Ch. 1 Flashcards
According to the Sarbanes-Oxley Act of 2002, an issuer must disclose whether or not it has adopted a code of ethics to who?
Given: all employees, senior financial officers, audit committee or audit staff
senior financial officers only
Who is the person ultimately responsible for enterprise risk management within a company?
Who provides oversight of an entity’s enterprise risk management?
The chief executive officer CEO
The BOD
According to COSO, what provides the strongest mechanism for monitoring control in this new foreign venture?
An internal audit is being performed
Expected value is most useful when risk is being prioritized.
What is the formula?
sum of the outcomes (payoff) of each event
x
the probability of each event occurring
= Expected value
Control activities specifically mentioned by COSO is top-level reviews. What is top-level review? Name an example.
periodic reviews and analyses of actual results versus
benchmarks such as organizational goals or plans, metrics, and other key performance indicators
example is a comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved
The audit committee is tasked with receiving and resolving what?
Confidential and anonymous complaints from employees
The issuer must provide the audit committee with the authority and resources to do what?
Engage outside advisors
What does the independent auditor handle?
Legal challenges of executive salaries
All exemptions to auditing procedures performed via confirmation
All feedback from SEC 10-k questionnaires
What is a problem with decentralization?
There may be a duplication of resources in each division.
When a company is decentralized, significant responsibility is delegated to lower-level managers. Some work is duplicated, creating additional costs. Additionally, goal congruence is more difficult to achieve. However, response times are usually faster, and managers are more motivated as they have more control.
In larger firms, controls over activities should be _________, as compared to a small firm where controls can be __________ with a more involved owner/operator.
decentralized as is authority; centralized
A larger firm with more employees can decentralize and achieve segregation of duties. Controls should follow that decentralized authority. In a small firm, the owner will be able to authorize all or almost all transactions; it is a more centralized environment.
Risk is represented by events. Events provide risk through uncertainty. Which type(s) of uncertainty is commonly present in the risk of events?
Both probability and size of each occurrence
Each event is uncertain as to occurrence, but a probability or likelihood may be found or estimated. Each event will likewise represent an estimated loss. After identifying the risk, the significance of the risk is analyzed and assessed, and management will determine how best to respond to the risk.
The comparison of budgets to actual results, relating operating and financial data together, and evaluating functional performance are activities found under which internal control component? use CRIME
**control activities.
are the policies and procedures that help ensure that management directives are carried out. The organization should develop activities to mitigate identified risks; comparing budget to actual results to discover anomalies worthy of investigation can aid in the detection of risks that threaten the achievement of the entity’s objectives.
Achieving the internal control system objective of reliable financial reporting would seem to be supported by ensuring that all processed transactions are valid and that all valid transactions are processed. The internal control component found under which internal control component? use CRIME
**information and communication.
A company’s internal controls are established to provide protection for the company’s assets as well as to detect fraud. It is an internal control that allows for a firm’s resources to be properly:
properly used,
monitored, and
measured.
What is a COSO-encouraged way to help an agent determine if a gift was acceptance?
include a general statement in a code of behavior and include a list of frequently asked questions (FAQs) that would interpret gray areas.