Exam 1 Study Guide Flashcards
COSO
Top: Operations Financial Reporting Compliance Side: Monitoring Information and Communication Control Activities Risk Assessment Control Environment
Monitoring
internal auditors
information & Communication
ERP system, policies and procedures that tell employees how to act
control activities
putting in place activities that prevent fraud
risk assessment
Entity Level Objectives - organizational view
Activity Level Objectives - activity view
Risks- make assertions, likelihood, impact
Controls - activities that prevent fraud
system
a network of parts that work together to make something
information system
converts data into information
batch processing
.requires that all similar transactions are grouped together for a specified time, and then this group of transactions is processed as a batch
Real Time/OL
the transaction is processed immediately
data levels
bit, byte, field, file/tables, relational
management information system
provides info that tells how the managers are doing
accounting information system
comprises the processes, procedures, and systems that capture accounting data from business processes; record the accounting data in the appropriate records; process the detailed accounting data by classifying, summarizing, and consolidating; and report the summarized accounting data to internal and external users
COSO
Committee of Sponsoring Organizations
COBIT
.Control Objectives for Information and related Technology
ERM
Enterprise risk management, includes methods to manage risk
AIS Flow
Source Documents Journals: special, general Ledgers: sub, GL Closing Reporting
Audit Trail
source document, involves numbering of documents and authorization
Control Environment
tone of the organization, code of ethics elements: integrity and ethical values Corp governance Management Philosophy Org Structure Assignment of Authority HR Policy and Practices
corporate governance
an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process
Audit Commitee
structures: component of the board that is independent of the company, not paid by the organization
roles: hires external/internal auditors and oversees audit activity
Code of Ethics
SOX requires that all public companies have a code of ethics stated
Whistleblowing
Dodd Frank,
SOX 806: made a way for whistleblowers to tell on their companies
Risk Prevention what can we do
Have Stewardship(safeguarding of assets)
Provide fair and transparent and full reporting and disclosure
Design and implement internal controls
Enforce a code of Ethics
Types of fraud
misstatement
misappropriation
misstatement
manipulation of records
collusion
two people working together to commit fraud
misappropriation
taking assets
fraud triangle
Incentive Opportunity and rationalization
categories of fraud
management - override
employee - taking assets
customer - returning stolen goods
vendor - shipping, getting paid more than earned
Examples of fraudulent financial reporting
smooth earnings - saving earnings for next quarter revenues - making it up omitted disclosures/exp Window dressing Pad assets Off balance sheet
examples of why people commit fraud
company man promotion bonus keep bank off back meet analyst
types of employee fraud
take inventory take cash(skimming - before being entered, larceny - after entered), AP manipulation, AR manipulation, payroll fraud, expense account/purchase card
customer fraud
credit cards, bad checks, refunds
vendor fraud
duplicate invoices, collusion/bribes, push unwanted inventory, bill for goods/services not delivered
Internal Computer fraud
improper access, change account info, change financial info
External Computer Fraud
hacking, spoofing/phishing
Code of Ethics
required by SOX 2002, obey laws and regs honest, fair trustworthy conduct avoid conflicts of interest safe work environment protect external environment books and records signed statement
internal control objectives
safeguard assets
accurate and fair accounting
operational efficiency
comply with laws/ regs
types of controls
preventative
detective
corrective
COSO framework
Monitoring Info and Comm (AIS) Control Activities Risk Assessment Control Environment
risk can we get rid of it?
we can’t reduce it to zero, but we can mitigate it
risk assessment
entity-wide objectives - organization objectives
Activity wide objectives - department objectives
Risks - what is the likelihood and impact
Managing Change - keeping up with changes
process
procedures that originate, transfer or change accounting data ex: take an order calculate payroll apply standard costs prepare financial statements
controls
procedures designed to prevent or detect errors resulting from the processing of accounting information.
