Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BUSINESS
lA
Corporate Governance
Control Environment
lA-1
2010 DeVry/Becker Educational Development Corp. All rights reserved.
NOTES
lA-2
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.
SUMMARY NOTES
I. RIGHTS, DUTIES, RESPONSIBILITIES AND AUTHORITY OF THE BOARD OF DIRECTORS, OFFICERS, AND OTHER EMPLOYEES
A.
Financial Reporting
The financial reporting issues associated with corporate governance generally relate to the provisions of the Sarbanes Oxley Act of 2002 (also called SOX). SOX has numerous provisions for expanded disclosures and specific representations by management that are described in two major titles.
1.
c. d.
e.
f.
g.
h.
2.
d.
lA-3
Cl 2010 DeVry/Becker Educational Development Corp. All rights reserved.
B.
a.
Control Activities
(1) (2) The policies and procedures that respond to the risk assessment are the subject of the control activities component. Principles of control activities include policies and procedures, the selection of policies and procedures, and information and technology.
b.
Risk Assessment
(1) (2) The objective of financial reporting is generally fair presentation in accordance with
GAAP.
Financial reporting objectives and risks as well as fraud risks are principles of this component.
c.
d.
Monitoring
(1) (2) Monitoring the effectiveness of internal control is the goal ofthe monitoring component. Monitoring by way of ongoing and separate evaluations and reporting findings (deficiencies) are the related principles.
e.
Control Environment
(1) (2) Referred to as the 'lone at the top.' Ethics, Board oversight, financial reporting competencies, and organizational structure are the types of foundational principles that define this component (see below).
2.
lA-4
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.
C.
Enterprise Risk Management (Including COSO) In 2004, the COSO issued Enterprise Risk Management- Integrated Framework (ERM) to assist organizations in developing a comprehensive response to risk management. The intent of enterprise risk management is to allow management to effectively deal with uncertainty, evaluate risk acceptance, and build value. 1. 2. 3. 4. 5. ERM seeks to align risk appetite and strategy. Organizational responses to risk may be risk avoidance, risk reduction, risk sharing, or risk acceptance. ERM anticipates a three dimensional model that coordinates an organization's four objectives by risk management component by layer of the organization. Objectives may be strategic, operations, reporting or compliance. The components of ERM follow in logical sequence as follows: a. Internal Environment (1) (2) b. The tone of the organization. The risk consciousness of the staff are influenced by the internal environment.
Objective Setting (1) (2) Strategic objectives establish the basis for related operations, reporting and compliance objectives. Objectives are aligned with the risk tolerances (risk appetite) of the organization.
c.
Event Identification (1) (2) (3) Events are identified that may positively impact the organization's ability to meet objectives (opportunities). Events are identified that negatively impact the organizations ability to meet objectives (risks). Risk and opportunities consider internal and external factors.
d.
Risk Assessment (1) (2) Management assesses the likelihood (probability) and impact (severity) of events. Management looks at risk on an inherent basis (what may occur if no risk response is taken) and a residual basis (what risk is left after consideration of a risk response).
e.
Risk Response (1) (2) Risk response can be risk avoidance, reduction, sharing, or acceptance. Risk response is considered in relation to affect on likelihood and severity and in relation to cost benefit.
f.
Control Activities Control activities are the policies and procedures that carry out risk response.
g.
Information and Communication Information is gathered and communicated in time to respond to risk.
lAS
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.
h.
Monitoring
Risk management is assessed for presence and functioning over time.
6.
Layers of the organization are entity-level: division, business unit and subsidiary.
SUMMARY OF COSO FRAMEWORK COMPONENTS
2. Board of Directors
3. Management's Philosophy and Operating Style 4. Organizational Structure 5. Financial Reporting Competencies 6. Authority and Responsibility 7. Human Resources
lA-6
Cl 2010 DeVry/Becker Educational Development Corp. All rights reserved.
II.
B.
C.
2.
1A7
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.
NOTES
lA-8
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.
MULTIPLE-CHOICE QUESTIONS
QUESTION 1
Which of the following is true of audit committees under the provisions of the Sarbanes Oxley Act of 2002? 1. A majority of the audit committee must consist of financial experts. 2. No financial experts are required if the audit committee can consult with either the auditor or the chief financial officer.
3. At least one audit committee member must be a financial expert. 4. At least two audit committee members must be financial experts and one must be a CPA.
QUESTION 2
Which of the following is true regarding a financial expert serving on the audit committee of an issuer that is complying with the Sarbanes Oxley Act of 2002? 1. The audit committee member may qualify for recognition as a financial expert using most any combination of education and experience. 2. An audit committee member must have been a member of the board of directors for five years before serving as a financial expert. 3. An audit committee member qualifying as a financial expert must have adequate technical training and experience as an auditor. 4. Disclosure of the financial expert is made at the election of the audit committee.
