Corporate Governance Flashcards
What are the objectives to internal controls?
- Effectiveness & efficiency of operations
- Reliability of financial and non-financial reporting
- Compliance with applicable laws and regulations
What are the 17 principles of internal control?
A. Control Environment (5 principals)
1. Ethical Values & Integrity 2. Board of directors 3. Management 4. Competence 5. Accountability
B. Risk Assessment (4 principals)
- Objectives
- Assessment
- Fraud
- Change management
C. Control Activities (3 principles)
- Risk reduction
- Technology controls
- Policies
D. Information & Communication (3 principles)
- Quality
- Internal
- External
E. Monitoring (2 principles)
- Ongoing & periodic
- Address deficiencies
What are the 4 stages in monitoring for change continuum?
A. Establish control baseline
1. Begin with areas where controls are well understood 2. Provides baseline for enhanced monitoring
B. Change Identification
- identify changes in control operations, design or related risk
- includes evaluations to identify & address the potential changes in IC effectiveness
C. Control Revalidation
1. Periodically revalidate that controls remain effective
D. Change Management
1. When changes occur, verify that controls remain effective. Establish a new control baseline for the modified controls
What are the 2 activities that comprise assessing a reporting on control monitoring?
- Prioritize findings
- report results as appropriate
- Follow up to implement corrective actions
What is the COSO Model control monitoring process?
A. Establish a Foundation
- Tone from the top
- Organizational structure
- baseline understanding of internal controls effectiveness
B. Design & Execute
- Prioritize risks
- Identify controls
- Identify persuasive info about controls
- Implement monitoring procedures
C. Asses & Report
- Prioritize findings
- Report results to the appropriate level
- Follow-up on corrective action
What is the 4 types of objectives for the COSO ERM Model?
A. Strategic - goals that support the overall mission
B. Operations - goals that deal with day to day operating activities
C. Reporting - information system goals related to accuracy, completeness, timeliness & reliability of reporting
D. Compliance - goals design to ensure that the organization meets all legal & regulatory requirements
What is risk appetite?
The amount of risk that an organization is willing to accept in pursuit of its goals
What are the determinants of Risk Appetite?
A. Existing Risk Profile - current levels & distribution of risk across entity
B. Risk Capacity - Amount of risk an entity can support
C. Risk Tolerance - acceptable levels of variation an entity can accept
D. Attitudes towards risk - stakeholders attitudes towards risk, growth and return
What is Enterprise Risk Management (ERM)?
The culture, capabilities, and practices by which organizations manage risk to create, preserve and realize value (performance)
How does COSO define risk?
As a neutral event
What is an example of negative risk?
The new accounting system that your company implemented fails and can’t keep track of sales and inventory
What is an example of positive risk?
The company’s servers fail because demand for your project is do high
Why is ERM important?
- Expands opportunities
- Identify and manage entity-wide risk
- Increase positive and reduce negative outcomes
- Reducing performance variability
- Better deploying assets and human resources
- Increase enterprise resilience
What are the 3 risk of strategy selection?
- Misalignment - does strategy align with mission and core values
- Implications - do you understand the risk implications
- Risks to Success - will we be successful
What are the 5 components of ERM?
- Governance and Culture
- Strategy and Objective setting
- Performance
- Review and Revision
- Information, Communication and Reporting
