Corporate Governance Flashcards
What is the primary duty of the board of directors?
To monitor management behavior.
What is the responsibility of the Nominating or Corporate Governance Committee of the board of directors?
Oversees the board
Responsible for hiring new CEO
What is the responsibility of the audit committee of the board of directors?
The audit committee appoints and oversees the external auditor.
What is the duty of the compensation committee of the board of directors?
The compensation committee handles the CEO’s compensation package.
What does the NYSE and NASDAQ require of the board of directors?
They require the board to be independent.
What is the main goal in an executive compensation package?
The package should ensure that the goals of management should match those of the shareholders.
How can an executive compensation package ensure that goals of management align with those of shareholders?
Executive compensation should create an incentive for management to govern in a shareholder-friendly way that doesn’t sacrifice the long-term success of the enterprise for short-term gain.
Which influences help mold the direction that management takes?
They range from internal (Board of Directors- Audit Committee- Internal Control) to external (Creditors- SEC- IRS)
These influences should not be tainted by undue influence from management or have financial ties to management such as compensation-related duties
What is shirking?
When management doesn’t act in the best interest of shareholders.
It can be alleviated by tying compensation to stock performance or company profit.
What requirements are imposed on a public company under Sarbanes-Oxley?
Management must submit a report on the effectiveness of Internal Control in the 10K.
Management must disclose significant Internal Control deficiencies.
CEO/CFO must certify that the financial statements comply with securities laws and fairly present the financial condition of the company.
What are the elements of the control environment?
The following are elements of the control environment:
- Integrity & Ethics
- Competence
- The Board of Directors & Audit Committee
- Management’s Operating Style
- Organizational Structure
- Authority & Roles of Responsibilities
- HR Policies
What characteristics are promoted by the COSO framework on internal control?
Reliable financial reporting
Effective and efficient operations
Compliance
What are the basic elements of internal control?
The basic elements of internal control are:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
What are control activities?
A component of internal control that includes actions being taken to promote the control environment.
What is the significance of the Information and Communication aspect of internal control?
Management must have access to relevant and timely information to make good decisions.
How does Monitoring affect internal control?
Internal Control activities must be constantly monitored and evaluated for effectiveness.
What are possible responses to risk under the COSO framework for enterprise risk management?
Avoid or Reduce
Share or Accept
What activities does the COSO framework for enterprise risk management include?
COSO framework for enterprise risk management include the following activities:
- Identifies Risk Factors
- Promotes Risk Response Decisions
- Compares Management Risk vs. Shareholder Goals
- Aids in evaluating opportunities
- Promotes Quicker Capital movement
Does NOT eliminate all risk
What are some examples of controls for the following risk:
Risk: Inaccurate or incomplete sales data and lack of security over sales order information
(Sales & Collections Business Process)
In regards to a company’s process where sales orders are inputted manually
Example controls are:
- Password control over terminals to assure that sales are authorized by sales department
- Accuracy and completeness controls over inputs (accuracy and completeness controls include controls such a validity checks, missing data checks, logic checks, limit tests, etc.)
