Corporate Governance

Question 1

Control Environment Principals

Answer 1

1. Org demonstrate a commitment to integrity and ethical values.
2. BOD demonstrates independence from management and exercises oversight of the development and performance of internal control.
3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in pursuit of objectives
4. Org demonstrates commitment to attract, developers and retain competent individuals in alignment with objectives
5. Hold individuals accountable for internal control responsibilities in pursuit of objectives

Question 2

Risk Assessment Principals

Answer 2

1. Org specifics objectives with sufficient clarity to enable the identification and assessment of risk relating to the objectives
2. Org identifies risks to achievement of its objectives across the entity and analyzes risks as a basis for determining how risks should be managed.
3. Org considers potential for fraud in assessing risks to the achievement of its objectives
4. Org identifies and assesses changes that could significantly impact internal control

Question 3

Control Activities Principals

Answer 3

1. Org sleeves and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
2. Org selects and develops general control activists over technology to support achievement of objectives
3. Org deploys control activities through policies that establish what is expected and procedures that put policies into action

Question 4

Information and Communication Principals

Answer 4

1. Org obtains or generates and uses relevant quality information to support the functioning of internal control
2. Org internally communicates information including objectives and responsibilities for internal control, necessary to support the functioning of internal control
3. Org communicates with external parties regarding matters affecting the functioning of internal control

Question 5

Monitoring Activities

Answer 5

1. Org selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning
2. Org evaluated and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the BOD as appropriate

Question 6

General Controls

Answer 6

Controls over the environment as a whole.

Apply to all functions, not just specific accounting applications.

Help ensure that data integrity is maintained.

Question 7

Application Controls

Answer 7

Controls over specific data input, data processing, and data output activities.

Designed to ensure accuracy, completeness, and validity of transaction processing.

Question 8

What is the role of support functions in internal control?

Answer 8

Legal, compliance, finance, Human Resources, IT, and others.

Question 9

What is the role of internal auditors in the system of internal control?

Answer 9

Evaluate adequacy and effectiveness of controls and thereby contribute to the ongoing effectiveness.

Often, they also monitor internal controls.

Question 10

Define 4 keys roles, and their responsibilities, related to internal control.

Answer 10

1. BOD: oversight of key controls
2. Management: maintaining control effectiveness
3. Support (business enabling) functions: support management and board related to specific aspects of internal control
4. Internal auditors: assess, monitor, and report on internal control effectiveness

Question 11

Define self assessment.

Answer 11

Either the person responsible for the control, or that person’s peer or supervisor, assesses control effectiveness.

Question 12

What are the components of the ERM framework?

Answer 12

1. Governance and culture
2. Strategy and Objective Setting
3. Performance
4. Review and Revision
5. Information, Communication and Reporting

Question 13

What are the 5 principals that make up the governance and culture components of the ERM framework?

Answer 13

• exercise board risk oversight
• establish operating structures
• define desired culture
• demonstrate commitment to core values
• attracts, develops, and retains capable individuals

Question 14

What are the 4 principals that make up the strategy and objective component of the ERM framework?

Answer 14

• analyze business context
• define risk appetite
• evaluates alternative strategies
• formulates business objectives

Question 15

What are the 5 principals that make up the performance component of the ERM framework?

Answer 15

• identifies risk
• assess severity of risk
• prioritize risk
• implements risk responses
• develops portfolio view

Question 16

What are the 3 principals that make up the review and revision component of the ERM framework?

Answer 16

• assesses substantial change
• reviews risk and performance
• Perseus improvement in ERM

Question 17

What are the 3 principals that make up the information, communication and reporting component of the ERM framework?

Answer 17

• leverages information and technology
• communicates risk information
• reports on risk, culture and performances

Question 18

What are the 6 categories of external business context as it relates to ERM Strategy and Objective setting?

Answer 18

• political
• economic
• social
• technology
• legal
• environment

Question 19

Define ANALYZE BUSINESS CONTEXT as it relates to ERM Strategy and Objective Setting.

Answer 19

The organization considers potential effects of business context on risk profile.

Question 20

Define RISK APPETITE as it relates to ERM Strategy and Objective Setting.

Answer 20

Organization defines risk appetite in the context of creating, preserving, and realizing value.

Question 21

Define EVALUATE ALTERNATIVE STRATEGIES as it relates to ERM Strategy and Objective Setting.

