Term
|
Definition
Combination of people, policies, procedures, and processes that help ensure an entity best meets stakeholder needs |
|
|
Term
|
Definition
persons/entities affected by company's activity |
|
|
Term
components of internal corporate governance |
|
Definition
corp. charters, bylaws, BOD, internal audit |
|
|
Term
external corporate governance |
|
Definition
|
|
Term
|
Definition
provisions for business management and non-conflicting regulations |
|
|
Term
What can shareholders do? |
|
Definition
amend articles, general vote, elect/remove directors (everything else BOD, or management/officers do day-to-day ops) |
|
|
Term
|
Definition
act in client's best interest, loyal, due diligence, disclose conflicts of interest |
|
|
Term
Can conflicting interests exist? |
|
Definition
They are fine if it is fair to corp. and approved by directors w/out conflict. |
|
|
Term
|
Definition
protects officers who acted in good faith |
|
|
Term
Who is given the right of first refusal? |
|
Definition
The corporation. You must first give the company an opportunity to pursue a business idea/venture before you do it. |
|
|
Term
|
Definition
Elect officers, capital structure (debt/equity mix), bylaws, mergers/acquisitions, dividend decisions, management compensation, coordinating audit activities, risk evaluation and management |
|
|
Term
|
Definition
independent committee w/in BOD of 3 people (one of which is a financial expert) to whom external auditors report |
|
|
Term
Who is responsible for F/S? |
|
Definition
|
|
Term
What do auditors do w/respect to F/S? |
|
Definition
express opinion on F/S, providing reasonable assurance that F/S are free from material misstatement, whether due to error or fraud |
|
|
Term
Other aspects of corporate governance |
|
Definition
trusteeship, empowerment and control, good corporate citizenship, transparency of public disclosures |
|
|
Term
How should auditors be independent? |
|
Definition
in mind- intellectually honest and free of conflicts of interest in fact- far to all interested parties and without bias |
|
|
Term
What does audit committee do? |
|
Definition
Hires, compensates, and oversees work of external auditor, also determines critical accounting policies and alternative accounting treatments with auditors. Addresses complaints about accounting policies. |
|
|
Term
What is the IIA? What does it do? |
|
Definition
IIA- Institute of Internal Auditors. It issues the pronouncements in its International Professional Practices Framework (IPPF), which is not regulated in any country. |
|
|
Term
chief audit executive (CAE) |
|
Definition
head of internal audit- ensures that IAs are done in accordance with IIA rules |
|
|
Term
|
Definition
independent, objective assurance designed to add value. Systematic and disciplined approach. Effectiveness of risk management, control and governance. |
|
|
Term
IIA Standards of Professional Practice |
|
Definition
Independence- freedom to carry out IA responsibilities in unbiased manner. Objectivity- personal attribute (don't do same IA two years in a row) Assurance- objective examination; independent assessment of governance, risk management, and control; requested by senior management Consulting- advisory and related, nature and scope agreed w/client. Add value and does not impair independence Risk management- objectives = mission, identified risks, risks = risk appetite, relevant information communicated Control- actions taken to manage risk and ensure achievement of objectives and goals; it is responsibility of management. IA controls reliability of fin. reporting, effectiveness of ops., safeguard assets, compliance Governance- promote ethics, ensure effective performance, communicate risk and control information, coordinate BOD, auditors, and management |
|
|
Term
functions of internal auditing |
|
Definition
IA controls reliability of fin. reporting, effectiveness of ops., safeguard assets, compliance |
|
|
Term
|
Definition
-Independence -Objectivity -Internal Audit Charter -Impairment (conflicting interest, scope, restrictions on access, resource limitations; must be disclosed) -Proficiency -Due professional care, not infallibility -Continuing Professional Development -Quality Assurance and Improvement Program |
|
|
Term
|
Definition
a lot of new regulation regarding the responsibilities of corporate management and external auditors -(302) CEO and CFO must personally certify F/S and (906) certify F/S into U.S. Code -(404) Management responsible for internal control (IC) -(407) One financial expert on audit committee. -(802) Up to 20 years in prison for tampering with records to obstruct justice. -(1107) Whistleblower protections (illegal to fire a whistleblower that provides truthful info about a federal offense) |
|
|
Term
audit committee financial expert has |
|
Definition
1. An understanding of GAAP and financial statements 2. Experience in preparing or auditing financial statements 3. Experience with internal auditing controls |
|
|
Term
whistleblower compensation |
|
Definition
Another SOX rule is that whistleblowers will be compensated, which is usually a reward of 10 to 30% of the sanctions imposed if over $1 million in fraud is discovered |
|
|
Term
|
Definition
issues auditing standards, inspects firms, enforces compliance. Public firms must register. |
|
|
Term
What services are allowed for audit clients? What services are not allowed? |
|
Definition
Tax planning and some nonaudit services allowed. Consulting, legal and IA not allowed. |
|
|
Term
|
Definition
