Corporate Governance and Internal Controls

Question 1

Define the “SOX Clawback provision”.

Answer 1

This provision allows firms to reclaim incentive and bonus payments to officers that turn out to have been made based on wrongdoing by those officers.

Question 2

Pro forma financial statements must be reconciled with what?

Answer 2

They must also include comparable GAAP numbers.

Question 3

List prohibitions observed by corporate insiders and outside auditors.

Answer 3

They must observe the following prohibitions:

• fraudulent influence;
• coercion;
• manipulation;
• and misleading.

Question 4

Under the Sarbanes-Oxley Act of 2002, what are the requirements and responsibilities of Audit Committees?

Answer 4

1) All directors must be independent;
2) New role: select, compensate, fire outside auditor;
3) set up whistleblower procedures.

Question 5

Describe the three levels of the corporate pyramid.

Answer 5

Bottom: shareholders (vote for directors);
Middle: directors (select officers and set broad policies);
Top: officers (run firm day-to-day).

Question 6

Define “preventive controls.”

Answer 6

“Before the fact” controls designed to stop an error or irregularity from occurring. Examples of preventive controls include locks on building and doors, password protected access to files, and segregation of duties.

Question 7

Define “detective controls.”

Answer 7

“After the fact” controls designed to detect an error after it has occurred (though preferably before the erroneous information is used to update the database or appears in reports). Examples of detective controls include data entry edits (field checks, limit tests) and reconciliation of batch control totals.

Question 8

Define “corrective controls.”

Answer 8

Paired with detective controls, they attempt to reverse the effects of the error or irregularity which has been detected. Examples of corrective controls include maintenance of backup files, disaster recovery plans, and insurance.

Question 9

Define “application controls.”

Answer 9

Controls over specific data input, data processing, and data output activities. Designed to ensure the accuracy, completeness, and validity of transaction processing. As such, application controls have a relatively narrow focus on those accounting applications that are involved with data entry, update, and reporting.

Question 10

Define “general controls.”

Answer 10

Controls over the environment as a whole. Apply to all functions, not just specific accounting applications. General controls help ensure that data integrity is maintained.

Question 11

Define “feed-forward controls.”

Answer 11

A process in which future results are projected based on current and past information and, if the future results are undesirable, the inputs to the system are changed to avoid the projected outcome. Many inventory ordering systems are essentially feed-forward controls: the system projects product sales over the relevant time period, identifies the current inventory level, and orders inventory sufficient to fulfill the sales demand.

Question 12

Define “feedback controls.”

Answer 12

A procedure in which the results of a process are evaluated and, if the results are undesirable, the process is adjusted to correct the results; most detective controls are also feedback controls.

Question 13

Define “internal control.”

Answer 13

A process, effected by the entity’s Board of Directors, management, and other personnel, that is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

Question 14

List the three elements that constitute “Mandatory” Guidance in the Institute of Internal Auditors’ (IIA) International Professional Practices Framework.

Answer 14

1) Definition of Internal Auditing;
2) Code of Ethics;
3) International Standards.

Question 15

List the three elements that constitute “Strongly Recommended” Guidance in the Institute of Internal Auditors’ (IIA) International Professional Practices Framework.

Answer 15

1) Position papers;
2) Practice advisories;
3) Practice guides.

Question 16

What is the Institute of Internal Auditors’ (IIA) definition of internal auditing?

Answer 16

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.

Question 17

List the four principles of the Institute of Internal Auditors’ (IIA) Code of Ethics (Framework for the 12 Rules of Conduct).

Answer 17

1) Integrity;
2) Objectivity;
3) Confidentiality;
4) Competency.

Question 18

List the two basic categories of standards that comprise the International Standards for the Professional Practice of Internal Auditing.

Answer 18

1) Attribute Standards;

2) Performance Standards.

Question 19

What are attribute standards?

Answer 19

These standards involve the characteristics (“attributes”) of organizations and of the individuals performing internal audit services.

Question 20

What is the purpose of “Interpretations” of the International Standards?

Answer 20

Interpretations clarify the terms/concepts within the Attribute and Performance Standards (Interpretations are an integral part of the International Standards).

Question 21

Define implementation standards.

Answer 21

These standards differentiate the requirements specifically applicable to “assurance” activities and “consulting” activities within the Attribute Standards and the Performance Standards.

Question 22

What is the distinction between “Assurance” and “Consulting” activities in internal auditing?

Answer 22

Assurance involves three parties (the process owner; the user; and the internal auditor), whereas consulting only involves two parties (the client and the internal auditor).

Question 23

Define “Quality Assurance and Improvement Program (Standard 1300)”.

Answer 23

(Attribute Standard #4) “The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity.”

Question 24

Define “Proficiency and Due Professional Care (Standard 1200)”.

Answer 24

(Attribute Standard #3) “Engagements must be performed with proficiency and due professional care.”

Question 25

Define “Independence and Objectivity (Standard 1100)”.

Answer 25

(Attribute Standard #2) “The internal audit activity must be independent, and internal auditors must be objective in performing their work.”

Question 26

Define “Purpose, Authority, and Responsibility (Standard 1000)”.

Answer 26

(Attribute Standard #1) “The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval.”

Question 27

List the four primary themes of Attribute Standards.

Answer 27

1) Purpose, Authority, and Responsibility.
2) Independence and Objectivity.
3) Proficiency and Due Professional Care.
4) Quality Assurance and Improvement Program

Question 28

List the seven primary themes of Performance Standards

Answer 28

(1) Managing the Internal Audit Activity;
(2) Nature of Work;
(3) Engagement Planning;
(4) Performing the Engagement;
(5) Communicating Results;
(6) Monitoring Progress; and
(7) Resolution of Senior Management’s Acceptance of Risks.

Question 29

Define “Managing the Internal Audit Activity (Standard 2000)”.

Answer 29

(Performance Standard #1) “The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization.”

Question 30

Define “Nature of Work (Standard 2100)”.

Answer 30

(Performance Standard #2) “The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes, using a systematic and disciplined approach.”

Question 31

Define “Engagement Planning (Standard 2200)”.

Answer 31

(Performance Standard #3) “Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations.”

Question 32

Define “Performing the Engagement (Standard 2300)”.

Answer 32

(Performance Standard #4) “Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives.”

Question 33

Define “Communicating Results (Standard 2400)”.

Answer 33

(Performance Standard #5) “Internal auditors must communicate the results of engagements.”

Question 34

Define the “Monitoring Progress (Standard 2500)”.

Answer 34

(Performance Standard #6) “The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management.”

Question 35

Define the “Resolution of Senior Management’s Acceptance of Risks (Standard 2600)”.

Answer 35

(Performance Standard #7) “When the chief audit executive believes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the decision regarding residual risk is not resolved, the chief audit executive must report the matter to the board for resolution.”