documentation of processes
internal control
data flow diagrams
use symbols to represent processes, etc, represents the logical elements of a system, not the physical system, the entity is a box the process is a N over a process description
document flowcharts
illustrate relationship among processes and the documents that flow between them, contains more detail than data flow diagrams, clearly depicts the separation of functions in a system
systems flowcharts
represent relationship between key elements input sources, programs, and output products of a computer system, have to know
hard copy symbol: rectangle with piece ripped off the bottom
computer process: complete rectangle
terminal input/output device: rectangle with the top cut off diagonally
direct access storage device - cylinder
assertions
revenue - existence
AP - Completeness
Inventory - existence
Inventory - valuation
How many members of a board must not be and cannot have been CPA’s
3
How many audits must a firm conduct to require annual quality reviews by the PCAOB
100
To whom can document and info related to PCAOB investigations and proceedings be made available?
SEC, US Attorney General, and federal agencies
Penalties for certifying a misleading or fraudulent financial report?
20 yrs of prison 5M
If a foreign accounting firm only audits part of a US company and the primary auditor relies on their work, is the foreign firm subject to registrations with the board?
Yes
By whom are the boards findings and sanctions subject to review?
the SEC and any advisory groups convened in connection with standard setting
What are the 5 requirements a standard setting body must meet in order for the SEC to recognize its standards as “generally accepted”?
(1) be a private entity;
(2) be governed by a board of trustees (or equivalent body), the majority of whom are not or have not been associated persons with a public accounting firm for the past 2 years;
(3) be funded in a manner similar to the Board;
(4) have adopted procedures to ensure prompt consideration of changes to accounting principles by a majority vote;
(5) consider, when adopting standards, the need to keep them current and the extent to which international convergence of standards is necessary or appropriate.
What type of companies may make loans to its directors and executive officers? Sec 402(a)
Consumer credit companies may make home improvement and consumer credit loans and issue credit cards to its directors and executive officers if it is done in the ordinary course of business on the same terms and conditions made to the general public.
How long do a director, officer, and 10% owner have to report transactions involving management and principal stockholders?
by the end of the second business day on which the transaction occured
When may the pre-approval requirement be waived for non-audit services?
Sec 201
The pre-approval requirement is waived with respect to the provision of non-audit services for an issuer if the aggregate amount of all such non-audit services provided to the issuer constitutes less than 5 % of the total amount of revenues paid by the issuer to its auditor (calculated on the basis of revenues paid by the issuer during the fiscal year when the non-audit services are performed), such services were not recognized by the issuer at the time of the engagement to be non-audit services; and such services are promptly brought to the attention of the audit committee and approved prior to completion of the audit.
payroll process
separate authorization, recording, and process
initiation - hiring an employee
authorization - something that starts this
processing
recording
custody - giving power to individuals, custody of assets, ex: power to get assets
review/recon
duty
control activities
authorization(preventative)
documentary controls(audit trail)
safeguarding of assets
reconciliation and review of analysis
revenue
existence assertion risks significance, likelihood follow the cycle to see the document trail cycle assertion risk
Management Assessment of Internal Controls.
Requires each annual report of an issuer to contain an “internal control report”, which shall:
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the issuer’s fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
Each issuer’s auditor shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this section shall be in accordance with standards for attestation engagements issued or adopted by the Board. An attestation engagement shall not be the subject of a separate engagement.
The language in the report of the Committee which accompanies the bill to explain the legislative intent states, “—the Committee does not intend that the auditor’s evaluation be the subject of a separate engagement or the basis for increased charges or fees.
Directs the SEC to require each issuer to disclose whether it has adopted a code of ethics for its senior financial officers and the contents of that code.
Directs the SEC to revise its regulations concerning prompt disclosure on Form 8-K to require immediate disclosure “of any change in, or waiver of,” an issuer’s code of ethics.
Corporate Responsibility for Financial Reports.
The CEO and CFO of each issuer shall prepare a statement to accompany the audit report to certify the “appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer.” A violation of this section must be knowing and intentional to give rise to liability.
Corporate Responsibility for Financial Reports
criminal penalties for certifying a misleading or fraudulent financial report. Under SOX 906, penalties can be upwards of $5 million in fines and 20 years in prison.
felony to knowingly
destroy financial documents
whistle blowers
are protected and they can go to an organization and let them know about the fraud
