Ch. 1 Flashcards

1
Q

According to the Sarbanes-Oxley Act of 2002, an issuer must disclose whether or not it has adopted a code of ethics to who?

Given: all employees, senior financial officers, audit committee or audit staff

A

senior financial officers only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who is the person ultimately responsible for enterprise risk management within a company?

Who provides oversight of an entity’s enterprise risk management?

A

The chief executive officer CEO

The BOD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to COSO, what provides the strongest mechanism for monitoring control in this new foreign venture?

A

An internal audit is being performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Expected value is most useful when risk is being prioritized.

What is the formula?

A

sum of the outcomes (payoff) of each event
x
the probability of each event occurring
= Expected value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Control activities specifically mentioned by COSO is top-level reviews. What is top-level review? Name an example.

A

periodic reviews and analyses of actual results versus
benchmarks such as organizational goals or plans, metrics, and other key performance indicators

example is a comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The audit committee is tasked with receiving and resolving what?

A

Confidential and anonymous complaints from employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The issuer must provide the audit committee with the authority and resources to do what?

A

Engage outside advisors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the independent auditor handle?

A

Legal challenges of executive salaries

All exemptions to auditing procedures performed via confirmation

All feedback from SEC 10-k questionnaires

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a problem with decentralization?

A

There may be a duplication of resources in each division.
When a company is decentralized, significant responsibility is delegated to lower-level managers. Some work is duplicated, creating additional costs. Additionally, goal congruence is more difficult to achieve. However, response times are usually faster, and managers are more motivated as they have more control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In larger firms, controls over activities should be _________, as compared to a small firm where controls can be __________ with a more involved owner/operator.

A

decentralized as is authority; centralized

A larger firm with more employees can decentralize and achieve segregation of duties. Controls should follow that decentralized authority. In a small firm, the owner will be able to authorize all or almost all transactions; it is a more centralized environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk is represented by events. Events provide risk through uncertainty. Which type(s) of uncertainty is commonly present in the risk of events?

A

Both probability and size of each occurrence

Each event is uncertain as to occurrence, but a probability or likelihood may be found or estimated. Each event will likewise represent an estimated loss. After identifying the risk, the significance of the risk is analyzed and assessed, and management will determine how best to respond to the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The comparison of budgets to actual results, relating operating and financial data together, and evaluating functional performance are activities found under which internal control component? use CRIME

A

**control activities.
are the policies and procedures that help ensure that management directives are carried out. The organization should develop activities to mitigate identified risks; comparing budget to actual results to discover anomalies worthy of investigation can aid in the detection of risks that threaten the achievement of the entity’s objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Achieving the internal control system objective of reliable financial reporting would seem to be supported by ensuring that all processed transactions are valid and that all valid transactions are processed. The internal control component found under which internal control component? use CRIME

A

**information and communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company’s internal controls are established to provide protection for the company’s assets as well as to detect fraud. It is an internal control that allows for a firm’s resources to be properly:

A

properly used,
monitored, and
measured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a COSO-encouraged way to help an agent determine if a gift was acceptance?

A

include a general statement in a code of behavior and include a list of frequently asked questions (FAQs) that would interpret gray areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does monitoring include?

A

conducting ongoing
separate evaluations
evaluating and communicating deficiencies.

17
Q

According to COSO, the difference between inherent risk and residual risk arises because of management’s:

A

ACTIONS to reduce the INHERENT risk.

18
Q

In small organizations with few managers, a code of ethical conduct might be:

A

brief and then supported by management instructions when situations arise.

19
Q

A financial transaction control allows a firm to do what?

A

Monitor and measure its resources

20
Q

The Enterprise Risk Management—Integrated Framework of the Committee of Sponsoring Organizations (COSO) is best defined as a:

A

A process effected by an entity’s board of directors, management, and other personnel.

the board of directors has overall responsibility for managing enterprise risk and can delegate parts of the process to entity personnel.

21
Q

According to the 2004 COSO enterprise risk management (ERM) framework, uncertainty in enterprise risk management refers to:

A

the state of not knowing how or if potential events may manifest.

