COSO 4.

Demonstrates commitment to competence

5 key components 5. Enforces accountability. Risk assessment

1.) Control environment- set of ethical Risk assessment

values, standards, and structures, and
6. Specifies suitable objectives
processes that have an impact sa overall
system ng control. 7. Identifies and analyzes risk
2.) Risk assessment- requires the
management that may consider the 8. Assesses fraud risk
impact of changers in internal and 9. Identifies and analyzes significant change
external environment. Control activities
3.) Control activities- actions performed
under management. Performed at all Control activities
levels. Example: separation of duties. 10.Selects and develops control activities
4.) Information and communication- ability
to convey info to perform activities. 11.Selects and develops general controls over
Goal is to let everyone know, inside and technology
outside the organization, has a clear
12.Deploys control activities through policies
understanding about their roles in the
and procedures Information and
corporation.
communication
5.) Monitoring activities- identified policies
that are not working and correcting any Information and communication
identified deficiencies.
13.Uses relevant information
3 objectives of COSO
14.Communicates internally
Operation- effectiveness and efficiencies of
15.Communicates externally Monitoring activiti
operation

Reporting- External and internal financial and

Monitoring
non-financial reporting—timeliness, reliability,
and transparency 16.Conducts ongoing and/or separate
evaluations
Compliance-adherence to laws and regulations
that your organization is subject to. 17.Evaluates and communicates deficiencies