process designed to provide reasonable assurance regarding effectiveness (doing the right things) and efficiency (doing things right) of ops., reliability of financial reporting and compliance. |
|
|
Term
Why reasonable assurance? |
|
Definition
costs > benefits, limits of faulty judgment, collusion, an), monitoring (data and sysd management override. |
|
|
Term
Five elements of internal control according to COSO |
|
Definition
Control environment (tone at the top), risk assessment (identifying and managing risks), information and communication, control activities (policies and procedurestems). |
|
|
Term
|
Definition
5 objectives- control env., risk mgmt., control activities, info. and comm. and monitoring- plus 3 new ones. -risk response- avoid, reduce, share, or accept. -event identification -objective setting (at strategic, operational, reporting, and compliance levels) |
|
|
Term
control environment elements |
|
Definition
-HR policies and practices -Integrity and ethical values -Structure of organization (size and mission of org.) -competence -Philosophy and operating style of management -Authority (BOD and audit committee) |
|
|
Term
|
Definition
estimate significance of event, assess event likelihood, consider means to manage risk |
|
|
Term
The seriousness and likelihood of risks are inversely related. True or false. |
|
Definition
|
|
Term
|
Definition
Control activities: -Top-level reviews (actual vs. budget) -Interacting daily with managers of line personnel -physical controls -Performance indicators, -segregation of duties, -information processing. |
|
|
Term
|
Definition
preventive, detective, feedback (evaluate results of process and adjust if results are undesirable), and application (controls over data input and processing meant to ensure the accuracy, completeness and validity of transaction processing) |
|
|
Term
General vs. application IS controls |
|
Definition
general- affect all computer systems in the organization application- specific to a given computer application |
|
|
Term
|
Definition
controls over data input and processing meant to ensure the accuracy, completeness and validity of transaction processing; specific to a given computer application |
|
|
Term
|
Definition
periodic reconciliation of operational division data and entity-wide data, customer complaints about billing, int. and ext. auditor reports and training seminars. |
|
|
Term
|
Definition
Foundation (tone at the top, org. structure, IC effectiveness) Design and execute monitoring procedures (prioritize risks, identify controls, identify persuasive information, implement monitoring procedures) Assess and report results (prioritize findings, report to appropriate levels, follow up on corrections) |
|
|
Term
limits of internal control/COSO ERM (similar to limits to internal and external audits (why reasonable and not absolute assurance can be given)) |
|
Definition
costs should not exceed benefits, limits of faulty judgment, employee mishap, collusion, and management override, no human system is perfect. |
|
|
Term
What caused the legislation of the Foreign Corrupt Practices Act of 1977? What are the FCPA provisions? |
|
Definition
Bribery of foreign officials by U.S. companies. FCPA provisions- all issuers must have internal accounting controls, no bribes. |
|
|
Term
Who sets the tone at the top? |
|
Definition
|
|
Term
|
Definition
provide consulting and advisory for design and operation of IC, not selection and execution of them. Systematic IC reviews according to IIA professional standards. Attribute, performance, and implementation standards. |
|
|
Term
All employees should inform upper management about poor controls. True or false. |
|
Definition
|
|
Term
Who are external parties? |
|
Definition
External auditors, who must do integrated audits according to PCAOB. Legislators and regulators. Customers and suppliers Financial analysts, bond rating agencies, and the news media. |
|
|
Term
|
Definition
possibility of event occurring that adversely affects achievement of objectives. Opposite of opportunity. |
|
|
Term
enterprise risk management (ERM) |
|
Definition
process designed to identify potential events, and manage risk w/in risk appetite, and provide reasonable assurance regarding achievement of entity objectives. |
|
|
Term
|
Definition
Directors are outside, experienced in industry or corporate governance, willing to challenge management's choices. |
|
|
Term
|
Definition
Chief risk officer; the CRO coordinates entity's risk management activities. |
|
|
Term
What are the goals of ERM? |
|
Definition
reach objectives, prevent loss of reputation and resources, report effectively, compliance with laws and regulations. |
|
|
Term
|
Definition
possibility of event occurring that positively affects achievement of objectives. Opposite of risk. |
|
|
Term
|
Definition
Consider risk appetite and strategy Risk response (avoidance, reduction, sharing, acceptance) Reduction of operational surprises and losses Multiple and cross-enterprise risks Response to opportunities Development of capital |
|
|
Term
Studying Obsessively Really Counts (COSO Risk Mgmt. Framework) |
|
Definition
Strategic objectives = mission. Operations address effectiveness and efficiency. Reporting = reliability Compliance. Additional: Safeguarding assets |
|
|
Term
stategies for risk response |
|
Definition
avoidance- end activity retention- accept risk; self-insurance reduction- lowers risk sharing- transfer part of risk to another party exploitation- seeks risk to pursue a high return on investment |
|
|
Term
I Ate Pie For Money (Risk Management Process) |
|
Definition
Identify, assess, prioritize risks, formulate and monitor risk responses |
|
|