QUESTION 3
The Committee on Sponsoring Organization's (COSO) Internal Control- Integrated Framework includes a risk assessment component that includes all of the following in its principles, except: 1. Choices of financial accounting principles 2. Adequacy of disclosures 3. 4. Fraud Organizational structure
QUESTION 4
The Committee on Sponsoring Organization's (COSO) Internal Control- Integrated Framework includes five distinct components that include all the following, except: 1. Control environment. 2. 3. 4. Risk assessment. Risk response. Control activities.
lA-9
Cl 2010 DeVry/Becker Educational Development Corp. All rights reserved.
QUESTION 5
An issuer concluding as to the effectiveness of the design and operation of internal control under the Sarbanes Oxley Act of 2002 would most likely look to what document or source for guidance on the evaluation of internal control and related documentation? 1. Sarbanes Oxley Act of 2002. 2. 3. 4. Internal Control- Integrated Framework. Enterprise Risk Management- Integrated Framework. Statements on Auditing Standards.
lA-10
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.
TASK-BASED SIMULATIONS
TASK-BASED SIMULATION 1:
Written Communication
Paste
I It) Undo
(111 Redo
The Chairman of the Board of Directors is worried about the upcoming audit. Specifically, he is concerned about how he will prove to the auditors that the Board of Directors has fulfilled its' oversight function in accordance with the COSO Internal Control-Integrated Framework. As the Chief Financial Officer, draft a memo to the Chairman describing what the auditors might look for in regards to the following board attributes: Operates independently Monitors risk Retains financial reporting expertise Oversees audit activities Type your communication in the response area below using the word processor provided.
REMINDER: Your response will be graded for both technical content and writing skills. Technical content will be evaluated for information that is helpful to the intended reader and clearly relevant to the issue. Writing skills will be evaluated for development, organization, and the appropriate expression of ideas in professional correspondence. Use a standard business memo or letter format with a clear beginning, middle, and end. Do not convey information in the form of a table, bullet point list, or other abbreviated presentation.
MEMORANDUM
To:
Subject:
[Response area]
I Slnce,ely,
Chief Financial Officer
lA-11
2010 DeVry/Becker Educational Development Corp. All rights reserved.
MEMORANDUM
To: Subject:
The purpose of this memo is to identify and explain the kinds of activities that will enable the auditors to conclude that the Board of Directors is fulfilling its' oversight function in accordance with the COSO Internal Control-Integrated Framework. One of the characteristics of an effective board is the ability of each member to provide independent advice to our company. You may recall, annually our company requires each board member to disclose in writing any personal relationships and material direct or indirect financial transactions with our company. In addition to this, we have a process in place where the Vice President of the board reviews these disclosures and evidences his review via signature on the certification statement. Before any vote is taken, the VP verbally reminds board members to vote independently and, if applicable, has the power to ask board members to recuse themselves from the vote in the event that they are not entirely independent on the issue at hand. While our by-laws document the responsibilities of the Vice President, the board minutes document the actions of the board and VP, consistent with the policy defined in the by-laws. Rest assured that the auditors will review both of these documents and find the evidence to support a conclusion on board oversight. We also have a separate nominating committee that identifies and screens potential board members. Evidence that the nominating committee has performed their duties includes a review of background checks performed as well as the written recommendations made by this committee. Another attribute that the auditors will assess is the board's ability to monitor risk. One of the most powerful ways to demonstrate effective board oversight is to establish an empowered audit committee with the authority and responsibility to meet privately with internal and external auditors and respond directly to significant audit findings. Even staffing the audit committee with knowledgeable financial professionals such as CPA's provides additional comfort to auditors that the board has the capacity to understand the gravity of the issues put before the them. While the auditors have both the charter and by-laws to support the creation and empowerment of the audit committee, their selection and retention provides further support that the audit committee is actually performing the responsibilities assigned to it. Further proof of effective oversight can be obtained by reviewing the certification statements made by the audit committee, which attest to review activities performed and decisions made. In addition, the board minutes document the adoption of new accounting policies and procedures. And lasHy, the auditors can examine whistleblower logs to determine how complaints were handled and the timeliness of the board response. As you can see, we have a number of mechanisms already in place that will objectively demonstrate the effectiveness of our board. The board does an excellent job and you will be very well prepared to speak to these issues with our auditor. Feel free to contact me should need anything further regarding this matter.
Sincerely,
lA-lZ
1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.