Corporate Governance, Internal Controls & Enterprise Risk Management

Question 1

Articles of Incorporation

Answer 1

Papers filed to form a corporation which govern the management of the corporation and , upon approval, become the corporate charter or certificate of incorporation. It includes such info as the name of the company, its address at the time of filing, it purpose, the name of the registered agent, name and address of each incorporator and the number of authorized shares of stock and types of stock.

Question 2

Board of Directors

Answer 2

A group of individuals, normally elected by the shareholders of a corporation, which determines the direction of a corporation based on responsibilities established in the bylaws. Committees established by the board include:
Nominating Committee (Determines who is suitable for service on the board of directors, including officer positions, and CEO succession)
Audit Committee (directors responsible for overseeing the financial reporting process)
Compensation Committee (Directors responsible for establishing payment policies for directors and executives)

Question 3

Fixed Compensation

Answer 3

A set amount for salary payments plus perks including health/life insurance, retirement benefits, and company vehicle usage.

Question 4

Incentive Compensation

Answer 4

Payments that are based on company performance or some other criteria and can be paid through bonuses or share based compensation, such as stock options or stock appreciation rights.

Question 5

Internal Control

Answer 5

An entity’s policies and procedures designed to enable it to achieve its objectives of efficient and effective operations, compliance with applicable laws and regulations, and reliable financial reporting, consisting of five components (CRIME): Control Activities, Risk assessment, Information and communication, Monitoring and the Control Environment

Question 6

Control Enviroment

Answer 6

Referred to as Tone at the Top, the core principles on which an entity bases operation, intended to convey the entity’s commitment to integrity and ethical values and to make clear the reasons for an entity’s existence.

Question 7

Risk Assessment

Answer 7

The process an entity uses to identify those risks that may impair its ability to achieve its operating, compliance, and reporting objectives and to evaluate those risks

Question 8

Control Activities

Answer 8

Policies and procedures that help ensure management directives are carried out, including physical controls, information processing controls, performance indicators, and segregation of duties.

Question 9

Information and Communication

Answer 9

The means by which information is obtained and disseminated by management throughout the entity and with appropriate business relationships such that control activities will more likely and so that management will receive feedback as to their effectiveness.

Question 10

Monitoring

Answer 10

The means by which management determines if all components of internal control are in place and are functioning in the manner indicated

Question 11

Physical Controls

Answer 11

The physical protection of valuable assets accomplished by limiting access, such as by keeping inventories in storage areas to which only few trusted employees have access

Question 12

Information Processing Control

Answer 12

Procedures that must be completed before an action can be taken, such as by requiring that a receiving report be matched to a purchase order and invoice before payment will be authorized.

Question 13

Performance Indicators

Answer 13

Expectations established for comparison against actual performance to provide feedback as to whether or not controls are operating effectively, such as by reconciling a bank statement balance to a general ledger balance to determine if all cash transactions for a particular account have been recorded

Question 14

Segregation of Duties

Answer 14

Making certain that one individual does not have responsibility for more than one of the following duties (ARCC):
-Authorization of transactions
-Recording Transactions
-Maintaining Custody of the resources that are subject
of the transactions
-Reconciling (Comparison) the accounting records
related to the transaction to the physical resource
available

Question 15

Inherent Limitations of Internal Control

Answer 15

Internal control might not be effective because (COCO)
-Collusion
-Override by management
-Competence (lack of)
-Cost/Benefit constraints
Obsolescence

Question 16

Fraud

Answer 16

An illegal act characterized by deceit, concealment, or violation of trust. Typically, it can be divided into asset misappropriation (theft) or misstatement of financial statements.

