Management's Fraud-Related Responsibilities Flashcards
Which of the following is one of the interrelated components of a company’s internal control system, as laid out by COSO?
A. Ethical culture
B. Independent oversight
C. Assurance function
D. Risk assessment
D. Risk assessment
COSO’s Internal Control—Integrated Framework identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether 1) each of these five components is in place and functioning effectively and 2) the five components are operating together in an integrated manner.
Which of the following is INCORRECT regarding the code of ethics requirements under the Sarbanes-Oxley Act?
A. The SEC believes that determining the particular sanctions for violations of the code of ethics is best left to the discretion of the company.
B. Companies must make publicly available the portions of their code of ethics that address the ethical considerations that apply to senior financial officers.
C. The SEC has laid out specific language that must be included in all public companies’ code of ethics for senior financial officers.
D. Public companies must disclose in their annual report whether they have adopted a code of ethics for senior financial officers, and if they have not, they must explain their reasoning
C. The SEC has laid out specific language that must be included in all public companies’ code of ethics for senior financial officers
As required by the Sarbanes-Oxley Act, public companies must disclose in their annual report whether they have adopted a code of ethics for senior financial officers, and if they have not, they must explain their reasoning. The SEC believes that the establishment of the detailed provisions of the code of ethics is best left to the discretion of the company. Therefore, the rules do not specify any detailed requirements, particular language, compliance procedures, or sanctions for violations that must be included in the code of ethics. The SEC does, however, encourage the adoption of codes that are broader and more comprehensive than necessary to meet the new disclosure requirements.
In addition to the disclosure of the existence of the code of ethics in the annual report, the rules require that companies make publicly available the portions of their code of ethics that address the ethical considerations contained within the definition of code of ethics that apply to the senior financial officers.
A corporation cannot be held criminally liable for its employees’ actions if there were specific policies in place that prohibited the activity undertaken by the employees. T/F
False
A corporation can be held criminally responsible for criminal acts committed by its employees even if those in management had no knowledge of or participation in the underlying criminal events and even if there were specific policies or instructions prohibiting the activity undertaken by the employees. The acts of any employee, from the lowest clerk on up to the CEO, can impute liability upon a corporation. In fact, a corporation can be criminally responsible for the collective knowledge of several of its employees even if no single employee intended to commit an offense.
Under Section 404 of the Sarbanes-Oxley Act, public companies must include all of the following in their annual report EXCEPT:
A. Management’s assessment of the effectiveness of the company’s internal controls over financial reporting
B. A statement identifying the framework used in performing the assessment of the effectiveness of internal controls over financial reporting
C. A report explaining any discovered deficiencies in the company’s internal controls over financial reporting
D. A statement of management’s responsibility for establishing and maintaining adequate internal controls over financial reporting
C. A report explaining any discovered deficiencies in the company’s internal controls over financial reporting
Under Section 404 of the Sarbanes-Oxley Act, public companies must issue an internal control report within their annual report containing:
• A statement of management’s responsibility for establishing and maintaining adequate ICOFR
• A statement identifying the framework used by management in performing the assessment of the effectiveness of ICOFR
• Management’s assessment of the effectiveness of the company’s ICOFR
• A statement that the independent auditor has issued an attestation report on management’s assessment of the company’s ICOFR
Which of the following is NOT one of the principles involved in the risk assessment process, as laid out by COSO?
A. Assessing changes that could significantly impact the internal control system
B. Setting clear organizational objectives
C. Considering the potential for fraud
D. Conducting ongoing monitoring of the risk management strategy
D. Conducting ongoing monitoring of the risk management strategy
According to the COSO Framework, “Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives.” Risk assessment involves the identification and assessment of the risks the entity faces in achieving its organizational objectives. This process is dynamic and iterative, and it forms the basis for determining how risks will be managed.
According to COSO, the risk assessment involves the following principles:
• The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to the objectives.
• The organization identifies risks to the achievement of its objectives across the entity and analyzes these risks as a basis for determining how the risks should be managed.
• The organization considers the potential for fraud in assessing risks to the achievement of objectives.
• The organization identifies and assesses changes that could significantly impact the system of internal control.
COSO identified five interrelated components of \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. Fraud B. Professional development C. Internal control D. Ethical theories
C
The U.S. Corporate Sentencing Guidelines set forth seven factors that are minimally required for a corporate compliance program to be considered effective. These factors include which of the following?