Answer 21

Organization evaluates alternative strategies and potential impacts on risk profile.

Question 22

Define FORMULATE BUSINESS OBJECTIVE as it relates to ERM Strategy and Objective Setting.

Answer 22

Organization considers risk while establishing the business objectives at various levels that align and support Strategy.

Question 23

Identify the 5 subcategories of ERM Performance.

Answer 23

• identify risk
• assess severity of risk
• prioritize risks
• implement risk responses
• develop portfolio view

Question 24

Identify the 3 subcategories of ERM Review and Revision.

Answer 24

• assesses substantial change
• reviews risk and performance
• pursues improvement in ERM

Question 25

Identify 3 internal conditions and 2 external conditions in which an organization may review and revise ERM practices.

Answer 25

1. Rapid growth
2. Technological innovation
3. Substantial changes in leadership or personnel
4. A changing regulatory environment
5. A changing economic environment

Question 26

An entity’s ROI (a key performance measure) was below its tolerance. What should the entity do?

Answer 26

Entity should consider reviewing its business objectives, strategy, culture, performance targets, risk analysis, risk priorities, risk responses, or risk appetite.

Question 27

Identify the 3 subcategories of ERM Information, Communication and Reporting.

Answer 27

• leverages information and technology
• communication risk information
• reports on risk, cultures, and performance

Question 28

Define KPI.

Answer 28

Key performance indicators - high level of measures of historical performance of an entity and/or its major units.

Question 29

Define KRIs.

Answer 29

Key risk indicators - leading (predictive) indicators of emerging risks.

Question 30

Define portfolio view as it relates to ERM information and communication.

Answer 30

A composite view of risk the entity faces, which positions management and the board to consider the types, severity, and interdependencies of risks and how they may affect the entity’s performance relative to its strategy and business objectives.

Question 31

What is risk inventory as it relates to ERM Information and Communication?

Answer 31

A list of entity’s known risks.

Question 32

What is risk owners as it relates to ERM Information and Communication?

Answer 32

Managers and employees who are accountable for the effective management of identified risks.

Question 33

What are the 5 components of the Data Analytics plan to support fraud risk management?

Answer 33

1. Analytics design
2. Data collection
3. Data organization and calculation
4. Data analysis
5. Findings, observation, and remediation

Question 34

What is the analytics design as it relates to the data analytics plan to support fraud risk management?

Answer 34

Assess fraud risk; map risks to data sources and data availability; create a work plan, timelines and deliverables.

Question 35

What is data collection as it relates to the data analytics plan to support fraud risk management?

Answer 35

map data to planned analytic tests, validate data

Question 36

What is data organization and calculation as it relates to the data analytics plan to support fraud risk management?

Answer 36

Execute work plan; adapt analytics to available data; consider using advanced analytics including text mining, statistical analysis and pattern analysis

Question 37

What is data analysis as it relates to the data analytics plan to support fraud risk management?

Answer 37

Evaluate analytics results. Develop and implement scoring models to prioritize risks. Adapt and tune the model to improve relevance accuracy of results.

Question 38

What are findings, observations and remediation as it relates to the data analytics plan to support fraud risk management?

Answer 38

Request supporting documents to assist in making results actionable. Determine triage and escalation procedures to determine report levels, develop remediation plan for identified issues.

Question 39

What are COSO’s 5 risk management principals?

Answer 39

1. Establish a fraud risk management policy as part of organizational governance.
2. Perform comprehensive fraud risk assessment.
3. Select, develop and deploy preventive and detective fraud control activities.
4. Establish a fraud reporting process and coordinated approach to investigation and corrective action
5. Monitor the fraud risk management process, report results and improve process.

Question 40

Quotes from management: “we already have so many rules in place. I don’t want to add to anymore red tape around here” and “our company is special..I’m proud to be faith based and family centered. There’s no way all these rules for non religious companies have to apply to us.” These statements are:

Answer 40

Not Valid. SEC requires management to evaluate their internal controls based on a recognized control framework.

Question 41

Identify the component of internal control and applicable example associated with the following statement: “the organization selects and develops control activities that mitigate risks associated with achieving results at acceptable levels.”

Answer 41

Controls Activities

YouTopia implements a policy that prohibits purchasing from organizations that employ child and forced labor.

Question 42

Identify the component of internal control and applicable example associated with the following statement: “the organization. Selects and develops general control activities over technology to support the achievement of objectives.”

