B1 Unit Flashcards
Main Idea/Focus of COSO
a private sector initiative for financial reporting, with emphasis on internal controls & how to assess these controls (are they effective)…basically they made 17 principles which fall under 5 internal control components to achieve 3 objectives.
Who uses COSO?
Management and the board. COSO tests to see if the controls are effectivley designed and actually work…it also gives confidence to stockholders.
What are the 3 Objectives of COSO
ORC
Operating, Reporting, and Compliance objectives.
5 Internal Control Components:
Control Environment- Tone at the Top
Risk Assessment- FS Misstated
Information & Communication- FACT: Fair, Accurate, Complete, Timely.
Monitoring Activities-Effectiveness of controls while reporting deficiencies.
Existing Control Activities- policies to mitigate risks.
Part of the 17, fall under CRIME…What is under C
5 fall under C: EBOCA- Ethics, Board Independence, Orgizanational Structure, Commit to competence, Accountability.
Part of the 17, fall under CRIME…What is under R
4 fall under R: SAFR-Specify Objectives, Assess Changes, Fraud Potential, Risk identification & analysis.
Part of the 17, fall under CRIME…What is under I
3 fall under I: OIE- Obtain and use info, Internal communication, Extneral Communication.
Part of the 17, fall under CRIME…What is under M
2 fall under M: SOD- Seperate & Ongoing Evaluation, Deficiencies
Part of the 17, fall under CRIME…What is under E
3 fall under E: CAT P- Control Activities, Technology controls, Policies & Procedures.
Why do we apply COSO? What level of assurance is acheieve?
To reduce the levels of risk.
And Reasonable, not absolute.
There is a COSO Document of Internal Controls…what are the components?
COPS
Component evaluation, Overall assessment, Principal Evaluation, Summary of Deficiency
Common Risks Identified using COSO:
Material Omission (unintentional), Fraud (intentional), Management Override, Illegal Acts
When designing and implementing controls: management considers
laws, the nature of the business, scope of operations, competence of personnel, technology.
Treadway Commision was established to .
study factors that lead to fraudlent reporting, it was established by private sponsoring organizations
By developing value we use CPER:
Creation: Benefit must be more than the costs, generate a cost.
Preservation: You sustain the profit, by having a continuuing operating profit.
Erosion: value goes down when cost exceeds benefit.
Realization: when the stakeholders receive a benefit by either getting a dividend or growing the stock price. But it could also be in a non-monetary value through brand image or satisfaction etc…
CCPIS: to manage risk and create value.
Culture
Capabilities-competitive advantage
Practices-continually applied across all levels.
Integration with strategies and performance: relates to the mission (what you want to do, and what the vision is for the future.)
Risk Appetite-
How willing you are to assume risk. More risk, more reward.
Portfolio View vs. Profile View
Portfolio View takes a holistic view, it is entity wide and at the “parent” level.
Profile View is more defined and specific to a department, division, product etc…
Components of Enterprise Risk Managment: 5 components and 20 principles.
5 Components are:
GO PRO
Governance & Culture-tone at top/values
Objective setting- mission/vision
Performance-measurability & respond to risk
Review & Revision-to adapt/repsond to risk
Ongoing reporting and communication.
For the G in GO PRO:
DOVES think core values: Deisred culture, board oversight, values at core, employees are capable, structure of operations.
For the O in GO PRO:
SOAR: strategies and alternates are evaluated, objectives are set, analyze business context, risk appetite.
For the P in GO PRO:
VAPIR: View at parent level, assess risk severity, prioritize risk, identify risk, respond to risk.
For the R in GO PRO:
SIR:substantial changes assessed, improving the enterprise risk management, review risk & performance.
For the second O in GO PRO:
TIP: Technology, information is communicated, performance reports on risk.
Three types of risk:
inherent-comes with the industry you are in, Target residual-willing to assume the risk, and actual residual-any remaining risk after mgmt actions have been made.
Repsonses to risk: AARTS
Think of frequency graph
Avoid (F: High, Sev: High)
Reduce (F: High, Sev: Low)
Transfer/share the risk (F:Low, Sev: High)
Self Insure/Accept (F:Low, Sev: Low)
What is the statute of limitations for securities fraud?
no later than the earlier of 2 years after the discovery or 5 years after the violation.
What classifys a financial expert?
understands and applys GAAP, has public accounting experience, internal control experience.
Code of ethics promotes what
honest/ethical conduct, full, fair and accurate disclosures, compliance with all laws.
Who does the auditor directly report to?
The audit Commitee. The audit commitee also handles disputes between auditor and management.
