Corporate Governance Flashcards
What are some monitoring devices?
Board of Directors Stock Exchange Internal Auditors External Auditors SEC and SOX
What is internal control defined by COSO?
It is a process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievements of objectives relating to operations, reporting and compliance.
What are the 5 components of COSO?
Control Environment Risk Assessment Information and Communication Information and Monitoring Existing Control Activities
CRIME!
What is the control environment?
It is a set of standards, processes, and structures that provide that basis for carrying out internal control across the org.
Commitment to integrity and ethical values
B of D demonstrates independence from management
Management establishes structures
Commitment to attract, develop and retain competent employees
Hold individuals accountable for responsibilities
What is risk assessment?
Management’s process of identifying, analyzing and responding to risk.
Specify objectives with clarity
Identify risk
Consider the potential for fraud
Identify and assess changes that could significantly impact internal control
What are control activities?
They are polices and procedures that help ensure that management directives are carried out.
Select and develop control activities that contribute to mitigate of risk
Select and develop general control activities over technology
Develop control through policies that establish what is expected and procedures
Control Activities to Mitigate Risk
Authorizations and approvals Verifications Physical controls Controls over standing data Reconciliations Supervisory controls
What is information and communication?
It supports all other components
Org obtains or generates relevant, quality info to support the functioning of internal control
Org internally communicates information, including objectives and responsibilities
The org communicates with external parties regarding matters affecting the functioning of internal control
What is monitoring?
It assesses whether each of the five components is present and functioning
Select, develop and perform ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning
Evaluate and communicate internal control deficiencies in a timely manner
Monitoring consists of the following sequence of activities
Control baseline-establishing a starting point that includes a supported understanding of the existing internal control system
Change identification-Identify through monitoring changes in internal control that are either necessary because of changes in the operating environment or have already taken place
Change management-Evaluating the design and implementation of the changes, and establishing a new baseline
Control revalidation/update-Periodically revalidating control operations when no known changes have occurred
Internal Control
Tone at the top Effective board Ethical Management Risk Appetite Risk tolerance
Risk Appetite
How much risk the org is willing to accept to achieve a goal
Risk Tolerance
How far able or below meeting objective is allowable
Objective Setting
Well defined mission
Process to set objectives that align with goals
Event Identification
Internal-
Loss ok key personnel
Damage to infrastructure
Key product/process becomes obsolete
External-
Trigger points
Process to assess demographic and economic changes
Black swan analysis
