Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
76 Cards in this Set
- Front
- Back
|
What does Title III of the SOX Act of 2002 cover? |
Corporate Responsibility - the establishment of an audit committee and the representations made by key corporate officers.
|
|
|
What is the purpose of a public company audit committee?
|
Directly responsible for the appointment, compensation, and oversight of the work of the public accounting firm. Also establish procedures to accept reports of complaints regarding audit, accounting or internal control issues.
|
|
|
Who does an auditor report to?
|
Directly to the audit committee, who is responsible for resolving disputes between the auditor and management.
|
|
|
Who are the members of an audit committee?
|
Members of the issuers' board of directors but are to be otherwise independent.
|
|
|
What is the independence criteria for an audit committee?
|
1) Audit committee members may not accept compensation from the issuer for consulting or advisory services
2) May not be an affiliated person of the issuer (ability to influence financial decisions) |
|
|
What is the criteria for the audit committee's procedures for reports of complaints regarding audit, accounting or internal control issues?
|
1) procedures must accommodate confidential, anonymous reports by employees
2) accomodate receipt and retention of complaints as well as a method to address those complaints |
|
|
Corporate officials (usually CEO & CFO) must sign certain representations regarding annual and quarterly reports including their assertion that:
|
1) they have REVIEWED the report
2) does not contain UNTRUE statements or OMIT material info 3) in CONFORMITY with gaap 4) CEO and CFO assume responsibility for INTERNAL CONTROLS 5) CEO and CFO have made DISCLOSURES 6) CEO and CFO must explain any significant CHANGES to internal controls |
|
|
The CEO and CFO signing the report have assumed responsibility for internal controls, including assertions that:
|
1) ICs have been DESIGNED to ensure that material info has been made available
2) ICs have been EVALUATED for effectiveness as of a date within 90 days prior to report 3) includes CONCLUSIONS as to the effectiveness of ICs based upon their evaluation |
|
|
The CEO and CFO signing the report assert that they have made the following disclosures to the issuer's auditors and the audit committee:
|
1) all sig deficiencies in the design or operation of ICs which might adversely affect the F/Ss.
2) any fraud (regardless of materiality) that involves mgmt or any other employee with a sig role in ICs |
|
|
Noncompliance of Title III of SOX may result in surrender of compensation including repayment to the issuer of:
|
bonuses or incentive based or equity based compensation, gains on sale of securities
|
|
|
What does Title IV of the SOX act of 2002 cover?
|
Enhanced Financial Disclosures -- additional details regarding the FSs, ICs, and the operations of the audit committee.
|
|
|
Under Title IV, disclosures should include:
|
1. all material entries identified by the auditor
2. all off balance sheet transactions 3. use of special purpose entities |
|
|
issuers are generally prohibited from making personal loans to directors or executive officers. exceptions apply if:
|
1. the consumer credit loans are made in the ordinary course of business
2. terms offered to the officer are generally made available to the public under similar terms |
|
|
Disclosures are required for persons who generally have direct or indirect ownership of more than__ percent of any class of most any equity security.
|
10 percent
|
|
|
When are statements filed for transactions involving management and principle stockholders?
|
1) at the time of registration
2) when the person achieves 10 percent ownership 3) if there has been a change in ownership |
|
|
What is section 404?
|
management's assessment of internal controls
|
|
|
Management's assessment of internal controls includes the following assertions:
|
1) mgmt is responsible for adequate IC structure
2) mgmt has made conclusions regarding its assessment of the effectiveness of IC structure and procedures for financial reporting |
|
|
The code of ethics contemplates standards for:
|
1) honest and ethical conduct
2) full, fair, accurate and timely disclosures in periodic financial reports 3) compliance with laws, rules, and regulations |
|
|
Who is qualified to be the audit committee "financial expert"?
|
qualified through education, past experience as a public accountant or finance officer
|
|
|
Is COSO a governmental body?
|
NO
|
|
|
is COSO an authority sponsored by congress?
|
NO
|
|
|
What is another name for COS?
