midterm quiz Flashcards
Is concerned with the responsibilities and obligations of businesses to people.
Corporate Social Responsibility
The application of ethical principles and standards in a business environment.
Business ethics
Arises when an officer or employee of the employing organization takes advantage of their position to improperly obtain an unjust advantage over the interest of the employing organization.
Conflict of Interest
> Non payment of taxes
Deliberate understatement of taxable income
Failure to register one’s business with BIR
Tax evasion
> Paying employee wages below the minimum wage rate
Failure to pay for employee’s social security premiums
Violation of labor and social security laws
> Corporate officers buy and sell company shares by taking advantage of information that I snot yet disclosed to the public
Violation of Securities Regulation Code that governs trading of shares
Insider Trading
> Making and selling a product that is patented by another company (without having a paid franchise fee)
Patent infringement
> Concealing and converting money obtained from illegal source in order to show that it was generated legally
Money-laundering
> Not implementing anti-pollution devices
Letting factory and other wastes flow into bodies of water
Violation of environmental laws
> Obtaining sensitive information including passwords about a person without their consent.
Using said information to make unauthorized bank transactions such as cash withdrawals and money transfers.
Cybercrimes
Modes of communicating the ethical code
- Employee orientation program
- Posting in the company website
- Newsletters and publications
- Bulletins
- Official memoranda
- Employee manual
Major contents of code of ethical conduct
- Company profile
- Objectives of the code of ethical conduct
- Ethical principles adapted by the company
- List of instances of unethical acts
- Process for identifying the threats or risks of unethical acts
- Process for determining whether the threats are significant
- Resolving ethical conflicts
- Reporting of ethical issues and concerns
- Sanctions for violations of the code of ethical conduct
- Approval of the code of ethical conduct
Resolution of Ethical Issues in the field of Accounting
- Identify the Facts
- Identify the ethical issue
- Analyze the alternative courses of action
- Make a decision
The likelihood that an event will occur.
Risk
What does COSO stand for?
Committee of Sponsoring Organizations of the Treadway Commission
What are the types of risk?
- Financial Risks
- Non-financial Risks
The likelihood that a company might incur a financial loss, or suffer a decline in profit, capital, investments, or cash flows, on account of the occurrence of events or transactions
Financial Risks
Types of Financial risks
- Credit risk
- Liquidity risk
- Market risk
> Interest rate risk
> Foreign currency risk
> Price risk
The risk that a counter-party such as customer or a borrower might fail to pay its account in the due date.
Credit risk
The risk that the business will be unable to meet its financial obligations as they fall due because of insufficient cash, inability to liquidate assets, or obtain adequate funding given a short period of time.
Liquidity risk
The risk of volatility in the market brought about factors of interest rate, foreign currency, and market prices.
Market risk
The potential decline in earnings and capital arising from changes in interest rates in the market.
Interest rate risk
The risk that fluctuations in exchange rates could affect the profit of the business.
Foreign currency risk
Risk that changes in specific prices (stock, price of other investments) could affect the profit or cash flows of the business
Price risk
Possibility that the business may not be able to generate sufficient revenue, or an increase in production and increased operating costs might occur
Business risk
Types of nonfinancial risks
- Operational risk
- Legal or Compliance risk
- Health and safety risk
- Environmental risk
- Strategic risk
- Reputation risk
The risk that business operations will be disrupted due to inadequate or failed systems, processes, people, breached in internal controls, or other unforeseen catastrophes
Operational risk
The risk that the company might fail to comply with applicable laws and regulations such as tax laws, labor laws, anti-money laundering laws, and environmental laws among others
Legal or Compliance risk
Risk that unforeseen events could result to injuries, illnesses, or even loss of lives
Health and Safety risk
Risk that the company may fail to control or minimize factory wastes, emissions, and other pollutants arising from its business activities.
Environmental risk
Risk of selecting an inappropriate corporate strategy or the failure of implementing an appropriate one
Strategic risk
Risk that reputation or image of the company will be damaged due to reasons such as improper acts of corporate officers, poor financial performance, and bad news about the company among others
Reputation risk
2 risks in the work of professional accountants
- Financial reporting risk
- Fraud risk
The possibility that the financial statements of the company will be incorrect due to errors, lapses, or failure to apply accounting standards such as the IFRS
Financial reporting risk
The risk arising from deceptive and intentional acts that result to loss of company assets, resources, and reputation.
Fraud risk
Is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events, that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Enterprise risk management
Roles in the risk management process
- Board of Directors
- Management
- Internal auditors
- Other personnel
Conducts oversight of the effectiveness of the company’s risk management process.