Answer 42

Control Activities

An automated function YouTopia’s accounting system checks and edits entered data.

Question 43

Identify the component of internal control and applicable example associated with the following statement: “the organization selects, develops and performs evaluations to assess the extent to which internal control components are present and functioning .”

Answer 43

Monitoring

YouTopia gathers, processes, and reports accident and injury records from its manufacturing g sites. The information is used to assess the presence and quality of accident and injury controls.”

Question 44

Identify the component of internal control and applicable example associated with the following statement: “the organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.”

Answer 44

Risk Assessment

YouTopia’s objectives include increasing the inventory turnover ration to 12 times per year and lowering its carbon dioxide emissions by 15% within 3 years.

Question 45

Over time, controls deteriorate. Why is control monitoring important?

Answer 45

People forget, quit jobs, get lazy, get distracted, or come to work tired. In additional, machines fail and technology changes.

Question 46

Describe monitoring as the core, foundational component in the COSO ERM model:

Answer 46

Foundation of risk management. Essential in achieving strong, internal control and effective risk management. Control problems can be identified quickly. Decision makers (SR management and BOD) receive timely information. Organizations are more efficient and have lower costs.

Question 47

Identify now monitoring of intent all control is effective in the following example: Control procedures required at least 2 individuals to be present in the accounting office at all time when cash is being counted, credit card receipts and credit card fees are reconciled to cash receipts journal and G/L. One of these individuals was out sick, and left the other alone in the office.

Answer 47

This is a control deficiency that should be identified by effective monitoring and corrected through proper SOD. Effective cash control requires SOD. Monitoring the control requirement (that at least 2 individuals be present for cash counts) would reveal that a backup, additional individual is needed in the system, to ensure that no individual that counts cash is ever alone.

Question 48

What must be considered during the control change management process?

Answer 48

Resulting cost and benefit.

Question 49

Who is responsible for change control management?

Answer 49

Upper management and key executives.

Personnel are responsible for carrying for carrying out the work already established and implemented by management, but ultimate accountability for internal control, including change control, processes rests with upper management.

Question 50

What is critical to to achieving organizational goals and objectives?

Answer 50

Effectively managing the system of control by creating a well designed process to request, review, specify, plan for, approve, implement, and monitor system changes

Question 51

What are some ways to effectively manage changes in a system of internal control?

Answer 51

Risk analysis, written change control procedures, change request forms, quality systems to map business requirements to control system changes, competent change implementation, testing, and review teams, appropriate SOD, appropriate permission and authorization systems, and document retentions and destruction policies and systems.

Question 52

What guidance was created by SOX as a result of Enron era CEOs and CFOs often pressuring audit firms into accepting inappropriate treatments of various transactions and structures?

Answer 52

SOX requires auditors to be selected, evaluated, and terminated by the independent directors composing the audit committee so that execs no longer had influence over the auditors.

Question 53

What guidance was created by SOX as a result of Enron era auditors providing consulting services to their audit clients?

Answer 53

SOX prohibits auditors from performing most consulting services for public company audit clients. Those that are permitted, such as tax services, must be disclosed and pre approved by the audit committee.

Question 54

What were the reforms of SOX aimed at?

Answer 54

Improving governance. One of the most significant of these ch ages is that Congress mandated a major alteration in the operation and responsibilities of the audit committees of public companies.

Question 55

What does SOX require of audit committees?

Answer 55

Entirely made up of independent directors who are not officers of the company and do not have any other significant ties to the firm.

Question 56

What guidance was created by SOX as a result of Enron era BODs not being informed of disputes that company officers had with external auditors?

Answer 56

Auditors must report to audit committee about: 1) all critical accounting policies and practices to be used 2) all alternative treatments discussed with management and ramifications 3) other material communications

Question 57

What guidance was created by SOX as a result of Enron era employee disclosure of frauds?

Answer 57

Audit committees are to create procedures for receiving, retaining, and treating complaints about accounting procedures and internal controls and for protecting the confidentiality of whistleblowers

Question 58

Benefits of a non-issuer adopter SOX 404.

Answer 58

Strengthen internal controls, eliminate redundancies, enhance processes and procedures, improve control environment, strengthen corporate governance, sound financial reporting, increase shareholder value, favorable perception of future investors if you decide to go public.

Question 59

Cons of non issued voluntary adoption of SOX 404.

Answer 59

Increased audit related costs.