|
the Treadway Commission
|
|
|
What are the five components of the COSO framework?
|
1) control activities
2) risk assessment 3) information and communication 4) Monitoring 5) Control Environment |
|
|
What does the "Control Activities" component of the CRIME mnemonic represent?
|
the policies and procedures used to implement internal controls
|
|
|
What does the "Risk Assessment" component of the CRIME mnemonic represent?
|
The risk assessment component includes principles associated with mgmt's consideration of the risk of material misstatement
|
|
|
What does the "Information and Communication" component of the CRIME mnemonic represent?
|
information systems identify, capture, process and distribute info supporting accomplishment of financial reporting objectives
|
|
|
what are the principles that comprise the control environment?
|
PHRASED
|
|
|
What does the PHRASED mnemonic for the control environment principles stand for?
|
P - philosophy and operating style of mgmgt
H - Human Resources R - Financial Reporting competencies A - authority and responsibility S - Org Structure E - Integrity and ethical values D - Board of directors |
|
|
what are the principles of control activities?
|
1) risk assessment integration
2) selection and development 3) policies and procedures 4) information and technology |
|
|
What are the principles of risk assessment?
|
1) financial reporting objectives
2) Financial Reporting risks 3) Fraud risk |
|
|
What are the principles of information and communication?
|
1) financial reporting information
2) internal control information 3) internal communication 4) external communication |
|
|
what are the principles of monitoring?
|
1) ongoing and separate evaluations
2) reporting deficiencies |
|
|
What does the "integrity and ethical values" principle of the control environment mean?
|
high standards of integrity and ethical conduct are adopted by top mgmt and demonstrated throughout the org
|
|
|
What does the "Control Activities" component of the CRIME mnemonic represent?
|
the policies and procedures used to implement internal controls
|
|
|
What does the "Risk Assessment" component of the CRIME mnemonic represent?
|
The risk assessment component includes principles associated with mgmt's consideration of the risk of material misstatement
|
|
|
What does the "Information and Communication" component of the CRIME mnemonic represent?
|
information systems identify, capture, process and distribute info supporting accomplishment of financial reporting objectives
|
|
|
what are the principles that comprise the control environment?
|
PHRASED
|
|
|
What does the PHRASED mnemonic for the control environment principles stand for?
|
P - philosophy and operating style of mgmgt
H - Human Resources R - Financial Reporting competencies A - authority and responsibility S - Org Structure E - Integrity and ethical values D - Board of directors |
|
|
what are the principles of control activities?
|
1) risk assessment integration
2) selection and development 3) policies and procedures 4) information and technology |
|
|
What are the principles of risk assessment?
|
1) financial reporting objectives
2) Financial Reporting risks 3) Fraud risk |
|
|
What are the principles of information and communication?
|
1) financial reporting information
2) internal control information 3) internal communication 4) external communication |
|
|
what are the principles of monitoring?
|
1) ongoing and separate evaluations
2) reporting deficiencies |
|
|
What does the "integrity and ethical values" principle of the control environment mean?
|
high standards of integrity and ethical conduct are adopted by top mgmt and demonstrated throughout the org
|
|
|
What does the "Control Activities" component of the CRIME mnemonic represent?
|
the policies and procedures used to implement internal controls
|
|
|
What does the "Risk Assessment" component of the CRIME mnemonic represent?
|
The risk assessment component includes principles associated with mgmt's consideration of the risk of material misstatement
|
|
|
What does the "Information and Communication" component of the CRIME mnemonic represent?
|
information systems identify, capture, process and distribute info supporting accomplishment of financial reporting objectives
|
|
|
what are the principles that comprise the control environment?
|
PHRASED
|
|
|
What does the PHRASED mnemonic for the control environment principles stand for?
|
P - philosophy and operating style of mgmgt
H - Human Resources R - Financial Reporting competencies A - authority and responsibility S - Org Structure E - Integrity and ethical values D - Board of directors |
|
|
what are the principles of control activities?
|
1) risk assessment integration
2) selection and development 3) policies and procedures 4) information and technology |
|
|
What are the principles of risk assessment?
