Corporate Governance

Question 1

What is the primary duty of the board of directors?

Answer 1

To monitor management behavior.

Question 2

What is the responsibility of the Nominating or Corporate Governance Committee of the board of directors?

Answer 2

Oversees the board

Responsible for hiring new CEO

Question 3

What is the responsibility of the audit committee of the board of directors?

Answer 3

The audit committee appoints and oversees the external auditor.

Question 4

What is the duty of the compensation committee of the board of directors?

Answer 4

The compensation committee handles the CEO’s compensation package.

Question 5

What does the NYSE and NASDAQ require of the board of directors?

Answer 5

They require the board to be independent.

Question 6

What is the main goal in an executive compensation package?

Answer 6

The package should ensure that the goals of management should match those of the shareholders.

Question 7

How can an executive compensation package ensure that goals of management align with those of shareholders?

Answer 7

Executive compensation should create an incentive for management to govern in a shareholder-friendly way that doesn’t sacrifice the long-term success of the enterprise for short-term gain.

Question 8

Which influences help mold the direction that management takes?

Answer 8

They range from internal (Board of Directors- Audit Committee- Internal Control) to external (Creditors- SEC- IRS)

These influences should not be tainted by undue influence from management or have financial ties to management such as compensation-related duties

Question 9

What is shirking?

Answer 9

When management doesn’t act in the best interest of shareholders.

It can be alleviated by tying compensation to stock performance or company profit.

Question 10

What requirements are imposed on a public company under Sarbanes-Oxley?

Answer 10

Management must submit a report on the effectiveness of Internal Control in the 10K.

Management must disclose significant Internal Control deficiencies.

CEO/CFO must certify that the financial statements comply with securities laws and fairly present the financial condition of the company.

Question 11

What characteristics are promoted by the COSO framework on Internal Control?

Answer 11

Reliable financial reporting

Effective and efficient operations

Compliance

Question 12

What are the elements of the control environment?

Answer 12

Integrity & Ethics
Competence
The Board of Directors & Audit Committee
Management's Operating Style
Organizational Structure
Authority & Roles of Responsibilities
HR Policies

Question 13

What are control activities?

Answer 13

A component of Internal Control that includes actions being taken to promote the control environment.

Question 14

What are the basic elements of Internal Control?

Answer 14

Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring

Question 15

What is the significance of the Information and Communication aspect of Internal Control?

Answer 15

Management must have access to relevant and timely information to make good decisions.

Question 16

How does Monitoring affect Internal Control?

Answer 16

Internal Control activities must be constantly monitored and evaluated for effectiveness.

Question 17

What activities does the COSO framework for enterprise risk management include?

Answer 17

Identifies Risk Factors
Promotes Risk Response Decisions
Compares Management Risk vs. Shareholder Goals
Aids in evaluating opportunities
Promotes Quicker Capital movement

Does NOT eliminate all risk

Question 18

What are possible responses to risk under the COSO framework for enterprise risk management?

Answer 18

Avoid or Reduce

Share or Accept

Question 19

Risk Management

Answer 19

Risk Management is the internal audit activity that evaluates the effectiveness and contributes to the improvement of management processes.

Question 20

Methods laid down for internal controls are:

Answer 20

The methods laid down for internal controls are:

Risk assessment
Monitoring of controls
Control Testing

Question 21

The chief executive officer and the chief financial officer generally meet with…. to determine the effectiveness of identification and communication of important information relative to financial disclosures
Including….

Answer 21

The chief executive officer and the chief financial officer generally meet with many people to determine the effectiveness of identification and communication of important information relative to financial disclosures, including independent auditors and legal counsel.

Question 22

The signing officers must certify that they

Answer 22

The signing officers must certify that they have reviewed all required reports and, based on their knowledge, all reports are materially accurate, with no false statements or misleading omissions, and the financial information is presented fairly, including the financial statements, footnotes, and management’s discussion and analysis.

Question 23

The COSO definition of ERM

Answer 23

The COSO definition of enterprise risk management is: “A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Question 24

Different kinds of risks

Answer 24

Risk reduction is the implementation of some compensating or mitigating control to offset the risk of an activity.

Risk avoidance is choosing not to engage in an activity.

Risk sharing is sharing the risk with another entity.

Risk acceptance is retaining a risk because it is deemed appropriate.

Question 25

Risk Assessment

Answer 25

Risk assessment is the dynamic and iterative process for identification, analysis, and management of risks. Risks include external and internal factors such as changes in operating environment, new personnel, new or revamped information systems, rapid growth, new technology, new business models / products / activities, corporate restructurings, foreign operations, new accounting pronouncements, changes in economic conditions etc. A risk assessment component addresses the need to respond in an organized manner to significant changes resulting from international exposure, acquisitions or executive transitions.

