• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/173

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

173 Cards in this Set

  • Front
  • Back
What are the duties of the BOD ?
"1-Election of officers
2-Removal of officers
3-Supervision of officers
4-Adoption of bylaws
5-Amendment of bylaws
6-Repeal of bylaws
7-Fixing management compensation
8-Initiating fundamental changes to the corporation's structure
9-Declaration of dividends distribution
10-Setting director compensation"
Note
BOD may remove an officer with or without cause
What is the business judgment rule?
It is the rule whereby A director will not be liable to the corporation for acts performed or decisions made in good faith, in a manner the director believes to be in the best interest of the corporation, and with the care an ordinarily prudent person in a like position would exercise.
Note
"Directors will be liable to the corporation only for negligent acts or omissions (e.g., failure to obtain fire insurance; hiring a convicted embezzler as treasurer without looking at his record, etc.)"
Who are the people which a director can rely on?
"1-Corporate officers
2-Employees
3-Committee of the board whom the director reasonably believes to be reliable and competent
4-Legal counsel
5-Accountants
6-Other persons as to matters the director reasonably believes are within such person's professional competence"
Note
Directors may be held liable for unlawful distributions
What is the meaning of unlawful distributions?
"It is the dividends distributions in cases of:
1-The corporation would not be able to pay its debts as they become due in the regular course of business; or
2-The corporation's total assets would be less than its total liabilities."
Note
Directors owe their corporation a duty of loyalty and must act in the best interests of their corporation.
Note
The duty of loyalty prohibits directors from competing with the corporation, but does not necessarily prohibit directors from transacting business with the corporation (e.g., by buying from or selling to the corporation).
What is the corporate opportunity doctrine?
"It means that If a director is presented with a business opportunity that is of interest to his corporation (e.g., he is told that land the corporation is interested in buying has just been put on the market), generally the duty of loyalty prohibits the director from taking the opportunity for himself. He must present the opportunity to the
corporation and can take the opportunity for himself only if the corporation decides not to take it."
Note
Generally, corporations are allowed to indemnify directors for expenses for any lawsuit brought against them in their corporate capacity. The corporation may also pay any judgment imposed in a lawsuit on the director, except in a shareholder derivative suit.
What are the cases that a director's liability to the corporation may be limited?
"1-Financial benefits received by the director to which the director was not entitled;
2-Intentional harm inflicted on the corporation or the shareholders;
3-Unlawful distributions authorized by the director;
4-Intentional violations of criminal law; and
5-Breaches of the duty of loyalty."
Who are the Officers?
Officers are individual agents of the corporation who ordinarily conduct its day-to-day operations and may bind the corporation to contracts made on its behalf.
Note
An officer may be removed even if the officer has a contract and the term of the contract has not expired (although the corporation may be liable for damages in such a case).
Note
A corporate president will generally have apparent authority to enter into contracts and act on behalf of the corporation in the ordinary course of business.
Note
Corporate officers, like corporate directors, are subject to fiduciary duties and must discharge their duties in good faith and with the same care as an ordinarily prudent person in a like position.
Note
"Like directors, officers may be indemnified for expenses and judgments from litigation brought against them in their corporate capacity."
Note
Officers may also serve as directors of the corporation, but good corporate governance happen when the majority of the BOD is independent (The BOD should supervise themselves)
Note
An officer is not required to be a shareholder of the corporation, but he or she may be.
What are the 3 main topics that the SOX act include?
"1-Corporate responsibility
2-Enhanced Financial Disclosure
3-Corporate and criminal fraud accountability"
Note
"The corporate responsibility section of the SOX act relates to 2 issues:
1-Establishment of an audit committee
2-Representations made by key corporate officers (CEO & CFO)"
What are the responsibilities of the Public company Audit committee?
"1-Appointment of the Public accounting firm
2-Compensation of the Public accounting firm
3-Oversight of the work of the Public accounting firm
4-Resolving disputes between the auditor & management"
Note
Audit committee members are to be members of the issuer's board of directors but are to be otherwise independent.
What are the independence criteria that the audit committee need to have while being a member in the BOD?
"1-Audit committee members may not accept compensation from the issuer for consulting or advisory services.