- Physical controls over terminals and files
What are some examples of controls for the following risk:
Risk: Inaccurate or incomplete sales data and lack of security over sales order information
(Sales & Collections Business Process)
In regards to a Company’s process where sales are made over the internet
Example controls are:
- Encryption of transmitted data
- Accuracy and completeness controls over inputs
- Password control over access to information to maintain a segregation of duties
- Data controls to ensure that sales prices are accurately inputted and updated
What are some examples of controls for the following risk:
Risk: Sales to customers that are NOT creditworthy
(Sales & Collections Business Process)
In regards to a Company’s process where they outsource credit to a credit card company
Example controls are:
Protect credit card information with password control and physical security over terminals and files
What are some examples of controls for the following risk:
Risk: Sales to customers that are NOT creditworthy
(Sales & Collections Business Process)
In regards to a Company’s process where the credit department extends credit
Example controls are:
- Credit department should be independent of sales function and approve credit limits
- Effective practices for collecting credit information to make evaluations to grant credit
What are some examples of controls for the following risk:
Risk: Maintaining too much or too little inventory
(Sales & Collections Business Process)
In regards to a Company’s process over inventory control and management
Example controls are:
- Use of a perpetual inventory system
- Use of techniques such as just-in-time, economic order quantity and reorder points as methods of managing inventory: heavy reliance on technology to determine when and how much to order
What are some examples of controls for the following risk:
Risk: Inaccurate filling of orders
(Sales & Collections Business Process)
In regards to a Company’s process over manual filling of orders
Example controls are:
Have an individual NOT involved in filling the order check it for accuracy
What are some examples of controls for the following risk:
Risk: Inaccurate filling of orders
(Sales & Collections Business Process)
In regards to a Company’s process over using technology to fill orders
Example controls are:
- Input controls to assure information is correct in computer fulfillment process
- Use technology such as bar code scanners to pack goods
What are some examples of controls for the following risk:
Risk: Inaccurate billing of customers
(Sales & Collections Business Process)
In regards to a Company’s process over the manual billing process
Example controls are:
- Individual doing billing match sales order to shipping document to assure the accuracy of billing invoice
- Use of pre-numbered documents and accounting for all documents
- Invoice checked for clerical accuracy by an individual NOT involved in preparation
- Billing department is independent of individuals maintaining receivables records
- Account for numerical sequence of documents
What are some examples of controls for the following risk:
Risk: Inaccurate billing of customers
(Sales & Collections Business Process)
In regards to a Company’s process over technology used for billing
Example controls are:
- Accuracy and completeness input controls to assure billing information is accurate and based on accurate shipping information input by shipping personnel
- Accuracy and completeness controls to assure that pricing information is accurate and based on authorization from the sale department
- Password control over terminals to insure segregation of duties
What are some examples of controls for the following risk:
Risk: Failure to bill for shipment
(Sales & Collections Business Process)
In regards to a Company’s process over a manual shipping process
Example controls are:
Accounting for ALL pre-numbered shipping documents
What are some examples of controls for the following risk:
Risk: Failure to bill for shipment
(Sales & Collections Business Process)
In regards to a Company’s process over technology used for shipping
Example controls are:
Accuracy and completeness input controls to assure that all shipping information is entered to the system for billing
What are some examples of controls for the following risk:
Risk: Errors or fraud in processing and depositing cash receipts
(Sales & Collections Business Process)
In regards to a Company’s process over cash receipts received through the mail
Example controls are:
Segregation of cash handling from accounts receivable records or use of a lockbox at a financial institution
What are some examples of controls for the following risk:
Risk: Errors or fraud in processing and depositing cash receipts
(Sales & Collections Business Process)
In regards to a Company’s process over the use of an electronic funds transfer system
Example controls are:
- Control over access to the system through the use of a password system
- Use of accuracy and completeness controls over input of cash receipt information
What are some examples of controls for the following risk:
Risk: Accounts may be written off WITHOUT authorization
(Sales & Collections Business Process)
In regards to a Company that has a manual process for writing-off uncollectible accounts
Example controls are:
- Individual independent of sales and cash receipts should be authorized to write off accounts
- Use of pre-numbered authorization forms
- Accounting for all forms (pre-numbered authorization forms)
