BEC 2 - Corporate Governance, Internal Control, & Enterprise Risk Management

Question 1

What is role of Corporate Governance?

Answer 1

to make sure that certain objectives are met while the stakeholders needs and concerns are being addressed

Question 2

What is the Board of Directors responsible for?

Answer 2

1. Strategic Planning
2. Selection/Oversight of management (compensation & monitoring)
3. Dividend Policy
4. Treasury Stock
5. Budget Approvals

Question 3

Traits about the Principles of Corporate Governance

Answer 3

1. Developed by the Organization for Economic Cooperation & Development (OECD)
2. 6 Key Areas (ES-ES-DB)
   - Effective Corporate Governance Framework
   - Shareholder Rights and Ownership Functions
   - Equitable Treatment of Shareholders
   - Stakeholders Role in Corporate Governance
   - Disclosure & Transparency
   - Board Responsibilities

Question 4

Traits about the 1992 Cadbury Report

Answer 4

Relates to Corporate Governance

1. Voluntary Code
2. Companies listed on the London Stock Exchange and required comply or explain the extant of compliance (why and why not)
3. Clear Division of responsibility at the top OR strong independent element on the Board
4. Majority of Board should be outside Directors
5. Board Compensation should be determined by non-exec. directors
6. Board should select at Least 3 Non-Executive Directors on the Audit Committee

Question 5

ES-ES-DB?

Answer 5

6 Key Areas of The OECD Principles of Corporate Governance

• Effective Corporate Governance Framework
• Shareholder Rights and Ownership Functions
• Equitable Treatment of Shareholders
• Stakeholders Role in Corporate Governance
• Disclosure & Transparency
• Board Responsibilities

Question 6

What is Effective Corporate Governance Framework?

Answer 6

1st Key Area of OECD Principles of Corporate Governance

• should promote transparent and efficient markets
• be consistent with the rule of law
• clearly articulate the division of responsibilities among different supervisory, regulatory, and enforcement agencies

Question 7

What is Shareholder Rights and ownership functions?

Answer 7

2nd Key Area of OECD Principles of Corporate Governance

- protect and facilitate the exercise of shareholders rights

Question 8

What is Equitable Treatment of Shareholders?

Answer 8

3rd Key Area of OECD Principles of Corporate Governance

- all shareholders should have the opportunity to obtain redress for violation of their rights

Question 9

What are the Stakeholders Role in Corporate Governance?

Answer 9

4th Key Area of OECD Principles of Corporate Governance

• recognize the rights of STAKEholders established by law or through mutual agreements
• cooperation b/w corporations and STAKEholders for overall wealth

Question 10

What is Disclosure and Transparency?

Answer 10

5th Key Area of OECD Principles of Corporate Governance

• timely and accurate disclosure is made on all material matters regarding the corporation
• Includes: Financial Performance, Situation, Ownership, and Governance of the company

Question 11

What are the Board Responsibilities?

Answer 11

6th Key Area of OECD Principles of Corporate Governance

• strategic guidance
• effective monitoring
• board’s accountability to the company and shareholders

Question 12

Where does the Board get their authority and responsibilities from?

Answer 12

The Bylaws (internal rules of the Company) which becomes the corporate charter when approved with the Articles of Incorporation. Includes:

• Min and Max # of Directions
• Selection and compensation
• How often they should meet
• nature of the responsibilities

Question 13

What are typical Duties of the Board of Directors?

Answer 13

• Fiduciary Duty & in Best Interest of the company
• Determine/Revise the mission and amend bylaws
• Strategic Planning & development of broad objectives and policies
• Selection and oversight of the CEO
• Securing the availability of Financial Resources
• Budget Approval
• Approval of Major Operating & Financial Proposals
• Accounting to STAKEholders (reliable financial info is reported)
• Advise to mgmt and determine mgmt compensation
• Dividend Policy
• Requiring Treasury Stock

Question 14

NYSE and NASDAQ listed company requirements related to the Board of Directors

Answer 14

• Majority of Directors are required to be Independent
• Info must be provided to investors regarding Director Independence
• Non-Mgmt Directors are required to meet a on a REGULARLY SCHEDULED basis
• Directors must adopt and publish a code of conduct applicable to ALL PARTIES within an entity disclosing any waivers to directors or officers
• maintain an INDEPENDENT Audit Committee
• Must ID any relationships that automatically indicate a director that IS NOT INDPENDENT

