SU2: Fraud and Risk Flashcards
List the four primary controls
Prventivve, detective, corrective, directive
List secondary controls
compensatory (mitigative), complementary
Preventive Controls
Deter the occurrence of unwanted events
Detective controls
Alert the proper people after an unwanted event
Corrective
Correct the negative effects of unwanted events
Directive
Cause or encourage the occurance of a desirable event
ERM is defined as
The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
ERM Roles and Responsibilities
Audit committee, a risk committee, an executive compensation committee and a nomination or governance committee
Three lines of management risk accountability
principal owners of risk, business enabling functions (risk officer), assurance (internal audit)
Risk oversight is most effective when it is…
Independent of the organization
Five interrelated components of the COSO framework
Governance and Culture, Strategy and Objective Setting, Performance, Review and Revision, Information/Communication and Reporting
What are the two supporting aspect components of the COSO ERM Framework
Governance and Culture, Information Communication and Reporting
What are the three common process components of the COSO ERM framework
Performance, Review and Revision, Strategy and Objective Setting
Risk response categories
AARPS (acceptance, avoidance, avoidance, reduction, pursuite, sharing)
Management considers risk appetite for all of the following reasons
Aligning with development of strategy.
Aligning with business objectives.
Prioritizing risks.
Implementing risk responses
List the six categories of the external risk environment
PESTLE, Political, Environmental, Social, Technological, Legal, Economic
What are the five limitations of ERM?
Faulty human judgement, cost-benefit considerations, simple errors or mistakes, collusion and management override
A risk profile is a view of the relationship between
Risk and Performance
List 5 red flags that might indicate fraudulent financial reporting
Performances too bad or too good to be true
Threat of imminent bankruptcy, foreclosure, or hostile takeover
High turnover of senior management, counsel, or board members
Nonfinancial management’s excessive participation in selecting accounting principles or determining estimates
Strained relationship with the auditor
Known history of securities laws violations
Industry or market declines
Poor cash flows
Significant related party transactions not in the ordinary course of business
Highly complex transactions
Transactions in tax-haven jurisdictions
Unrealistic sales or profitability incentives
Unusually rapid growth
Pressures to meet analysts’ earnings expectations
List 5 Red flags that might indicate misappropriation of assets
Missing documentation for transactions
Large amounts of cash on hand
High-valued, small-sized inventories or other assets
Unexplained budget variances
Failure of certain employees to take vacations
Unusual write-offs of receivables
Failure to follow up on past-due receivables
Shortages in delivered or received goods
Poor supervision
Products or services purchased in excess of needs
Payroll checks with a second endorsement
Employees on the payroll who do not sign up for benefits
Undocumented petty cash expenditures
Common addresses on payables, refunds, or payments
Addresses or telephone numbers of employees that match with suppliers or others
Complaints by customers
List the elements of the legal definition of fraud
A false representation of a material fact, made with the knowledge of its falsity or without sufficient knowledge on which to base this representation, a persons action on the represenation, the person acting incurs damages because of the reliance on false representation.
If a companys assets are fully funded by equity (no debt), the company has no <> risk
Financial risk
An entity defines its risk appetite in which component of the coso ERM framework
Strategy and Objective setting