Study Unit 1 Flashcards
Articles of incorporation include
corporation name # shares authorized street address of corporation's initial registered office name of registered agent @ office name & address of each incorporator
Additional provision aoi may include
purpose & power of corp
internal mgt
subject matter allowed to be addressed in the bylaws
bylaws
provision for managing the business
states authorirty of officers/directors, selection process, term length, pay, how to decide to issue new stock
Shareholders
- required to hold annual meeting, need special meetings for important issues (mergers, etc.)
- @ annual meeting may amend aoi, vote, elect/remove officers
BOD
- select/remove officers
- decisions wrt capital structure
- add/amend/repeal bylaws
- initiate changes (m&a)
- decide to declare/distribute dividends
- set mgt comp
- coordinate audit activities
- evaluate & manage risk
Fiduciary duty
Directors owe fiduciary duty
fiduciary- legal duty to act for benefit of corp, held to higher std of care
fiduciary duty req directors & officers to be
-act in corp best interest, be loyal, use due diligence wrt responsibilities, disclose conflicts of interest
Officers
resp for day to day ops
CEO selected by & report to BOD
CEO selects other execs; officers are agents (fiduciary duty)
internal auditors
IA assess make recomm for improving governance to achieve
- promote ethics & values
- ensure effective org performance mgt & accountability
- communicate risk & ctrl info
- coordinate activities/info among BOD, ext/int auditors, mgt
Audit committee
- address complaints wrt acctg & audit
- receive reports about acctg policies, material alt treatments, effects of at disclosures, treatments preferred by ext auditors
Section 302
-f/s free from material misstatements
-responsible for IC & evaluate for effectiveness
-inform audit committee & auditors of significant ctrl def, fraud (material or not)
-significant changes were (or weren’t) made wrt IC (including corrective ctrl)
intentional violations can result in forfeiting bonus/incentive based compensation
Section 404
report contains statement by CEO/CFO that includes
- mgt takes responsibility for establish/maintain system of IC
- name of IC model used to design/assess effectiveness (COSO)
- evaluate IC effectiveness
- statement pubic acctg firm registered w/ PCAOB
Section 407
each audit committee must have financial expert if not, disclose reason
financial experts must
-know GAAP & F/S
-experience in prep of F/S of comparable issuers & application of principles wrt acctg estimates, etc.
-experience w/ internal acctg ctrls
-understand audit committee functions
Section 906
corp responsibility for financial reports
certify filings into U.S. Code
criminal penalties for unkwnowing & knowing noncompliance for filing
-knowing- fines up to $5M and/or up to 20 yrs in prison
-unknowing- fines up to $1M and/or up to 10 yrs in prison
Whistleblowers
SOX & Dodd-Frank, SEC may pay for info other than from audit or investigation
- may sue retaliating employers
- claims asserted for up to 180 days
- trial by jury allowed
- rights & remedies can’t be waived (i.e. employment contract)
Internal Control & it’s objectives
- has 3 classes of objectives (ORC)
- ongoing
- effected by all ppl in org
- provide only reasonable assurance
- adaptable to entity’s structure
Operations (mission)
-improving financial perf, productivity, quality, innovation, customer satisfaction
-includes safeguarding assets (assist in risk assessment; avoid waste/inefficiency)
Pitch Perfect is quality comedy (P P I Q C)
Reporting
- timely, reliable info needed for DM & stakeholders
- relate to financial/nonfinancial & internal/external reporting
Compliance
subject to laws/regs that have minimum stds of conduct
-compliance with internal policies/procedures is an operational objective
Control Environment
- Integrity & ethical values (tone @ top, stds of conduct, perf eval, correct deviations)
- oversight (operates independently)
- establ of structures, reporting lines, authorities & resp (design, assign, limit authority)
- commitment to attract, develop, retain competent indiv
- org holds indiv accountable
Risk Assessment
assessment of risk & need to manage org change
principles
specifies objectives to ID & assess objectives
ID & analyze risk,
assess fraud risk,
ID & assess changes that affect IC
Risk Assessment objectives
operations- mgt choice, risk tolerance, op & financial perf goals, basis for committing resources
ext f.reporting- comply w/ stds, materiality, reflect activities
ext nonf reporting- comply w/ stds/frameworks, consider preclusion, reflect activities
internal reporting- mgt choices, precision, reflect activies
compliance- ext laws/regs, risk tolerance
Control Activities
policies, procedures ensure mgt directive carried out.