Question 26

The Sarbanes-Oxley Act is intended to strengthen

Answer 26

There is no way to ensure the enforcement of relevant laws and regulations. The Sarbanes-Oxley Act is intended to strengthen the enforcement of relevant laws and regulations, regulate the auditors of public companies, enhance corporate reporting and disclosure, and clarify sound corporate governance.

Question 27

Monitoring

Answer 27

Approval of high-dollar transactions by supervisors is authorizing, not monitoring. Monitoring includes evaluation processes and initiating corrective actions. Follow-up on complaints, periodic analysis of variances, and comparisons of information from diverse sources all are monitoring activities.

Question 28

Which of the following would least likely be a limitation existing in a sound system of internal controls over financial reporting?

Answer 28

Incompatible Duties

A system can be designed with no one employee performing incompatible duties. However, collusion, management override, or errors in judgment cannot be eliminated entirely, even from a sound system of internal control.

Question 29

Validating Company Level controls

Answer 29

Validating company-level controls generally includes periodic discussions with key man­agement, reviewing company-wide policies, and reviewing company planning and budgeting reports. Application controls are not company-level controls; they are unlikely to be tested to validate company-level controls.

Question 30

ERM Framework

Answer 30

Principles-based approach that can be applied across global markets and provides greater risk and performance transparency.

A major emphasis in the 2017 framework is risk, performance measurement, and transparency as related to global markets, given the current landscape of the world economy.

It’s a principle-based framework for boards and management in entities of all sizes. COSO’s Internal Control framework provides a control-based approach to an organization.

ERM framework does not replace the COSO internal control framework and is neither a subjective approach to profit-sharing rather it is an approach to risk management.

Question 31

Primary Control

Answer 31

Primary controls are activities that are critical to mitigation of risk and the ultimate achievement of one or more financial reporting assertions for each significant account balance.

Question 32

Secondary Control

Answer 32

Secondary controls are activities that contribute to the mitigation of risk and the ultimate achievement of one or more financial reporting assertions, but are not considered as important as primary controls.

Question 33

A Significant Deficiency

Answer 33

A significant deficiency is a deficiency, or combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness.

Question 34

Internal Control Deficiency

Answer 34

A deficiency in internal controls is significant if it could adversely affect the company’s financial reporting process and the critical processes that feed data and information to the financial reporting process.

Question 35

Under SEC rules, external auditors are permitted to assist management in the evaluation of internal controls by

Answer 35

Under SEC rules, external auditors may prepare or gather information, as long as the client management directs the process, including deciding which controls to document. Management is ultimately responsible for documenting internal controls and must be actively involved in the process. Restructuring the controls or deciding on which suggestions to implement would impair the auditor’s independence.

Question 36

According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in

Answer 36

Risks

According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in risk. An organization achieves its objectives through effective monitoring of internal control. One of the primary objectives of monitoring to evaluate,

(1) whether management reconsiders the design of controls when risks change, and
(2) whether controls that have been designed to reduce risks to an acceptable level continue to operate effectively.

Question 37

Audit Committee Responsibilities

Answer 37

The audit committee

1) oversees the financial reporting process,
2) monitors the choice of accounting policies and principles, and is
3) responsible for the appointment, compensation, and oversight of the external auditors.

The external auditors plan and approve their audit plan.

Question 38

Corporate Governance include

Answer 38

Corporate governance is the framework of rules and practices which ensures accountability, fair¬ness, and appropriate disclosure in a corporation’s relationship with all its stakeholders. This framework consists of explicit and implicit contracts with owners, creditors, customers, employees, government, and the community.

Question 39

Which of the following activities is least relevant to internal control over financial reporting?

Answer 39

While important, employee development is least relevant of these items to internal control. The segregation of duties is a control activity relevant to internal control over financial reporting. Duties are segregated by their relationship to recordkeeping (information processing), custody of assets (physical controls) and authorization.

Question 40

The chief executive officer and chief financial officer must certify that they have done all of the following except

Answer 40

Disclosed all changes in internal control over financial reporting in the certification report

The chief executive officer (CEO) and chief financial officer (CFO) need to disclose changes that have a material effect on internal control over financial reporting (ICOFR). Changes in internal control that have an immaterial effect need not be disclosed. The CEO and CFO must certify that they have verified that properly designed disclosure controls and procedures have been implemented to ensure awareness of material information. The CEO and CFO must certify that they have verified that properly designed ICOFR was implemented. The CEO and CFO must certify that they have evaluated the effectiveness of the disclosure controls and procedures and presented their conclusions.

Question 41

Executive Directors

Answer 41

Managers who are also directors are often called executive directors.

