Control & Enterprise Risk Management

Question 1

What are the duties of the Board of Directors?

Answer 1

-Duties of care acting best of interest avoid conflict or interest

-to protect and ensure the entity follows the laws and supervise management

-exercise independence informed judgement and promote success

Question 2

What would happen if the board of Directors have personal interest above corporation interest?

Answer 2

When the board of Directors have personal interest above corporation interest they must disclose this to their peers because this would be considered a conflict of interest and they would also would need to vote on the issue

Question 3

What is the Board of Directors Governance committee?

Answer 3

• Develop company code of ethics & conflict interest policy

-Ensure compliance with the law and regulations

-Oversee annual Board of directors evaluation

Question 4

Which Organizations did the Sarbanes Oxley Act 2002 establish?

Answer 4

Public Company Accounting Oversight Board (PCAOB)

Question 5

When would a Board of Director breach fiduciary duties?

Answer 5

Breach fiduciary duties would be to acts in his or her interest rather than the best interest of the company.

Ex - would be when a Board of director purchase a building without asking any members and thinking he’s doing a service but ends up disservice breaching the directors duty of loyalty

Question 6

What are the likely reasons that Internal Controls will fail?

Answer 6

• Controls are not designed or not working properly
• ## fail to respond properly to changes in the business environment

Question 7

What key components are used to see whether controls are functioning effectively?

Answer 7

Monitoring

Question 8

Can the same employees work on the same tasks together?

Answer 8

Same employee working the same tasks causes errors and irregularities

For segregation of duties the same employee can’t work on the same task they all must have different roles in recording transactions, maintaining custody of assets, and performing comparisons

Question 9

An effective way to monitor internal controls?

Answer 9

• Develop the understanding of how the system of I/C was designed
• knowing what changes are needed for internal control and the types of changes

-

Question 10

In the control environment the tone at the top the most significant internal control component for ethical behiavor is?

Answer 10

Leading by example or visibly participating in a global campaign on information

Question 11

What is the first ongoing monitoring step in evaluating the effectiveness of internal control?

Answer 11

1. establishing a control baseline
2. identify the changes in I/C effectiveness through ongoing and or separate evaluations
3. implement I/C changes as needed
4. develop new baseline after I/C revisions

Question 12

Example of tone at the top?

Answer 12

Remember tone at the top level measure and reviews the control activity of ethical behavior and attitude

Question 13

What are the 5 components of Internal Controls?

Answer 13

1. Risk Assessments
2. Information and Communication
3. Monitoring
4. Control Activities
5. Environment

Question 14

What are the main purpose of Risk Assessment Internal Control?

Answer 14

When an entity recognize risk that’s domestic and international. Once the risk are found then the nescessary action is taken to migrate the risk

Question 15

What are the five internal control under the COSO framework, CRIME?

Answer 15

-Control activities
-Risk Assessment
-Information & Communication
-Monitor
-Environment

Question 16

Why and what was the purpose of control activities?

Answer 16

Policies and procedures to migrate risks identified in the risk assessment phase of the framework

-developing the control activities
-selecting general controls over technology
- develops through policies and procedures

Question 17

What are the fraud triangle?

Answer 17

Incentive - mission on why the fraud was committed

• Opportunity what were the weak control that could have led to the fraud committed
• Rationalized what is the perpetrators reasoning to committ the fraud

Question 18

Which internal control is affected when NEW products or services are available for an entity?

Answer 18

All four components of internal controls are affected by intro of new products & services

Question 19

what is primary purpose of monitoring internal controls?

Answer 19

Risks

Question 20

Can COSO internal Control framework ensure an entity financial survival?

Answer 20

No they can’t

COSO internal control can however, ensure accurate, reporting, compliance with laws & regulations, effective and efficient operations

Question 21

According to COSO, oversight of an entity enterprise risk management?

Answer 21

Board of directors duty is to provide oversight of an entity risk strategy

Question 22

Uncertainty in COSO Enterprise Risk Management Framework

Answer 22

State of not knowing how or if potential events may manifest due to tech evolutions, rapidly shifting, customer behavior, global issues, and fierce competition which makes the business and economic environment unpredictable

Question 23

What are the 5 Enterprise Risk Management (ERM) Framework?

Answer 23

• Demonstrated Commitment to core value
• exercise board risk oversight
• establish operating structures
• define desired culture
• attract develop and retain capable individuals

Question 24

What are the Enterprise Risk Management (ERM) Framework COPe RR?

Answer 24

-Culture and governance
-objective setting and strategy
-performance
-review and revision
-reporting, information , and communication

Question 25

What causes the difference inherent risk and residual risk?

Answer 25

is that the ability to reduce the inherent risk Remember the formula Inherent risk is reduced by (Implemented safeguards and controls) = Residual risk

Question 26

Risk assessment is broken down into risk categories, what are the categories?

Answer 26

- Inherent risk where there are no controls taken in places that would be called a inherent risk. Ex - could be Paks Cafe has no controls put in place bc we're running the place ourselves - Target resident risk is where the amount of risk a business is willing to take to achieve it's main objectives or goals - Actual resident risk amount of risk a entity current has it could be more than the target resident risk or less

Question 27

There are 4 risk responses what are they called?

Answer 27

-Risk Acceptance you continue to perform the risk without making any changes - Risk Sharing is where businesses take on the risk with someone else to reduce the risk for themselves Risk Mitrgation ways to reduce the risk Risk Avoidance - avoid the risk

Question 28

Who is responsible to implementation and development of the ERM framework?

Answer 28

Management not BOD The BOD are the ones who oversight of an entity

Question 29

According to the SEC, the audit Committee may not

Answer 29

the audit committee can't accept any consulting, advisory or other compensation for a fee from another entity

Question 30

If a officer, board member, or personal liability act in good faith can their be liable

Answer 30

If they make in good faith, a serious but honest mistake in judgement, smith would not be liable to CCC for damages caused

Question 31

What issue is the greatest concern regarding effectiveness of an entity internal control?

Answer 31

Errors from control failures that were not detected timely by the rountine monitoring

Question 32

Organization is responsible for organizating used framework to benchmark internal controls?

Answer 32

Committee of Sponsoring Organizations of the treatway commission

Question 33

Activities that provide an example of top level review an control activity?

Answer 33

Management reviews actual performance to determine the extent to which benchmarks were achieved Key work here performance

Question 34

Which COSO internal control monitoring for change continuum is affected by new product line?

Answer 34

both the control baseline and change management

Question 35

According to COSO, having a written code of conduct provides for a control environment?

Answer 35

encourage teamwork in the pursuit if an entity objective

Question 36

will COSO internal control reporting, compliance, and operaional objectives can help financial stability?

Answer 36

no they can't they can only ensure accurate reporting, compliance with laws and regulations and efficient operations

Question 37

What is the best way to prevent and detect fraudulent activity?

Answer 37

Is by fraud risk management program

Question 38

When using the internet as a commerically viable network?

Answer 38

they need to use firewall if they wish to maintain security over the internal data also to avoid unauthorized users

Question 39

role of system analyst in IT environment?

Answer 39

design systems, serving as intermediary between users and programers, and preparing specifications for programmers

Question 40

what is considered of a Local area network ?

Answer 40

transmission media

Question 40

examples of collaboration software?

Answer 40

emails videoconference groupware instant messaging

Question 41

When the judgement rule is applied for CCC corp, what would happen?

Answer 41

if they remain in good faith, a serious honest mistake in judgement smith is generally not liable to CCC for damages caused