BEC 1.1

Question 1

The Sarbanes-Oxley Act assigns the following corporate responsibilities regarding internal controls that must accompany financial reports:

Answer 1

CEO & CFO must certify the following for annual and quarterly reports:

1. The officers are responsible for establishing and maintaining internal controls.
2. Internal control is designed to ensure that material info is provided to internal & external users.
3. Internal controls have been evaluated within 90 days prior to the report.
4. The officers’ conclusiosn regarding internal control effectiveness as of the evaluation date

Question 2

The SOX Act specifically prohibits improper influence on the conduct of audits defined as follows

Answer 2

No officer or director may take any action to fradulently influence, coerce, manipulate, or mislead an independent CPA engaged in an audit of the F/S of an issuer for the purpose of rendering the F/S materially misleading

Question 3

The SOX Act imposes certain financial penalties on officers who are responsible for material misstatements resulting from their misconduct. Penalties include:

Answer 3

1. Refund to the issuer of any bonus or other incentive-based or equity-based compensation during the 12-month period following the first public issuance of the financial document.
2. Refund any profits realized from the sale of securities of the issuer during the 12-month period following the first public issuance of the financial document.

Question 4

Title IV of the Sarbanes Oxley Act, Enhanced Financial Disclosures, includes the following topics:

Answer 4

Disclosures in periodic reports
Enhanced conflict-of-interest provisions
Dislcosures of transactions involving management and principle stockholders
Mgmt assessment of internal controls
Certain exemptions
Code of ethics for senior financial officers
Dislcosure of audit committee financial expert
Enhanced review of periodic disclosures by issuers

Question 5

The Sarbanes Oxley Act requires certain disclosures in periodic reports. Those disclosures include:

Answer 5

1. All adjusting entries identified by the public accounting firm reporting on the F/S.
2. The F/S disclose all material off-balance sheet transactions including operating leases, contingent obligations, and relationships with unconsolidated subsidiaries.
3. Pro forma F/S shall include all relevant info and shall not include misleading or untrue info

Question 6

The Sarbanes Oxley Act includes certain enhanced conflict-of-interest provisions. Those provisions include:

Answer 6

Prohibitions on personal loans to executives with some exceptions

Question 7

The Sarbanes Oxley Act includes provisions for disclosure of transactions involving management and principle stockholders. Those provisions include:

Answer 7

Reporting by persons with ownership of 10% or more.
Statements are filed at the time of registration, when a person achieves 10% ownership, and when there has been a change in ownership.

Question 8

The Sarbanes Oxley Act includes provisions for management assessment of internal controls. Those provisions includes a report showing:

Answer 8

1. Management’s assertion that it is responsible for adequate internal control structure.
2. Management’s conclusions regarding its assessment of the effectiveness of the internal control structure and procedures for financial reporting
3. The auditor’s attestation regarding management’s assessment of internal control

Question 9

The Sarbanes Oxley Act includes provisions for audit committee disclosures. Those disclosures include:

Answer 9

The issuer must disclose the existence of a financial expert on the committee or the reasons why the committee does not have a member who is a financial expert.

Question 10

For purposes of service on the audit committee, what qualifies an individual for classification as a financial expert?

Answer 10

A financial expert qualifies through education, past experience as a public accountant, or past experience as a finance officer for an issuer.

Knowledge of the financial expert should include:

1. Understanding of GAAP
2. Experience in the preparation or auditing of F/S for comparable issuers
3. Application of GAAP
4. Experience with internal controls
5. Understanding of audit committee functions

Question 11

Title VIII of the Sarbanes-Oxley Act considers what topics?

Answer 11

Criminal penalties for altering documents
Statute of limitations for securities fraud
Whistle-blower protection
Criminal penalties for securities fraud

Question 12

Title IX of the Sarbanes-Oxley Act considers what topics?

Answer 12

Title IX, White Collar Crime Penalty Enhancements, includes the following:

• Attempt and conspiracy
• Amended sentencing guidelines for white-collar offenses
• Failure of corporate officers to certify financial reports

Question 13

An issuer periodic report containing financial statements filed with the SEC must include the following written certifications:

Answer 13

Each certified financial report must include a written statement:

1. That the periodic report complies with the Securities Exchange Act of 1934.
2. That info in the report fairly presents, in all material respects, the financial condition and operating results of the issuers.
3. Which must be signed by the CEO & CFO of the issuer, who bear responsibility for these statements.

Question 14

Title XI of the Sarbanes Oxley Act considers what topics?

Answer 14

Title XI, Corporate Fraud Accountability, includes the following:

• Tampering with a record or impeding an official proceeding
• Temporary freeze of authority for the SEC
• Authority of the SEC to prohibit persons from serving as officers or directors
• Retaliation against informants

Question 15

Under Title XI, Corporate Fraud Accountability, what are the penalties for tampering with a document used in an official proceeding or retaliating against an informant providing information to the SEC?

Answer 15

Document tampering will result in fines and/or a prison term of not more than 20 years.

Retailiation against informants providing information to the SEC will result in fines and/or prision term of not more than 10 years

Question 16

How does the principles-based approach support an effective system of internal control under the COSO framework?

Answer 16

An effective system of internal control requires the use of judgement in determining the sufficiency of controls, applying the proper controls, and assessing the effectiveness of the system of internal controls.

The principles-based approach of the COSO framework emphasizes the importance of management judgment.

Question 17

What are the components of the Committee on Sponsoring Organization’s (COSO) Internal Control Integrated Framework?

