BEC Q8 Flashcards
Under SOX what are the penalties for CEO’s and CFO’s who are in violation
They range from $1M and 10 years to $5 million and 20 Years
What are the 3 principles associated with the control activities
1- selection and development of control activities that will reduce risks to the achievement of the entities objectives
2 - the general controls over technology are developed to support the achievement of the entities objectives
3 - policies identify expectations and procedures that convert policies into action
Making certain individual are held accountable - which component of I/C
control environment
Making certain that external parties are informed as to matters affecting the effectiveness of appropriate components of internal control is a principle associated
with information and communication.
Under Dodd Frank - what risk must lenders selling loans to securitizer that do not meet safe harbor provisions
They will bear 5% economic interest in loans that do not meet safe harbor provisions
What is ERM
The Enterprise Risk Management–Integrating with Strategy and Performance Framework is a risk-based approach designed to help management evaluate the interrelated impacts of decisions and deal with multiple risks.
What are: Change Control process Contract management system Budgeting System Project timekeeping system
Change control process - this i to try to control the negative results of uncontrolled entry of changes into a system that is being developed. What you are trying to achieve is to have change requests are made, approved and THEN implemented. You also want to follow up to see that it was implemented correctly - SCOPE CREEP
A Contract Management System - is used to manage the contracts and documents of independent contractors and suppliers
A Budget System - helps you to track the budget
Project Time keeping - helps to keep track of timing
Under Dodd Frank - clawback - what are some details
Executive must return some compensation if their company undergoes accounting restatement
These could be due to either unintentional mistakes or fraud
Board of Directors have what kind of duty to a company
A fiduciary duty
What is the difference between inherent and residual risk
inherent risk represents the amount of risk that exists in the absence of control
Residual risk is the amount of risk that remains after control are accounted for. It is whatever risk remains after additional controls are applied
Generally inherent risk can be reduced - though not always cost effective to do so
Why is expected value of risk considered important
The expected value of the risk is considered important because it will be compared to the expected values of risks associated with alternative decisions in order to determine risk priority.
According to Dodd Frank who is required to register with the SEC
Hedge Funds with over $150million in assets
Who should be responsible for evaluating internal control
the internal audit staff who report to the Bo D
should be evaluated at the highest levels
Internal auditors are independent and report directly to the BoD
When is a duty of care breached by a director
This would be when the director is negligent
When is a duty of due diligence breached by a director
- This is when an officer does not put forth an appropriate effort in attending to responsibilities