Question 15

A Director is NOT independent if:

Answer 15

1. Recent employee/affiliate of the entity OR Former partner/employee of the external auditor
   OR
2. A Family Member or Director received more than $120,000 from the corp (excluding director fees) for any 12-month period within the last 3 YEARS
   OR
3. A Family member was a recent officer of the entity (5 Years NYSE, 3 Years NASDAQ)
   OR
4. The Director is the executive of another entity that receives significant amounts of REVENUE from the entity

Question 16

Business Judgement Rule

Answer 16

Director or Manager has protection against liability (LOSSES) when fulfilling fiduciary duty… Fraud is usually only reason the courts will go to trial

Question 17

What do the Articles of Incorporation Include?

Answer 17

• Name, Address, and Purpose of The Company
• Registering Agent (“attorney”)
• Name & Address of each incorporator
• # of shares AUTHORIZED
• Types of Stock

Question 18

What Committees are required for Publicly Held Companies?

Answer 18

NAC

• Nominating Committee
• Auditing Committee
• Compensation Committee

Question 19

What is the Nominatee Committee do?

Answer 19

• Responsible for overall corporate Governance
• Determine director suitability for service on the BoD
• Developing and Suggesting Corp. Gov. Principles and policies
• Oversee CEO Succession
• Enhance quality of board nominees
• Ensure integrity in nominating process

Question 20

What is the Wall Street Reform and Consumer Protection Act?

Answer 20

• ” Dodd-Frank”
• requires disclosure about whether or not the chair of the BoD is also the CEO
• Must also explain why or why they are not the same individual

Question 21

What is “Dodd-Frank”?

Answer 21

• Wall Street Reform and Consumer Protection Act
• requires disclosure about whether or not the chair of the BoD is also the CEO
• Must also explain why or why they are not the same individual

Question 22

What is the Audit Committee?

Answer 22

• Required Committee in the Board of Directors
• Must be composed of INDEPENDENT Directors
• At least 1 member must be a FINANCIAL EXPERT (if there is not, must explain why not)
• Oversee the Financial Reporting process (reliable and timely to stakeholders)
• Select the External Auditor (det. compensation and oversee)
• Receive internal and external audit results
• Internal Control Responsibilities

Question 23

Who does the External Auditor Report to?

Answer 23

• Report directly to the Audit Committee

Question 24

What are the Audit Committee’s Internal Control responsibilities?

Answer 24

• oversee the establishment of appropriate controls
• Prevention and detection of fraud programs
• maintain code of ethics
• establish procedures for dealing with complains about accounting, internal control, or audit matters
• facilitate a process for employees to anonymously and confidentially express accounting concerns (WHISTLEBLOWERS)

Question 25

What are main results of SOX?

Answer 25

• top management must individually certify the accuracy of financial information
• penalties for fraudulent financial activity are much more severe
• Increased the independence of the outside auditors
• increased the oversight role of boards of directors
• creation of PCAOB

Question 26

What are the traits/responsibilities of a Compensation Committee?

Answer 26

• Made up of INDEPENDENT Directors
• establish compensation policies for directors and executives
• ensure their policies are consistent with mission stmt and objectives
• There are SEC, NYSE, NASDAQ specific requirements

Question 27

What is a Financial Expert?

Answer 27

Director in the Audit Committee with:

• Understanding of GAAP and Financial Statements
• Experience preparing or auditing comparable F/S
• Experience applying F/S or Audit Knowledge to the accounting for estimates, accruals, and reserves
• Experience with INTERNAL AUDIT CONTROLS
• Understanding of the Audit Committee Functions

Question 28

What are the SEC, NYSE and NASDAQ requirements for the Compensation committee?

