Section I Flashcards
Corporate values
An organization’s standards of behavior
Compliance
The conformity and adherence to policies, plans, procedures, laws, contracts, regulations, or other requirements.
Governance
The combination of processes and structures implemented by the board in order to inform, direct, manage, and monitor the activities of he organization toward the achievement objectives.
Starts at the top with the Board of Directors.
Internal Audit activity
A department, division, team of consultants, or other practitioners that provide independent, objective assurance and consulting services designed to add value and improve the organization’s operations.
What aspects of the organization’sgovernance initiatives overlap?
- Compliance with legal or regulatory requirements
- Internal control assessment and reporting
- Enterprise risk management
- Quality initiatives (i.e., continuous improvement)
- Transparency and disclosure
- Governance structure and processes
Risk appetite
A set of policies and performance indicators to measure willingness to take on risk or avoid risk.
Enterprise risk management
A structured, consistent, and continuous process across the whole organization for identifying, assessing, deciding on responses to, and reporting on opportunities and threats that affect the achievement of its objectives.
i.e., assesses organizational risk and mitigation strategies
Who is responsible for establishing and maintaining the organization’s governance processes and obtaining assurances concerning the effectiveness of the risk management and control processes?
The board of directors
Internal auditor
An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations; brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Key organizational governance responsibilities and activities of the Board of Directors
- establishes the ‘tone at the top’ and serves as the focal point for all governance activities (t)
- implements governance best practices (b)
- oversees organizational activities (doesn’t manage them) (o)
- assumes ultimate accountability and responsibility for the performance and affairs of the organization, effective risk management practices, and setting the risk appetite. (A)
AT BO
Key organizational governance responsibilities and activities of senior management
- sets strategic decisions and establishes an entity’s value system
- provides assurance that risks are managed as part of the risk management process, operations are monitored, results are measured, and corrective actions are implemented in a timely manner.
Key organizational governance responsibilities and activities of operations management
- deploys strategy, enforces internal controls, and provides direct supervision for areas under its control
- is accountable to executive management, and ultimately to then board, for implementing and monitoring risks management process and establishing effective and appropriate internal control systems.
Key organizational governance responsibilities and activities of the internal auditors
- perform independent and objective assessments to provide assurance that governance structures and processes are designed properly and are operating effectively.
- provide advice on potential improvements to governance structures and processes
- coordinate their work with the external auditors to maximize efficiencies and avoid duplication of efforts.
Key organizational governance responsibilities and activities of the external auditors
- provide independent assurance on the financial statement preparation and reporting activities, in accordance with applicable regulations and accounting principles.
- coordinate their work with that of the internal auditors to maximize efficiencies and avoid duplication of efforts.
Financial Modernization Act of 1999
- aka Gramm-Leach-Bliley Act
- protect customer’s personal financial information held by financial institutions
- governs the collection and distribution of customer’s financial information
- requires institutions to protect customer financial data