2-Audit committee members may not be an affiliated person of the issuer. (Affiliation means a person having the ability to influence financial decisions)."
What are the specifications of the procedures that the audit committee must establish to accept complaints regarding audit, accounting, or internal control issues?
"1-Procedures must accommodate confidential, anonymous reports by
employees of the issuer.
2-Procedures must accommodate receipt and retention of complaints as well as a method to address those complaints."
Note
According to SOX act, Corporate officials (CEO & CFO) must sign certain representations regarding annual and quarterly reports.
What are the assertions that should be included in the corporate officials' reports?
"1-They have reviewed the report.
2-The report does not contain untrue statements or omit material information.
3-The financial statements fairly present in all material respects the financial condition and results of operations of the issuer.
4-The CEO and CFO signing the report have assumed responsibility for internal controls including assertions.
5-The CEO and CFO signing the report assert that they have made disclosures to the issuer's auditors and the audit committee.
6-The CEO and CFO signing the report must also represent whether there have been any significant changes to internal controls."
What are those assertions that the CEO & CFO had assumed responsibility for regarding internal controls ?
"1-Internal controls have been designed to ensure that material information has been made available.
2-Internal controls have been evaluated for effectiveness as of a date within 90 days prior to the report.
3-Their report includes their conclusions as to the effectiveness of internal controls based upon their evaluation."
What are those assertions that the CEO & CFO had assumed responsibility for regarding disclosures to the issuer's auditors and the audit committee ?
"1-All significant deficiencies in the design or operation of internal controls which might adversely affect the financial statements.
2-Any fraud (regardless of materiality) that involves management or any other employee with a significant role in internal controls."
Note
Improper Influence on the Conduct of Audits by any person is prohibited
Note
"If an issuer is required to prepare an accounting restatement due to material noncompliance with any financial reporting requirement under the securities laws, the CEO and CFO may be required to reimburse the issuer for:
a. Bonuses or incentive-based or equity-based compensation.
b. Gains on sale of securities during that 12-month period."
What is meant by the Enhanced financial disclosure?
"It is the inclusion of the issuer reports for additional details regarding the following:
1-Financial Statements
2-Internal Controls
3- The operations of the audit committee"
What are the enhanced disclosure requirements?
"1-All material correcting adjustments identified by the auditor should be reflected in the financial statements.
2-The financial statements should disclose all material off-balance sheet transactions:
(1) Contingent obligations.
(2) Relationships with unconsolidated subsidiaries.
3-Conformance of pro forma financial statements to the following requirements:
( 1) No untrue statements.
(2) No omitted material information.
(3) Reconciled with GAAP basis financial statements.
4-Use of special purpose entities."
Note
"Issuers are generally prohibited from making personal loans to directors or executive officers except in the following cases:
1-if the consumer credit loans are made in the ordinary course of
business by the issuer.
2-if the terms offered to the officer are generally made available to the public under similar terms and conditions."
Note
Disclosures are required for persons who generally have direct or indirect ownership of more than 10 percent of any class of most any equity security.
Note
"Management and Principal stockholders transactions' disclosure are made by filing a statement."
What are the times that the Management and Principal stockholders transactions' disclosure filing is required?
"1-At the time of registration.
2-When the person achieves 10 percent ownership.
3-If there has been a change in ownership."
Note
The assessment of internal controls is commonly referred to under the SOX act as Section 404.
What are the requirements that the annual report prepared by management for the internal controls assessment should include?
"a. A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
b. An assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures for financial reporting."
Note
The auditor must attest to management's assessment of internal control.
Note
Investment companies are exempted from the enhanced financial disclosure act
Note
Issuers must disclose whether or not the issuer has adopted a code of conduct for senior officers (e.g., CEO, CFO, controller, and chief accountant) and If no code of conduct has been adopted, the issuer must disclose the reasons.
What are the issues the code of ethics should promote?
"1-Honest and ethical conduct (including handling of conflicts of interest).
2-Full, fair, accurate, and timely disclosures in periodic financial reports.
3-Compliance with laws, rules, and regulations."
Note
At least one member of the audit committee should be a financial expert.
Note
Financial reports of the issuer must disclose the existence of a financial expert on the committee or the reasons why the committee does not have a member who is a financial expert.
