Corporate Governance Flashcards
What is included in a corporation’s Articles of Incorporation?
1) Name
2) Address at time of filing
3) Purpose
4) Name of registered agent
5) Name and address of each incorporator
6) Number of authorized share of stock and types of stock
What are included in the bylaws?
1) Minimum and maximum number of directors
2) How they are selected and compensated
3) How often they meet
4) Nature of responsibilities
General duties of the board of directors
1) Fiduciary duty (act loyally, act with a duty of care, act with due diligence)
2) Determine/revise mission and amend bylaws
3) Strategic planning
4) Selection/oversight of the CEO
5) Securing availability of financial resources
6) Budget and proposal approvals
7) Determine management compensation
8) Dividend policies
9) Reacquire treasury stock
NASDAQ and NYSE requirements for BoD
1) Majority of directors be independent (can’t have been employee/affiliate, employee/partner of external auditor, can’t have family member who was recently an officer, director or family received more than $120,000 for any 12-month period within last 3 years)
2) Non-management directors must meet on a regularly scheduled basis
3) Maintain independent audit committee
4) Adopt comprehensive code of conduct
Business judgement rule
In general, directors will not be liable for their decisions unless guilty of fraud
Committees required for publicly-held companies
1) Audit
2) Compensation
3) Nominating & Corporate Governance
Nominating Comittee
1) Overall corporate governance
2) Determine who serves on the board
3) Oversee CEO succession
4) Keep integrity of the nominating process
Dodd-Frank requirements of nominating comittee
Must disclose if chair of the board is also the CEO, and disclose reasons why they are or why they aren’t
Audit Comittee
SOX Requirements:
1) Independent directors
2) At least one must be financial expert
3) Appointment, compensation, and oversight of auditors
4) Establish internal controls
5) Deal with complaints and whistleblowers
6) Also requires CEO and CFO to certify reports filed with SEC (10K and 10Q)
Compensation Committee
1) Independent
2) Determine compensation for directors and executives
3) Develop compensation approach/philosophy
4) Review say-on-pay proposals by shareholders
5) Dodd-Frank requirements:
- Say on Pay - SH approval of executive officer compensation, how often to vote, and “golden parachute approvals”
- Disclosure - enhanced disclosure relating executive compensation to entity’s financial performance
- Clawbacks - recoupe compensation when required to restate FS
Management Oversight through Compensation and Monitoring
1) Find balance between different forms of compensation to motivate management without causing management to try maximizing their compensation at the detriment of the entity
2) Fixed compensation - salary and perks
3) Incentive compensation - bonuses, share based compensation (options, shared appreciation rights, restricted shares, performance shares)
SOX Requirements for External Auditors
1) Public accounting firm registered with the Public Company Accounting Oversight Board (PCAOB)
2) Independence (can’t provide performance of many nonaudit services)
3) Partner rotation
4) Attest to and report on management’s annual assessment of internal controls
PCAOB Audit Standard 5 Integrated Audit
Requires auditor to examine the design and effectiveness of internal control over financial statements (ICFR) in order to provide a sufficient basis for an opinion of its effectiveness in preventing or detecting material misstatements of the FS
Internal Control - Integrated Framework (COSO)
Definition of internal control - A process, effected by board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance
COSO - Five Components (that the 17 Internal Control Principals are a part of)
CRIME (5, 2, 1, 3, 4)
1) Control Activities
2) Risk Assessment
3) Information and Communication
4) Monitoring
5) Control Environment
COSO - Control “E”nvironment
Tone at the Top - the most significant internal control component when it comes to sending a message throughout the organization as to the entity’s attitude about ethical behavior
CHOPPER:
1) Commitment to Competence - Employees must possess the skills and knowledge essential to performing their jobs, especially those responsible for performing important control functions
2) Human Resource policies and procedures - Effective policies and practices for hiring, training, evaluating, counseling, promoting, and compensating employees
3) Organizational structure - Provides basis for planning, directing and controlling operations
4) Philosophy and operating style of Management - The manner in which management runs the organization can have significant effect on the control environment (tone at the top)
5) Participation of the BoD or audit committee - Both groups play a key role in establishing IC
6) Ethical and Integrity vales - Management should encourage appropriate behavior and lead by example. Values established through code of conduct, official policies, and by example
7) Responsibility and Authority Management - Segregation of duties and clear understanding of responsibilities and rules and regulations that govern them
COSO - Risk Assessment
1) ID/Analyze/Manage risk relevant to the preparation of financial statements that are fairly presented in conformity with GAAP
2) Clear objectives making it easily to ID and evaluate risk
3) Analyze risk to determine appropriate management (type, likelihood, effects, time of effects, appropriate responses)
4) Fraud risk assessment
5) Potential impact of changes within the entity on effectiveness of IC
6) Possible factors - competition, new personnel, new information systems, rapid growth, new technology, new lines of business, corporate restructurings, foreign operations, accounting pronoucements
COSO - Control Activities
1) Policies/procedures to help ensure that the entity’s objectives are achieved
2) Types of control activities (PIPS):
- Performance reviews - actual vs. budget, P/Y, financial to non-financial
- Information process - (IT) General vs. Application controls
- Physical controls - Access to assets
- Segregation of duties (ARCC) - Authorizing transactions, Recording transactions, Custody of assets, performing Comparisons/reconciling (prevent both perpetrating and concealing errors and irregularities)
COSO - Information and Communication
1) Open communication channels are essential to the proper functioning of internal control
2) Information system consists of methods and records used to ID, record, measure, process, summarize, present, and disclose and report transactions and to maintain accountability for the related accounts
3) Communication involves establishing individual duties and responsibilities relating to internal control and making them known to involved personnel
COSO - Monitoring Activities
1) Ongoing evaluations and separate evaluations (are IC functioning effectively?)
