• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/173

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

173 Cards in this Set

  • Front
  • Back
What are the duties of the BOD ?
1-Election of officers
2-Removal of officers
3-Supervision of officers
4-Adoption of bylaws
5-Amendment of bylaws
6-Repeal of bylaws
7-Fixing management compensation
8-Initiating fundamental changes to the corporation's structure
9-Declaration of dividends distribution
10-Setting director compensation
Note
BOD may remove an officer with or without cause
What is the business judgment rule?
It is the rule whereby A director will not be liable to the corporation for acts performed or decisions made in good faith, in a manner the director believes to be in the best interest of the corporation, & with the care an ordinarily prudent person in a like position would exercise.
Note
Directors will be liable to the corporation only for negligent acts or omissions (e.g., failure to obtain fire insurance; hiring a convicted
embezzler as treasurer without looking at his record, etc.)
Who are the people which a director can rely on?
1-Corporate officers
2-Employees
3-Committee of the board whom the director reasonably believes to be reliable & competent
4-Legal counsel
5-Accountants
6-Other persons as to matters the director reasonably believes are within such person's professional competence
Note
Directors may be held liable for unlawful distributions
What is the meaning of unlawful distributions?
It is the dividends distributions in cases of:
1-The corporation would not be able to pay its debts as they become due in the regular course of business; or
2-The corporation's total assets would be less than its total liabilities.
Note
Directors owe their corporation a duty of loyalty & must act in the best interests of their corporation.
Note
The duty of loyalty prohibits directors from competing with the corporation, but does not necessarily prohibit directors from transacting business with the corporation (e.g., by buying from or selling to the corporation).
What is the corporate opportunity doctrine?
It means that If a director is presented with a business opportunity that is of interest to his corporation (e.g., he is told that l& the corporation is interested in buying has just been put on the market), generally the duty of loyalty prohibits the director from taking the opportunity for himself. He must present the opportunity to the
corporation & can take the opportunity for himself only if the corporation decides not to take it.
Note
Generally, corporations are allowed to indemnify directors for expenses for any lawsuit brought against them in their corporate capacity. The corporation may also pay any judgment imposed in a lawsuit on the director, except in a shareholder derivative suit.
What are the cases that a director's liability to the corporation may be limited?
1-Financial benefits received by the director to which the director was not entitled;
2-Intentional harm inflicted on the corporation or the shareholders;
3-Unlawful distributions authorized by the director;
4-Intentional violations of criminal law; &
5-Breaches of the duty of loyalty.
Who are the Officers?
Officers are individual agents of the corporation who ordinarily conduct its day-to-day operations & may bind the corporation to contracts made on its behalf.
Note
An officer may be removed even if the officer has a contract & the term of the contract has not expired (although the corporation may be liable for damages in such a case).
Note
A corporate president will generally have apparent authority to enter into contracts & act on behalf of the corporation in the ordinary course of business.
Note
Corporate officers, like corporate directors, are subject to fiduciary duties & must discharge their duties in good faith & with the same care as an ordinarily prudent person in a like position.
Note
Like directors, officers may be indemnified for expenses &
judgments from litigation brought against them in their corporate capacity.
Note
Officers may also serve as directors of the corporation, but good corporate governance happen when the majority of the BOD is independent (The BOD should supervise themselves)
Note
An officer is not required to be a shareholder of the corporation, but he or she may be.
What are the 3 main topics that the SOX act include?
1-Corporate responsibility
2-Enhanced Financial Disclosure
3-Corporate & criminal fraud accountability
Note
The corporate responsibility section of the SOX act relates to 2 issues:
1-Establishment of an audit committee
2-Representations made by key corporate officers (CEO & CFO)
What are the responsibilities of the Public company Audit committee?
1-Appointment of the Public accounting firm
2-Compensation of the Public accounting firm
3-Oversight of the work of the Public accounting firm
4-Resolving disputes between the auditor & management
Note
Audit committee members are to be members of the issuer's board of directors but are to be otherwise independent.
What are the independence criteria that the audit committee need to have while being a member in the BOD?
1-Audit committee members may not accept compensation from the issuer for consulting or advisory services.
