Chapter 13 - Corporate Governance

Question 1

Corporate governance (major components)

Answer 1

1. Strategic direction:
   a) business model
   b) overall objectives
   c) the approach to risk taking
   d) the limits of organization conduct
2. Oversight (internal auditing with focus on risk management and control activities):
   a) Risk mgmt activities
   b) Internal and external assurance activities

Question 2

Role of the board

Answer 2

>> Source of overall direction and oversight with fiduciary role (act on the best interest setting high standards of ethics and moral).
>> The most important function of the board’s audit committee is to promote independence of internal and external auditors.

>> One of the primary objectives of the board is oversight of financial reporting processes to ensure their reliability and fairnes.

>> Responsible for overseeing the system of internal control.

Question 3

Role of mgmt

Answer 3

Establishing and maintaining the system of internal control:
> Define risks to be managed.
> Assign risks to risk owners.
> How risks will be managed. Also defines tone at the top.

• Has overall responsibility for designing, implementing and operating an effective system of internal control.

Question 4

Role of Internal Audit

Answer 4

>> Consulting and advisory role on system of internal controls evaluating adequacy and effectiveness of internal control.
>> Internal audit cannot SELECT and execute controls.

>> Is also the third line of defense.

Question 5

1st, 2nd and 3rds line of defense for control for data governance

Answer 5

• Operational Management (not Senior Management)
  
  • The first line of defense for effective management of risk an controls.
  • DEVELOPS AND IMPLEMENTS CONTROL AND RISK MGMT PROCESSES.
• Business enabling functions
  
  • Provide the second line of defense
  • COMPLIANCE is in this group.
  • Ongoing monitoring of control of risk
• Internal auditors
  
  • Third line of defense.
  • Evaluate adequacy and effectiveness of controls.
  • Have to be independent (cannot select and execute controls) and objective.

Question 6

FCAP (Foreign Corrupt Practices Act 1977) 2 MAIN POINTS

Answer 6

1. Prohibits US firms and individuals (DOMESTIC) whether or not doing business overseas (ALSO ENGAGED IN IN INTERSTATE COMMERCE) to offer or authorize (they should have known) political payment to FOREIGN government officials, except for clerical or ministerial functions as long as the recipient has no discretion in carrying out a governmental function.
2. Also, require all CORPORATIONS WHOSE SECURITIES ARE REGISTERED UNDER SECURITY EXCHANGE ACT OF 1934 (all companies listed on stock exchanges) to provide REASONABLE ASSURANCE via A. establishing and maintain internal controls systems B. keeping records that reflect the transactions and dispositions of assets and to maintain a system f internal accounting controls. People can be fined or detained.

Question 7

Sarbanes-Oaxley Act (Core)

Answer 7

>> Created the PCAOB (Public Company Accounting Oversight Board) which establishes auditing standards for REGISTERED public accounting firms. 1. Requires each member of the audit committee to be an independent member of the board of directors. PLUS: > audit committee must consist of at least 3 fully independent members. > audit committee appoints external auditor which has to report directly to the audit committee.

Question 8

SO Act (Nonaudit services 201)

Answer 8

>> Audit firm can only execute certain specific activities for the audited firm like TAX services, and only if approved in advance by audit committee.

Question 9

SO Act (Audit Partner Rotation 203)

Answer 9

>> One audit partner cannot perform function for more than 5 consecutive fiscal years.

Question 10

SO Act (Report to Audit Committee 204)

Answer 10

>> Report all practices, standads, alternatives treatments, adjusted numbers, mgmt letters.

Question 11

SO Act ( Internal Control Report 404)

Answer 11

Request mgmt to establish internal control procedures and to include in the annual report on the company the company’s internal control over financing reporting

Include:

• > A statement of mgmts responsibility for internal control
• > Check assessment of the effectiveness of internal control as of the end of the most recent fiscal year.
• > External auditor validation on management assessment of internal control: two audit opinions expresesed: one on internal control and one on the financial statements.

Question 12

SO Act (Corporate Responsibility of Financial Reports) 302

Answer 12

Officers and signing officers (senior managment included have

>> Attest to the fair and appropriate presentation of financial statements.

>> Review the report and be the guardian of report and policies.

>> Have evaluated the effectiveness of the internal controls 90 days prior to the report.

Question 13

Flow Charting

Answer 13

>> Does not identify weaknesses or inneficiencies, but is a good step by step overview.

Shapes:

• Diamond: decision nod.
• Circle estirado: starting or ending point.
• Circle: connection between points in the same page.
• Rectangle: computer operation/process
• Inverted equilateral trapezium: manual operation
• Down right indented rectangle: document or report
• Circle with pointed shape on the left: display on video terminal.
• Diagonal rectangle: generalized input for or output when the medium is not identified.

Question 14

Audit Approaches

Answer 14

o Substantive procedure approach: applies audit resources to large volume transactions and account balances without any particular focus on specified areas of the financial statements. o Balance sheet approach: performed on balance sheet account betting that income statement should be mostly right by transitivity. o System-based approach: assess the effectiveness of internal controls and then to perform substantive procedures primarily on accounts that are least likely to meet system objectives. o Risk-based approach: direct audit resources to appropriate financial statements and assertions based on the auditor’s assessment of the risk of material misstatements. Requires auditors to identify key day to day risks faced by a business.