2) Internal auditors are evaluators
3) Sequence of activities:
- Control baseline (understand current system)
- Change identification - ID and address changes in effectiveness of IC (ongoing and separate evaluations)
- Change management - are changes needed and types of changes
- Control revalidation/update - new baseline understanding of revised system
Limitations of Internal Control (COCCO)
1) Collusion
2) Override by management
3) Competence
4) Cost/benefit constraints
5) Obsolescence - change in operations or size
Process for each system when designing internal control structure
1) Initiation - At what point is a transaction initiated?
2) Authorization - What must occur before entitiy is willing to commit resources to fulfilling its performance obligations?
3) Execution - What procedures need to be performed and what forms need to completed? (PPN - preprinted, prenumbers, and numerically controlled)
4) Verification - What safeguards are built into the system to make certain that errors are not made and fraud is not committed? (occurs throughout the process)
Requirements for well designed system for a business process
1) Forms designed to require process be completed properly
2) Only appropriate parties receive copies that have the information necessary to perform duties
3) Segregation of duties (ARCC)
Issues for segregation of duties in an environment that is heavily technology oriented
1) Limit physical access to various components of the system to those who need access
2) Use firewalls and passwords to limit access within the system
Basic change control processes components
1) Change requests - ID when change is needed/desired
2) Change analysis - Evaluate the change
3) Change decisions - Deciding on the change
4) Planning and Implementing the change
5) Monitoring and tracking the change - Properly executed and having intended effects
Components of Enterprise Risk Management
1) Internal Environment
2) Objective Setting
3) Event Identification
4) Risk Assessment
5) Risk Response
6) Control Activities
7) Information and Communication
8) Monitoring
Internal Environment (ERM)
1) CHOPPER (Tone at the Top)
2) Establish basis for analysis of risk and risk appetite
3) Formal:
- Mission statement (moral/ethical position and image, strategic influence for operations, description of products/services, target market, expectations)
4) Informal - Tone at the Top and relationship between management and employees
Objective Setting (ERM)
1) Strategic objectives (overall direction)
2) Operational objectives (acquisition of raw materials, hiring and placing labor, acquiring and maintaining equipment and support, process of turning inputs into outputs)
3) Reporting objectives (determine progression toward meeting operational and, ultimately, strategic objectives)
4) Compliance objectives (meeting guidelines both regulatory requirements and internal company policies)
Event Identification (ERM)
1) ID events that are opportunities or threats
2) Incorporate opportunities into strategic objectives:
- Establish plan and set aside resources
- Consider likelihood and cost/benefit
3) Risk events also incorporated:
- Likelihood of occurrence
- Magnitude of effect and amount
4) 7 techniques for IDing relevant events
Risk Assessment (ERM)
1) Evaluate extent of potential effects of identified events on ability to achieve objectives
2) Balance sheet approach - ID resources within its control and determine which ones are vulnerable and to what extent (types of assets and likelihood for misappropriation)
3) Process approach - evaluate processes used to achieve objectives (all processes at all levels - likelihood and consequences)
4) Events identification approach - events that may affect customers, suppliers (human resources, financial resources, and physical resources), competitors, new producers, and substitutes (common resources from suppliers and customers)
Risk Response (ERM)
1) Inherent risk - risk if no action taken
2) Residual risk - risk that remains if actions taken
3) Reduction in risk (inherent minus residual) vs cost of action and controls
4) Accept risk
5) Share risk (insurance, joint ventures, outsourcing)
6) Reduce risk (change to internal environment or control activities)
7) Avoid risk (change internal process, eliminate a line of business/product, etc)
8) Managers of specific departments are best suited to devise and execute risk procedures for that department
Control Activities (ERM)
Categories of control activities:
1) Top-level reviews (budget vs actual, forcecasts, and tracking of major initiatives)
2) Direct function or activity management (review performance reports and other information in order to ID events)
3) Information processing (controls over business processes)
4) Physical controls
5) Performance indicators (expected results, trends, and unexpected conditions/results)
6) Segregation of duties (ARCC)
Information and Communication (ERM)
1) Reliable and relevant
2) Provided to those who need it (usable and timely)
3) Open channels of communication (internal and external)
Monitoring (ERM)
1) Monitor control activities regularly (intended, efficient, effective)
Inherent limitations of ERM
1) Can’t pursue all objectives due to scarcity of resources
2) No absolute assurance
3) Based on human judgement
4) Breakdowns
5) Collusion
6) Cost/benefit
7) Management override
Managing Working Capital
Ensuring business has net ST financial assets necessary to meet firm’s ST financial obligations
Working Capital
Current Assets (CA) - Current Liabilities (CL)
Current Ratio
CA/CL