17 key principles of COSO

Control environment

1. Demonstrates commitment to integrity and

ethical values

2. Exercises oversight responsibility

3. Establishes structure, authority, and

responsibility Internal Control system
- Policies and procedures used to:
o Protect assets
o Ensure reliable accunting
o Uphold company policies
▪ Reward employees who
follow
▪ Penalize those who
don’t.
o Promote efficient operations
- Sarbanes- Oxley Act
o The Sarbanes-Oxley Act of 2002
came in response to financial
scandals in the early 2000s
involving publicly traded
companies such as Enron
Corporation, Tyco International
plc, and WorldCom.2
o The high-profile frauds shook
investor confidence in the
trustworthiness of corporate
financial statements and led
many to demand an overhaul of
decades-old regulatory
standards.
o The new law set out reforms
and additions in four principal
areas:
▪ Corporate
responsibility
▪ Increased criminal
punishment
▪ Accounting regulation
▪ New protections
- The six principles include: (yt)
o (1) establishment of
responsibility
▪ Each should know their
responsibility.
▪ Can be determined
who’s at fault.
o (2) Maintain Adequate records
▪ Can protect asset
▪ Helps manager monitor
activities
o (3) Insure asset and bond key
employees
▪ Assets should be
insured against losses
▪ Employees handling a
lot of cash should be
bonded
o (4) Separate record keeping
from custody of assets
▪ People who has control
to assets must not have
access to accounting
records and vice versa.
• To prevent theft
o (5) Divide responsibility for
related transactions
▪ One person should act
as a check to the other
to prevent fraud.
o (6) Apply technological controls
o (7) Perform regular and
independent reviews.
Limitations of Internal Control:
- Human Error
o Carelessness
o Misjudgment
- Human Fraud
o Intentionally defeating internal
controls for personal gain
NOTE: Cost-benefit principle: costs of internal
controls must not exceed their benefits.
What Is Corporate Governance?
- system of rules, practices, and
processes by which a company is
directed and controlled.
- essentially involves balancing the
interests of a company's
many stakeholders,which involves:
o shareholders
o senior management
o customers
 o suppliers
o lenders
o the government
o the community
- Communicating a company's corporate
governance is a key component of
community and investor relations.
Benefits of Corporate Governance
- Good corporate governance creates
transparent rules and controls, guides
leadership, and aligns the interests of
shareholders, directors, management,
and employees.
- It helps build trust with investors, the
community, and public officials.
- Corporate governance can give
investors and stakeholders a clear idea
of a company's direction and business
integrity.
- It promotes long-term financial
viability, opportunity, and returns.
- It can facilitate the raising of capital.
- Good corporate governance can
translate to rising share prices.
- It can reduce the potential for financial
loss, waste, risks, and corruption.
- It is a game plan for resilience and long-
term success.
Board of directors
Types of Boards
- The board makes decisions as
a fiduciary on behalf of the company
and its shareholders. Broadly speaking,
it provides insight, advice, and
leadership for important objectives
such as:
o Protecting the interests of
shareholders–A board will
promote efforts and activities
that maximize the value that
shareholders receive for their
investment. In addition to
ensuring an efficiently run and
profitable operation, it makes
certain that shareholders
receive properly reported
financial data and any other
important information that
could impact their holdings.
o Managing risk–A board will
establish policies that allow a
company to identify, evaluate,
and respond to financial,
security, and legal risks, as well
as to mitigate actual loss.
Facilitating ongoing risk
monitoring is an essential
responsibility of a board.
o Engaging with stakeholders–A
board will communicate with
individuals and firms with
vested interests in the company
so that it understands those
interests, can address concerns,
pursue necessary changes in
corporate behavior, and make a
positive impact that
strengthens these relationships.
- A board of directors is responsible for
overseeing and advising a company so
that it functions as effectively as
possible.
- Executive Board
o The role of this board is to take
on the role of a chief executive
officer (where there is none)
and manage a company's
operations effectively and
profitably. It acts to ensure that
a company has and maintains a
mission and a purpose, and
meets its goals on an ongoing
basis.
- Governing Board
 o This board's purpose is to offer
a company owner specific
guidance related to the
company's business mandate
so that it can operate
effectively and achieve its
future goals.
- Advisory Board
o Like the governing board, this
board brings insight to a
company's top executive. It
offers different perspectives
and experience that can help
the company meet specific
goals, such as growing a
network, achieving
community brand
recognition and connection,
and building a new customer
segment.
Directors may have specific roles and titles.
- Chairperson or President:
o This individual leads and
manages the board of directors.
They are responsible for setting
agendas, running successful
board meetings, establishing
committees, and other duties.
They normally represent the
company at public events.
- Vice chair or Vice president:
o The vice chair works closely
with the chairperson or
president in support of their
responsibilities. They also help
to facilitate directives and may
address potential conflicts of
interest of board members. The
vice chair normally fulfills the
chairperson's duties when the
latter is unavailable.
- Secretary
o The secretary manages the
board's administrative tasks.
They take the board meeting
minutes and maintain accurate
corporate records.
- Treasurer
o The treasurer focuses on a
company's budget, financial
policies and accounting,
investments, and other
financial issues. They work with
other professionals concerned
with the company's financial
well-being.
Note: Does a CEO Outrank a Board of
Directors?
No, the CEO (who may be on the board) and
the directors work together on relevant
company issues. The Board doesn't interfere
with the CEO's handling of a company's daily
operations. But it has the authority to evaluate
the performance of a CEO and remove them, if
deemed necessary.
The Principles of Corporate Governance
While there can be as many principles as a
company believes make sense, some of the
most common ones are:
• Fairness: The board of directors must
treat shareholders, employees,
vendors, and communities fairly and
with equal consideration.
• Transparency: The board should
provide timely, accurate, and clear
information about such things as
financial performance, conflicts of
interest, and risks to shareholders and
other stakeholders.