Board of Directors
Implements specific risk mitigation and control procedures in managing the various types of risks affecting the company
Management
Conducts examination of the risk management process for the purpose of determining its effectiveness over time
Internal auditor
Implements specific tasks and duties pertaining to the processes within the their departments.
Other personnel
The level of risk that the company can accept in pursuit of its objectives
Risk appetite
Steps in Risk Management process
- Setting of Business objectives
- Identify the risks
- Assess the risks
- Respond to the assessed risks
- Implement the risk response
- Monitor the risk management process
Kinds of business objectives:
- Strategic objectives
- Operational objectives
- Reporting objectives
- Compliance objectives
High-level goals aligned with and support the organization’s mission and long-term vision
Strategic objectives
Are goals that are related to the effective and efficient use of corporate resources
Operational resources
Goals relating to the reliability and transparency of corporate resources
Reporting objetcives
Goals relating to compliance and conformity with applicable laws and regulatory requirements.
Compliance objectives
After setting the various objectives of the business, the risks or threats to the achievement of those objectives are identified.
Risk identification
Produce a comprehensive listing of all risks affecting the company.
Risk matrix
Two dimensions of risk
- Likelihood
- Impact
The significance or magnitude of the negative effect of the risk to the company
Impact
The probability that the event will occur
Likelihood
Analyzing the risk in terms of “likelihood” and “impact is called…
Risk assessment
Possible responses to assessed risks:
- Accept
- Reduce
- Share
- Avoid
Tolerating or accepting the risk is permissible only if it is of minor effect to the business.
Accept
Risks that are likely to happen or those that are expected to have a significant impact on the business cannot simply be accepted.
Reduce
Sharing or transfer the risks to some other entity such as an insurance company
Share
The right response when management thinks that mere reducing it is not enough
Avoid
Risk Management frameworks
- ISO 31000 Risk Management
- COSO (ERM)
Who formulated ISO 31000 Risk Management?
International Organization for Standardization
Provides a set of principles and guidelines for the design, implementation, and evaluation of the risk management process for companies across industries.
ISO 31000 Risk Management
Steps under ISO 31000 Risk Management
- Identification of all risks that could prevent the company from achieving its business objectives
- Analysis of risks including an understanding of its causes and effects
- Determination of whether identified risks are tolerable or not
- Treatment of significant risks by way of mitigating procedures and thereby reducing the impact and the likelihood of the risk
- Monitoring the risk management strategy and implementation to determine gaps that should be addressed
- Communication of information pertaining to the risk management process of the company
8 components of COSO Enterprise Risk Management
- Internal environment
- Objective setting
- Event identification
- Risk assessment
- Risk response
- Control activities
- Information and communication
- Monitoring
This component reflects the company’s risk management philosophy, risk appetite, board oversight, commitment to ethical values and competence of the human resource, and the assignment of authority
and responsibility.
Internal environment
component of enterprise
risk management that
deals with what the entity
seeks to achieve.
Objective setting is a
prerequisite to the
identification and
assessment of risks.
Objective setting
component of risk
management whereby
management identifies
potential events, internal
or external, which may
affect the company’s
ability to achieve its
strategic, operational,
reporting and compliance
objectives.
Event identification
evaluation of the
identified risks through
assessing their
“likelihood” and impact”
to the company.
Risk assessment
component of enterprise
risk management that
deals with what management plans to do
with the assessed risks.
Responses could be to
accept, mitigate, share, or avoid the risk
Risk response
these are specific risk
management policies and
procedures throughout
the organization, at all
levels and in all functions,
to ensure that risk
responses are properly executed.
Control Activities
component of enterprise
risk management that
identifies, captures, and
communicates pertinent
information from internal
and external sources to
enable personnel in
carrying out their
responsibilities.
Information and Communication
ongoing activities and
separate evaluations that
aim to assess both the
existence and effective
functioning of the risk
management
components and the
quality of their performance overtime.
Monitoring
Types of Risk Assessments
- Assigning risk ratings
- Assessment of likelihood
- Assessment of Impact
- Risk Maps
- Combined Assessments and Risk Response
pertains to the probability of the occurrence of an event.
Likelihood
pertains to the magnitude, significance, or consequence of the event or risk to the
company.
Impact
a visual representation of
assessed risks whereby significant and
insignificant risks are distinguished through
color-coding.
Risk Map
risk maps can be interpreted as:
- Low likelihood / Low impact
- High likelihood / High impact
- High likelihood / Low and High impact / Low likelihood
If low likelihood / Low impact
Accept the risk
If high likelihood / high impact
mitigate
share
avoid
if high likelihood / low impact and high impact / low likelihood
reduce
2 ways monitoring is done
- ongoing monitoring activities
- separate evaluations
