Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

76 Cards in this Set

  • Front
  • Back
corporate governance content
1) financial reporting of public companies. 2) internal controk
COSO control envirnment
management operating style relates ethics. and financial reporting. vs human resource policies ( recruit and evaluate the employee)
compliance program
enhanced financial disclosure: SOX
contigency loss that pending law suit was not accrued
SOX: internal control : repoting
assumption of responsibility. assessment of effectiveness of I/c
SOX. code of ethic provisions
1 full fair accurate disclosure. 2 honesty ethic conduct
Sox: audit committee financial expert
external communication vs internal communication
external: the matter that affecting f/s is communicated with outside party. internal: enable archive objective. variance analysis = to suppirt internal control. internal control information
COSO monitoring
deficiencies is identified reported investigated on going and separate evaluation
COSO: ERM ( enterprise risk management)
1) risk assessment: the determination of likelihood or impact on the event to achieve the objective of company. 2) control activity: response to a risk
risk sharing ERM
insuring against loss or do joint venture
COSO: an operational objective vs a reporting objective
COSO: an operational objective. ( within budget) vs a reporting objective.( GAAP)
IPPF: international
IIA standards
the chief audit executive to establish a risk based approach to determine audit priorities
ERM: enterprise risk management
1. internal environment. 2. objective setting. 3 event identification. 4. risk assessment 5 risk response. 6 control activities. 7 information and communication. 8 monitoring
audit comittee
qualification ( competence independence) a financial expert. responsibilities
disclosure committee
to management. a standard reporting package
compensation committee
make a recommendation to BOD
independent of directors. 5 yrs for director &:family member for employee of the company. 3 yrs for NASDAQ. 5yrs for audit firm 3 for nasdaq. 3 yrs for receiving $ 120k other than director compensation
responsible for protecting investors
3 principles : operating efficiency. compliance. F/S. 5 component uCRIME
control environment
1. mgmt integrity ethical value. 2. philosophy operating style. 3. organization structure. 4 BOD. AUDIT COMMITTEE participation. 5. inter audit function. 6. personnel policies and practice. 7 . external influences 8 includes set of standards. process and structures
risk assessment. COSO
risk assessment for financial reporting. risk= change--- new--- restructuring rapid expand----
control activity
authorization. contro of transacton is SOD. documents and records. safeguarding. independent check on performance 2) includes polices procedures that mgmt s directives r carried out. routinely perform controls
information and communication
identification retention. transfer of information
ongoing. and separate evaluation of the quality of IC
assessment of the effectiveness of ICFR ( internal control over financial reporting )
SOX 404b: express opinion on IC. auditor. plan & perform. to get reasonable assurance whether material weakness exist. 2 one or more material weakness = IC is not effective.
control deficiency
the design or operation of control NOT prevent or detect misstatements on a timely basis
significant deficiency
a control deficiency or combination of control deficiencies. less severe than a material weakness
material weakness
a or combination of significant deficiency. a reasonable possibility that material misstatements of f/s will not be prevented or corrected in a timely badis
compensating control
exist then control deficiency is ordinarily not a significant deficiency or material weakness
strong indicator of mw
1 fraud by senior mgmt 2 restatement due error or fraud. 3 mw was not detected by IC. 4 ineffective oversight. 5. compensation for mgmt increase. 6 effect in compliance
1. unqualified. 2. withdrawal or disclaimer . 3 an adverse ; one or more mw. if remediated by year end then UQ. 4 date should be same ICFR = FR
defective certifications
COE 1 M or 10 yrs in prison. willful dc : 5M or 20yr
risk reduction vs risk sharing
reducrion: relocation compensating or mitigation control. sharing: a joint venture. buying insurance
risk assessment
objective setting--- event identification -- risk assessment -- risk response
threshold triggers
mgmt predetermined limits
inherent risk vs residual risk
inherent: mgmt nothing to do to alter. residual: risk of event after considering mgmt s response
ERM limitation
human judgement. mgmt over ride. cost benefit constraint. collusion. change in environment
ERP : enterprise resource planning
1 cross functional system. 2 integrated data f all org activities. 3 automates business work together
ERM 8 component
IS EAR AIM internal environment. setting objectives. event identification. assessment of risk risk response. activities - control. information and communication. monitoring
on line analytical processing vs on line transaction processing system
analytical: allows end users. to retrieve data from a system and perform using statistics and graphics tool. TPS: customer payment or other transaction. EIS: strategic information. in line info storage system: ex list of charges by month
financial expert on audit committee
1. experience with internal controls. 2 understanding of GAAP. internal control. audit committee function
fiduciary relationship to the company6
Materiality misstatements
auditors judgment not discuss with corporate governance
auditor. communication w audit committee
any disagreement ( even solved) on financial statement
American option vs European option
american: during a specific period of time. European : at a specified date
T - bill
less than 1yr. denomination of $1k. max 5M purchase. T- note : 1 - 10 yr. T - bond 10 + yr
credit risk
the default by borrower or issuer of debts security bonds
price risk
a security will decline in value
open ended fund vs closed end fund
open= mutual fund
COSO : reporting objectives
external internal financial non financial reporting objectives
C/S with cumulative voting rights
get one vote for each director
Dodd-Frank Act of 2010: wall street reform and consumer protection
insider director of BOD : offer employee. major stockholder. disclose why why not the chairperson of the board is also the CEO
internal audit charter
purpose. responsibility. authority
requires CEO to disclose all significant internal control deficiency to company's auditor and audit committee
IIA the institute of internal auditors
a risk based approach to determine audit priorities
objective: 4 strategic, operating , compliance, reporting. component:8 CRIME plus object setting. event identification. risk respinse
individuals that monitor controls within a organization]
a master file vs a transaction file
master: permanent file. a source of reference. periodically updated
the role of the system analyst. the information system manager. the control group. a system programmer
the Dodd-Frank Act of 2010
all members of the compensation committee of the board of directors be independent
SOX : internal control
3: mgmt responsibility on F/S ; evaluate the effectiveness of IS. ; Auditor attested mgmt s evaluation on F/S
code of ethic provisions by SOX
disclosure on F/S and honest ethical conduct
compliance program
ethical value to hot line & ethical training program
COSO: information and communication
consider system that identify info capture process and distribute info supporting the accomplish of the financial reporting
COSO: risk assessment
principle related to consider the risk of material misstatements
ERM: enterprise risk management
IS EAR AIM: Internal environment. Setting objectives . Event identification. Assessment of risk. Risk response. Activities (control) Information and communication. Monitoring
SEC & NASDAQ control on board of directors
directors independence requirements: 5yrs (3yrs)
risk tolerance vs risk appetite
tolerance: the acceptable variation
risk sharing vs reduction
sharing: sharing the risk with another party: insurance. joint venture. hedging. reduction: reduce its likely hood or impact.
application programmmer
should NOT: operating system software; correct data. ; custody of data

ERM components

Coso CRIME + setting objective. + event identification. + risk response


Becker CG B1.1: # 2. 4. 5. 12. 15. 26. 28. 29. 34. CG B1.2: # 3. 7. 9.