|
1) financial reporting objectives
2) Financial Reporting risks 3) Fraud risk |
|
|
What are the principles of information and communication?
|
1) financial reporting information
2) internal control information 3) internal communication 4) external communication |
|
|
what are the principles of monitoring?
|
1) ongoing and separate evaluations
2) reporting deficiencies |
|
|
What does the "integrity and ethical values" principle of the control environment mean?
|
high standards of integrity and ethical conduct are adopted by top mgmt and demonstrated throughout the org
|
|
|
What does the "financial reporting competencies" principle of control environment mean?
|
The company retains qualified personnel to handle financial reporting
|
|
|
What is the intent of enterprise risk management?
|
to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
|
|
|
the ERM provides that framework to evaluate how an org will respond to risk. the alternative risk responses are generally:
|
1) risk avoidance
2) reduction 3) sharing 4) acceptance |
|
|
ERM defines enterprise objectives in four categories:
|
1) Strategic
2) Operations 3) Reporting 4) Compliance |
|
|
What are the components of ERM?
|
I - Internal Environment
S - setting objectives E - event identification A - assessment of risk R - risk response A - control activities I - information and communication M - monitoring |
|
|
What are the eight key elements of the internal environment component of ERM?
|
PHRASED C
P - risk mgmt philosophy H - HR standards A - assignment of authority and responsibility S - organizational structure E - integrity and ethical values D - board of Directors C - commitment to competence |
|
|
what does the "R" of the PHRASED C mnemonic for the internal environment component of ERM stand for?
|
risk appetite (the amount of risk an org will accept in the pursuit of value)
|
|
|
what does the "C" of the PHRASED C mnemonic for the internal environment component of ERM stand for?
|
commitment to competence (mgmt's judicious specification of required competency levels for each job function)
|
|
|
What does the "objective setting" component of ERM mean?
|
org's set objectives and then identify the events that may block the achievement of those objectives.
|
|
|
what are the five elements of the "objective setting" component of ERM?
|
1) strategic objectives
2) related objectives 3) selected objectives 4) risk appetite 5) risk tolerances |
|
|
What does the "event identification" component of ERM mean?
|
events, both negative (risks) and positive (opportunities) are identified.
|
|
|
what are the 6 elements of the "event identification" component of ERM?
|
1) events
2) influencing factors 3) event identification techniques 4) event interdependencies 5) event categories 6) distinguishing risks and opportunities |
|
|
What does the "risk assessment" component of ERM mean?
|
risks are analyzed in relation to their likelihood and their severity and the anticipated risks that continue even after mgmt has taken action.
|
|
|
what are the 5 elements of the "risk assessment" component of ERM?
|
1) inherent and residual risk
2) establishing likelihood and impact 3) data sources 4) assessment techniques 5) event relationships |
|
|
what is inherent risk?
|
the risk to an org that exists if mgmt takes no action to change the likelihood or impact of an adverse event
|
|
|
what is residual risk?
|
the risk to an org that exists after mgmt takes action to mitigate the adverse impact of the event
|
|
|
what is benchmarking?
|
use of common data from orgs with similar characteristics. (assessment technique under risk assessment)
|
|
|
what are probabilistic models?
|
use of a range of events and impact with likelihood estimated using assumptions.(assessment technique under risk assessment)
|
|
|
what are non-probabilistic models?
|
use of subjective assumptions to estimate event impact without estimating likelihood (assessment technique under risk assessment)
|
|
|
what is the "risk response" component of ERM?
|
managements response to risk can be anywhere in a range of alternatives but must align with the org's overall risk appetite.
|
|
|
what are the elements of the "risk response" component of ERM?
|
1) evaluating possible responses
2) selected responses 3) portfolio view |
|
|
what is the "control activities" component of ERM?
|
policies and procedures used to effect mgmt's response to risk are included in control activities
|
|
|
what are the elements of the "control activities" component of ERM?
|
1) integration with risk response
2) types of control activties 3) policies and procedures 4) controls over info systems 5) entity specific |