2-Audit committee members may not be an affiliated person of the issuer. (Affiliation means a person having the ability to influence financial decisions).
What are the specifications of the procedures that the audit committee must establish to accept complaints regarding audit, accounting, or internal control issues?
1-Procedures must accommodate confidential, anonymous reports by
employees of the issuer.
2-Procedures must accommodate receipt & retention of complaints as well as a method to address those complaints.
Note
According to SOX act, Corporate officials (CEO & CFO) must sign certain representations regarding annual & quarterly reports.
What are the assertions that should be included in the corporate officials' reports?
1-They have reviewed the report.
2-The report does not contain untrue statements or omit material information.
3-The FSs fairly present in all material respects the financial condition & results of operations of the issuer.
4-The CEO & CFO signing the report have assumed responsibility for internal controls including assertions.
5-The CEO & CFO signing the report assert that they have made disclosures to the issuer's auditors & the audit committee.
6-The CEO & CFO signing the report must also represent whether there have been any significant changes to internal controls.
What are those assertions that the CEO & CFO had assumed responsibility for regarding internal controls ?
1-Internal controls have been designed to ensure that material information has been made available.
2-Internal controls have been evaluated for effectiveness as of a date within 90 days prior to the report.
3-Their report includes their conclusions as to the effectiveness of internal controls based upon their evaluation.
What are those assertions that the CEO & CFO had assumed responsibility for regarding disclosures to the issuer's auditors & the audit committee ?
1-All significant deficiencies in the design or operation of internal controls which might adversely affect the FSs.
2-Any fraud (regardless of materiality) that involves management or any other employee with a significant role in internal controls.
Note
Improper Influence on the Conduct of Audits by any person is prohibited
Note
If an issuer is required to prepare an accounting restatement due to material noncompliance with any financial reporting requirement under the securities laws, the CEO & CFO may be required to reimburse the issuer for:
a. Bonuses or incentive-based or equity-based compensation.
b. Gains on sale of securities during that 12-month period.
What is meant by the Enhanced financial disclosure?
It is the inclusion of the issuer reports for additional details regarding the following:
1-FSs
2-Internal Controls
3- The operations of the audit committee
What are the enhanced disclosure requirements?
1-All material correcting adjustments identified by the auditor should be reflected in the FSs.
2-The FSs should disclose all material off-B/S transactions:
(1) Contingent obligations.
(2) Relationships with unconsolidated subsidiaries.
3-Conformance of pro forma FSs to the following requirements:
( 1) No untrue statements.
(2) No omitted material information.
(3) Reconciled with GAAP basis FSs.
4-Use of special purpose entities.
Note
Issuers are generally prohibited from making personal loans to directors or executive officers except in the following cases:
1-If the consumer credit loans are made in the ordinary course of
business by the issuer.
2-If the terms offered to the officer are generally made available to
the public under similar terms & conditions.
Note
Disclosures are required for persons who generally have direct or indirect ownership of more than 10 percent of any class of most any equity security.
Note
Management & Principal stockholders transactions' disclosure are
made by filing a statement.
What are the times that the Management and Principal stockholders transactions' disclosure filing is required?
1-At the time of registration.
2-When the person achieves 10 percent ownership.
3-If there has been a change in ownership.
Note
The assessment of internal controls is commonly referred to under the SOX act as Section 404.
What are the requirements that the annual report prepared by management for the internal controls assessment should include?
a. A statement that management is responsible for establishing & maintaining an adequate internal control structure & procedures for financial reporting.
b. An assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure & procedures for financial reporting.
Note
The auditor must attest to management's assessment of internal control.
Note
Investment companies are exempted from the enhanced financial disclosure act
Note
Issuers must disclose whether or not the issuer has adopted a code of conduct for senior officers (e.g., CEO, CFO, controller, & chief accountant) & If no code of conduct has been adopted, the issuer must disclose the reasons.
What are the issues the code of ethics should promote?
1-Honest & ethical conduct (including handling of conflicts of interest).
2-Full, fair, accurate, & timely disclosures in periodic financial reports.
3-Compliance with laws, rules, & regulations.
Note
At least one member of the audit committee should be a financial expert.
