Corporate Governance, Internal Control, and Enterprise Risk Management Flashcards
A process, effected by the entity’s BOD, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives
Internal Controls
A process designed to idnetify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding hte achievement of entity objectives
Enterprise Risk Managemnt (ERM)
The problem that occurs when managmenet does not act in the best interest of the shareholders–may engage in self-serving activities
Agency problem
Taking too much/little risk
Shirking–an agency problem
Filed with the secretary of state who issues a certificate of incorporation; Includes:
- name of corp
- purpose of corp
- powers of corp
- name of the registered agent
- name and address of each incorporator
- # of authorized shares of stock
Articles of Incorporation
–can be subsequently amended by appoval (majority vote) of shareholders
Set forth how the directors and/or officers are elected/selected, how meetings are conducted, the types and duties of officers, and required meetings
–should prescribe the process for amendment of these rules
Bylaws
Provide the basic capital of the corporation and elect the BOD
Common SH’s
The right of common stockholders to subscribe to stock issues so that their ownership is not diluted
Preemptive right
Have no voting rights, but have preference to dividends and receipt of capital upon liquidation of the company
Preferred SH’s
Voting rights in the election of directors that allow common shareholders to cast 1 vote for each director of the of the corporation for each share of stock they own
Cumulative voting rights
Charged with running the corporation on behalf of the SH’s and other stakeholders
-responsible for providing strategic direction and guidance about the stablishment of the key business objectives
BOD
–no individual power; power resides in the Board, collectively
A case-law derived concept that provides that a corporate director may not be held liable for errors in judgment providing the director acted with good faith, loyalty, and due care; but are responsible for personal illegal actions and personal torts
Business judgment rule
Duty of BOD that they must put hte interest of the corporation before their personal interest
Duty of loyalty
An agent of the corporation that can bind with corporation with their actions within the scope of his/her autority–a corp is not bound by the actions of these people if they acted beyond the scope of their authority
- responsible for hte fair presentation of the corp’s financial reports
- fidcuiary duty to corp
Officers (CEO, CFO, etc.)
A compensation system in which management is compensated based on performance (usually accounting profit)
–may result in mgmt putting too much focus on short-term profits
BAse Salary + Bonuses
A form of compensation that provides managers with an incentive to increase stock price, but may result in mgmt taking risks/manipulating st F.S.’s to meet objectives
Stock Options
Issuing shares of stock as part of management’s compensation in the form of REstricted Stock and Performance shares
Stock Grants
Officers, employees or major stockholders that are on the BOD
Inside directors
Requires public corporaitons to disclose why or why not hte chairman of the board is also the CEO
Wall Street Reform and Consumer Protection (Dodd-FRank) ACt of 2010
The committe established by and amongst hte BOD f an issuer fro the purpose of verseeing the accounting and finacnial reporting processes of hte issuer; and audits of the financial statements of the issuer
- responsible for the appointment, compensation, and oversight of the corporations’ external auditor
- must be indpendent
Audit committee on BOD
Rules that require executives to pay back incentive compensation when there is an accounting restatement
Clawback rules–required by Dodd-Frank
A professional organization of internal auditors that issued International Standards for the Professional Practice of Internal Auditing and a Code of Ethics for internal auditors
–Administers the CIA
Institute of Internal Auditors (IIA)
Services that provide an indpendent assesment of goverannce, ris management or control processes of an organization (ex. on financial presentation, compliance, performance, and system security)
Assurance services
Services tha invovle advisory related services to improve an organization’s governance, risk management or control processes (ex. training, advising, and facilitating)
Consulting services
Intenral auditing standards related to the characteristics of the internal audit activity
attribute standards
Internal auditing standards related to the quality of internal audit activities
perofmance standards
Internal auditing standards that expand upon the attribute and performance standards
Implementation standards
The Chief Audit Executive should report directly to this person in order to prevent the internal auditors’ work from being influenced by management
CEO
