Corporate Governance Flashcards
What is the primary duty of the board of directors?
To monitor management behavior.
What is the responsibility of the Nominating or Corporate Governance Committee of the board of directors?
Oversees the board
Responsible for hiring new CEO
What is the responsibility of the audit committee of the board of directors?
The audit committee appoints and oversees the external auditor.
What is the duty of the compensation committee of the board of directors?
The compensation committee handles the CEO’s compensation package.
What does the NYSE and NASDAQ require of the board of directors?
They require the board to be independent.
What is the main goal in an executive compensation package?
The package should ensure that the goals of management should match those of the shareholders.
How can an executive compensation package ensure that goals of management align with those of shareholders?
Executive compensation should create an incentive for management to govern in a shareholder-friendly way that doesn’t sacrifice the long-term success of the enterprise for short-term gain.
Which influences help mold the direction that management takes?
They range from internal (Board of Directors- Audit Committee- Internal Control) to external (Creditors- SEC- IRS)
These influences should not be tainted by undue influence from management or have financial ties to management such as compensation-related duties
What is shirking?
When management doesn’t act in the best interest of shareholders.
It can be alleviated by tying compensation to stock performance or company profit.
What requirements are imposed on a public company under Sarbanes-Oxley?
Management must submit a report on the effectiveness of Internal Control in the 10K.
Management must disclose significant Internal Control deficiencies.
CEO/CFO must certify that the financial statements comply with securities laws and fairly present the financial condition of the company.
What characteristics are promoted by the COSO framework on Internal Control?
Reliable financial reporting
Effective and efficient operations
Compliance
What are the elements of the control environment?
Integrity & Ethics
Competence
The Board of Directors & Audit Committee
Management’s Operating Style
Organizational Structure
Authority & Roles of Responsibilities
HR Policies
What are control activities?
A component of Internal Control that includes actions being taken to promote the control environment.
What are the basic elements of Internal Control?
Control Environment Risk Assessment Control Activities Information and Communication Monitoring
What is the significance of the Information and Communication aspect of Internal Control?
Management must have access to relevant and timely information to make good decisions.
How does Monitoring affect Internal Control?
Internal Control activities must be constantly monitored and evaluated for effectiveness.
What activities does the COSO framework for enterprise risk management include?
Identifies Risk Factors Promotes Risk Response Decisions Compares Management Risk vs. Shareholder Goals Aids in evaluating opportunities Promotes Quicker Capital movement
Does NOT eliminate all risk
What are possible responses to risk under the COSO framework for enterprise risk management?
Avoid or Reduce
Share or Accept”
What are the EIGHT COMPONENTS OF COSO ERM FRAMEWORK
Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring There are eight components of COSO's ERM framework:
- Internal environment. The people in a business and the environment in which they operate are the foundation for all other ERM components.
- Objective setting. Management must put into place a process to formulate objectives in order to help the company assess and respond to risks.
- Event identification. Certain events can affect the company’s ability to implement its strategy and achieve its objectives. Management must identify these events and determine whether they represent risks or opportunities.
- Risk assessment. Identified risks are evaluated to determine how they affect the company’s ability to achieve its objectives and how to manage them. Both qualitative and quantitative methods are used to assess risks.
- Risk response. Management can choose to avoid, reduce, share, or accept risks after careful analysis.
- Control activities. To ensure that management’s risk responses are effectively carried out, policies and procedures should be implemented.
- Information and communication. Information about ERM components needs to be communicated through all levels of the company and with external parties.
- Monitoring. ERM processes must be monitored, deficiencies reported to management, and modifications performed when required.
Sarbanes Oxley definition of an audit committee financial expert
The Sarbanes-Oxley Act of 2002 explains that a financial expert must have experience with
internal accounting controls, an understanding of generally accepted accounting standards,
and experience with the preparation or auditing of financial statements of generally comparable issuers.
Change Control Process 5 steps
The change control process should never be released without testing. The procedures for a well-defined change control process would include the following:
- Change control board approves the change and assigns a project manager.
- Project manager makes sure all paperwork has been received and approved.
- Project manager sets up schedules for all personnel involved.
- The projects are completed.
- Changes are tested and approved before release.
Which of the following is most useful when risk is being prioritized?
A. Low- and high-probability exposures
B. Low- and high-degree loss exposures
C. Expected value
D. Uncontrollable risks
EXPECTED VALUE IS THE ANSWER
Expected value is the sum of the outcomes (payoff) of each event multiplied by the probability of each event occurring. It combines the likelihood of each outcome with the payoff of that outcome, and so is a way of prioritizing alternatives while considering risk. None of the other answer choices consider both the likelihood and payoff of each alternative course of action.
Expected value is the mean or average value of a random variable over an infinite number of outcomes. It is calculated by weighting the value of each possible outcome by its probability and summing over all values.
Explain COSO - “Control Environment”
According to AU-C 315.A78, the control environment is as follows: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.
Integrated Test Facility
An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.
“Controlled reprocessing” is incorrect because reprocessing the same data again with the same software provides no new information. “Input validation” is incorrect because input validation is a control that improves the accuracy of data entry, but does not provide information about control effectiveness. “Program code checking” is incorrect because manual program code checking in a complex system is a difficult task, sometimes impossible, which is more efficiently done by using test data in an integrated test facility.
A company may process most of its business transactions through an electronic data processing (EDP) system. In such case, the controls over the processing must be adequate to safeguard assets and provide reliability in the output produced. One of the methods of testing the controls over the processing is with an integrated test facility.
In an integrated test facility, test data is developed and integrated into the live processing of actual data resulting from business transactions. By assessing the results of the test data at the same time this data is processed with actual data, the auditor can help ensure that the data processed was reliable.
