur
severity: consequence of its occurrence
Data Sources
- drawn from past experience w similar events
- may include relevant economic data trends, historical industry info, or past company data experience
Assessment Techniques
- Benchmarking: use of common data from orgs w similar characteristics
- Probabilistic Models: statistical data, objective
- Non-probabilistic Models: opinions, lawsuits, subjective, less reliable
Risk Response
Components of ERM
Enterprise Risk Management
mgmts response to risk must align w the org’s overall risk appetite
Evaluating Possible Responses: mgmt will gr espond to risk in 4 ways
1) Avoidance: terminate or discontinue
2) Reduction: mitigate risk (invest)
3) Sharing: transferring risk (buy insurance)
4) Acceptance: no action
Portfolio View
- risk is considered entity-wide using a portfolio perspective
- not each product line or division in isolation