Answer 28

• developing a compensation approach or philosophy
• Establish CEO/Exec. compensation
• use outside experts (as appropriate)
• receive and evaluate proposals regarding exec. Responsibilities put forth by the shareholders

Question 29

Dodd Frank Act provisions that relate to the Compensation Committee

Answer 29

1. Say on Pay ( shareholders vote on compensation and golden parachute)
2. Independence - higher standard for members and advisors (enhanced disclosure use of compensation consultant s and possible conflicts of interest)
3. Disclosure - exec. Compensation and entity financial performance & CEO$$$ vs. Median Employee$
4. Clawbacks - restatement of F/S resulting in compensation recoupment (regardless of fault)

Question 30

Officer Fixed Compensation Usually consists of

Answer 30

Salary & Prerequisites (perks)

Question 31

Incentive Compensation

Answer 31

1. Bonuses (easy to manipulated, based on accounting profit)
2. Shared Based Compensation

Question 32

Shared Based Compensation

Answer 32

Part of Executive Incentive Compensation

• Stock Options (Buy @ Fixed Price)
• Share Appreciation Rights (Cash Payments for Increases in Stock Price)
• Restricted Shares (Shares that may not be traded/sold for a specific period of time)
• Performance Shares (shares issued if specific objectives are met)

Question 33

Stock Options and Officer Incentive Compensation

Answer 33

• May Focus on the Short Term

- If Stock Price is too low that the option will never be “in the money”, incentive is gone

Question 34

Share Appreciation Rights and Officer Incentive Compensation

Answer 34

• May Focus on the Short Term

- If Stock Price is too low, all incentive will be lost

Question 35

Restricted Shares and Officer Incentive Compensation

Answer 35

• Officer does not have to pay for the shares

- incentive to increase the stock price (at least during restriction period)

Question 36

Performance Shares and Officer Incentive Compensation

Answer 36

• focuses on mgmt meeting of specific performance objective

- potentially very effective

Question 37

What is one of the most common and effective ways to monitor Management?

Answer 37

• ## Internal auditors reporting directly to the Auditing Committee (not required)

Question 38

What is the Internal Audit Function?

Answer 38

• Required by NYSE for listed companies
• provides mgmt and the Audit Comm. With ongoing assessments of the company’s RISK MANAGEMENT PROCESS and SYSTEM OF INTERNAL CONTROL

Question 39

What is a Chief Auditing Executive?

Answer 39

• Reports to the Audit Committee (required for NYSE Listed companies)
• Responsible for the internal audit function

Question 40

What the Components of the International Professional Practices Framework?

Answer 40

Developed by Institute of of Internal Auditors (IIA)

1. Definition of Internal Auditing
2. Code of Ethics
3. International Standards of the Professional Practice of Internal Auditing (ISPPIA)

Question 41

What is the Definition of Internal Auditing

Answer 41

1st Component of the IPPF

• independent, objective ASSURANCE, and CONSULTING activity design to ADD VALUE & IMPROVE and org’s operations
• helps achieve objectives via systematic, disciplined approach to evaluate and improve the effectiveness of RISK MGMT, CONTROL, and GOVERNMENT processes

Question 42

What are the Code of Ethics (Internal Auditing)?

Answer 42

2nd Component of IPPF (principles & rules)

1. Integrity - honesty, law-abiding (to best knowledge), ethical
2. Objectivity - no impairment activities, disclose all material relevant facts known
3. Confidentiality - prudence and not using info for personal gain
4. Competency - qualified, in accordance with ISSPIA, improving proficiency, quality of svc

Question 43

What are the Int. Standards of Professional Practice of Internal Auditing (ISPPIA)?

Answer 43

3rd Component of IPPF

1. Attributable Standards (4 Categories)
2. Performance Standards (7 Categories)

Question 44

What are the Attributable Standards?

Answer 44

Part of ISPPIA (3rd Competent of IPPF)

1. Purpose, Authority & Responsibility (PAR) - definition, code, and standards
2. Independence and Objectivity (includes direct iteration with the BoD)
3. Proficiency and Due Professional Care
4. Quality Assurance & Improvement Program - internal&external assessments, reporting, use of “conformance with ISPPIA”, disclosure of nonconformance

Question 45

What is the Quality Assurance and Improvement Program

Answer 45

4th Category of the Attributable Standards in ISPPIA

• Internal and External Assessments
• reporting on the quality assurance and improvement program
• use of “conforms with the ISPPIA”
• disclosure of non-conformance

Question 46

What are the Performance Standards?

