Term
|
Definition
| Combination of people, policies, procedures, and processes that help ensure an entity best meets stakeholder needs |
|
|
Term
|
Definition
| persons/entities affected by company's activity |
|
|
Term
| components of internal corporate governance |
|
Definition
| corp. charters, bylaws, BOD, internal audit |
|
|
Term
| external corporate governance |
|
Definition
|
|
Term
|
Definition
| provisions for business management and non-conflicting regulations |
|
|
Term
| What can shareholders do? |
|
Definition
| amend articles, general vote, elect/remove directors (everything else BOD, or management/officers do day-to-day ops) |
|
|
Term
|
Definition
| act in client's best interest, loyal, due diligence, disclose conflicts of interest |
|
|
Term
| Can conflicting interests exist? |
|
Definition
| They are fine if it is fair to corp. and approved by directors w/out conflict. |
|
|
Term
|
Definition
| protects officers who acted in good faith |
|
|
Term
| Who is given the right of first refusal? |
|
Definition
| The corporation. You must first give the company an opportunity to pursue a business idea/venture before you do it. |
|
|
Term
|
Definition
| Elect officers, capital structure (debt/equity mix), bylaws, mergers/acquisitions, dividend decisions, management compensation, coordinating audit activities, risk evaluation and management |
|
|
Term
|
Definition
| independent committee w/in BOD of 3 people (one of which is a financial expert) to whom external auditors report |
|
|
Term
| Who is responsible for F/S? |
|
Definition
|
|
Term
| What do auditors do w/respect to F/S? |
|
Definition
| express opinion on F/S, providing reasonable assurance that F/S are free from material misstatement, whether due to error or fraud |
|
|
Term
| Other aspects of corporate governance |
|
Definition
| trusteeship, empowerment and control, good corporate citizenship, transparency of public disclosures |
|
|
Term
| How should auditors be independent? |
|
Definition
in mind- intellectually honest and free of conflicts of interest
in fact- far to all interested parties and without bias |
|
|
Term
| What does audit committee do? |
|
Definition
| Hires, compensates, and oversees work of external auditor, also determines critical accounting policies and alternative accounting treatments with auditors. Addresses complaints about accounting policies. |
|
|
Term
| What is the IIA? What does it do? |
|
Definition
| IIA- Institute of Internal Auditors. It issues the pronouncements in its International Professional Practices Framework (IPPF), which is not regulated in any country. |
|
|
Term
| chief audit executive (CAE) |
|
Definition
| head of internal audit- ensures that IAs are done in accordance with IIA rules |
|
|
Term
|
Definition
| independent, objective assurance designed to add value. Systematic and disciplined approach. Effectiveness of risk management, control and governance. |
|
|
Term
| IIA Standards of Professional Practice |
|
Definition
Independence- freedom to carry out IA responsibilities in unbiased manner.
Objectivity- personal attribute (don't do same IA two years in a row)
Assurance- objective examination; independent assessment of governance, risk management, and control; requested by senior management
Consulting- advisory and related, nature and scope agreed w/client. Add value and does not impair independence
Risk management- objectives = mission, identified risks, risks = risk appetite, relevant information communicated
Control- actions taken to manage risk and ensure achievement of objectives and goals; it is responsibility of management. IA controls reliability of fin. reporting, effectiveness of ops., safeguard assets, compliance
Governance- promote ethics, ensure effective performance, communicate risk and control information, coordinate BOD, auditors, and management |
|
|
Term
| functions of internal auditing |
|
Definition
| IA controls reliability of fin. reporting, effectiveness of ops., safeguard assets, compliance |
|
|
Term
|
Definition
-Independence
-Objectivity
-Internal Audit Charter
-Impairment (conflicting interest, scope, restrictions on access, resource limitations; must be disclosed)
-Proficiency
-Due professional care, not infallibility
-Continuing Professional Development
-Quality Assurance and Improvement Program |
|
|
Term
|
Definition
a lot of new regulation regarding the responsibilities of corporate management and external auditors
-(302) CEO and CFO must personally certify F/S and (906) certify F/S into U.S. Code
-(404) Management responsible for internal control (IC)
-(407) One financial expert on audit committee.
-(802) Up to 20 years in prison for tampering with records to obstruct justice.
-(1107) Whistleblower protections (illegal to fire a whistleblower that provides truthful info about a federal offense) |
|
|
Term
| audit committee financial expert has |
|
Definition
1. An understanding of GAAP and financial statements
2. Experience in preparing or auditing financial statements
3. Experience with internal auditing controls |
|
|
Term
| whistleblower compensation |
|
Definition
| Another SOX rule is that whistleblowers will be compensated, which is usually a reward of 10 to 30% of the sanctions imposed if over $1 million in fraud is discovered |
|
|
Term
|
Definition
| issues auditing standards, inspects firms, enforces compliance. Public firms must register. |
|
|
Term
| What services are allowed for audit clients? What services are not allowed? |
|
Definition
| Tax planning and some nonaudit services allowed. Consulting, legal and IA not allowed. |
|
|
Term
|
Definition
| process designed to provide reasonable assurance regarding effectiveness (doing the right things) and efficiency (doing things right) of ops., reliability of financial reporting and compliance. |
|
|
Term
| Why reasonable assurance? |
|
Definition
| costs > benefits, limits of faulty judgment, collusion, an), monitoring (data and sysd management override. |
|
|
Term
| Five elements of internal control according to COSO |
|
Definition
| Control environment (tone at the top), risk assessment (identifying and managing risks), information and communication, control activities (policies and procedurestems). |
|
|
Term
|
Definition
5 objectives- control env., risk mgmt., control activities, info. and comm. and monitoring- plus 3 new ones.