Who is the person that qualifies for the position of financial expert?
"1-Past experienced public accountant
2-Past experienced principal financial officer
3-Comptroller
4-Principal accounting officer for an issuer"
What is the knowledge that should be available for the financial expert?
"1-Understanding of GAAP.
2-Experience in the preparation or auditing of financial statements for
comparable issuers.
3-Application of GAAP.
4-Experience with internal controls.
5-Understanding of audit committee functions."
Note
The SEC is required to review disclosures made by issuers, including those in Form 10-K, on a regular and systematic basis for the protection of investors.
What are the considerations that the SEC should consider while performing the issuers' disclosure review?
"The SEC should consider only issuers with the following specifications:
1-Having issued material restatements of financial results.
2-Experiencing significant volatility in their stock prices when compared to other Issuers.
3-Issuers with the largest market capitalization.
4-Emerging companies with disparities in price-to-earning ratios.
5-Whose operations significantly affect any material sector of the economy."
Note
Individuals who alter, destroy, mutilate, conceal, cover up, falsify, or make false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence an investigation, will be fined, imprisoned for not more than 20 years, or both.
Note
Auditors of issuers should retain all audit and review work papers for a period of 7 years from the end of the fiscal period in which the audit or review was conducted. Failure to do so will result in a fine, imprisonment for not more than 10 years, or both.
What is the statute of limitations for securities fraud?
"The earlier of:
1-Two years after the discovery of the facts constituting the violation
2-Five years after the violation."
Note
An employee who lawfully provides evidence of fraud may not be discharged, demoted, suspended, threatened, harassed, or in any other matter discriminated against for providing such information.
Note
"An employee who alleges discharge or other discrimination for providing evidence of fraud may file a complaint with the Secretary of Labor."
What is the compensation that the whistleblower would gain from complaining with the secretary of labor of any discrimination he faced after providing evidence of fraud?
"1-Reinstatement with the same seniority status that the employee would have had,
2-Back pay with interest,
3-Compensation for any special damages as a result of the discrimination."
Note
An individual who knowingly executes, or attempts to execute, securities fraud will be fined, imprisoned not more than 25 years, or both.
What is the COSO?
It is the committee on sponsoring organizations, an independent private sector initiative, was initially established in the mid-1980s
What is the function of COSO?
Studying the factors that lead to fraudulent financial reporting
Note
"The private ""sponsoring organizations"" include the five major financial professional associations in the United States:
1-American Accounting Association (AAA)
2-American Institute of Certified Public Accountants (AICPA)
3-Financial Executives Institute (FEI)
4-Institute of Internal Auditors (IIA)
5-Institute of Management Accountants (IMA)"
What is COSO's Framework?
It is an integrated framework issued by COSO in 1992 to assist organizations in developing comprehensive assessments of internal control effectiveness over financial reporting.
Note
The COSO is sometimes referred to as the Treadway Commission after its original chairman, James Treadway, Jr., an executive in the private sector. The "commission" Is neither a governmental body nor an authority sponsored by Congress. Mr. Treadway was not a member of Congress.
What is the Internal Control process?
It is a process designed to provide reasonable assurance about the achievement of the entity's objectives.
Who are the people that can affect the internal control process?
"1-Management
2-Other Personnel"
What are the entity's objectives that the Internal Control process has been designed to assure its achievement?
"1-Reliability of financial reporting.
2-Effectiveness and efficiency of operations.
3-Compliance with applicable laws and regulations."
What are the Internal Control components?
"1-Control Environment
2-Risk Assessment
3-Information & Communication systems
4-Monitoring
5-Existing Control Activities
CRIME"
What are the principles that an effective control environment should be established on?
"1-Management's Philosophy & Operating style
2-Human Resources
3-Financial Reporting competencies
4-Authority & Responsibility
5-Organizational Structure
6-Integrity & Ethical Values
7-Board of Directors
PHRASED"
What are the attributes (objectives) of the Management's philosophy & operating style principle?
"1-Emphasis the reliability of financial reporting
2-Supporting the objective selection of accounting principles and the rigorous development of estimates
3-Articulation of GAAP compliance as the objective of financial reporting"
How could management apply its philosophy and operating style principle?