applied @ various level
preventive or detective, segregation of duties
3 principles of control activities
select/develop c.a. to mitigate risk
select/develop general c.a. over tech to support achievement of objectives
deploys c.a. thru policies that establish expectations & procedures that put policies into action
Information & Communication
enable org to obtain info to maintain accountability, measure & review perf
3 principles
- relevant, quality info (ext & int)
- internally communicates info
- communicates with external parties
Monitoring
process assesses quality of IC perf over time to ensure controls continue to meet needs of org
2 principles
-develops & performs ongoing/sep (both) to determine if components IC are present & functioning
-evaluates & communicates ctrl deficiencies
3 components for COSO
establish foundation for monitoring -tone @ top -org structure -baseline for IC effectiveness Design/execute monitoring procedures based on risks to achieve org obj -prioritize risk -ID ctrl -ID persuasive info -implement monitoring procedures assess/report results & include follow up on corrective action -prioritize findings -report results -follow up
Control Baseline
starting point
supported understanding of current system’s design & operation
Change ID
IDs & addresses changes needed
Change management
evaluates design & implementation of changes (establishes new baseline)
Control revalidation
update periodically
revalidates proper operation of system at a time when no known changes occurred
COSO Cube
The rows are the 5 components of IC (CRIME), with the slices representing the 3 objectives (ORC), and the columns representing the 4 parts of org structure (Entity level, division, operating unit, function)
BOD & Its committees responsibility
oversight role
integrity, ethics
need to be objective, have industry knowledge
Senior MGT
CEO- tone @ the top
responsible for design & op of IC
Internal Auditors
consulting & advisory role
evaluates adequacy & effectiveness of IC wrt risks in oversight, ops, Info sys
ERM
extends COSO to enterprise risk mgt
way to integrate & coordinate all risk mgt activities
emphasis on objectives & establ ways to evaluate ERM effectiveness
Risk mgt
Id potential events
manage risk to be w/in risk appetite (degree of willingness of sr mgt to accept risk)
ERM helps mgt to
reach objectives
prevent loss of reputation & resources
report effectively
comply with laws & regs
ERM capabilities
consideration of risk appetite & strategy
risk response decisions (avoid, reduce, share, accept)
reduction of op surprise/losses
multiple & cross enterprise risk (integrated response to multiple risks)
response to opps (mgt respond quickly thru ID potential events)
Deployment of capital
Risk & opportunity
risk- potential negative impact
opportunities- potential positive impact (offset risks)
ERM objectives
Operations- effectiveness/efficiency
Reporting- reliability
Compliance- adherence to laws/regs
Strategic- align w/ & support mission
Strategic & ops affected by ext events
Report & compliance are w/in entity’s control
Components of COSO ERM
Control activities, risk assessment, info & comm, monitoring, control env, risk response, objective setting, internal environment
Risk response
objective setting
internal environment
risk response-consistent w/ risk tolerance & appetite
obj setting- must be complete before events can be ID’d; ensures process established & align w/ mission & appetite
internal- reflects mgt philosophy, appetite, integrity, ethics, overall env
COSO ERM cube
4 objectives (ORCS), 8 interrelated components (CRIME ROI) & org units (Entity level, division, business unit, subsidiary) on the other side
apply approach to each intersection of 3 elements (control activities for reporting objectives at the division level)
Present & functioning fairly
no material weakness
risk w/in appetite
Strategies for risk response
avoidance- get rid of the risk
retentition- accept (self-insurance)
reduction- lowers level of risk (mitigate)
share- transfer some loss potential to another party (insurance)
Risk MGT process
ID risk Assess risk Prioritize risk Formulate response Monitor response