Question 17

Occupational Fraud

Answer 17

The Use of one’s occupation for personal gain through the deliberate misuse or misapplication or the organization’s resources or assets

Question 18

Five Steps in a Fraud Risk Management Program (FRMP)

Answer 18

1. Establish governance policies
2. conduct a comprehensive risk assessment
3. Plan and execute preventive and detective control processes
4. Perform timely and confidential investigations
5. Monitor and assess the program reporting the results and improving the processes

Question 19

Effective Fraud Risk Management Program Charectoristics

Answer 19

• Initiates a visible and rigorous fraud governance process
• Promotes a transparent and sound anti fraud culture
• Entails a thorough periodic fraud risk assessment
• Plans, executes, and maintains preventive and detective fraud control processes
• Responds quickly to fraud allegations, including loss recovery actions and proceedings against perpetrators

Question 20

Typical Fraud Risk Management Shortcoming

Answer 20

• Assessment consists of an identification of risk factors but omits an identification of schemes and scenarios
• Lack of follow up after identification of fraud risks and linkage to mitigating controls
• Potential perpetrators are not identified (which can lead to insufficient considerations of management override)
• Inadequate consideration of collusive fraud and management override of controls
• Lack of appropriate involvement in assessment by internal auditors and other appropriate personnel
• Lack of appropriate monitoring by the audit committee

Question 21

Enterprise Risk Management (ERM)

Answer 21

A framework designed by COSO to be applied by an entity to strategically identify events that may affect the entity and to manage those risks in accordance with the entity’s risk appetite, to provide reasonable assurance of archiving the entity’s objectives. There are five components:

1. Government & Culture
2. Strategy & Objective setting
3. Performance
4. Review & Revision
5. Information, Communication, & Reporting

Question 22

Governance & Culture

Answer 22

The 1st of 5 components of the COSO ERM Framework that sets the overall tone for the organization, addressing such issues as mission, vision, and core values. Governance encompasses the establishment of oversight responsibilities for ERM and the entity’s tone. Culture refers to the ethical mindset, standards of acceptable behavior, and understanding the entity’s risk. There are 5 principles:

1. Exercises board risk oversight
2. Establishes operating structures
3. Defines desired culture
4. Demonstrates commitment to core value
5. Attracts, develops, and retains capable individuals

Question 23

Strategy & Objective Setting

Answer 23

The 2nd of 5 components of COSO ERM Framework that represents the entity’s process for strategic planning. The entity determines its risk appetite, aligns it with its strategy, and developed business objectives to execute the strategy. This process serves as a basis for recognizing, evaluating, and responding to risk. There are 4 principles

• Analyzes business context
• Defines risk appetite
• Evaluates alternative strategies
• Formulates business Objectives

Question 24

Performance

Answer 24

The 3rd of 5 components of the COSO ERM Framework that represents the process of actually identifying, evaluating and responding to risks. The risks should be prioritized by severity with regards to the entity's risk appetite. The entity then chooses the appropriate responses, while keeping an overall view of the amount of risk assumed. Results are reported to the appropriate stakeholders. There are 5 principles:
-Identify Risk
-Assesses the severity of risks
-Prioritizes risks
- Implements risk responses
Develops portfolio view

Question 25

Review & Revision

Answer 25

The 4th of 5 components of COSO ERM Framework that represents the process of evaluating how well ERM components perform over time and refining the components as conditions change, as necessary. There are 3 Principles:

• Assesses substantial change
• Reviews risk and performance
• Pursues improvement in ERM

Question 26

Information, Communication, & Reporting

Answer 26

The last of 5 components of COSO ERM Framework that represents the ongoing exchange of internal and external information up and down as well as across the entity. There are 3 principles:

• Leverages information and technology
• Communicates risk information
• Reports on risk, culture, and performance

Question 27

Leading Event Indicators

Answer 27

Identifying data that is indicative of a pending event, such as a decline in interest rates being indicative in the demand for housing

Question 28

Loss Event Data Methodologies

Answer 28

Collections of information regarding past losses used to prevent repeating actions that would likely result in future losses

Question 29

Risk Response

Answer 29

An assessment by management of how identified risks in ERM should be dealt with, choosing among:

• Acceptance (no change in action)
• Sharing (Insurance)
• Reduction ( changing the internal environment and control activities)
• Avoidance (activity not pursued)

Question 30

Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act)

Answer 30

A comprehensive bill consisting of 16 sections passed to address the factors believed to have caused the economic crisis of the early 21st century, to enhance the stability of the financial system, improve accountability and transparency, end bailouts, and to protect consumers from abusive practices in the financial services industry.

Question 31

Dodd-Frank Clawback

Answer 31

The Dodd-Frank Act requires an entity that is required to restate its financial statements to establish policies for the recoupment of compensation based on those statements.