Answer 46

Part of ISPPIA (3rd Component of ISPPIA)

1. Managing the Internal Audit Activating - coordination/planning/communication etc, and reporting to Senior mgmt & BoD
2. Nature of Work - governance, risk mgmt, and control
3. Engagement Planning - Planing Considerations & Engagement objectives, scope, resource alloc, work program
4. Performing the Engagement - ID info, Analysis, Eval, Documenting info, Engagement Supervision
5. Communicating Results - criteria, quality,errors/omissions, Use of “conformance…”, engagement disclosure of non-conformance, disseminate results , and overall opinions
6. Monitoring Progress
7. Communicating the Acceptance of Risks

Question 47

How does the Board of Directors meet responsibility of management oversight

Answer 47

1. Compensation Policies - fixed and incentive

2. Monitoring - Internal and external auditing, I-Banks, securities analyst, Creditors/Agencies, Attorneys, SEC, IRS

Question 48

SOX & the independence of external auditors

Answer 48

Very Strict Rules:

• prohibition against performance of many NON-AUDIT services
• any non-attest services by the auditor must be PREAPPROVED by the Audit Comm.
• Audit Partner ROTATION
• Pub. Acctg Firm must be REGISTERED with PCAOB

Question 49

External Auditor and Audit Committee

Answer 49

Must communicate:

• critical acctg policies and practices being used
• Alternative treatments (GAAP approved) that have been discussed with mgmt (implication and preference)
• any add’l written communication with mgmt (including any mgmt letter or schedule of unadjusted differences)

Question 50

External Auditor and Internal Control

Answer 50

External Auditor examines internal control and attests to “Management Assessment of Internal Controls” in Annual Report (10-K)

Question 51

Management Assessment of Internal Controls

Answer 51

• included in each annual 10-K report, indicating:
  1. Mgmt’s responsibility for establishing/maintaining adequate controls
  2. Assessing the effectiveness of controls as of the end of the most recent fiscal period

Question 52

Under SOX, if the CEO or CFO misrepresents financial information…

Answer 52

Both may be imprisoned AND fined

- Ranges from $1 million + 10 years to $5 million + 20 years

Question 53

What is GAAS?

Answer 53

• Generally Accepted Auditing Standards

- requires the external to communicate with those charged with governance regarding certain matters

Question 54

What Matters must the External Auditor communicate with those charged with Governance?

Answer 54

• auditor’s responsibility to form/express an opinion, but it does NOT relieve GOVERNANCE with any responsibilities
• planned scope and timing of the audit
• auditor’s views about QUALITATIVE aspects of the entity’s accounting practices ( estimates, why/why not approp. methods & if Governance is informed about the processes used, issues, findings, uncorrected misstates)

Question 55

What are the Qualitative Accounting Aspects of an External Auditor views?

Answer 55

• entity’s accounting practices (policies, estimates, accruals, disclosures)
• why a practice is NOT appropriate under those circumstance
• determines if Governance is informed
• auditors conclusions about their reasonableness
• difficulties, disagreements with management and other finding/issues
• uncorrected MISTAKES and effects and effect of uncorrected misSTATES from prior periods

Question 56

When those charge with Governance are independent from mgmt, what additional matters must the external auditor communicate?

Answer 56

• Material corrected mistakes brought to mgmt’s attention
• significant finding or issues discussed with mgmt
• auditor’s views on matters that were subject of mgmt consultation with other accountants
• written representations requested by the auditor

Question 57

What are the SEC components relevant to monitoring management?

Answer 57

• Division of Corporate Finance
• Division of Enforcement
• Office of the Chief Accountant

Question 58

SEC Division of Enforcement

Answer 58

• investigate possible securities law violations
• recommends when the SEC should take action in a Federal Court OR before and Administrative Judge OR Negotiate settlement

Question 59

SEC Division of Corporate Finance

Answer 59

• interpretive guidance to Acts

- reviews filings made under the 1933 Act to evaluate compliance with disclosure and accounting requirements

Question 60

SEC Office of the Chief Accountant

Answer 60

• transparency and relevancy of financial reporting
• improving professional performance of auditors of pub. companies
• ensuring the fair representation and credibility of F/S
• establish/enforce accounting/auditing policy
• 3 Major Groups: Accounting, Professional Practice, and International Affairs