"Management could apply this principle by applying the following procedures:
1-Emphasizing reducing the risk of material misstatement
2-Insisting on appropriate documentation for all transactions entered into the financial records
3-Emphasizing diligence in performance of duty
4-Informing personnel involved in the financial statement preparation about management's commitment to fair presentation"
Note
Human resources policies and procedures should be fully compatible with effective financial reporting and internal control.
What are the attributes (objectives) of the Human Resources Principle?
"1-Human resources policies demonstrate commitment to competence and ethics.
2-Recruitment is guided by ethical principles that seek competent individuals.
3-Management supports appropriate training.
4-Performance evaluations and compensation practices support achievement of financial reporting objectives."
How could management apply the Human Resources principle?
"Management could apply this principle by applying the following procedures:
1-Maintain current job descriptions.
2-Maintain current human resources procedures.
3-Screen job applicants through reference checks and resume reviews.
4-Establish a review and appraisal process.
5-Design and review compensation plans to ensure market rates are paid and that senior management salaries are tied to achievement of nonfinancial goals.
6-Regularly evaluate the competency of personnel."
Note
The company should retain qualified personnel to handle financial reporting.
What are the attributes (objectives) of the financial reporting competencies principle?
"1-Competencies necessary for financial reporting are identified. (Identification)
2-Individuals who possess the necessary competencies for financial reporting are hired for that purpose. (Hiring)
3-Needed competencies are regularly evaluated and maintained. (Evaluation & Maintenance)"
How could management apply the financial reporting competencies principle?
"Management could apply this principle by applying the following procedures:
1-Establishing appropriate knowledge, skills, and abilities for individuals to be hired for financial reporting responsibilities.
2-Training is provided in house.
3-The board of directors or audit committee regularly evaluates the competencies of the CFO.
4-ongoing evaluation of competencies."
Note
The authority and responsibility assigned to individuals within the organizational structure should be appropriate to maintain effective internal controls.
What are the attributes (objectives) of the Authority & Responsibility principle?
"1-Distribution of the responsibilities according to every position
2-Authority is properly limited by position"
Note
"Audit committee oversees the management process for defining responsibility for key financial reporting roles."
What is the responsibilities' distribution made by management and oversaw by the audit committee?
"1-Executive management is responsible for solid internal control over financial reporting and for starting and maintaining the internal control system.
2-Senior and functional management is responsible for ensuring all employees understand their responsibilities and adhere to internal control policies."
How could management apply the Authority & Responsibility principle?
"Management could apply this principle by applying the following procedures:
1-Establish clear job descriptions.
2-Document audit committee review of key finance personnel.
3-Align employee positions with appropriate authority."
Note
The organizational structure should support the commitment to effective financial reporting and internal control.
What are the attributes of the Organizational structure principle?
"1-Designing appropriate financial reporting structures that provide relevant information at appropriate functional and business unit levels.
2-Maintaining an organizational structure that facilitates reporting and other communications regarding internal control over financial reporting."
How could management apply the Organizational structure principle?
"Management could apply this principle by applying the following procedures:
1-Making Organizational charts to define relationships and roles.
2-Aligning roles to processes
3-Job descriptions should be formally documented and updated from time to time.
4-No more than three layers of organization should exist between the CFO and the individuals involved in financial reporting.
5-Internal auditors should report directly to the CEO with direct access to the audit committee."
Note
In order to reach effective financial reporting and internal control high standards of integrity and ethical conduct should be adopted by top management and demonstrated throughout the organization.
What are the attributes (objectives) of the Integrity & Ethical Values principle?
"1-Statements of ethics are clearly articulated.
2-Processes are in place to monitor adherence to ethical values.
3-Departures from ethical conduct are addressed."
How could management apply the Integrity & Ethical Values principle?
"Management could apply this principle by applying the following procedures:
1-Articulating and Demonstrating Integrity and Ethics.
2-Informing Employees about Integrity and Ethics.
3-Demonstrating Commitment to Integrity and Ethics."
What are the attributes (objectives) for the BOD principle?
