ERM , IC and Business Processes

Question 1

is prioritizing risk a principle of the review and revision component?

Answer 1

No, prioritizing risk is a principle of the performance component.

Question 2

Is Unstructured data non-flexible?

Answer 2

Yes, it is Non-flexible

Question 3

Does ERM 2017 address the issue of compliance with laws, rules, and regulations?🤨

Answer 3

No. That was the main objective of 2004 ERM COSO framework😉

Question 4

Is improving resource deployment among the BOD oversight responsibilities?

Answer 4

No. This is rather one of the benefits of ERM implementation throughout the organization😁

Question 5

What is ERM according to COSO?

Answer 5

“a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and
manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Question 6

What are Internal control objectives?

Answer 6

(a) Effectiveness and efficiency of operations
(b) Reliability of financial reporting
(c) Compliance with applicable laws and regulations

Question 7

What are the types of Control activities?

Answer 7

a. Segregation of duties
b. Authorization
c. Review and verification
d. Information processing controls
e. Retention of records
f. Reconciliation
g. Physical security of assets
h. Education, training, and monitoring
i. IT security
j. Top-level reviews

Question 8

what are the Internal control Limitations?

Answer 8

1- lack of segregation of duties due to staff size.
2- judgment of employees ( lack of time and pressure to provide a rapid response)
3- Breakdowns in communication
4- Collusion
5- Management Override

Question 9

what is Control precision as defined by SOX 2002?

Answer 9

Control precision is the alignment between a risk and the control activity designed to mitigate that risk. direct influence —> more precise.

Question 10

what is Control sufficiency as defined by SOX 2002?

Answer 10

Control sufficiency is a group of controls with a variety of degrees of precision necessary to achieve a control objective.

Question 11

what is top-down risk assessment (TDRA)?

Answer 11

A TDRA is a set of steps used to identify and assess financial reporting elements, related risks, and internal control procedures meant to limit those risks.

Question 12

what is The purpose of the TDRA (top-down risk assessment?

Answer 12

The purpose of the TDRA (top-down risk assessment) is for the company to analyze the internal controls currently in place and to assess the effectiveness of those controls to avoid material misstatement in the firm’s financial reporting.

Question 13

what are the 5 components of Internal Control?

Answer 13

1. Control Environment.
2. Risk Assessment.
3. Control Activities.
4. Information and Communication.
5. Monitoring.

Question 14

what are internal control principles under the Control Environment component?

Answer 14

(1) Demonstrates commitment to integrity and ethical values
(2) Exercises oversight responsibility
(3) Establishes structure, authority, and responsibility
(4) Demonstrates commitment to competence
(5) Enforces accountability

Question 15

what are internal control principles under the Risk Assessment component?

Answer 15

(6) Specifies suitable objectives
(7) Identifies and analyzes risk
(8) Assesses fraud risk
(9) Identifies and analyzes significant change

Question 16

what are internal control principles under the Control Activities component?

Answer 16

(10) Selects and develops control activities
(11) Selects and develops general controls over technology
(12) Deploys through policies and procedures

Question 17

what are internal control principles under the Information and Communication component?

Answer 17

(13) Uses relevant information
(14) Communicates internally
(15) Communicates externally

Question 18

what are internal control principles under the Monitoring component?

Answer 18

(16) Conducts ongoing and/or separate evaluations

(17) Evaluates and communicates deficiencies

Question 19

What are the elements of Fraud Triangle?

Answer 19

Incentive
Opportunity
Rationalization

Question 20

what are the types of risk?

Answer 20

. Inherent risk: the risk that exists before management takes any steps to control the likelihood or impact of a risk.

. Residual risk: the risk that remains after management reacts to the risk, such as by implementing internal controls.

Question 21

what is the difference between Inherent risk and Residual risk?

Answer 21

Inherent risk is the risk that exists before management takes any steps to control the likelihood or impact of a risk.