Answer 17

1. Control Environment
2. Risk assessment
3. Information and communications
4. Monitoring
5. Existing control activities

Question 18

What are the five principles associated with the control environment component of the COSO Internal Control Integrated Framework?

Answer 18

1. Committement to ethics and integrity (E)
2. Board independence and oversight (B)
3. Organizational structure (O)
4. Commitment to competence (C)
5. Accountability (A)

Question 19

What are the four principles associated with the risk assessment component of the COSO Internal Control Integrated Framework?

Answer 19

1. Specify objectives
2. Identify and analyze risks
3. Consider potential for fraud
4. Identify and assess changes

Question 20

What are the three principles associated with the (existing) control activities component of the COSO Internal Control Integrated Framework?

Answer 20

1. Select and develop control activities
2. Select and develop technology controls
3. Deploy through policies and procedures

Question 21

What are the three principles associated with the info and communications component of the COSO Internal Control Integrated Framework?

Answer 21

1. Obtain and use information
2. Internally communicate info
3. Communicate with external parties

Question 22

Name and describe the three objectives within the COSO framework

Answer 22

• Operating objectives pertain to the effectiveness and efficiency of the entity’s operations
• Reporting objectives pertain to the reliability, timeliness, and transparency of an entity’s reporting
• Compliance objectives are necessary to ensure the entity is adhering to all laws and regulations.

Question 23

What is the purpose of the COSO cube?

Answer 23

To show a graphical 3-dimensional depiction of the relationship between an entity’s 3 objectives, its 5 integrated conrol components, and the entity’s organizational structure

Question 24

What is necessary for the 5 components of the COSO framework to create an effective internal control environment for an entity?

Answer 24

In order to have an effective internal control environment for an entity, the 5 components and 17 related principles must be both present and functioning.

Additionally, the 5 components must operate together as an integrated system, to reduce the risk to an acceptable level, that the entity will not achieve its objectives.

Question 25

Differentiate the COSO framework from the Audit framework

Answer 25

The 5 components of the COSO framework are useful for identifying and evaluating the effectiveness of an entity’s internal control.

In contrast, the Audit framework focuses on how a given conrol prevents or detects and corrects material misstatements in an entity’s financial reporting.

Question 26

Identify some inherent limitations that may exist even with an effective internal control system

Answer 26

The following inherent limitations may still exist with an effective internal control system:

• Breakdowns in internal control due to error or human failure
• Issues pertaining to the suitability of the entity’s objectives
• External events beyond the control of the entity
• Faulty or biased judgement in decision making
• Mgmt override of controls
• Circumvention of controls through collusion

Question 27

What constitutes ineffective internal control under the COSO framework?

Answer 27

If a major deficiency is identified related to the presence and functioning of a component or relevant principle, or with respect to the components operating together in an integrated manner, the entity may not conclude that it has effective internal control system in place under the COSO framework

Question 28

What are the two principles associated with the monitoring component of the COSO Internal Control Integrated Framework?

Answer 28

1. Ongoing and separate evaluations

2. Communication of deficiences

Question 29

What theme does the ERM framework encompass?

Answer 29

1. Aligning risk appetite and strategy.
2. Enhancing risk response decisions
3. Reducing operating surprises and losses
4. Identifying and managing multiple and cross-enterprise risks
5. Seizing opportunities
6. Improving deployment of capital

Question 30

Explain the difference between opportunities and risks under the ERM framework

Answer 30

Positive events that promote achievement of objectives are opportunities.

Negative events that prevent the achievement of objectives are risks.

Question 31

What are the components of the COSO Enterprise Risk Management (ERM) Integrated Framework?

Answer 31

1. Internal Environment (I)
2. Objective Setting (S)
3. Event identification (E)
4. Accountability (A)
5. Risk Response (R)
6. Control Activities (A)
7. Information and communication (I)
8. Monitoring (M)

Question 32

What are the key elements of the internal environment component of the COSO ERM Integrated Framework?

Answer 32

1. Philosophy of risk management
2. Human resource standards
3. Risk appetite
4. Accountability
5. Structure (organizational)
6. Ethical values (and integrity)
7. Directors’ oversight
8. Commitment to competence

Question 33

What are the key elements of the objective setting component of the COSO ERM Integrated Framework?

Answer 33

1. Strategic objectives
2. Related objectives
3. Selected objectives
4. Risk appetite
5. Risk tolerances

Question 34

What are the key elements of the event identification component of the COSO ERM Integrated Framework?

Answer 34

1. Events
2. Influencing factors
3. Event identification techniques
4. Event interdependence
5. Event categories
6. Distinguishing risk and opportunities

Question 35

What are the key elements of the risk assessment component of the COSO ERM Integrated Framework?

Answer 35

1. Inherent and residual risk
2. Establishing likelihood and impact
3. Data sources
4. Assessment techniques
5. Event relationships

Question 36

What are the key elements of the risk response component of the COSO ERM Integrated Framework?

Answer 36

1. Evaluating possible responses
2. Selected responses
3. Portfolio view

Question 37

What are the key elements of the control activities component of the COSO ERM Integrated Framework?

Answer 37

1. Integration with risk response
2. Types of control activities
3. Controls over information systems
4. Entity-specific controls

Question 38

What are the key elements of the information and communication component of the COSO ERM Integrated Framework?

Answer 38

1. Information

2. Communication

Question 39

What are the key elements of the monitoring component of the COSO ERM Integrated Framework?

Answer 39

1. Ongoing monitoring activities
2. Separate evaluations
3. Reporting deficiencies

Question 40

What is a major limitation of ERM?

Answer 40

ERM is subject to human error as ERM evaluations can contain errors and management can override controls