"The Board of Directors should:
(1) Operate independently;
(2) Monitor risk
(3) Appoint an audit committee that oversees audit activities and at least one member of the committee should be a financial expert
(4) Oversee quality and reliability"
How could management apply the BOD principle?
"1-Establishing standard content and action items at regularly scheduled board meetings.
2-Using national listings from reputable accounting and finance associations to identify independent and appropriately skilled board members.
3-Ensuring the bylaws and charters describe board member responsibilities.
4-Establishing an audit committee
5-Conducting a portion of each board meeting with no member of management present."
What are the specifications that should be regarded while establishing an audit committee by management?
"1. Skepticism maintenance
2. Internal control effectiveness Consideration
3. Policies and procedures review
4. Auditors meeting
5. Compliance with statutory and bylaw requirements annually
6-Consider whistleblower information
SIPACC"
What are the 3 principles of the Risk Assessment component of the internal control system?
"1-Financial Reporting Objectives
2-Financial Reporting Risks
3-Fraud Risk"
What are the attributes (objectives) of the financial reporting objectives principle?
"Financial statements should be:
1-Appropriately condensed
2-Supported by relevant assertions and consider materiality"
How could management apply the financial reporting objectives principle?
"1-Compare its accounting policies to those of similar organizations
2-Analyze its financial statement assertions
3-Review of financial statements
CAR"
What are the financial statement assertions that management should analyze to reach the financial reporting objectives?
"1-Existence
2-Completeness
3-Rights & Obligations
4-Valuation or Allocation
5-Presentation & Disclosure"
What are the financial reporting risks?
Its anything that might interrupt the management's ability to present its financial statements in accordance with GAAP
What are the attributes (objectives) of the financial reporting risks principle?
"1-As part of evaluating risks, Management needs to consider the following:
a-Processes
b-Personnel
c-Information technology infrastructure
2-Considering the likelihood & Impact of misstatements"
How could management apply the financial reporting risks principle?
"1-Mapping the existing controls to each of the internal control
components (CRIME) to evaluate the likely effectiveness of those controls in achieving the company's objectives.
2-Meeting with company personnel and considering the impact of external factors (e.g., industry conditions) on achieving the company objectives.
3-Setting triggers to investigate control effectiveness (e.g., variance analysis, changes in accounting principles, etc.)."
What are the attributes (objectives) of Fraud Risk principle?
"Considering the following:
1-Incentives & Pressures to commit fraud
2-Responsibility & Accountability for fraud policies"
How could management apply the fraud risk principle?
"1-Considering approaches to circumvent or override controls
2-Conducting fraud assessments
3-Developing incident investigation processes"
What is the importance of the "Information and Communication systems" component of the internal control system?
"Information systems Identify, Capture, Process, and Distribute information supporting the accomplishment of financial reporting objectives.
DPIC"
What are the 4 principles of the "Information & Communication systems" component of the internal control system?
"1-Financial Reporting information
2-Internal control information
3-Internal communication
4-External communication"
What are the attributes (objectives) of the financial reporting information principle?
"Financial reporting systems should be designed to capture all financial transactions in a manner that allows for Timely, Current, and Accurate reporting.
CAT"
How should management apply the financial reporting information principle?
"Management should:
1-Consider Documenting its Controls with various matrices
2-Corroborate the Effectiveness of Reporting with external parties
CDRE"
What are the attributes (objectives) of the internal control information principle?
Internal control systems should be designed to capture internal control compliance data and trigger responses where appropriate.
How should management apply the internal control information principle?
"Management should:
1-Consider the development of information maps that document controls
2-Discuss the information with affected parties"
What are the attributes (objectives) of the internal communication principle?
"1-Communication with personnel and the BOD
2-Considering separate communication lines outside the normal chain of command"
How should management apply the internal communication principle?
"Management should consider:
1-Use of its intranet
2-Periodic meetings with the audit committee
3-Guidelines for communication to staff "
What are the attributes (objectives) of the external communication principle?
Open communication with all interested parties
How should management apply the external communication principle?
"1-Surveys with external parties
2-Ongoing contacts with external parties"
What is the importance of the internal control component of Monitoring of internal control effectiveness?
It provide an assessment of the performance of the system of internal control over time.
