Control & Enterprise Risk Management Flashcards
What are the duties of the Board of Directors?
-Duties of care acting best of interest avoid conflict or interest
-to protect and ensure the entity follows the laws and supervise management
-exercise independence informed judgement and promote success
What would happen if the board of Directors have personal interest above corporation interest?
When the board of Directors have personal interest above corporation interest they must disclose this to their peers because this would be considered a conflict of interest and they would also would need to vote on the issue
What is the Board of Directors Governance committee?
- Develop company code of ethics & conflict interest policy
-Ensure compliance with the law and regulations
-Oversee annual Board of directors evaluation
Which Organizations did the Sarbanes Oxley Act 2002 establish?
Public Company Accounting Oversight Board (PCAOB)
When would a Board of Director breach fiduciary duties?
Breach fiduciary duties would be to acts in his or her interest rather than the best interest of the company.
Ex - would be when a Board of director purchase a building without asking any members and thinking he’s doing a service but ends up disservice breaching the directors duty of loyalty
What are the likely reasons that Internal Controls will fail?
- Controls are not designed or not working properly
- ## fail to respond properly to changes in the business environment
What key components are used to see whether controls are functioning effectively?
Monitoring
Can the same employees work on the same tasks together?
Same employee working the same tasks causes errors and irregularities
For segregation of duties the same employee can’t work on the same task they all must have different roles in recording transactions, maintaining custody of assets, and performing comparisons
An effective way to monitor internal controls?
- Develop the understanding of how the system of I/C was designed
- knowing what changes are needed for internal control and the types of changes
-
In the control environment the tone at the top the most significant internal control component for ethical behiavor is?
Leading by example or visibly participating in a global campaign on information
What is the first ongoing monitoring step in evaluating the effectiveness of internal control?
- establishing a control baseline
- identify the changes in I/C effectiveness through ongoing and or separate evaluations
- implement I/C changes as needed
- develop new baseline after I/C revisions
Example of tone at the top?
Remember tone at the top level measure and reviews the control activity of ethical behavior and attitude
What are the 5 components of Internal Controls?
- Risk Assessments
- Information and Communication
- Monitoring
- Control Activities
- Environment
What are the main purpose of Risk Assessment Internal Control?
When an entity recognize risk that’s domestic and international. Once the risk are found then the nescessary action is taken to migrate the risk
What are the five internal control under the COSO framework, CRIME?
-Control activities
-Risk Assessment
-Information & Communication
-Monitor
-Environment
Why and what was the purpose of control activities?
Policies and procedures to migrate risks identified in the risk assessment phase of the framework
-developing the control activities
-selecting general controls over technology
- develops through policies and procedures
What are the fraud triangle?
Incentive - mission on why the fraud was committed
- Opportunity what were the weak control that could have led to the fraud committed
- Rationalized what is the perpetrators reasoning to committ the fraud
Which internal control is affected when NEW products or services are available for an entity?
All four components of internal controls are affected by intro of new products & services
what is primary purpose of monitoring internal controls?
Risks
Can COSO internal Control framework ensure an entity financial survival?
No they can’t
COSO internal control can however, ensure accurate, reporting, compliance with laws & regulations, effective and efficient operations
According to COSO, oversight of an entity enterprise risk management?
Board of directors duty is to provide oversight of an entity risk strategy
Uncertainty in COSO Enterprise Risk Management Framework
State of not knowing how or if potential events may manifest due to tech evolutions, rapidly shifting, customer behavior, global issues, and fierce competition which makes the business and economic environment unpredictable
What are the 5 Enterprise Risk Management (ERM) Framework?
- Demonstrated Commitment to core value
- exercise board risk oversight
- establish operating structures
- define desired culture
- attract develop and retain capable individuals
What are the Enterprise Risk Management (ERM) Framework COPe RR?
-Culture and governance
-objective setting and strategy
-performance
-review and revision
-reporting, information , and communication
What causes the difference inherent risk and residual risk?
is that the ability to reduce the inherent risk
Remember the formula Inherent risk is reduced by (Implemented safeguards and controls) = Residual risk
Risk assessment is broken down into risk categories, what are the categories?
- Inherent risk where there are no controls taken in places that would be called a inherent risk.
Ex - could be Paks Cafe has no controls put in place bc we’re running the place ourselves
- Target resident risk is where the amount of risk a business is willing to take to achieve it’s main objectives or goals
- Actual resident risk amount of risk a entity current has it could be more than the target resident risk or less
There are 4 risk responses what are they called?
-Risk Acceptance you continue to perform the risk without making any changes
- Risk Sharing is where businesses take on the risk with someone else to reduce the risk for themselves
Risk Mitrgation ways to reduce the risk
Risk Avoidance - avoid the risk
Who is responsible to implementation and development of the ERM framework?
Management not BOD
The BOD are the ones who oversight of an entity
According to the SEC, the audit Committee may not
the audit committee can’t accept any consulting, advisory or other compensation for a fee from another entity
If a officer, board member, or personal liability act in good faith can their be liable
If they make in good faith, a serious but honest mistake in judgement, smith would not be liable to CCC for damages caused
What issue is the greatest concern regarding effectiveness of an entity internal control?
Errors from control failures that were not detected timely by the rountine monitoring
Organization is responsible for organizating used framework to benchmark internal controls?
Committee of Sponsoring Organizations of the treatway commission
Activities that provide an example of top level review an control activity?
Management reviews actual performance to determine the extent to which benchmarks were achieved
Key work here performance
Which COSO internal control monitoring for change continuum is affected by new product line?
both the control baseline and change management
According to COSO, having a written code of conduct provides for a control environment?
encourage teamwork in the pursuit if an entity objective
will COSO internal control reporting, compliance, and operaional objectives can help financial stability?
no they can’t they can only ensure accurate reporting, compliance with laws and regulations and efficient operations
What is the best way to prevent and detect fraudulent activity?
Is by fraud risk management program
When using the internet as a commerically viable network?
they need to use firewall if they wish to maintain security over the internal data also to avoid unauthorized users
role of system analyst in IT environment?
design systems, serving as intermediary between users and programers, and preparing specifications for programmers
what is considered of a Local area network ?
transmission media
examples of collaboration software?
emails
videoconference
groupware
instant messaging
When the judgement rule is applied for CCC corp, what would happen?
if they remain in good faith, a serious honest mistake in judgement smith is generally not liable to CCC for damages caused