Corporate Governance, Internal Controls & Enterprise Risk Management Flashcards
Articles of Incorporation
Papers filed to form a corporation which govern the management of the corporation and , upon approval, become the corporate charter or certificate of incorporation. It includes such info as the name of the company, its address at the time of filing, it purpose, the name of the registered agent, name and address of each incorporator and the number of authorized shares of stock and types of stock.
Board of Directors
A group of individuals, normally elected by the shareholders of a corporation, which determines the direction of a corporation based on responsibilities established in the bylaws. Committees established by the board include: Nominating Committee (Determines who is suitable for service on the board of directors, including officer positions, and CEO succession) Audit Committee (directors responsible for overseeing the financial reporting process) Compensation Committee (Directors responsible for establishing payment policies for directors and executives)
Fixed Compensation
A set amount for salary payments plus perks including health/life insurance, retirement benefits, and company vehicle usage.
Incentive Compensation
Payments that are based on company performance or some other criteria and can be paid through bonuses or share based compensation, such as stock options or stock appreciation rights.
Internal Control
An entity’s policies and procedures designed to enable it to achieve its objectives of efficient and effective operations, compliance with applicable laws and regulations, and reliable financial reporting, consisting of five components (CRIME): Control Activities, Risk assessment, Information and communication, Monitoring and the Control Environment
Control Enviroment
Referred to as Tone at the Top, the core principles on which an entity bases operation, intended to convey the entity’s commitment to integrity and ethical values and to make clear the reasons for an entity’s existence.
Risk Assessment
The process an entity uses to identify those risks that may impair its ability to achieve its operating, compliance, and reporting objectives and to evaluate those risks
Control Activities
Policies and procedures that help ensure management directives are carried out, including physical controls, information processing controls, performance indicators, and segregation of duties.
Information and Communication
The means by which information is obtained and disseminated by management throughout the entity and with appropriate business relationships such that control activities will more likely and so that management will receive feedback as to their effectiveness.
Monitoring
The means by which management determines if all components of internal control are in place and are functioning in the manner indicated
Physical Controls
The physical protection of valuable assets accomplished by limiting access, such as by keeping inventories in storage areas to which only few trusted employees have access
Information Processing Control
Procedures that must be completed before an action can be taken, such as by requiring that a receiving report be matched to a purchase order and invoice before payment will be authorized.
Performance Indicators
Expectations established for comparison against actual performance to provide feedback as to whether or not controls are operating effectively, such as by reconciling a bank statement balance to a general ledger balance to determine if all cash transactions for a particular account have been recorded
Segregation of Duties
Making certain that one individual does not have responsibility for more than one of the following duties (ARCC):
-Authorization of transactions
-Recording Transactions
-Maintaining Custody of the resources that are subject
of the transactions
-Reconciling (Comparison) the accounting records
related to the transaction to the physical resource
available
Inherent Limitations of Internal Control
Internal control might not be effective because (COCO) -Collusion -Override by management -Competence (lack of) -Cost/Benefit constraints Obsolescence
Fraud
An illegal act characterized by deceit, concealment, or violation of trust. Typically, it can be divided into asset misappropriation (theft) or misstatement of financial statements.
Occupational Fraud
The Use of one’s occupation for personal gain through the deliberate misuse or misapplication or the organization’s resources or assets
Five Steps in a Fraud Risk Management Program (FRMP)
- Establish governance policies
- conduct a comprehensive risk assessment
- Plan and execute preventive and detective control processes
- Perform timely and confidential investigations
- Monitor and assess the program reporting the results and improving the processes
Effective Fraud Risk Management Program Charectoristics
- Initiates a visible and rigorous fraud governance process
- Promotes a transparent and sound anti fraud culture
- Entails a thorough periodic fraud risk assessment
- Plans, executes, and maintains preventive and detective fraud control processes
- Responds quickly to fraud allegations, including loss recovery actions and proceedings against perpetrators
Typical Fraud Risk Management Shortcoming
- Assessment consists of an identification of risk factors but omits an identification of schemes and scenarios
- Lack of follow up after identification of fraud risks and linkage to mitigating controls
- Potential perpetrators are not identified (which can lead to insufficient considerations of management override)
- Inadequate consideration of collusive fraud and management override of controls
- Lack of appropriate involvement in assessment by internal auditors and other appropriate personnel
- Lack of appropriate monitoring by the audit committee
Enterprise Risk Management (ERM)
A framework designed by COSO to be applied by an entity to strategically identify events that may affect the entity and to manage those risks in accordance with the entity’s risk appetite, to provide reasonable assurance of archiving the entity’s objectives. There are five components:
- Government & Culture
- Strategy & Objective setting
- Performance
- Review & Revision
- Information, Communication, & Reporting
Governance & Culture
The 1st of 5 components of the COSO ERM Framework that sets the overall tone for the organization, addressing such issues as mission, vision, and core values. Governance encompasses the establishment of oversight responsibilities for ERM and the entity’s tone. Culture refers to the ethical mindset, standards of acceptable behavior, and understanding the entity’s risk. There are 5 principles:
- Exercises board risk oversight
- Establishes operating structures
- Defines desired culture
- Demonstrates commitment to core value
- Attracts, develops, and retains capable individuals
Strategy & Objective Setting
The 2nd of 5 components of COSO ERM Framework that represents the entity’s process for strategic planning. The entity determines its risk appetite, aligns it with its strategy, and developed business objectives to execute the strategy. This process serves as a basis for recognizing, evaluating, and responding to risk. There are 4 principles
- Analyzes business context
- Defines risk appetite
- Evaluates alternative strategies
- Formulates business Objectives
Performance
The 3rd of 5 components of the COSO ERM Framework that represents the process of actually identifying, evaluating and responding to risks. The risks should be prioritized by severity with regards to the entity's risk appetite. The entity then chooses the appropriate responses, while keeping an overall view of the amount of risk assumed. Results are reported to the appropriate stakeholders. There are 5 principles: -Identify Risk -Assesses the severity of risks -Prioritizes risks - Implements risk responses Develops portfolio view
Review & Revision
The 4th of 5 components of COSO ERM Framework that represents the process of evaluating how well ERM components perform over time and refining the components as conditions change, as necessary. There are 3 Principles:
- Assesses substantial change
- Reviews risk and performance
- Pursues improvement in ERM
Information, Communication, & Reporting
The last of 5 components of COSO ERM Framework that represents the ongoing exchange of internal and external information up and down as well as across the entity. There are 3 principles:
- Leverages information and technology
- Communicates risk information
- Reports on risk, culture, and performance
Leading Event Indicators
Identifying data that is indicative of a pending event, such as a decline in interest rates being indicative in the demand for housing
Loss Event Data Methodologies
Collections of information regarding past losses used to prevent repeating actions that would likely result in future losses
Risk Response
An assessment by management of how identified risks in ERM should be dealt with, choosing among:
- Acceptance (no change in action)
- Sharing (Insurance)
- Reduction ( changing the internal environment and control activities)
- Avoidance (activity not pursued)
Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act)
A comprehensive bill consisting of 16 sections passed to address the factors believed to have caused the economic crisis of the early 21st century, to enhance the stability of the financial system, improve accountability and transparency, end bailouts, and to protect consumers from abusive practices in the financial services industry.
Dodd-Frank Clawback
The Dodd-Frank Act requires an entity that is required to restate its financial statements to establish policies for the recoupment of compensation based on those statements.