22
Q

The four categories of entity objectives in the enterprise risk management framework are:

A
  1. strategic (high-level goals, aligned with and supporting the entity’s mission),
  2. operations (effective and efficient use of its resources)
23
Q

COSO issued an update to the 2004 ERM framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance, which focuses on the importance of considering risk in both the strategy-setting process and in driving performance. Which of the following does the 2017 framework not address?

A

Ensures compliance with laws, rules, and regulations

24
Q

Enterprise risk management is a process designed to (among other things) to do what 4 things?

A
  1. manage risk to be within its risk appetite, not increase or decrease it.
  2. encompasses enhancing risk response decisions,
  3. improving deployment of capital, and
  4. seizing opportunities.
25
Q

Periodically, an independent employee or supervisor will compare sales records to cash receipts to determine if it is likely that all sales have been received in some form and properly recorded. This activity is an example of a control activity that has elements of which control type(s)?

A

Preventive, detective, and corrective

26
Q

During a period when an enterprise is under the direction of a particular management, its financial statements will directly provide information about:

A

enterprise performance but not directly provide information about management performance.

Financial statements provide direct information about enterprise performance because the primary focus of the statements is to provide information about the financial performance of that enterprise by providing information about earnings.

27
Q

Not all parts of an internal control system relate to achieving control over financial aspects of an organization. An example of nonfinancial goals would be to achieve:

A

efficiency and effectiveness.

Both efficiency and effectiveness are nonfinancial in nature

28
Q

When a barcode scanner malfunctions or an item is scanned twice, one item’s sale must be removed to correct the error. This usually requires a supervisor’s passcode or key to be applied to the checkout terminal or cash register. This control activity can best be described as which type of control?

A

Preventive

It is not detective or corrective.

29
Q

Typical cost objects are pizza, purchase order and children clothing. What is not a cost object?

A

A packaging machine for the company’s products

Under activity-based costing (ABC), products (cost objects) result from activities; those activities consume resources. Resource costs are accumulated in cost pools, and those costs are then allocated to cost objects on the basis of the relative amount of the particular activities consumed to produce the particular product. Cost objects are products, services, jobs, and divisions for which costs are accumulated.

A packaging machine is a cost generator for depreciation and maintenance. The costs of a machine need to be allocated to cost objects. The cost related to the machine is likely part of a cost pool.

30
Q

Which of the following is a component of the learning and growth perspective?

A

The balanced scorecard is a strategic planning and management tool, used extensively in business and industry to align business activities with the vision and strategy of the organization, improve internal and external communications, and monitor organizational performance against strategic goals.

The balanced scorecard views an organization from four perspectives, one of which is learning and growth. This perspective forms the foundation of all knowledge-worker organizations and includes employee morale and satisfaction, employee turnover, product life cycle, timing of new products to market when compared to their competitors, and management and employee training opportunities.

31
Q

When a company actively monitors a foreign country’s political events whenever a supply chain disruption occurs within the country that exceeds 90 days, the company is following which risk-response strategy?

A

Accept

By taking no action and only monitoring the situation, it is acceptance.

32
Q

Performance component of ERM does what?

A

Identify and assess risks that may impact the achievement of strategy and business objectives

33
Q

governance and culture component of ERM does what?

A

sets the organization’s tone, reinforcing the importance of and establishing oversight responsibilities for enterprise risk management (ERM)

34
Q

The information, communication, and reporting component of ERM does what?

A

provides a continual process of obtaining and sharing necessary information, from both internal and external sources.

35
Q

The review and revision component of ERM does what?

A

assists the entity in determining how well the ERM components are functioning over time.

36
Q

The four categories of entity objectives in the enterprise risk management framework are:

A
  1. strategic (high-level goals, aligned with and supporting the entity’s mission),
  2. operations (effective and efficient use of its resources),
  3. reporting (reliability of reporting), and
  4. compliance (compliance with applicable laws and regulations).
    The actual implementation of internal controls is not one of the entity objectives.
37
Q

Improving resource deployment is

A

one of the benefits that can be achieved when entities integrate ERM throughout the organization; it is not one of the oversight responsibilities of the BOD.