Question 61

3 Major Groups of the SEC Office of the Chief Accountant

Answer 61

1. Accounting
2. Professional Practice
3. International Affairs

Question 62

IRS and Monitoring Management

Answer 62

• scrutiny of tax filings (Shareholders actions: can replace members or file class action lawsuits)
• scrutiny of potential for corporate takeover (ineffective management)

Question 63

JOBS Act of 2012 and Monitoring Management

Answer 63

• Jumpstart Our Business Startups
• main purpose to encourage small biz (more jobs)
• Extended period of complying with SOX provisions
• Exempt from laws requiring shareholder vote on EXEC COMPENSATION
• NOT required to have internal audits control (SOX Section 404)

Question 64

PCAOB Audit 5 Integrated Audit

Answer 64

• examine design & operating effectiveness of internal control over financial reporting (ICFR)
• opinion on its effectiveness in preventing or detecting material misstatements
• “integrated” - auditor relies much MORE ON INTERNAL CONTROL & less on substantiative procedures
• COSO “Internal Control - Integrated Framework” is most commonly used framework

Question 65

Internal Control (described by COSO)

Answer 65

A process (affected by the BoD, mgmt, & Other personnel) designed to provide REASONABLE ASSURANCE regarding the achievement of OBJECTIVES relating to OPERATIONS, REPORTING, & COMPLIANCE

Question 66

Operating Objectives

Answer 66

• the effectiveness & efficiency of operation
• incorporate achievement of financial performance goals
• safeguarding of assets
• Part of COSO IC-Integrated Framework

Question 67

Reporting Objectives

Answer 67

• reliability, timeliness, & transparency of financial/non-financial reporting for both internal and EXTERNAL uses
• Part of COSO IC-Integrated Framework

Question 68

Compliance Objectives

Answer 68

• complying with applicable laws and regulation

- Part of COSO IC-Integrated Framework

Question 69

COSO

Answer 69

Committee of Sponsoring Organizations Treadway Commission

Question 70

What are the components of COSO’s Internal Control - Integrated Framework?

Answer 70

CRIME

5. Control activities
6. Risk Assessment
7. Information and Communication
8. Monitoring
9. control Environment

Question 71

Control Environment

Answer 71

• combination of standards, processes, and structures that enable internal control to be effective
• influences the control conscience of peoples
• foundation of internal control
• 5 Principles ( Integrity/Ethics, Governance Independence, Hierarchy & Structure, Competent Individuals, &Accountability) - CHOPPER

Question 72

What are the factors are included in the control environment?

Answer 72

CHOPPER
C - Commitment to Competence (4)
H - Human Resource Policies & Procedures (4 & 5)
O - Organizational Structure (planning,directing,controlling ops)
P - Philosophy and operating style of Mgmt (1)
P - Participation of BoD or Audit Comm. (2 - CG Independence)
E - Ethical and Integrity Values (1)
R - Responsibility and Authority Assignment (3)

Question 73

What is most significant internal control as indicated by COSO?

Answer 73

the Control Environment

• tone @ top
• unethical managers lead to unethical employees (lead by example)
• leadership
• timely and consistent identification of response to deviations from standards

Question 74

What is Risk Assessment (COSO)?

Answer 74

• Part of COSO Integrated Framework (Internal ControL)
• recognition of events that pose risks to achieving objectives
• process that is established to ID and Evaluate those risks

Question 75

Risk responses

Answer 75

Accept: No Preventative Action
Avoid: change the objective or discontinue activity
Share: joint venture, insurance, or hedging
Reduce: i.e. establish control activities, train staff for new tech

Question 76

What are the Principles for Risk Assessment?

Answer 76

4 Principles

1. Objectives are clear to allow for ID/Eval (op objectives vs internal reporting objectives)
2. Risks ID and Analysis (Internal & External, speed/length, likelihood, & Responses)
3. Fraud Possibility (nature, types, characteristics, incentives, pressures, opportunities, attitudes)
4. Impact of Changes (external environment, business model, or leadership)

Question 77

Risk Assessment for Financial reporting Purposes?