What are some examples of controls for the following risk:
Risk: Accounts may be written off WITHOUT authorization
(Sales & Collections Business Process)
In regards to a Company that has a technology-based system for writing-off uncollectible accounts
Example controls are:
Access to terminal for authorization by independent individual should be restricted by password system
What are some examples of controls for the following risk:
Risk: Ordering un-needed goods
(Acquisitions & Payments Process)
In regards to a Company that has a manual or technology-based system (or process) to order goods (purchase inventory)
Example controls are:
- Use of a perpetual inventory system
- Ordering based on inventory management techniques such as just-in-time, economic order quantity and reorder points
What are some examples of controls for the following risk:
Risk: Purchasing goods from unauthorized vendors
(Acquisitions & Payments Process)
In regards to a Company that has a manual or technology-based system (or process) to order goods
Example controls are:
- Establish preferred vendor relationships
- Establish criteria for authorized vendors
- Creation of purchase orders
- Accuracy and completeness controls over inputting purchasing information into the computer
- Password control over terminals
What are some examples of controls for the following risk:
Risk: Receiving goods that were NOT ordered
(Acquisitions & Payments Process)
In regards to a Company that has a manual system (or process) for receiving goods purchased
Example controls are:
Matching of purchase order to goods received
What are some examples of controls for the following risk:
Risk: Receiving goods that were NOT ordered
(Acquisitions & Payments Process)
In regards to a Company that has a technology-based system (or process) for receiving goods purchased
Example controls are:
Computer comparison of purchase information input by the purchasing department with information on goods received inputted by the receiving department
What are some examples of controls for the following risk:
Risk: Payment for goods NOT received
(Acquisitions & Payments Process)
In regards to a Company that has a manual system (or process) for receiving goods
Example controls are:
- Matching of purchase orders with receiving reports
- Accounting for all pre-numbered documents
- Individual authorized to sign checks is independent of those maintaining records and receiving goods
- Check signer cancels supporting documents
What are some examples of controls for the following risk:
Risk: Payment for goods NOT received
(Acquisitions & Payments Process)
In regards to a Company that uses computer generation of payments based on purchase and receiving information
Example controls are:
- Accuracy and completeness input controls for purchase and receiving information
- Segregation of those maintaining records and processing payments from those authorized to make payments
- Password control to ensure segregation of duties
What are some examples of controls for the following risk:
Risk: Payment for purchase twice
(Acquisitions & Payments Process)
In regards to a Company that has a manual system (or process) for cutting checks
Example controls are:
Cancel supporting documents for all payments
What are some examples of controls for the following risk:
Risk: Payment for purchase twice
(Acquisitions & Payments Process)
In regards to a Company that uses a technology-based system (or process) for cutting checks
Example controls are:
Control access to receiving and purchasing information by use of passwords and appropriate segregation of duties
What are some examples of controls for the following risk:
Risk: Unauthorized cash payments
(Acquisitions & Payments Process)
In regards to a Company that has a manual system (or process) for the authorization of cash payments
Example controls are:
- Segregation of duties of accounting and authorized check signers
- Reconciliation of bank account by individual independent of individuals preparing and signing checks
What are some examples of controls for the following risk:
Risk: Unauthorized cash payments
(Acquisitions & Payments Process)
In regards to a Company that uses a technology-based system (or process) for making cash payments
Example controls are:
- Passwords and controls over terminals prevent issuance of unauthorized payments
- Reconciliation of bank account by computer or independent individual
What are some examples of controls for the following risk:
Risk: Loss or theft of assets
(Acquisitions & Payments Process)
In regards to a Company that uses a manual or technology-based system (or process) for tracking and maintaining assets
Example controls are:
Periodic reconciliations of physical assets to accounting records by individuals independent of individuals having custody of the assets and individuals maintaining the accounting records for the assets (i.e. reconciliations of bank accounts, taking physical inventories and inventories of supplies and equipment
What are key controls that a Company should have over inventory?
Key controls over inventory include:
- Perpetual inventory records for large dollar items
- Pre-numbered receiving reports prepared when inventory received
- Receiving reports should be accounted for
- Adequate standard cost system to cost inventory items
- Physical controls over theft
- Written inventory requisitions used
- Proper authorization of purchases and use of pre-numbered purchase orders
What are key controls that a Company should have over Fixed assets?