A. Appropriate incentives for compliance with the program
B. Due diligence in the hiring process
C. Monitoring and periodic evaluation of the compliance program
D. All of the above
D
In a public company, the CEO should be charged with having primary responsibility for the oversight of the company’s compliance program. t/f
f
If a board of directors exists, such as in a public company, the board must be knowledgeable about the content and operation of the compliance program and oversee its implementation. Accordingly, it is preferable for the board of directors or one of the board’s committees to control the organization’s compliance program. For instance, many companies place their compliance programs under the control of audit committees. There are four principal benefits to this practice:
The involvement of the board of directors lends an air of authority to the compliance program. It clearly identifies the program as a matter of company policy.
The involvement of a board committee provides oversight to the operation of the program by personnel who are not involved in the program’s day-to-day operation.
Efforts to implement an effective compliance program can be documented in the committee’s meeting minutes. This documentation can prove useful if the company ever has to defend its actions and seek mitigation of a criminal fine.
The involvement of those board members who are on the audit committee will help ensure that the board is knowledgeable about the content and operation of the compliance program.
Which of the following parties is ultimately responsible for the prevention and detection of fraud within an organization? A. Management B. External auditors C. Internal auditors D. Board of directors
A
Which of the following is INCORRECT regarding the code of ethics requirements under the Sarbanes-Oxley Act?
A. Companies must make publicly available the portions of their code of ethics that address the ethical considerations that apply to senior financial officers.
B. The SEC believes that determining the particular sanctions for violations of the code of ethics is best left to the discretion of the company.
C. The SEC has laid out specific language that must be included in all public companies’ code of ethics for senior financial officers.
D. Public companies must disclose in their annual report whether they have adopted a code of ethics for senior financial officers, and if they have not, they must explain their reasoning.
C
Which of the following is one of the purposes of the U.S. Corporate Sentencing Guidelines?
A. To instruct states on how to sentence corporate offenders for federal crimes
B. To provide guidance for judges when determining whether to convict an organization of a crime for wrongdoing perpetrated by its employees
C. To provide incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct
D. None of the above
C
Which of the following is NOT one of the principles involved in the risk assessment process, as laid out by COSO?
A. Considering the potential for fraud
B. Assessing changes that could significantly impact the internal control system
C. Setting clear organizational objectives
D. Conducting ongoing monitoring of the risk management strategy
D
Harassing an employee of a non-public company for testifying regarding an alleged violation of state securities laws is a violation of the whistleblower protections provided by the Sarbanes-Oxley Act. t/f
f
The Sarbanes-Oxley Act contains two provisions that establish broad protections for corporate whistleblowers:
Section 806 of the Act creates a civil liability for an employer who, out of retaliation, fires, demotes, suspends, threatens, harasses, or discriminates against an employee who provided information or otherwise assisted in an investigation of fraudulent activity. Employees are also protected against retaliation for filing, testifying, participating, or otherwise assisting in a proceeding filed or about to be filed relating to an alleged violation of securities laws and regulations. It should be noted, however, that this provision only covers employees of publicly traded companies and therefore does not provide protection to all whistleblowers.
Section 1107 establishes criminal sanctions for anyone who intentionally retaliates against another party for providing information regarding an alleged federal offense to a law enforcement officer. Unlike the civil liability, the protection provided under Section 1107 applies to all individuals, regardless of where they work.
The Sarbanes-Oxley Act provides both civil and criminal penalties for retaliating against corporate whistleblowers. t/f
t
The Sarbanes-Oxley Act contains two provisions that establish broad protections for corporate whistleblowers. Section 806 creates a civil liability for an employer who retaliates against an employee who provided information or assisted in an investigation of fraudulent activity or violation of securities laws and regulations. This provision only covers employees of publicly traded companies. Section 1107 establishes criminal sanctions for anyone who intentionally retaliates against another party for providing information regarding an alleged federal offense to a law enforcement officer.
The Sarbanes-Oxley Act requires all public companies to adopt a code of ethics for senior financial officers. t/f
f
As required by the Sarbanes-Oxley Act, public companies must disclose in their annual report whether they have adopted a code of ethics for senior financial officers, and if they have not, they must explain their reasoning. The SEC believes that the establishment of the detailed provisions of the code of ethics is best left to the discretion of the company. Therefore, the rules do not specify any detailed requirements, particular language, compliance procedures, or sanctions for violations that must be included in the code of ethics. The SEC, however, does encourage the adoption of codes that are broader and more comprehensive than necessary to meet the new disclosure requirements.