Note
Financial reports of the issuer must disclose the existence of a financial expert on the committee or the reasons why the committee does not have a member who is a financial expert.
Who is the person that qualifies for the position of financial expert?
1-Past experienced public accountant
2-Past experienced principal financial officer
3-Comptroller
4-Principal accounting officer for an issuer
What is the knowledge that should be available for the financial expert?
1-Underst&ing of GAAP.
2-Experience in the preparation or auditing of FSs for
comparable issuers.
3-Application of GAAP.
4-Experience with internal controls.
5-Underst&ing of audit committee functions.
Note
The SEC is required to review disclosures made by issuers, including those in Form 10-K, on a regular & systematic basis for the protection of investors.
What are the considerations that the SEC should consider while performing the issuers' disclosure review?
The SEC should consider only issuers with the following specifications:
1-Having issued material restatements of financial results.
2-Experiencing significant volatility in their stock prices when compared to other Issuers.
3-Issuers with the largest market capitalization.
4-Emerging companies with disparities in price-to-earning ratios.
5-Whose operations significantly affect any material sector of the economy.
Note
Individuals who alter, destroy, mutilate, conceal, cover up, falsify, or make false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence an investigation, will be fined, imprisoned for not more than 20 years, or both.
Note
Auditors of issuers should retain all audit & review work papers for a period of 7 years from the end of the fiscal period in which the audit or review was conducted. Failure to do so will result in a fine, imprisonment for not more than 10 years, or both.
What is the statute of limitations for securities fraud?
The earlier of:
1-Two years after the discovery of the facts constituting the violation
2-Five years after the violation.
Note
An employee who lawfully provides evidence of fraud may not be discharged, demoted, suspended, threatened, harassed, or in any other matter discriminated against for providing such information.
Note
An employee who alleges discharge or other discrimination
for providing evidence of fraud may file a complaint with the Secretary of Labor.
What is the compensation that the whistleblower would gain from complaining with the secretary of labor of any discrimination he faced after providing evidence of fraud?
1-Reinstatement with the same seniority status that the employee would have had,
2-Back pay with interest,
3-Compensation for any special damages as a result of the discrimination.
Note
An individual who knowingly executes, or attempts to execute, securities fraud will be fined, imprisoned not more than 25 years, or both.
What is the COSO?
It is the committee on sponsoring organizations, an independent private sector initiative, was initially established in the mid-1980s
What is the function of COSO?
Studying the factors that lead to fraudulent financial reporting
Note
The private "sponsoring organizations" include the five major financial professional associations in the United States:
1-American Accounting Association (AAA)
2-American Institute of Certified Public Accountants (AICPA)
3-Financial Executives Institute (FEI)
4-Institute of Internal Auditors (IIA)
5-Institute of Management Accountants (IMA)
What is COSO's Framework?
It is an integrated framework issued by COSO in 1992 to assist organizations in developing comprehensive assessments of internal control effectiveness over financial reporting.
Note
The COSO is sometimes referred to as the Treadway Commission after its original chairman, James Treadway, Jr., an executive in the private sector. The "commission" Is neither a governmental body nor an authority sponsored by Congress. Mr. Treadway was not a member of Congress.
What is the Internal Control process?
It is a process designed to provide reasonable assurance about the achievement of the entity's objectives.
Who are the people that can affect the internal control process?
1-Management
2-Other Personnel
What are the entity's objectives that the Internal Control process has been designed to assure its achievement?
1-Reliability of financial reporting.
2-Effectiveness & efficiency of operations.
3-Compliance with applicable laws & regulations.
What are the Internal Control components?
1-Control Environment
2-Risk Assessment
3-Information & Communication systems
4-Monitoring
5-Existing Control Activities
CRIME
What are the principles that an effective control environment should be established on?
1-Management's Philosophy & Operating style 2-Human Resources 3-Financial Reporting competencies 4-Authority & Responsibility 5-Organizational Structure 6-Integrity & Ethical Values 7-Board of Directors PHRASED
What are the attributes (objectives) of the Management's philosophy & operating style principle?
1-Emphasis the reliability of financial reporting
2-Supporting the objective selection of accounting principles & the rigorous development of estimates
3-Articulation of GAAP compliance as the objective of financial reporting
How could management apply its philosophy & operating style principle?