Answer 77

ID, Analysis, and Management of Risks (Risk Response) relevant to preparation of F/S
- recording, processing, summarizing, estimating, and reporting

Question 78

Internal & External Risk Factors relevant to financial reporting

Answer 78

• Changes in the environment (competition)
• New Personnel
• New or Revamped Info Systems
• Rapid Growth
• New Tech
• New Lines of business, products , activities
• Corporate Restructurings
• Foreign Operations
• Accounting Pronouncements

Question 79

What is Control Activities?

Answer 79

• actions established by policies & procedures that help ensure that mgmt’s directives are carried out
• 3 Principles
  1. Selection & Development of CA’s to reduce risks (Risk Assessment Integration)
  2. General Controls over Technology
  3. POLICIES identify expectations (responsibility/accountability/tasks in timely manner) & PROCEDURES convert policies into actions (& reassessment of CAs)

Question 80

Types of Control Activities

Answer 80

PIPS
P - Performance Reviews: actual vs budget, financial vs non financial
I - Information Processing (IT)
P- Physical Controls
S - Segregation of Duties (ARCC)

Question 81

PIPS

Answer 81

Types of Control Activities
P - Performance Reviews: actual vs budget, financial vs non financial
I - Information Processing (IT)
P- Physical Controls
S - Segregation of Duties (ARCC) - reduce ability to perpetuate & conceal errors/irregularities

Question 82

ARCC

Answer 82

Segregation of Duties
A - Authorizing of Transactions
R - Recording transactions (posting)
C - Custody of Assets
C - Comparisons (reports)

Question 83

Information and Communication

Answer 83

• processes mgmt obtains/generates and uses information
• how the info is disseminated throughout the entity & to appropriate business relationships
• to make effective decisions from timely,reliable, & relevant info
• 3 Principles (Relevant & Quality Info supports function, Internal Communication, & External Communication)

Question 84

Principles of Information and Communication

Answer 84

1. Relevant, quality info obtained/generated (sources, costs, info systems)
2. Internal Communication of Objectives & Responsibilities (nature & timing, open & proper communication).
3. External Communication (provide/obtain relevant & timely info)

Question 85

Monitoring Activities

Answer 85

• processes the entity uses to determine if all components & principles of internal control are in place & functioning in manner intended
• 2 Principles
  1. Evaluations - Separate periodic and/or on-going basis
  2. Internal Control deficiencies are communicated for Corrective Action (timely)

Question 86

How do you assess the quality of Internal Control Performance?

Answer 86

Monitoring Activities should be done by Competent and Objective individuals

1. On-going Basis: (customer complaints)
2. Separate Periodic Basis: (audits)

Question 87

Why do Internal Control systems fail?

Answer 87

1. Controls are not designed or implemented properly
2. Environment Changes
3. Operation has changed

Question 88

Who should evaluate Internal Control?

Answer 88

The Internal Audit Staff, who reports to Board of Directors

Question 89

What are the Monitoring sequence of Activities?

Answer 89

1. Control Baseline - understanding of how IC was designed/implemented
2. Change ID - evals (ongoing/separate) to ID and address/initiate changes
3. Change Mgmt - when changes are needed ad they types likely to be effective
4. Control Revalidation/Update - new baseline understanding of the revised system

Question 90

Control Baseline

Answer 90

1st step in Monitoring sequence of activities

- development of an understanding of how the system of Internal Control was designed and implemented

Question 91

What are the Limitations of Internal Control?

Answer 91

COCCO
C - Collusion
O - Override by Management
C - Competence: mistakes/errors, poor human judgement
C - Cost/Benefits Constraints
O - Obsolesces: Changes to operations or size

Question 92

What is COCCO?

Answer 92

the limitations of COSO’s Internal Control - Integrated Framework
C - Collusion
O - Override by Management
C - Competence: mistakes/errors, poor human judgement
C - Cost/Benefits Constraints
O - Obsolesces: Changes to operations or size

Question 93

What should be included when designing an internal control structure?

Answer 93

a systematic process should be applied that will:

1. Provide assurance of all transaction/activities
2. Consider associated Risks
3. Be more conducive to effective controls

Question 94

What is the foundation of the internal control structure?

Answer 94

• developed around those repetitive transactions that affect the entity on a regular basis
• IE: cash receipts & disbursements, purchases, payroll, sales

Question 95

What should be included in the process for each system?

