Corp Govern Rights, Duties, Responsibilities, Authority, Ethics of Directors, Officers

Question 1

The Sarbanes-Oxley Act requires financial issuers to publish what kind of information?

Answer 1

The scope and capabilities of the internal control structure

Sarbanes-Oxley Act requires:
- use an internal control framework that meets all of the SEC’s requirements (such as COSO)

• provide investors unauthorized transactions or the improper use of assets will be prevented or detected in a timely manner

Question 2

Board of Directors duties are?

Answer 2

Duty of care is a legal obligation requiring the use of reasonable care in actions that might result in harm to others.

Duty of due diligence is a fiduciary obligation to seek proper information related to making a good decision.

Duty of loyalty is a fiduciary obligation to place the interest of the corporation above personal interests.

Question 3

When communicating with auditees, what factors can damage the the communication process?

Answer 3

• situational factors

- message characteristics

Question 4

An auditor effectively using diffusion in working with a confrontative auditee would:

Answer 4

Diffusion involves setting aside the conflict situation and concentrating on less controversial issues.

Question 5

Regarding the requirements of the Sarbanes-Oxley Act, officers of a company are not permitted to:

Answer 5

move the activities of the organization outside of the United States to avoid complying with the Sarbanes-Oxley Act

Question 6

The Sarbanes-Oxley Act requires that all financial statements include:

Answer 6

all material off-balance-sheet liabilities, obligations, or transactions.

Reason: help the user understand the full scope of the firm’s financial obligations.

Question 7

The auditor must consider the client’s control environment when measuring control risk.

Answer 7

One important factor regarding the control environment is the management philosophy and operating style, particularly when management is dominated by only a few individuals.

Question 8

According to the Sarbanes-Oxley Act of 2002, a chief executive officer or chief financial officer who misrepresents the company’s finances may be penalized by being:

Answer 8

fined and imprisoned.

Question 9

How long must an accountant maintain workpapers on an audit performed?

Answer 9

At least seven years

Section 103 of the Sarbanes-Oxley Act requires an auditor of an issuer of securities to maintain all audit or review workpapers for at least seven years from the end of the fiscal period in which the audit or review was completed.

Question 10

The Sarbanes-Oxley Act changed the way financial reports are treated. What section of the act requires the CEO to review the financial statements?

Answer 10

Section 302

Section 302 of the Sarbanes-Oxley Act requires that CEOs and CFOs certify the accuracy of the financial statements and the reliability of internal controls prior to the statements being signed.

Question 11

The Sarbanes-Oxley Act of 2002 (SOX), also known as the Public Company Accounting Reform and Investor Protection Act, was enacted to

Answer 11

develop new or enhanced standards for all U.S. public company boards, management, and public accounting firms.

Question 12

A written policy and procedure manual should contain:

Answer 12

proper business practices

Policies and procedures help the employee understand the organization’s policies for operation and the procedures that are followed to meet the policies. The policies and procedures include such things as the proper business practices, the purpose of the organization, responsibilities, and definitions.

Question 13

If controls add to the efficiency of operations, management must:

Answer 13

weigh the benefit of reducing loss or inefficiency against the cost of the control

They should not implement controls without first understanding whether any benefits of implementing these controls outweigh the costs. Although management can solicit recommendations from the internal auditor, it is not a requirement.

Question 14

Internal auditors play a role in an entity’s internal control through all of the following methods:

Answer 14

• evaluating the effectiveness of controls
• promoting continuous improvement
• evaluating the efficiency of controls

Internal auditors are required by the International Standards for the Professional Practice of Internal Auditing (set forth by the IIA, Institute of Internal Auditors) to assist through cited method.

Question 15

Internal auditors are prohibited from:

Answer 15

implementing control activities

they must remain independent. Internal auditors cannot assess operations for which they have been responsible.

Question 16

e an audit committee financial expert according to the criteria specified in the Sarbanes-Oxley Act of 2002 is required to:

Answer 16

must have experience with internal accounting controls, an understanding of generally accepted accounting standards, and experience with the preparation or auditing of financial statements of generally comparable issuers.

They don’t have to be CPA

Question 17

According to COSO, which of the following is a compliance objective?

Answer 17

To maintain a safe level of carbon dioxide emissions during production

COMPLIANCE with applicable laws and regulations

Question 18

he Committee of Sponsoring Organizations of the Treadway Commission (COSO), the internal control structure provides reasonable assurance that business objectives are achieved in three areas:

Answer 18

• operations
• financial reporting
• compliance with applicable laws and regulations,

Question 19

According to the COSO Report, the control environment in a business entity:

Answer 19

makes integrity a basic operating principle

Question 20

Human resources policies and procedures should include the following:

Answer 20

• Hire employees based on the written job requirements
• Verify resumes and perform background checks
• Promote on both merit and performance
• Train members of the organization on many aspects

Question 21

Why is a well-defined organizational structure important?

Answer 21

To define lines of authority

Question 22

Under COSO, management monitors controls for which of the following reasons?

Answer 22

To consider whether controls are operating as intended

Question 23

Internal control consists of five interrelated components which are:

Answer 23

“CRIME”

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring Activities

Question 24

Which statement regarding the control environment of a small- to mid-size entity is true?