Management could apply this principle by applying the following procedures:
1-Emphasizing reducing the risk of material misstatement
2-Insisting on appropriate documentation for all transactions entered into the financial records
3-Emphasizing diligence in performance of duty
4-Informing personnel involved in the FS preparation about management's commitment to fair presentation
Note
Human resources policies & procedures should be fully compatible with effective financial reporting & internal control.
What are the attributes (objectives) of the Human Resources Principle?
1-Human resources policies demonstrate commitment to competence & ethics.
2-Recruitment is guided by ethical principles that seek competent individuals.
3-Management supports appropriate training.
4-Performance evaluations & compensation practices support achievement of financial reporting objectives.
How could management apply the Human Resources principle?
Management could apply this principle by applying the following procedures:
1-Maintain current job descriptions.
2-Maintain current human resources procedures.
3-Screen job applicants through reference checks & resume reviews.
4-Establish a review & appraisal process.
5-Design & review compensation plans to ensure market rates are paid & that senior management salaries are tied to achievement of nonfinancial goals.
6-Regularly evaluate the competency of personnel.
Note
The company should retain qualified personnel to handle financial reporting.
What are the attributes (objectives) of the financial reporting competencies principle?
1-Competencies necessary for financial reporting are identified. (Identification)
2-Individuals who possess the necessary competencies for financial reporting are hired for that purpose. (Hiring)
3-Needed competencies are regularly evaluated & maintained. (Evaluation & Maintenance)
How could management apply the financial reporting competencies principle?
Management could apply this principle by applying the following procedures:
1-Establishing appropriate knowledge, skills, & abilities for
individuals to be hired for financial reporting responsibilities.
2-Training is provided in house.
3-The board of directors or audit committee regularly evaluates the
competencies of the CFO.
4-ongoing evaluation of competencies.
Note
The authority & responsibility assigned to individuals within the organizational structure should be appropriate to maintain effective internal controls.
What are the attributes (objectives) of the Authority & Responsibility principle?
1-Distribution of the responsibilities according to every position
2-Authority is properly limited by position
Note
Audit committee oversees the management process for defining
responsibility for key financial reporting roles.
What is the responsibilities' distribution made by management & oversaw by the audit committee?
1-Executive management is responsible for solid internal control over
financial reporting & for starting & maintaining the internal control
system.
2-Senior & functional management is responsible for ensuring all
employees understand their responsibilities & adhere to internal
control policies.
How could management apply the Authority & Responsibility principle?
Management could apply this principle by applying the following procedures:
1-Establish clear job descriptions.
2-Document audit committee review of key finance personnel.
3-Align employee positions with appropriate authority.
Note
The organizational structure should support the commitment to effective financial reporting & internal control.
What are the attributes (objectives) of the Organizational structure principle?
1-Designing appropriate financial reporting structures that provide
relevant information at appropriate functional & business unit levels.
2-Maintaining an organizational structure that facilitates reporting
& other communications regarding internal control over financial reporting.
How could management apply the Organizational structure principle?
Management could apply this principle by applying the following procedures:
1-Making Organizational charts to define relationships & roles.
2-Aligning roles to processes
3-Job descriptions should be formally documented & updated from time to time.
4-No more than three layers of organization should exist between the CFO & the individuals involved in financial reporting.
5-Internal auditors should report directly to the CEO with direct
access to the audit committee.
Note
In order to reach effective financial reporting & internal control high standards of integrity & ethical conduct should be adopted by top management & demonstrated throughout the organization.
What are the attributes (objectives) of the Integrity & Ethical Values principle?
1-Statements of ethics are clearly articulated.
2-Processes are in place to monitor adherence to ethical values.
3-Departures from ethical conduct are addressed.
How could management apply the Integrity & Ethical Values principle?
Management could apply this principle by applying the following procedures:
1-Articulating & Demonstrating Integrity & Ethics.
2-Informing Employees about Integrity & Ethics.
3-Demonstrating Commitment to Integrity & Ethics.
What are the attributes (objectives) for the BOD principle?