Key controls over fixed assets include:
- Major asset acquisitions are properly approved by the firm’s board of directors and properly controlled through capital budgeting techniques
- Detailed records are available for property assets and accumulated depreciation
- Written policies exist for capitalization vs. expensing decisions
- Depreciation properly calculated
- Retirements approved by an appropriate level of management
- Physical control over assets to prevent theft
- Periodic physical inspection of plant and equipment by individuals who are otherwise independent of PP&E (i.e. internal auditors)
What are key controls that a Company should have over Payroll?
Key controls over payroll include:
- Segregate the following functions:
a. Timekeeping
b. Payroll preparation
c. Personnel (HR)
d. Paycheck distribution
- Time clocks used where possible
- Job time tickets reconciled to time clock cards
- Time clock cards approved by supervisors (overtime and regular hours)
- Treasurer signs paychecks
- Unclaimed paychecks controlled by someone otherwise independent of the payroll function (locked up and eventually destroyed if not claimed). In cases in which employees are paid cash (as opposed to checks) unclaimed pay should be deposited into a special bank account
- Personnel department promptly sends termination notices to the payroll department
What are the 8 elements of Enterprise Risk Management (ERM)?
The 8 elements of ERM are as follows:
- Internal Environment
- Objective setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information & Communication
- Monitoring
What are key factors within an entity Internal Environment?
Element of Enterprise Risk Management
An important aspect of an organization’s internal control environment is it’s risk appetite & risk tolerance:
Risk appetite - amount of risk an organization is willing to accept to achieve its goals
Risk tolerance - relates to an organization’s objectives. It is the acceptable variation with respect to a particular objective
What does the Objective setting entail?
Element of Enterprise Risk Management
Objective setting are divided into 3 categories:
- Operation objectives - relates to the effectiveness and efficiency of operations
- Reporting objectives - internal and external using financial and non-financial information
- Compliance objectives - relates to adherence to laws and regulations
What does Event Identification entail?
Element of Enterprise Risk Management
Event identification techniques include the following:
- Event inventories - developing a detailed listing of potential events
- Internal analysis - involving using information from other stakeholders (i.e. customers, suppliers, etc.)
- Escalation / Threshold triggers - management predetermines limits that cause an event to be further assessed
- Facilitated workshops / interviews - involves soliciting information about events from management & staff
- Process flow analysis - involves breaking processes down to inputs, tasks, responsibilities and outputs to identify events that might adversely affect the process
- Leading event indicators - involves monitoring data correlated to event to identify when the event is likely to occur
- Loss event data methodologies - management attempt to identify trends based on past events to determine occurrence of events that are unlikely and could have a very negative impact
What does Risk Assessment entail?
Element of Enterprise Risk Management
Risk assessment involves the following:
- Inherent risk - the risk to the organization if management does nothing to alter its likelihood or impact
- Residual risk - risk of the event occurring after considering management response
What is a qualitative technique that management can use to assess risk?
Risk assessment is an element of enterprise risk management. Management can use the following QUALITATIVE technique to assess risk:
Probabilistic Model - associate a range of events and the resulting impact with the likelihood of these events based on a certain assumption (i.e. value at risk, cash flow risk, earnings at risk and development of credit and operational distributions)
What is a quantitative model that management can use to assess risk?
Risk assessment is an element of enterprise risk management. Management can use the following QUANTITATIVE technique to assess risk:
Non-probabilistic Model - use subjective assumptions in estimating the impact of events without quantifying an associated likelihood (i.e. sensitivity measures, stress test and scenario analysis)
What does Risk Response entail?
Element of Enterprise Risk Management
An organization can deal with risk response in the following ways based upon its risk appetite:
- Avoidance - avoiding the risk all together (dropping the activity which causes the risk)
- Reduction - taking action to reduce risk (i.e. managing the risk or adding additional controls to the process)
- Sharing - transfers a portion of the risk to reduce it (i.e. insurance, hedging or outsourcing)
- Acceptance (retention) - just don’t do anything to mitigate it
