BEC Custom

Question 1

What is the anti-retaliation provision of Dodd-Frank?

Answer 1

Employees who provide information regarding a securities fraud (whistle-blowing) may sue to seek compensation for any retaliation they suffer

Question 2

What is the whistle-blowing award percentage under Dodd-Frank for securities fraud information that results in SEC sanctions?

Answer 2

Between 10 and 30% of the sanctions imposed

Question 3

What do corrective controls do?

Answer 3

Allow the user to recover from a problem once it has been identified

• reverse effect of error
• always with detective controls

Question 4

What are internal controls?

Answer 4

A process designed to provide reasonable assurance

Question 5

Who creates and maintains internal controls?

Answer 5

management, board of directors, and other personnel

Question 6

Internal control goals?

Answer 6

Reasonable assurance of achieving objectives related to -

• effectiveness and efficiency of operations
• reliability of financial reporting
• compliance with laws and regulations

Question 7

What are preventive controls?

Answer 7

• preventive an error or irregularity

- i.e. building locks, usernames and passwords, segregation of duties

Question 8

What are detective controls?

Answer 8

• detect error after occurrence
• i.e. data entry edits and reconciling accounting records to physical assets
  (often also have secondary preventive benefits)

Question 9

What do feedback controls do?

Answer 9

evaluate and respond to the results of a process

Question 10

What do feed-forward controls do?

Answer 10

project future results and alter inputs in response

Question 11

What are general controls?

Answer 11

• apply broadly to most computerized functions

Question 12

What are application controls?

Answer 12

• focus on accounting applications that include data entry, update and reporting

Question 13

What are detective controls more costly than?

Answer 13

preventive and corrective controls

Question 14

In COSO, what does information and communication enable?

Answer 14

an organization’s people to identify, process, and exchange the information needed to manage and control operations

Question 15

What is COSO?

Answer 15

• est. 1987 - created by five organizations to develop an integrated internal control model

Question 16

What are the five components of a control system on the COSO Cube?

Answer 16

• monitoring
• information and communication
• control activities
• risk assessment
• control environment

Question 17

Why do we have internal control according to COSO (three components)?

Answer 17

• effectiveness and efficiency of operations
• reliability of financial reporting
• compliance with laws and regulations

Question 18

What is a sustainability report primarily?

Answer 18

• external, non-financial report

Question 19

What are the five principles of the control environment?

Answer 19

• commitment to integrity and ethical values
• board of directors demonstrates independence of management, and oversees the development and monitoring of internal control
• management establishes structures, reporting lines, and appropriate authorities and responsibilities to achieve objectives
• competence
• accountability

Question 20

What are the four principles of risk assessment?

Answer 20

• objectives
• assessment
• fraud - considering potential fraud in assessing risks to achieving objectives
• change management

Question 21

What are the three principles of control activities?

Answer 21

• risk reduction
• technology controls
• policies

Question 22

what are the three principles of information and communication?

Answer 22

• quality - relevant, high-quality information supports the internal control processes
• internal - internal communication supports internal control processes
• external - communication with outsiders supports internal control processes

Question 23

What are the two principles of monitoring?

Answer 23

• ongoing and periodic - to evaluate internal control functioning
• address deficiencies

Question 24

What does ERM stand for?

Answer 24

Enterprise risk management

Question 25

What are the four objectives of the COSO ERM Model?

Answer 25

• strategic
• operations
• reporting
• compliance

Question 26

What are the eight control components of the COSO ERM Model?

Answer 26

• internal environment
• objective setting
• event identification
• risk assessment
• risk response
• control activities
• information and communication
• monitoring

Question 27

What does risk response include under COSO ERM?

Answer 27

management’s decision to avoid, accept, reduce, or share risk and to develop a set of actions to align risk with the entity’s risk preferences

Question 28

What are the two primary attributes of effective evaluators according to COSO?

Answer 28

competence and objectivity

Question 29

What is competence in the context of evaluating controls?

Answer 29

evaluator’s knowledge of controls and related processes, including their operation and what constitutes a control deficiency

Question 30

What is board monitoring?

Answer 30

• monitoring by board or its committees

- includes evaluating management’s monitoring process and assessment of risk of management override of controls

Question 31

Control objectives

Answer 31

specific targets against which the effectiveness of IC is evaluated

Question 32

Compensating controls

Answer 32

Accomplish the same objective as another control and can “compensate” for deficiencies in that control

Question 33

Key performance indicators

Answer 33

metrics that assess critical success factors

Question 34

Key risk indicators

Answer 34

forward-looking metrics that help identify potential problems

Question 35

Assessing Changes in IC Effectiveness Model (monitoring-for-change continuum)

Answer 35

four-stage process

• Establish control baseline
• change identification
• control re-validation
• change management

Question 36

What are the three steps in the COSO Control Monitoring Process Model?

Answer 36

• establish a foundation
• design and execute
• assess and report

Question 37

Foundation for Monitoring (COSO)

Answer 37

• proper tone at the top
• effective organizational structure
• generate “baseline” of known effective IC

Question 38

Design and execute monitoring procedures (COSO)

Answer 38

• generate persuasive information about key controls about meaningful risks
• prioritize risks
• implement monitoring

Question 39

Assess & report results (COSO)

Answer 39

• prioritize findings
• report results
• follow up with corrective action

Question 40

Change Identification (COSO)

Answer 40

the monitoring for change process that would include ongoing and separate evaluations intended to identify and address changes in internal control effectiveness

Question 41

What part of establishing a foundation for monitoring does establishing a baseline of an internal control known to be effective belong to?

Answer 41

it is a sub-activity, not a major step, in the COSO model of control monitoring

Question 42

What is the starting point for a system of internal control?

Answer 42

setting organizational objectives

Question 43

What does the IIA International Professional Practices Framework include among its “mandatory” guidance?

Answer 43

1. definition of internal auditing
2. core principles
3. code of ethics
4. international standards

Question 44

What does the IIA International Professional Practices Framework include among its “strongly recommended guidance”?

Answer 44

1. position papers
2. practice advisories
3. practice guides

Question 45

What are the four principles under IIA code of ethics?

Answer 45

1. integrity
2. objectivity
3. confidentiality
4. competency

Question 46

What are the two categories of standards under the IIA international standards?

Answer 46

• attribute standards - involve characteristics of entities and individuals performing internal auditing
• performance standards - involve the criteria to evaluate the quality of internal audit services

Question 47

assurance relationship parties in internal auditing

Answer 47

3 party -

1. the process owner
2. the user
3. the internal auditor

Question 48

consulting relationship parties in internal auditing

Answer 48

2 party -

1. the client
2. the internal auditor

Question 49

Who are the IIA’s standards issued by?

Answer 49

Internal Auditing Standards Board (IASB)