The Board of Directors should:
(1) Operate independently;
(2) Monitor risk
(3) Appoint an audit committee that oversees audit activities & at least one member of the committee should be a financial expert
(4) Oversee quality & reliability
How could management apply the BOD principle?
1-Establishing standard content & action items at regularly scheduled board meetings.
2-Using national listings from reputable accounting & finance associations to identify independent & appropriately skilled board members.
3-Ensuring the bylaws & charters describe board member responsibilities.
4-Establishing an audit committee
5-Conducting a portion of each board meeting with no member of management present.
What are the specifications that should be regarded while establishing an audit committee by management?
1. Skepticism maintenance
2. Internal control effectiveness Consideration
3. Policies & procedures review
4. Auditors meeting
5. Compliance with statutory & bylaw requirements annually
6-Consider whistleblower information
SIPACC
What are the 3 principles of the Risk Assessment component of the internal control system?
1-Financial Reporting Objectives
2-Financial Reporting Risks
3-Fraud Risk
What are the attributes (objectives) of the financial reporting objectives principle?
FSs should be:
1-Appropriately condensed
2-Supported by relevant assertions & consider materiality
How could management apply the financial reporting objectives principle?
1-Compare its accounting policies to those of similar organizations
2-Analyze its FS assertions
3-Review of FSs
CAR
What are the financial statement assertions that management should analyze to reach the financial reporting objectives?
1-Existence
2-Completeness
3-Rights & Obligations
4-Valuation or Allocation
5-Presentation & Disclosure
What are the financial reporting risks?
Its anything that might interrupt the management's ability to present its FSs in accordance with GAAP
What are the attributes (objectives) of the financial reporting risks principle?
1-As part of evaluating risks, Management needs to consider the following:
a-Processes
b-Personnel
c-Information technology infrastructure
2-Considering the likelihood & Impact of misstatements
How could management apply the financial reporting risks principle?
1-Mapping the existing controls to each of the internal control
components (CRIME) to evaluate the likely effectiveness of those controls in achieving the company's objectives.
2-Meeting with company personnel & considering the impact of external factors (e.g., industry conditions) on achieving the company objectives.
3-Setting triggers to investigate control effectiveness (e.g., variance analysis, changes in accounting principles, etc.).
What are the attributes (objectives) of Fraud Risk principle?
Considering the following:
1-Incentives & Pressures to commit fraud
2-Responsibility & Accountability for fraud policies
How could management apply the fraud risk principle?
1-Considering approaches to circumvent or override controls
2-Conducting fraud assessments
3-Developing incident investigation processes
What is the importance of the "Information & Communication systems" component of the internal control system?
Information systems Identify, Capture, Process, & Distribute information supporting the accomplishment of financial reporting objectives.
DPIC
What are the 4 principles of the "Information & Communication systems" component of the internal control system?
1-Financial Reporting information
2-Internal control information
3-Internal communication
4-External communication
What are the attributes (objectives) of the financial reporting information principle?
Financial reporting systems should be designed to capture all financial transactions in a manner that allows for Timely, Current, & Accurate reporting.
CAT
How should management apply the financial reporting information principle?
Management should:
1-Consider Documenting its Controls with various matrices 2-Corroborate the Effectiveness of Reporting with external parties CDRE
What are the attributes (objectives) of the internal control information principle?
Internal control systems should be designed to capture internal control compliance data & trigger responses where appropriate.
How should management apply the internal control information principle?
Management should:
1-Consider the development of information maps that document controls
2-Discuss the information with affected parties
What are the attributes (objectives) of the internal communication principle?
1-Communication with personnel & the BOD
2-Considering separate communication lines outside the normal chain of command
How should management apply the internal communication principle?
Management should consider:
1-Use of its intranet
2-Periodic meetings with the audit committee
3-Guidelines for communication to staff
What are the attributes (objectives) of the external communication principle?
Open communication with all interested parties
How should management apply the external communication principle?
1-Surveys with external parties
2-Ongoing contacts with external parties
What is the importance of the internal control component of Monitoring of internal control effectiveness?
It provide an assessment of the performance of the system of internal control over time.
What are the 2 principles of "Monitoring of internal control effectiveness" internal control component?