-risk response- avoid, reduce, share, or accept.
-event identification
-objective setting (at strategic, operational, reporting, and compliance levels) |
|
|
Term
| control environment elements |
|
Definition
-HR policies and practices
-Integrity and ethical values
-Structure of organization (size and mission of org.)
-competence
-Philosophy and operating style of management
-Authority (BOD and audit committee) |
|
|
Term
|
Definition
| estimate significance of event, assess event likelihood, consider means to manage risk |
|
|
Term
| The seriousness and likelihood of risks are inversely related. True or false. |
|
Definition
|
|
Term
|
Definition
Control activities:
-Top-level reviews (actual vs. budget)
-Interacting daily with managers of line personnel
-physical controls
-Performance indicators,
-segregation of duties,
-information processing. |
|
|
Term
|
Definition
| preventive, detective, feedback (evaluate results of process and adjust if results are undesirable), and application (controls over data input and processing meant to ensure the accuracy, completeness and validity of transaction processing) |
|
|
Term
| General vs. application IS controls |
|
Definition
general- affect all computer systems in the organization
application- specific to a given computer application |
|
|
Term
|
Definition
| controls over data input and processing meant to ensure the accuracy, completeness and validity of transaction processing; specific to a given computer application |
|
|
Term
|
Definition
| periodic reconciliation of operational division data and entity-wide data, customer complaints about billing, int. and ext. auditor reports and training seminars. |
|
|
Term
|
Definition
Foundation (tone at the top, org. structure, IC effectiveness)
Design and execute monitoring procedures (prioritize risks, identify controls, identify persuasive information, implement monitoring procedures)
Assess and report results (prioritize findings, report to appropriate levels, follow up on corrections) |
|
|
Term
| limits of internal control/COSO ERM (similar to limits to internal and external audits (why reasonable and not absolute assurance can be given)) |
|
Definition
| costs should not exceed benefits, limits of faulty judgment, employee mishap, collusion, and management override, no human system is perfect. |
|
|
Term
| What caused the legislation of the Foreign Corrupt Practices Act of 1977? What are the FCPA provisions? |
|
Definition
Bribery of foreign officials by U.S. companies.
FCPA provisions- all issuers must have internal accounting controls, no bribes. |
|
|
Term
| Who sets the tone at the top? |
|
Definition
|
|
Term
|
Definition
| provide consulting and advisory for design and operation of IC, not selection and execution of them. Systematic IC reviews according to IIA professional standards. Attribute, performance, and implementation standards. |
|
|
Term
| All employees should inform upper management about poor controls. True or false. |
|
Definition
|
|
Term
| Who are external parties? |
|
Definition
External auditors, who must do integrated audits according to PCAOB.
Legislators and regulators.
Customers and suppliers
Financial analysts, bond rating agencies, and the news media. |
|
|
Term
|
Definition
| possibility of event occurring that adversely affects achievement of objectives. Opposite of opportunity. |
|
|
Term
| enterprise risk management (ERM) |
|
Definition
| process designed to identify potential events, and manage risk w/in risk appetite, and provide reasonable assurance regarding achievement of entity objectives. |
|
|
Term
|
Definition
| Directors are outside, experienced in industry or corporate governance, willing to challenge management's choices. |
|
|
Term
|
Definition
| Chief risk officer; the CRO coordinates entity's risk management activities. |
|
|
Term
| What are the goals of ERM? |
|
Definition
| reach objectives, prevent loss of reputation and resources, report effectively, compliance with laws and regulations. |
|
|
Term
|
Definition
| possibility of event occurring that positively affects achievement of objectives. Opposite of risk. |
|
|
Term
|
Definition
Consider risk appetite and strategy
Risk response (avoidance, reduction, sharing, acceptance)
Reduction of operational surprises and losses
Multiple and cross-enterprise risks
Response to opportunities
Development of capital |
|
|
Term
| Studying Obsessively Really Counts (COSO Risk Mgmt. Framework) |
|
Definition
Strategic objectives = mission.
Operations address effectiveness and efficiency.
Reporting = reliability
Compliance.
Additional: Safeguarding assets |
|
|
Term
| stategies for risk response |
|
Definition
avoidance- end activity
retention- accept risk; self-insurance
reduction- lowers risk
sharing- transfer part of risk to another party
exploitation- seeks risk to pursue a high return on investment |
|
|
Term
| I Ate Pie For Money (Risk Management Process) |
|
Definition
| Identify, assess, prioritize risks, formulate and monitor risk responses |
|
|