Answer 95

• Initiation (of transaction)
• Authorization (before committing resources)
• Execution (procedures and forms to complete)
• Verification (safeguards against fraud and errors)

Question 96

What does a well designed system for a business process include?

Answer 96

• Forms for proper completion
• Info is given to ALL and ONLY appropriate parties
• Segregation of Incompatible Duties (ARCCS)

Question 97

Why does management need to develop a process for controlling change?

Answer 97

to make certain change does NOT have any adverse effects

Question 98

What area basic change control processes components?

Answer 98

RAD-PM

1. Change Requests (ID)
2. Change Analysis (Evaluate the justification & cost/benefit)
3. Change Decisions (Decide on change based on analysis)
4. Planning & Implementing (planning, effects of change, & training)
5. Monitoring/Tracking Change (properly executed & has intended effects)

Question 99

RAD-PM

Answer 99

The Basic Change Control Process Components

1. Change Requests (ID)
2. Change Analysis (Evaluate the justification & cost/benefit)
3. Change Decisions (Decide on change based on analysis)
4. Planning & Implementing (planning, effects of change, & training)
5. Monitoring/Tracking Change (properly executed & has intended effects)

Question 100

What should management’s report on Internal Control Over Financial Reporting include (ICFR)?

Answer 100

• acknowledgement of responsibility
• assessment of ICFR as of most recent period
• ID of framework used to eval ICFR
• indication that the Auditor has issued attestation on mgmt’s assessment

Question 101

What does the Auditor’s report attesting to mgmt’s assessment include?

Answer 101

• Auditor is Independent
• indication of mgmt’s responsibility and assessment of effectiveness
• ID Mgmt’s report on ICFR
• Indication that auditor’s responsibility is an OPINION
• Definition of ICFR
• Stmt of Accordance with PCAOB (reasonable assurance)
• Stmt describing what the audit consists of (understanding, assessing, eval, other necessary as appropriate)
• Stmt of reasonable basis for the opinion
• Limitation of Internal Control
• Auditor’s Opinion on effectiveness of most recent period
• Signature of the Firm
• City & State of report issuance

Question 102

What is the Purpose of Enterprise Risk Management?

Answer 102

find balance between minimizing/managing RISK & maximizing return on OPPORTUNITIES toward objectives (stakeholders)
- think “MITIGATE RISK & EXPLOIT OPPORTUNITIES”

Question 103

Who created a framework for Enterprise Risk Management (ERM)?

Answer 103

COSO

Question 104

What is COSO’s definition of ERM?

Answer 104

• process (affected by BoD, Mgmt, and other personnel) applied in a STRATEGY setting and across the enterprise designed to ID potential events and MANAGE RISK within appetite to provide REASONABLE ASSURANCE for achievement of objectives
• CRIME + 3

Question 105

What are the capabilities of ERM?

Answer 105

• Align Risk & Appetite
• Enhance Risk Response Decisions
• Reduce Operational Surprise and Losses
• ID & Manage Multiple/Cross-Enterprise Risk (integration risks = “one solution may create more problems”)
• Seizing Opportunities
• Improve Capital Deployment (financial & human for protection against risks)

Question 106

What are the areas ERM can assist in meeting objectives?

Answer 106

S + ORC (ORC is from COSO’s Integrated Framework)

1. Strategic (high-level goals from mission stmt)
2. Operations (use of resources for efficiency/productivity at each level)
3. Reporting (reliable and timely for DIVISION progress towards objectives)
4. Compliance (laws, regulations, & INTERNAL company policy)

Question 107

What are the Components of ERM?