1-Ongoing & Separate Evaluations
2-Reporting Deficiencies
What are the attributes of the "ongoing & separate evaluations" principle?
1-The scope & frequency of evaluations varies based on the significance of the risk being controlled. (Scope & frequency variety)
2-Monitoring should be built into or integrated with the company's operations, (Integration)
3-Evaluations should provide an objective consideration of internal control over financial reporting, (Consideration)
4-Evaluators should be knowledgeable regarding financial reporting & control activities, (Knowledge)
5-Management should receive & consider feedback on internal control over financial reporting, (Feedback)
SICKF
How should management apply the "ongoing and separate evaluations" principle?
1-Metrics to track performance
2-Relating metrics to financial reporting
3-Self-assessment
4-Computer network testing
5-Internal Audit
6-Scope & Frequency of separate evaluations
Mrs. C IS
What are the attributes of the "Reporting Deficiencies" principle?
1-Reports should be made to process owners who control & can correct process errors. Reports should also be made to a level of supervision at least one level above the process owner.
2-Significant deficiencies should be communicated to top management & the board or audit committee.
3-Corrective actions should be taken on a timely basis.
How should management apply the "Reporting Deficiencies" principle?
1-Levels of Reporting differs based on materiality level
2-Alternate reporting channels
3-Guidelines for reporting deficiencies
LAG
What are the control activities component of the internal control system?
They are the policies & procedures used to implement the internal controls
What are the 4 principles of the "Existing control activities" component of the internal control system?
1-Policies & Procedures
2-Risk Assessment Integration
3-Information & Technology
4-Selection & Development
PRIS
What are the attributes (objectives) of the "Risk assessment integration" principle?
Mitigating Risk
How should management apply the "Risk assessment integration" principle?
1-Documenting controls with various matrices
2-Consider conducting workshops
What are the attributes (objectives) of the "Selection & Development" principle?
1-Select the control activities (such as segregation of duties) that appropriately mitigate the risks
2-Select the control activities that are efficient & effective
How should management apply the "Selection & Development" principle?
1-Ensuring that duties are appropriately segregated by studying
processes & using organizational charts.
2-Cost benefit analysis should be considered during the selection of controls.
What are the attributes (objectives) of the "Policies & procedures" principle?
Periodical Reassessment of policies & procedures
How should management apply the "Policies & procedures" principle?
By standardized documentation methodologies that encourage periodic review & renewal
Note
Information systems should be designed to achieve financial reporting objectives.
What are the attributes (objectives) of the "Information and Technology" principle?
Application of the control activities
How should management apply the "Information & Technology" principle?
1-Considering changes in information systems
2-Development of information systems
3-Security & Access of information systems
CDs
Note
The Enterprise Risk Management (ERM) integrated framework has been issued by COSO at 2004
What is the reason beyond issuing the enterprise risk management (ERM) integrated framework by COSO?
Developing a comprehensive response to RISK MANAGEMENT
How could ERM develop a comprehensive response to risk management?
1-Allow management to effectively deal with Risk
2-Evaluate risk acceptance
3-Build value
Note
Value is maximized when strategy balances risks & returns as
well as efficiency & effectiveness in accomplishing objectives.
According to COSO what is the ERM definition?
Enterprise risk management is a process, effected by an entity's board of directors, management, & other personnel, applied in strategy setting & across the enterprise, designed to Identify potential events that may affect the entity, & manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
What are the themes that an ERM encompasses?
1. Aligning Risk Appetite & Strategy
2. Enhancing Risk Response Decisions
3. Reducing Operational Surprises & Losses
4. Identifying & Managing Multiple & Cross-Enterprise Risks
5. Seizing Opportunities
6. Improving Deployment of Capital
Note
ERM has 4 types of objectives:
1-Strategic 2- Operational 3- Reporting 4- Compliance
SORC
What are the strategic objectives for ERM?
Designing high-level goals to achieve the mission
What are the operational objectives for ERM?
Achievement of objectives through the effective & efficient use of resources.
What are the reporting objectives for ERM?
Achievement of reliable reporting.
What are the compliance objectives for ERM?
Ensuring compliance with laws & regulations.
What are the ERM components?
