Governance, Risk, and Compliance

Question 1

Describe SOX Section 201

Answer 1

Prohibits external auditors from performing non audit services

Question 2

Describe SOX Section 203

Answer 2

The lead audit partner should be rotated every 5 years

Question 3

Describe SOX Section 204

Answer 3

The audit firm must report findings/recommendations back to the audit committee in a timely manner.

Question 4

Describe SOX Section 302

Answer 4

Corporate responsibility for financial reports should be taken by the principal officers.

Question 5

Describe SOX Section 404

Answer 5

Annual reports must contain managements assessment of internal controls & the responsibility for certifying and maintaining them.

Question 6

Describe SOX Section 407

Answer 6

One member of the audit committee should be a financial expert.

Question 7

Identify the 5 major components of COSO

Answer 7

CRIME:
Control Activities
Risk Assessment
Information & Communication
Monitoring
Control Environment

Question 8

Describe Control Enviroment

Answer 8

Sets the tone of an organization. Foundation for all other components such as internal control, discipline & structure.

Question 9

Describe Risk Assessment

Answer 9

identification & analysis of relevant risk to achievement of objectives, forming a basis for determining how the risks should be managed.

Question 10

Describe Control activies

Answer 10

the policies & procedures that help ensure that management directives are carried out.

Question 11

Describe Information & communication

Answer 11

Identification, capture, & exchange of information in a form & time frame that enables people to carry our their responsibilities.

Question 12

Describe Monitoring

Answer 12

A process that assesses the quality of internal control performance over time

Question 13

Describe the types & limits of internal controls

Answer 13

Preventative: Keep errors & irregularities from happening

Detective: Attempts to find errors after they occurred

Corrective: controls placed to correct errors after detection

Directive: Serve to steer positive results (i.e. organic trade)

Compensating: to mitigate lapses & shortcomings in the control framework (independent review or multiple reviewing)

Question 14

Define business continuity planning

Answer 14

Creating a strategy for continuing operations in the event of a major disruption

Question 15

Define the objective of a disaster recovery plan & identify the components.

Answer 15

Steps that should be taken in the event of a major disruption;

Assess Risk, Identify critical components, determine method of recovery, test recovery.

Question 16

Identify & describe system application controls

Answer 16

Input controls: Support complete & accurate input of data by authorized users & identify rejected & duplicate items.

Processing Controls: Preserve the integrity of the inputs while processing.

Output Controls: Address final validity of information plus its dissemination.

Question 17

Identify & Describe Audit risks

Answer 17

Inherent Risk: Likelihood of material misstatement before considering effectiveness of controls.

Control Risk: Likelihood of material misstatement will not be prevented or detected by internal controls

Detection Risk: Errors not detected or prevented by control structure will be missed by auditors.