Question 42

Which of the following statements is correct regarding the requirements of the Sarbanes-Oxley Act of 2002 for an issuer’s board of directors?

Answer 42

According to the 2002 Sarbanes-Oxley because only the Audit Committee and Compensation Committee should be independent. of 2002,

the board of directors must have an audit committee entirely composed of members who are independent of management influence. As per SOX title III, 301- An independent audit committee is responsible for the appointment, compensation, and oversight of any audit work performed by the audit firm.

Question 43

The four categories of entity objectives in the ERM framework are:

Answer 43

The four categories of entity objectives in the ERM framework are:

Strategic – High-level goals aligned with and support of the entity’s mission
Operations – Effective and efficient use of the entity’s resources
Reporting – Reliability of reporting
Compliance – Compliance with applicable laws and regulations
Implementation of internal controls is part of the internal control framework and proces

Question 44

Within the COSO Internal Control—Integrated Framework, which of the following principles is designed to ensure
that internal controls continue to operate effectively?

Answer 44

monitoring is a process that evaluates the quality of internal control performance over time by ensuring that internal controls continue to operate effectively as designed.

Control environment, risk assessment and information and communication are intended to ensure that internal controls are implemented correctly.

Question 45

Fiduciary duties

Answer 45

Fiduciary duties of directors can be broadly classified into two categories: the duty of care and the duty of loyalty. Duty of care implies making informed decisions by participating actively in the decision-making process. Duty of loyalty implies to act in the best interest of the corporation and its stockholders by setting aside personal interests ahead of those of the corporation or shareholder

Question 46

Control Activities 
Risk Assessment 
Information & Communication 
Monitoring 
Control Environment

Answer 46

Control activities are those policies and procedures established to provide reasonable assurance that management decisions are executed, including providing for the physical security of assets.

Risk assessment is an entity’s identification, analysis, and management of risks relevant to the preparation of financial statements.

Information and communication refers to the identification, retention, and transfer of information in a timely manner enabling personnel to execute their responsibilities.

monitoring is a process that evaluates the quality of internal control performance over time by ensuring that internal controls continue to operate effectively as designed.

The control environment establishes the overall attitude, awareness, and actions concerning the importance and emphasis of internal control in the entity.

Question 47

Primary Controls
Secondary Controls 
Material Weakness
Significant Deficiency 
Deficiency

Answer 47

Primary controls are activities that are critical to mitigation of risk and the ultimate achievement of one or more financial reporting assertions for each significant account balance.

Secondary controls are activities that contribute to the mitigation of risk and the ultimate achievement of one or more financial reporting assertions, but are not considered as important as primary controls.

A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis by employees in the normal course of performing their assigned functions.

A significant deficiency is a deficiency, or combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness.

A deficiency in internal controls is significant if it could adversely affect the company’s financial reporting process and the critical processes that feed data and information to the financial reporting process.

Question 48

Which group is best suited to oversee the change control process?

Answer 48

The audit committee oversees the change control process because it can hold management accountable for taking the appropriate action and implementing the change. As an independent party, the audit committee is best suited for this oversight role.

Question 49

Validating company-level controls generally includes the following steps except

Answer 49

Reviewing company planning and budgeting reports

Application controls are not company-level controls; they are unlikely to be tested to validate company-level controls. Validating company-level controls generally includes periodic discussions with key man­agement, reviewing company-wide policies, and reviewing company planning and budgeting report

Question 50

4 ways to deal with risks

Answer 50

There are four ways an entity can deal with risk. First is risk sharing, such as through joint ventures. Second is risk acceptance, which is accepting the project or activity as is, with the belief that current levels of risk are manageable and acceptable. Third is risk avoidance, where an entity declines to proceed with the project. Fourth is risk reduction, where an entity takes certain actions in order to reduce the level of risk. Relocating production facilities is an example of reducing the risk of local raw material shortages. Risk acceptance typically results in no change from the status quo. Risk sharing typically involved another entity.

Question 51

Internal Control is designed to

Answer 51

Internal control is a process designed to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

Question 52

ERM comprises of

Answer 52

Enterprise risk management encompasses:

Aligning risk appetite and strategy – Management’s consideration of the entity’s risk appetite in evaluating alternative strategies, setting related objectives, and developing means and mechanisms to manage related risks.

Enhancing risk response decisions – To decide amongst risk avoidance, reduction, sharing, and acceptance.
Reducing operational surprises and losses
Identifying and managing multiple and cross-enterprise risks

Seizing opportunities – Capitalize on available opportunities.

Improving deployment of capital – Effective and optimal capital allocation and use.
An entity’s strategy for combating the risk at hand is to develop risk appetite, rather than decreasing it as the premium for risk is higher returns.