Answer 107

• CRIME + 3 (Objective Setting, Event ID, Risk Response)
• designed to incorporate internal controls
  1. Internal Environment (formal & informal)
  2. Objective Setting
  3. Event Identification (opportunities vs threats)
  4. Risk Assessment
  5. Risk Response
  6. Control Activities
  7. Information and Communication
  8. Monitoring

Question 108

Strategic Objectives

Answer 108

• establish unifying theme for the entity & direct actions and decisions

Question 109

Objective Setting

Answer 109

• Strategic sets the direction

- Operation/Reporting/Compliance Objectives provide the mechanisms for meeting those objectives

Question 110

Event Identification

Answer 110

• Part of COSO’s ERM (CRIME + 3)
• the ID and monitoring of sources of information that pertain to areas of risk for the entity
• Resources are limited therefore find which are critical to achieving objectives
• 7 Techniques for event ID
• Internal & External Factors

Question 111

ERM’s 7 Techniques for Event Identification

Answer 111

1. Event Inventories (list)
2. Internal Analysis (routine discussion)
3. Escalation/Threshold TRIGGERS (benchmark for alerts)
4. Facilitated Workshops or Interviews (learning)
5. Process Flow Analysis (all components)
6. Leading Event Indicators (ID indicative data)
7. Loss Event Data Methodologies (causes/trends)

Question 112

Risk Assessment (ERM)

Answer 112

• evaluate extent of potential effects (likelihood, degree)
• 3 Broad Approaches (not mutually exclusive & apply to all levels)
  1. B/S Approach (essential assets, theft/damage, intellectual property)
  2. Process Approach (performance, allocation, use, timely, correctly— PRODUCT QUALITY)
  3. Event ID Approach (Event ID + Competition Standpoint 5 Forces)

Question 113

What are Forces of Competition?

Answer 113

Entity must seek to ID any event hat may affect any of these 5 Forces:

1. Customers (demand)
2. Suppliers (availability: financial, human, physical)
3. Competitors (advantages, innovations)
4. Potential Entrants into the Market (Change in Cost of Entry & Competition)
5. Substitutes (attention of customers & suppliers)

Question 114

Inherent Risk

Answer 114

risk if NO ACTION is taken (ERM)

Question 115

Residual Risk

Answer 115

remaining amount of risk if action is taken (ERM)

Question 116

Reduction in Risk

Answer 116

Err:509

Question 117

Ways to Quantify Risk

Answer 117

3 ERM approaches:

1. Benchmarking (expected vs common)
2. Probabilistic Models (QUANTITATIVE: expected values)
3. Non-Probabilistic Models (QUALITATIVE: subjective assumptions)

Question 118

Risk Acceptance

Answer 118

• no action
• when entity believe inherent risk is at an acceptable level
• Cost of Action > Reduction in Risk

Question 119

When is it appropriate to “reduce” risk?

Answer 119

• when the entity cannot find a COST EFFICIENT manner of sharing risk

Question 120

Most Control Activities are designed to…

Answer 120

direct normal activities:

• ARCC
• Access
• Policies/Procedures
• Direct Supervision of employees (oversight)
• Employee performance analysis (oversight)

Question 121

What is a group of control activities at the highest level?

Answer 121

preparing an organizational chart & up-to-date set of job descriptions
- if combined with a favorable internal environment (E), enables every member to understand their position & potential contribution

Question 122

Categories of Control Activities Identified in ERM

Answer 122

1. Top Level Reviews
2. Direct Function or Activity Management
3. Information Processing Controls
4. Physical Controls
5. Performance Indicators
6. Segregating of Duties

Question 123

What is Top Level Reviews?

Answer 123

• Category identified in ERM Control Activities
• comparisons of actual performance vs. budget/forecasts/benchmarks
• tracking of major initiatives (IE Product development, cost reduction)

Question 124

What is Direct Function/Activity Management?

Answer 124

• Category identified in ERM Control Activities

- managers review performance reports that the entity may be monitoring as part of event ID processes

Question 125

What is Information Processing Controls?

Answer 125

• Verify transaction is authorized

- used to assure accuracy & completeness of information on the F/S

Question 126

What are Physical Controls?

Answer 126

• Category identified in ERM Control Activities
• physical security of assets (2 Categories)
  1. Assets (physical counts)
  2. Documents that control the assets (i.e.documents of title)

Question 127

What are Performance Indicators?

Answer 127

• Category identified in ERM Control Activities
• analyzing data
• ID expected results/trends
• INVESTIGATE unexpected results/conditions and inconsistent behavior

Question 128

Inherent Limitations of of ERM

Answer 128

• may enhance success but does not ensure it
• future cannot be predicted
• some events are beyond mgmt’s control
• No absolute assurance (only reasonable assurance)
• COCCO