1- Internal environment
2- Setting objectives
3- Event identification
4- Assessment of risk
5- Risk response
6- control Activities
7- Information & communication
8- Monitoring
IS EAR AIM
What are the components of the internal environment component of the ERM?
1- Philosophy of risk management
2- Human resources standards
3- Risk appetite
4- Authority & responsibility
5- Organizational Structure
6- Integrity & Ethical values
7- BOD
8- Commitment to competence
PHRASED C
What is the Philosophy of risk management?
It is the shared beliefs & attitudes of management that impact the entire organization
What is the Risk Appetite?
It is the amount of risk an organization will accept in the pursuit of value
Note
The organizational structure should support the entity's enterprise risk management system.
Note
Employees competence is directly proportional to corporate competence
Note
Organizations set objectives & then identify the events that may prevent the achievement of those objectives.
Note
Strategic objectives often remain the same year after year while the related objectives & the selected objectives are more dynamic.
Note
Risk appetite impacts strategy, which in turn impacts resource allocation.
What is meant by risk tolerance?
It is the accepted level of variation relative to the achievement of objectives.
Note
Events, both negative (risks) & positive (opportunities) should be identified.
Note
Event identification recognizes that occurrences can come from anywhere, whether external or internal.
What are the event identification methods?
1-Event inventories
2-Internal analysis
3-Escalation or threshold triggers
Note
Event inventories is Lists of potential events common to companies in a particular industry.
Note
Internal analysis method is Analysis performed by internal staff as part of business planning.
Note
Escalation or threshold triggers method is Comparison of activity to predefined criteria may trigger identification of events (e.g., variances from standards).
Note
Events may be interdependent & has other consequences
Note
Events may be categorized as internal & external
What are the types of external events that might face the enterprise?
1-Economic
2-Natural environment
3-Political
4-Social
5-Technological
What are the types of internal events that might face the enterprise?
(a) Infrastructure (e.g., assets, capital, & other resources)
(b) Personnel
(c) Process
(d) Technology
Note
Events might be risks or opportunities
Note
Inherent risk is the risk to an organization that exists if management takes no action to change the likelihood or impact of an adverse event.
Note
Residual risk is the risk to an organization that exists after management takes action to mitigate the adverse impact of the event.
Note
In establishing the likelihood & impact of events, managers should use the same time horizon as strategic plans.
Note
Data sources for risk assessment are generally drawn from past experience with similar events.
What are the risk assessment techniques?
1-Benchmarking
2-Probabilistic models
3-Non-probabilistic models
Note
Management's response to risk must align with the organization's overall risk appetite.
What are the 4 ways of responding to risk by management?
1-Avoidance
2-Reduction
3-Sharing
4-Acceptance
What are the types of control activities used by the ERM to respond to risk?
(1) Top-level Reviews
(2) Direct Function or Activity Management
(3) Information Processing
(4) Physical Controls
(5) Performance Indicators
(6) Segregation of Duties
Note
Information is needed at all levels of the organization to manage risks.
What are the specifications of the effective information?
1-Appropriate
2-Timely
3-Current
4-Accurate
5-Accessible
What are the types of monitoring that should be used to manage risk?
1-Ongoing monitoring activities
2-Separate evaluations
3-Reporting deficiencies
Note
ERM components are the effectiveness criteria as they should be both present & functioning to produce effective ERM
What are the objectives of the effective ERM?
Management & BOD should have reasonable assurance about:
1-Extent of objectives achievement
2-Reliability of reporting
3-Compliance with laws & regulations
What are the limitations of the ERM?
1-ERM evaluations could be made in error
2-Managers could override controls
Note
Change control management & processes consider the manner in which management monitors & authorizes changes to a variety of information technology matters including software application
programs, system software, database administration, networks & security, & job scheduling.
What are the steps of the implementation of software application programs?
(1) Risk assessment is performed..
(2) Application controls are considered.
(3) Security requirements are considered.
(4) Data conversion requirements are developed.
(5) Testing is performed.
(6) Implementation.
(7) Post implementation review.
RASD TIP
Note
Patching process is a system update in which the software developer updates the system to eliminate system problems or promote system efficiencies