Answer 24

They may implement the control environment differently than a larger entity. They may not have a written code of conduct. The characteristics of top management style and attitude are more pronounced in smaller organizations.

Question 25

The audit committee of the board of directors oversees:

Answer 25

• Financial reporting
• Financial disclosure
• Compliance with standards

Question 26

According to COSO, which of the following components of enterprise risk management addresses an entity’s integrity and ethical values?

Answer 26

Internal environment

Internal environment factors include an entity’s risk management philosophy; its risk appetite; oversight by the board of directors; the integrity, ethical values, and competence of the entity’s people; and the way management assigns authority and responsibility, and organizes and develops its people

Question 27

Determining whether risk management processes are effective is a judgment resulting from the internal auditor’s assessment that:

Answer 27

• organizational objectives support and align with the organization’s mission,
• significant risks are identified and assessed,
• appropriate risk responses are selected that align risks with the organization’s risk appetite, and
• relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities.

Question 28

the eight components of COSO’s enterprise risk management framework are?

Answer 28

・internal environment,
・ objective setting, 
・event identification,
・ risk assessment, 
・risk response, 
・control activities, 
・information and communication, and 
・monitoring

Question 29

What does enterprise risk management do for an organization?

Answer 29

It manages risks and seizes opportunities to achieve the goals of the organization.

It provides a framework for risk management, determines response strategy, and monitors the progress.

Question 30

Each of the following is a limitation of enterprise risk management (ERM),

Answer 30

・ERM deals with risk, which relates to the future and is inherently uncertain.

・ERM operates at different levels with respect to different objectives.

・ERM is as effective as the people responsible for its functioning.

Question 31

The treasurer makes disbursements by check and reconciles the monthly bank statements to accounting records. Which of the following best describes the control impact of this arrangement?

Answer 31

The treasurer will be in a position to make and conceal unauthorized payments.

The functions of disbursing funds and reconciling the related cash account should be assigned to different personnel.

Question 32

Who is the person ultimately responsible for enterprise risk management within a company?

Answer 32

The chief executive officer

Question 33

According to COSO, the position or internal entity that is best suited, as part of the enterprise risk management process, to devise and execute risk procedures for a particular department is:

Answer 33

a manager within the department

Question 34

The advantage of the production-based control procedure is that

Answer 34

all significant discrepancies between records become known because production will be shut down.

・Supervisors are then in position to take corrective action.

・A side benefit is that goods cannot be paid for unless they are used in production.

※ Significant discrepancies with a vendor would, however, have to be investigated.

Question 35

he board of directors (BOD) is an elected or appointed group, required for public companies. Responsibilities include：

Answer 35

determining strategic policy, approving budgets, monitoring senior management, and overseeing accountability to shareholders. The board of directors of XYZ Co.’s relationship to the company is a fiduciary relationship

Question 36

Which of the following is most useful when risk is being prioritized?

Answer 36

Expected value

※Expected value is the sum of the outcomes (payoff) of each event multiplied by the probability of each event occurring. It combines the likelihood of each outcome with the payoff of that outcome, and so is a way of prioritizing alternatives while considering risk.

Question 37

The Enterprise Risk Management—Integrated Framework of the Committee of Sponsoring Organizations (COSO) is best defined as a:

Answer 37

process effected by an entity’s board of directors, management, and other personnel.

Question 38

Company management completes event identification and analyzes the risks. The company wishes to assess its risk after management’s response to the risk. According to COSO, which of the following types of risk does this situation represent?

Answer 38

Residual risk

Question 39

Which of the following actions is required to ensure the validity of a contract between a corporation and a director of the corporation?

Answer 39

The director must disclose the interest to the independent members of the board and refrain from voting.

In a “related-party transaction” in order to invoke the business judgment rule, where the directors are protected from shareholder lawsuits alleging a lack of due care, the board must:

• make an informed decision,
• eliminate conflict of interest, and
• have a rational basis for the decision.

Question 40

According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring-for-change continuum?

Answer 40

Change identification

Question 41

Change management is the process of implementing needed changes, not identifying them.

Answer 41

Control revalidation is a later part of the process after the need for control changes has been identified.

Question 42

Processing data through the use of simulated files provides an auditor with information about the operat­ing effectiveness of control policies and procedures. One of the techniques involved in this approach makes use of:

Answer 42

an integrated test facility

An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.

Question 43

The audit committee of the board of directors oversees the following:

Answer 43

Financial reporting
Financial disclosure
Compliance with standards

Question 44

Internal auditors are required by the International Standards for the Professional Practice of Internal Auditing (set forth by the IIA, Institute of Internal Auditors) to evaluate the effectiveness and contribute to the improvement of risk management processes.

Answer 44

Determining whether risk management processes are effective is a judgment resulting from the internal auditor’s assessment that:

organizational objectives support and align with the organization’s mission,
significant risks are identified and assessed,
appropriate risk responses are selected that align risks with the organization’s risk appetite, and
relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities.

Question 45

The Sarbanes-Oxley Act of 2002 (SOX)

Answer 45

also known as the Public Company Accounting Reform and Investor Protection Act, was enacted to develop new or enhanced standards for all U.S. public company boards, management, and public accounting firms.

Question 46

internal control structure provides reasonable assurance that business objectives are achieved in three areas:

Answer 46

・operations,
・financial reporting,
and compliance with applicable laws and regulations,