BEC 1: Corporate Governance and Financial Risk Management Flashcards
when faulty strategy and inefficient and/or ineffective operations cause value to decline
value erosion
when ongoing operations efficiently and effectively sustain created benefits; high customer satisfaction with profitable product line
value preservation
when benefits created by the organization are received by stakeholders in either monetary or non monetary form
value realization
when benefits of value exceeds the cost of resources used (people, financial capital, technology, process, and brand aka market presence)
value creation
what are the four objectives of ERM?
reporting, operations, compliance, and strategy (ROCS)
what are the limitations of enterprise risk management (ERM)
human judgment & human error, cost vs benefits limitations, errors made by management, collusion, management override
what are the four responses to risk?
acceptance, reduction, sharing, and avoidance (ARSA)
which risk response elects to assume all of the risk?
risk acceptance
which risk response implements controls that mitigate the risk of a specific activity?
risk reduction
which risk response shares the risk with another organization?
risk sharing
which risk response elects not to engage in an activity at all?
risk avoidance
what are the five major components of ERM?
governance & culture, review & revision, information & communication, strategy & objective-setting, performance (CRISP)
how many principles support ERM?
20
what principles support ERM’s governance & culture?
defines Desired culture, exercises board Oversight, commitment to core Values, attracts, develops & retains Employees, establishes operating Structure (DOVES)
what principles support ERM’s strategy and objective-setting (FADE)?
Formulates business objectives
Analyzes business context
Defines risk appetite
Evaluates alternative strategies
what principles support ERM’s performance (I PAID)?
Identifies risks
Prioritizes risks
Assess severity of risks
Implements risk responses
Develops portfolio views
what principles support ERM’s review and revision (ART)?
Assesses substantial changes
Reviews risk and performance
The organization pursues improvement
what principles support ERM’s information, communication, and reporting (ongoing) component (CLR)?
Communicates risk information
Leverages information systems
Reports on risk, culture, and performance
the balance between an entity’s willingness to accept risk and the return/growth goals that the entity wishes to achieve
risk appetite
the mission and vision of an organization most closely correlate with an entity’s:
strategy
closely correlated with core values
culture
what is the COSO cube used to illustrate?
the relationship between categories of objectives, internal control components, and entity organizational levels
what are the objectives of COSO internal control (ROC)?
Reporting
Operating
Compliance
[note that strategic is an ERM objective]
what would happen if an entity had a major deficiency in regard to internal control?
the entity cannot claim that they’re compliant and have internal controls
If the CEO and CFO certifies the financial report to be correct when it actually isn’t, may be penalized by:
imprisonment and fined
what type of diagram helps to show the logical flow of the data and the physical aspects of that flow?
flowchart
a financial contract which derives its value from the performance of another asset or financial contract (interest rate, stock, asset, etc.)
derivative
to fix a price in dollars to buy foreign currency, what type of option should be purchased?
a call option
to sell the currency for a specified price at a specified time in the future is what type of option?
a put option
what should be done if the option price is more than the exchange rate at the time of settlement?
exercise the option
what should be done if the option price is less than the exchange rate at the time of settlement?
allow the option to expire
what are the 2 principles of COSO’s monitoring?
ongoing and/or separate evaluations, communication of deficiencies
which COSO is a process used to assess the quality of internal control performance over time?
monitoring
what are the five principles of COSO’s control environment?
commitment to ethics & integrity, board independence & oversight, organizational structure, commitment to competence, accountability (EBOCA)
what are the 3 principles of COSO’s information & communication?
obtain & use information, internally communicate information, communicate externally (OIE)
What are the 3 principles of COSO’s control activities?
select & develop control activities, select & develop technology controls, disposition of policies & procedures (CATPP)
Which COSO component describes a set of standards, processes, and structures that provide the basis for carrying out internal control across the organization and can be defined as the core or foundation of any system of internal control?
control environment
what’s the primary reason why internal control should be monitored for addressing changes to risk?
because risks are fluid and constantly changes in terms of likelihood of severity; new risks can arise while old risks can disappear
according to COSO, the presence of a written code of conduct provides for a control environment that can:
encourage teamwork in the pursuit of an entity’s objectives
what are the 4 principles of COSO’s risk assessment?
identify & assess changes, consider potential for fraud, specify objectives, identify & analyze risk (SAFR)
what are the internal auditors primary responsibility concerning the ERM of a company that was implemented by management?
evaluating the design and effectiveness of the ERM
in an entity, who is responsible for setting the risk appetite of the organization?
management and board of directors
According to COSO’s ERM, what is an example of an essential element of the internal environment?
demonstrating integrity and ethical values
who provides oversight of an entity’s ERM?
board of directors
according to COSO, the difference between inherent risk and residual risk arises because of management’s:
actions to reduce the inherent risk. the four ways an entity can respond to inherent risks are acceptance, reduction, sharing, and avoidance. residual risk is the piece of inherit risk that remains even after management have implemented control.
a critical component of an ERM system is:
coordinating management risk taking the shareholder risk appetite