Question 15

Audit opinions

Answer 15

o Unmodified opinion: all okay, all matters presented fairly and in tandem with framework. o Qualified opinion: except for the matter described in the basis for qualified opinion, the financial statements are presented fairly in all material respects. The misstatements should be material but not pervasive. o Adverse opinion: adverse opinion is material and pervasive, therefore the financial statements are not presented fairly. o Disclaimer of opinion: auditor has not been able to obtain sufficient appropriate audit evidence, and the possible undetected misstatement are material and pervasive.

Question 16

Risk Mgmt and Risk Assessment

Answer 16

o Risk management is the ongoing process of designing and operating internal controls that mitigate the risks identified in the organization’s risk assessment. o Risk assessment (identify organization vulnerabilities) factors:

A. Inherent risk: risk that would happen due to nature of business/objective assuming no related internal controls. Complex calculation like leases and pensions are prone to inherent risk. Cash has a greater inherent risk in terms of theft than less risky assets.

B. Control risk: risk that the controls put in place will fail to prevent breaching.

C. Detection risk: risk that the controls put in place will take too long to realize that something was wrong.

_TOTAL AUDIT RISK: IH * CR * DR_

Question 17

COSO Model for Internal Control: Cube layout dimensions ORC CRIME

Answer 17

INTERNAL CONTROLS: Process designed by stakeholders to provide REASONABLE assurance (not absolute) regarding the ACHIEVEMENT OF OBJECTIVES.Used to manage risks, of which fraud is an important one since it is intentional. Controls must be cost beneficial.

TO SUMMARIZE: SUPPORT RISK MANAGEMENT AND ACHIEVEMENT OF OBJECTIVES.

According to the COSO Internal Control – Integrated Framework, an effective internal control system requires that each of the five components of internal control and the relevant principles is present and functioning. The five components should operate together in an integrated manner.

After the internal control is designed and implemented, the inherent design of the control will not change. Therefore, internal controls are not likely to fail because their design changes. However, internal controls may fail due to (1) established objectives not suitable for internal control, (2) failures due to human judgment and errors, (3) breakdowns and employee misunderstanding, (4) management override, (5) collusion, and (6) external events.

Dimensions:

1. Objectives (ORC)
> Operations: entity mission and safeguarding of assets.
> Reporting:
> Compliance: with internal policies and procedures.

2.Components (CRIME)
> Control activities: automated or manual control activities that ensure that mgmt directives and risk responses are carried out.
> Risk assessment: define risks of execution and elaborate risk responses.
> Information and communication: relevant and quality information for internal and external communication
> Monitoring activities: accesses quality of internal control over time to meet the organization’s needs.
> Control Environment: a set of standards ( of conduct ) with tone at top. In this box, defining reporting lines and keeping attractive employee base. Control environment is the foundation for all other components of internal control, providing discipline and structure.

3. Entity Levels

The top-down approach to the audit of internal controls over financial reporting is best described as beginning at the financial statement level, focusing on entity-level controls (the “top”), and working down to significant accounts and disclosures and their relevant assertions (the “bottom”). The top-down approach is also known as the risk-based approach.

Question 18

Material Weakness

Answer 18

Is a deficiency or combination in internal control that results ina reasonable possibility that a material misstatement of the financial statements will not be prevented or timely detected and corrected.

Question 19

Internal Audit Function

Answer 19

>> Must be objective and independent.

>> Headed by CAE (Chief Audit Executive).

1) functional reporting line to the board.
2) administrative reporting line to senior management.

>> The purpose, authority and responsibility must be defined in a charter.

3 main functions by aiding:

1. Upper management in the maintenance of the firm’s system of internal control.
2. Upper management in improving the efficiency of the firm’s operation.
3. The external auditors in the conduct of the audit of financial statements.

Some activities:

• Evaluating the effectiveness and efficiency of operations (operational auditing). Operational auditing is like benchmarking.
• Evaluating the reliability and integrity of financial information (financial audit)
• Evaluating compliance with laws, regulations and contracts (compliance auditing)
• Evaluating the adequacy and effectiveness of controls.
• Evaluating the safeguarding but not safeguarding the assets.
• Coordinating activities and sharing info with external auditor
• Preventing and detecting fraud.

Question 20

Bonds: interest expense vs cash interest paid

&

reporting benefit from premium/discount bonds in balance sheet

Answer 20

> Interest expense has a cash component (interest paid minus ammortization positive if premium and negative if discount)

> Cash flow operating has to deduct/add impact of bond amortization premium/discount, because it reduces/increases interest expense and increases/decreases net income

> When question asks interest expense, is linked to the effective interest method (market rate * carrying amount), when question asks interest then is the coupon payment (bond rate * par value).

>A premium on bonds payable arises ONLY at the time the bonds are sold.

>> A firm would want to report a liability at fair value when its fair value is less than its carrying amount (at discount).

Question 21

Be careful between inter period and intra period