What are the 2 principles of "Monitoring of internal control effectiveness" internal control component?
"1-Ongoing and Separate Evaluations
2-Reporting Deficiencies"
What are the attributes of the "ongoing and separate evaluations" principle?
"1-The scope and frequency of evaluations varies based on the significance of the risk being controlled. (Scope and frequency variety)
2-Monitoring should be built into or integrated with the company's operations, (Integration)
3-Evaluations should provide an objective consideration of internal control over financial reporting, (Consideration)
4-Evaluators should be knowledgeable regarding financial reporting and control activities, (Knowledge)
5-Management should receive and consider feedback on internal control over financial reporting, (Feedback)
SICKF"
How should management apply the "ongoing and separate evaluations" principle?
"1-Metrics to track performance
2-Relating metrics to financial reporting
3-Self-assessment
4-Computer network testing
5-Internal Audit
6-Scope & Frequency of separate evaluations
Mrs. C IS"
What are the attributes of the "Reporting Deficiencies" principle?
"1-Reports should be made to process owners who control and can correct process errors. Reports should also be made to a level of supervision at least one level above the process owner.
2-Significant deficiencies should be communicated to top management and the board or audit committee.
3-Corrective actions should be taken on a timely basis."
How should management apply the "Reporting Deficiencies" principle?
"1-Levels of Reporting differs based on materiality level
2-Alternate reporting channels
3-Guidelines for reporting deficiencies
LAG"
What are the control activities component of the internal control system?
They are the policies and procedures used to implement the internal controls
What are the 4 principles of the "Existing control activities" component of the internal control system?
"1-Policies and Procedures
2-Risk Assessment Integration
3-Information and Technology
4-Selection and Development
PRIS"
What are the attributes (objectives) of the "Risk assessment integration" principle?
Mitigating Risk
How should management apply the "Risk assessment integration" principle?
"1-Documenting controls with various matrices
2-Consider conducting workshops"
What are the attributes (objectives) of the "Selection and Development" principle?
"1-Select the control activities (such as segregation of duties) that appropriately mitigate the risks
2-Select the control activities that are efficient and effective"
How should management apply the "Selection and Development" principle?
"1-Ensuring that duties are appropriately segregated by studying
processes and using organizational charts.
2-Cost benefit analysis should be considered during the selection of controls."
What are the attributes (objectives) of the "Policies and procedures" principle?
Periodical Reassessment of policies and procedures
How should management apply the "Policies and procedures" principle?
By standardized documentation methodologies that encourage periodic review and renewal
Note
Information systems should be designed to achieve financial reporting objectives.
What are the attributes (objectives) of the "Information and Technology" principle?
Application of the control activities
How should management apply the "Information and Technology" principle?
"1-Considering changes in information systems
2-Development of information systems
3-Security and Access of information systems
CDs"
Note
The Enterprise Risk Management (ERM) integrated framework has been issued by COSO at 2004
What is the reason beyond issuing the enterprise risk management (ERM) integrated framework by COSO?
Developing a comprehensive response to RISK MANAGEMENT
How could ERM develop a comprehensive response to risk management?
"1-Allow management to effectively deal with Risk
2-Evaluate risk acceptance
3-Build value"
Note
"Value is maximized when strategy balances risks and returns as
well as efficiency and effectiveness in accomplishing objectives."
According to COSO what is the ERM definition?
Enterprise risk management is a process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to Identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
What are the themes that an ERM encompasses?
"1. Aligning Risk Appetite and Strategy
2. Enhancing Risk Response Decisions
3. Reducing Operational Surprises and Losses
4. Identifying and Managing Multiple and Cross-Enterprise Risks
5. Seizing Opportunities
6. Improving Deployment of Capital"
Note
"ERM has 4 types of objectives:
1-Strategic 2- Operational 3- Reporting 4- Compliance
SORC"
What are the strategic objectives for ERM?
Designing high-level goals to achieve the mission
What are the operational objectives for ERM?
Achievement of objectives through the effective and efficient use of resources.
What are the reporting objectives for ERM?
Achievement of reliable reporting.
What are the compliance objectives for ERM?
Ensuring compliance with laws and regulations.
What are the ERM components?
