BEC Excel

Question 1

What are the provisions of the Dodd-Frank Act?

Answer 1

This is an anti-retaliation act for whistleblowers likely to be used instead of SOX provisions and allows:

1. Whistleblower to sue directly in federal court w/o going through the Department of Labor
2. Recovery of 2x the amount of back pay + interest if they are proven to be victims of retaliation ((bounty))
3. Longer statute of limitations: 3 years of when the WB knew or should have known and 6 years from violation
   * SEC may still sue to punish retaliation

Question 2

What are the provisions of SOX 2002?

Answer 2

In effort to encourage whistleblowing, SOX ‘02:

1. Requires public company audit committees to install procedures to ensure complaints are properly directed.
2. Provides civil damages to victims of retaliation, but Dodd-Frank generally overrules this one
3. Retaliating against an informant (providing useful info re: ANY federal offense) became a crime punishable by fine or imprisonment

Question 3

Maintaining back-up data files is an example of what type of control?

Answer 3

This is an example of a corrective control, which allows a user to recover once an error has been detected.

Question 4

What are the 5 components of the COSO Internal Control Framework? What are the objectives of said framework?

Answer 4

Components of CRIME:

1. CONTROL Activities
2. RISK Assessment
3. INFORMATION and Communication
4. MONITORING
5. Control ENVIRONMENT

Objectives include Operations, Reporting, and Compliance

Question 5

Define each of the 5 components of COSO (CRIME):

Answer 5

• Control Activities - P&P’s that ensure actions are taken to address risk related to achievement of objectives.
• Risk Assessment - ID’ing, analyzing, and managing risks associated in achieving objectives
• Information & Communication - Enables ID, process, and exchange of info to manage and control ops.
• Monitoring - Ensures ongoing reliability of info by testing
• Control Environment - The core of the system; mgmt’s philosophy toward P&P’s, authority, and structure

Question 6

What are the principles of Control Activities within the COSO Framework?

Answer 6

Technology controls, Risk reduction (integration with risk assessment), and policies

Question 7

What are the questions that the COSO ERM Model answers?

Answer 7

Why manage risk? (strategic, ops, reporting, compliance)
What will we manage? (8 components, expanded from the previous CRIME)
Where will we manage risk? (sub level, biz unit, division, and entity level)

Question 8

Name and define the four organizational objectives of the COSO ERM Model.

Answer 8

Strategic - high level goals supporting overall mission
Operations - day to day operations
Reporting - info systems: accuracy, completeness, timeliness, and reliability of internal/external reporting
Compliance - pertaining to legal and regulatory req’s

Question 9

What are the goals of Risk Management, according to COSO ERM?

Answer 9

Aligning appetite and strategy
Improving risk response
Reducing operation surprises and losses
ID'ing and managing multiple and cross-enterprise risks
Seizing opportunities
Improving capital deployment/allocation

Question 10

According to COSO, what four critical accounting activities should be segregated?

Answer 10

1. Recording
2. Authorizing
3. Safeguarding
4. Reconciling, oversight, and auditing

Question 11

What are the four principles underlying the International Framework regarding Internal Auditing?

Answer 11

1. Integrity
2. Objectivity
3. Confidentiality
4. Competency

Under these categories are the 12 rules of conduct that Internal Auditors are required to abide by.

Question 12

The IIA’s International Professional Practices Framework includes mandatory guidance for what elements?

Answer 12

Definition of Internal Auditing, Code of Ethics, and International Standards

Question 13

Summarize the Attribute Standards of the IIA’s International Professional Practices Framework.

Answer 13

1000 Purpose, authority, and responsibility
1100 Independence and Objectivity
1200 Proficiency and Due Care
1300 Quality Assurance and Improvement Program (requiring both internal/external assessments)

Question 14

What is the general theme of the performance standards that relate to Standard 2000 “Managing the Internal Audit Activity”?

Answer 14

The majority of the standards under Standard 2000 is relative to the responsibility of the Chief Audit Executive. That is, a person in a senior position responsible for effectively managing the internal audit activities.

Question 15

What are the International Standards’ Implementation Standards?

Answer 15

These standards are included within the Attribute and Performance Standards and differentiate the requirements applicable to ‘assurance’ activities from ‘consulting’.