Requires that management acknowledge its responsibility for establishing adequate internal control over financial reporting and provide an assessment in the annual report of the effectiveness of internal control and requires that auditors attest to managment’s assertions
Section 404 of SOX
Prohibits a person from knowingly destroying, mutilating, or concealing recoreds or documents to impede or influence the investigation of any department or agency of hte US
seCTION 802 OF SOX
Responsible for protecting investors, maintining fair, orderly, and efficient market,s and facilitating capital formation
-consists of 5 appointed Commissioners by the president
SEC
Reviews documents of publicly held companies that are filed with e SEC to see if companies are meeting disclosure requirements
Division of Corporate Fiance of hteSEC
Assists the SEC in executing its law enforcement function by recommending the commencement of investigtions of securiteis law violations, and prosecuting on behalf of hte commission
Division of Enforcement of the SEC
Advises the Commission on accounting and auditng, oversees the development o accounting principles, and approves the auditing rules put forward by the PCAOB
The Office of the Chief Accountant of the SEC
REquires the CEO and CFO to certify the accuracy and truthfulness of periodic financial reports filed with the SEC
Section 906 of SOX
Provides that hte SEC will pay awards to whistle-blowers for providing information about violations of securties laws that result in aggregate monetary sanctiosn in excess of $1 million
Dodd-Frank
Exempts “emerging growht companies” for a maximum of 5 years from the date of their IPO from certain requirements that apply to larger public companies including:
Certain disclousres
REquirement of integrated audit
REquirements regarding SH votes on executive compensation
Jumpstart Our Business Startups (JOBS) Act
Audits corporations’ tax returns and enforces penalties for filing false tax returns
IRS
A defense against corporate takeovers that triggers an option for hte SH’s to purchase addtional shares at a discount if someone attempts to acquire a controlling interest in the corp
Poison pill defense
Sets the tone of an organization by influencing the control consciousness of people–the foundation for the other components of internal control
Control environment
Management’s process for identifying, analyzing, and responding to risks
Risk assessment
Policies nad procedures that ehlp ensure that management directives are carried out
control activities
Controls to check the accuracy and completeness of data, and the autorization of transactions (General, application, physical controls, seg of duties)
Information processing controls
Control activities over data center operaions, system software acquisition and maintenance, acces security, and application system development and maitnence
General controls
Control activities designed to ensure that particular applications are accurately and completely processing data and that transactiosn are properly authorized (segregated into input, processing, and ouput controls)
Application controls
Controls to ensure that data are input accurately and completely, and transactiosn are authorizecd
input controls
Controls to ensure that data is processesd accurately
Processing controls
Controls over hte distribution of and accuracy of output
Output controls
The process used to assess the quality of internal contorl perofrmnance over time
Monitoring
Individuals that monitor controls within an organization
-must be competent and objective
Evaluators
Evidence obtained form observing the control and reperforming it
Direct evidencfe
Evidence that identifies anomalies that may signal control change or failure
Indirect Evidence
The amount of risk an organization is willing to accept to achieve its goals
Risk appetite
The acceptable variation with respect oa particular opbjective above/below a firm’s risk appetite
Risk tolerance
Evaluating the occurrence of events that ahd negative effects and were unaticipated or viewed as highly unlikely
Black swan aanlysis
Risk to the organization if managment does nothing to alter hte likelihood or impact
Inherent risk
Risk of the event after considering management’s response
Risidual risk
Associate a range of events and tesulting impact withelikelihood of those events based on certain assumptions
Probablistic models
Use subjective assumptions in estimating the impact of events without quantifying an associated likelihood (ex. senstiivity measures, stress tests, scenario analyes)
Nonprobabilistic models
A risk response that invovles exiting the activity that gives rise to the risk
Avoidance
A risk response that involves taking action to reduce risk likelihood or impact, or both
Reduction
Risk response that involves reduign risk likelihood or impact by transferring or sharing a portion of the risk (ex. insurance, hedging, outsourcing)
sharing
A risk response in which no aciton is taken because the risk is consistent with the risk appetite of the organization
Acceptance (retention)
