Corporate Governance - Rights, Duties, Responsibilities, Authority, Ethics of Directors, and Officers - Internal Control (Including COSO or Similar Framework) Flashcards
an issuer does not have an audit committee financial expert:
the issuer must disclose the reason why the role is not filled.
If controls add to the efficiency of operations, management must:
weigh the benefit of reducing loss or inefficiency against the cost of the control.
Managers must weigh the benefit of reducing loss or inefficiency against the cost of the controls. They should not implement controls without first understanding whether any benefits of implementing these controls outweigh the costs. Although management can solicit recommendations from the internal auditor, it is not a requirement.
Characteristics of a small-to-mid-size entity:
Strongly influenced by the integrity and ethical behavior of top management. They may implement the control environment differently than a larger entity. They may not have a written code of conduct. The characteristics of top management style and attitude are more pronounced in smaller organizations.
Internal Environment
Encompasses the tone of an organization, influencing the risk consciousness of its people, and is the basis for all other components of enterprise risk management, providing discipline and structure.
Includes: an entity’s risk management philosophy; its risk appetite; oversight by the board of directors; the integrity, ethical values, and competence of the entity’s people; and the way management assigns authority and responsibility, and organizes and develops its people.
Control environment
The control environment in a business entity sets the tone of an organization (often called “tone at the top”), influencing the control consciousness, attitude, and awareness of management and its employees
A written policy and procedure manual should contain:
Policies and procedures help the employee understand the organization’s policies for operation and the procedures that are followed to meet the policies. The policies and procedures include such things as the proper business practices, the purpose of the organization, responsibilities, and definitions.
Under COSO, management monitors controls:
To consider whether controls are operating as intended.
Monitoring evaluates whether each of the five internal control components (and principles within each component) is present and operating as intended. Deficiencies are communicated to those responsible for corrective action (e.g., senior management, board of directors). To consider whether the controls are operating as intended is an appropriate reason for management to employ a process for monitoring controls; the remaining answer choices are not.
MNEMONIC: 5 components of COSO’s internal control model CRIME
Control activities. Policies and procedures are needed to make sure control objectives are effectively carried out.
Risk assessment. Organizations must set objectives to identify, analyze, and manage their risks.
Information and communication. Organizations should create and use information and communication systems to plan, conduct, manage, evaluate, and control their operations.
Monitoring activities. Information systems and internal control policies and procedures must be monitored so that needed modifications can be made.
control Environment. The foundation of a business is its people and the environment in which it operates.
The Sarbanes-Oxley Act of 2002 explains that a financial expert must have experience with
internal accounting controls, an understanding of generally accepted accounting standards, and experience with the preparation or auditing of financial statements of generally comparable issuers.
The audit committee of the board of directors oversees the following:
Financial reporting
Financial disclosure
Compliance with standards