Residual risk is the risk that remains after management reacts to the risk, such as by implementing internal controls.

Question 22

What is PCAOB role?

Answer 22

PCAOB is in charge of overseeing , regulating , inspecting and disciplining accounting firms in their roles as auditors of public companies.

Question 23

How to prioritize risks using statistical risk ranking methodology?

Answer 23

R (Rating) = L( Liklihood) * S (severity)

Question 24

What are ERM 2017 components?

Answer 24

think; SPRING

S 1- Strategy and objective-setting

P 2- Performance

R 3- Review and revision

IN 4- information, communication and
reporting.

G 5- Governance and culture

Question 25

According to COSO 2017, what is the definition for the performance component?

Answer 25

The performance component identifies and assesses risks that may impact the achievement of strategy and business objectives.

Question 26

what are The objectives of the ERM framework?

Answer 26

The objective of the ERM framework is to achieve all the goals of the control framework and help the organization to:

a. attain reasonable assurance that company objectives and goals are achieved and problems and surprises are minimized,
b. continuously assess risks and identify the appropriate action to take and the resources to allocate to overcome or mitigate risk,
c. achieve its financial and performance targets, and
d. avoid adverse publicity and damage to the entity’s reputation.

Question 27

How does the ERM framework help an entity’s management achieve its objectives?

Answer 27

ERM focuses on 4 overlapping objective categories:

1. Strategic: Ensure that high-level goals support the entity’s mission.
2. Operations: Ensure resources are used effectively and efficiently.
3. Reporting: Ensure reliable reporting.
4. Compliance: Ensure compliance with laws, rules, and regulations.

Question 28

what are the ERM framework limitations?

Answer 28

1- faulty human judgment in decision-making.
2- costs and benefits.
3- collusion.
4- management override.

Question 29

when Internal controls are likely to fail?

Answer 29

Internal controls are likely to fail if they are not designed and implemented properly, are static in nature (i.e., the control does not adapt to changes in the operating environment), or change operationally.

Question 30

what is Program documentation?

Answer 30

Program documentation serves to improve communication, provides reference material for past actions, provides a guide for system maintenance, serves as a tool for training, and reduces the impact of turnover. As a control device, it helps to keep programs up to date and performing as intended.

Question 31

What are the principles under the Governance and Culture component of the ERM 2017?

Answer 31

1. Exercises board risk oversight
2. Establishes operating structures
3. Defines desired culture
4. Demonstrates commitment to core values
5. Attracts, develops and retains capable individuals

Question 32

What are the principles under the Strategy and Objective-Setting component of the ERM 2017?

Answer 32

6. Analyzes business context
7. Defines risk appetite
8. Evaluates alternative strategies
9. Formulates business objectives

Question 33

What are the principles under the Performance component of the ERM 2017?

Answer 33

10. Identifies risk
11. Assesses severity of risk
12. Prioritizes risks
13. Implements risk responses
14. Develops portfolio view

Question 34

What are the principles under the Review and Revision component of the ERM 2017?

Answer 34

15. Assesses substantial change
16. Reviews risk and performance
17. Pursues improvement in ERM

Question 35

What are the principles under the Information, Communication, and Reporting component of the ERM 2017?

Answer 35

18. Leverages information systems
19. Communicates risk information
20. Reports on risk, culture, and performance

Question 36

What are Inventory carrying costs?

Answer 36

• Storage cost
• Insurance Cost
• Opportunity cost of Inventory investment.

Question 37

what os The balance of payments (BOP) of a country?

Answer 37

he balance of payments (BOP) of a country is the record of all economic transactions between the residents of the country and the rest of the world in a particular period

Question 38

what’s An integrated test facility?

Answer 38

An integrated test facility is a technique that allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about the operating effectiveness of the software.

Question 39

Sarbanes-Oxley and Loans to officers

Answer 39

Sarbanes-Oxley amends securities laws to prohibit an issuer from making personal loans to officers and directors.