"1- Internal environment
2- Setting objectives
3- Event identification
4- Assessment of risk
5- Risk response
6- control Activities
7- Information and communication
8- Monitoring
IS EAR AIM"
What are the components of the internal environment component of the ERM?
"1- Philosophy of risk management
2- Human resources standards
3- Risk appetite
4- Authority and responsibility
5- organizational Structure
6- integrity and Ethical values
7- BOD
8- Commitment to competence
PHRASED C"
What is the Philosophy of risk management?
It is the shared beliefs and attitudes of management that impact the entire organization
What is the Risk Appetite?
It is the amount of risk an organization will accept in the pursuit of value
Note
The organizational structure should support the entity's enterprise risk management system.
Note
Employees competence is directly proportional to corporate competence
Note
Organizations set objectives and then identify the events that may prevent the achievement of those objectives.
Note
Strategic objectives often remain the same year after year while the related objectives and the selected objectives are more dynamic.
Note
Risk appetite impacts strategy, which in turn impacts resource allocation.
What is meant by risk tolerance?
It is the accepted level of variation relative to the achievement of objectives.
Note
Events, both negative (risks) and positive (opportunities) should be identified.
Note
Event identification recognizes that occurrences can come from anywhere, whether external or internal.
What are the event identification methods?
"1-Event inventories
2-Internal analysis
3-Escalation or threshold triggers"
Note
Event inventories is Lists of potential events common to companies in a particular industry.
Note
Internal analysis method is Analysis performed by internal staff as part of business planning.
Note
Escalation or threshold triggers method is Comparison of activity to predefined criteria may trigger identification of events (e.g., variances from standards).
Note
Events may be interdependent and has other consequences
Note
Events may be categorized as internal and external
What are the types of external events that might face the enterprise?
"1-Economic
2-Natural environment
3-Political
4-Social
5-Technological"
What are the types of internal events that might face the enterprise?
"(a) Infrastructure (e.g., assets, capital, and other resources)
(b) Personnel
(c) Process
(d) Technology"
Note
Events might be risks or opportunities
Note
Inherent risk is the risk to an organization that exists if management takes no action to change the likelihood or impact of an adverse event.
Note
Residual risk is the risk to an organization that exists after management takes action to mitigate the adverse impact of the event.
Note
In establishing the likelihood and impact of events, managers should use the same time horizon as strategic plans.
Note
Data sources for risk assessment are generally drawn from past experience with similar events.
What are the risk assessment techniques?
"1-Benchmarking
2-Probabilistic models
3-Non-probabilistic models"
Note
Management's response to risk must align with the organization's overall risk appetite.
What are the 4 ways of responding to risk by management?
"1-Avoidance
2-Reduction
3-Sharing
4-Acceptance"
What are the types of control activities used by the ERM to respond to risk?
"(1) Top-level Reviews
(2) Direct Function or Activity Management
(3) Information Processing
(4) Physical Controls
(5) Performance Indicators
(6) Segregation of Duties"
Note
Information is needed at all levels of the organization to manage risks.
What are the specifications of the effective information?
"1-Appropriate
2-Timely
3-Current
4-Accurate
5-Accessible"
What are the types of monitoring that should be used to manage risk?
"1-Ongoing monitoring activities
2-Separate evaluations
3-Reporting deficiencies"
Note
ERM components are the effectiveness criteria as they should be both present and functioning to produce effective ERM
What are the objectives of the effective ERM?
"Management and BOD should have reasonable assurance about:
1-Extent of objectives achievement
2-Reliability of reporting
3-Compliance with laws and regulations"
What are the limitations of the ERM?
"1-ERM evaluations could be made in error
2-Managers could override controls"
Note
"Change control management and processes consider the manner in which management monitors and authorizes changes to a variety of information technology matters including software application
programs, system software, database administration, networks and security, and job scheduling."
What are the steps of the implementation of software application programs?
"(1) Risk assessment is performed..
(2) Application controls are considered.
(3) Security requirements are considered.
(4) Data conversion requirements are developed.
(5) Testing is performed.
(6) Implementation.
(7) Post implementation review.
RASD TIP"
Note
Patching process is a system update in which the software developer updates the system to eliminate system problems or promote system efficiences