• Risk Management: The board and
management must determine risks of
all kinds and how best to control them.
They must act on those
 recommendations to manage risks and
inform all relevant parties about the
existence and status of risks.
• Responsibility: The board is responsible
for the oversight of corporate matters
and management activities. It must be
aware of and support the successful,
ongoing performance of the company.
Part of its responsibility is to recruit
and hire a chief executive officer (CEO).
It must act in the best interests of a
company and its investors.
• Accountability: The board must explain
the purpose of a company's activities
and the results of its conduct. It and
company leadership are accountable
for the assessment of a company's
capacity, potential, and performance. It
must communicate issues of
importance to shareholders.
How to Assess Corporate Governance
As an investor, you want to select companies
that practice good corporate governance in the
hope that you can thereby avoid losses and
other negative consequences such as
bankruptcy.
You can research certain areas of a company to
determine whether or not it's practicing good
corporate governance. These areas include:
• Disclosure practices
• Executive compensation structure
(whether it's tied only to performance
or also to other metrics)
• Risk management (the checks and
balances on decision-making)
• Policies and procedures for reconciling
conflicts of interest (how the company
approaches business decisions that
might conflict with its mission
statement)
• The members of the board of directors
(their stake in profits or conflicting
interests)
• Contractual and social obligations (how
a company approaches issues such as
climate change)
• Relationships with vendors
• Complaints received from shareholders
and how they were addressed
• Audits (the frequency of internal and
external audits and how any issues that
those audits raised have been handled)
Types of bad governance practices include:
• Companies that do not cooperate
sufficiently with auditors or do not
select auditors with the appropriate
scale, resulting in the publication of
spurious or noncompliant financial
documents
• Executive compensation packages that
fail to create an optimal incentive for
corporate officers
• Poorly structured boards that make it
too difficult for shareholders to oust
ineffective incumbents.
Interpretation of the Cash Ratio
- The cash ratio indicates to creditors,
analysts, and investors the percentage
of a company’s current liabilities
that cash and cash equivalents will
cover.
- A ratio above 1 means that a company
will be able to pay off its current
liabilities with cash and cash
equivalents, and have funds left over.
- Creditors prefer a high cash ratio, as it
indicates that a company can easily pay
off its debt.
- Cash Ratio= CCE/ current lia
What is the current ratio?
- The current ratio is the difference
between current assets and current liabilities.
 - Current refers to money you need and
use in your short-term operations.
Note: Keeping track of your current ratio,
will help you identify early warning signs
that your business doesn’t have sufficient
cash flow to meet current liabilities.
What Is a Liquidity Crisis?
- A liquidity crisis is a financial situation
characterized by a lack of cash or easily-
convertible-to-cash assets on hand
across many businesses or financial
institutions simultaneously.
Long Term Solvency Issue:
- Solvency is the ability of a company to
meet its long-term debts and financial
obligations.
- The quickest way to assess a company’s
solvency is by checking
its shareholders’ equity on the balance
sheet, which is the sum of a company’s
assets minus liabilities.
Special Considerations: Solvency Ratios
- There are also other ratios that can
help to more deeply analyze a
company's solvency.
Other ratios that may be analyzed when
considering solvency include:
• Debt to equity
• Debt to capital
• Debt to tangible net worth
• Total liabilities to equity
• Total assets to equity
• Debt to EBITDA
Solvency vs. Liquidity
Solvency- represents a company’s ability to
meet all of its financial obligations, generally
the sum of its liabilities
Liquidity- represents a company's ability to
meet its short-term obligations.
EBITDA over sales:
- Earnings before interest taxes
amortization
- EBITDA is a measure of a company’s
financial performance, acting as an
alternative to other metrics like
revenue, earnings or net income.
- EBITDA is how many people determine
business value as it places the focus on
the financial outcome of operating
decisions. It does this by removing the
impacts of non-operating decisions
made by the existing management, such
as interest expenses, tax rates, or
significant intangible assets.
Supplementary info:
• Interest – the expenses to a business
caused by interest rates, such as loans
provided by a bank or similar third-
party.
• Taxes – the expenses to a business
caused by tax rates imposed by their
city, state, and country as a whole.
• Depreciation – a non-cash expense
referring to the gradual reduction in
value of a company’s assets
• Amortization – a non-cash expense
referring to the cost of intangible (non-
balance sheet) assets over time.
What is LTM EBITDA?
- The definition of LTM (Last Twelve
Months) EBITDA, also known as Trailing
Twelve Months (TTM), is a valuation
metric that shows your earnings before
 interest, taxes, depreciation and
amortization adjustments over the past
12 months.
How to calculate EBITDA
- EBITDA= net profit+ interest+ taxes +
depreciation+ amortization; or
- EBITDA= Operating income+
Depreciation + Amortization
What is the EBITDA Margin?
- EBITDA margin = EBITDA / Total
Revenue
- By determining a percentage of EBITDA
against your company’s overall
revenue, this margin gives an indication
of how much cash profit a business
makes in a single year. If your business
has a larger margin than another, it is
likely a professional buyer will see more
growth potential in yours.
For example, let’s say Company A has
determined their EBITDA is $600,000, while
their total revenue is $6,000,000. This
results in an EBITDA margin of 10%. This is
then compared to Company B, which has a
larger EBITDA of $750,000, but with total
revenue of $9,000,000. This means that
while Company B demonstrates higher
EBITDA, it actually has a smaller margin
than Company A (8% against 10%).
Therefore, a prospective buyer weighing up
both businesses might see more promise in
A over B. So, by using the EBITDA margin, an
investor, owner or analyst can see how
much operating cash is generated relative
to all revenue earned, and can use this as a
benchmark in deciding which is the most
financially efficient.
Benefits of EBITDA
- It’s commonly used – as mentioned
earlier, EBITDA is very commonly
employed by many groups, notably
buyers and investors. So, it is a language
that they are very familiar with,
meaning they can use it effectively to
compare business valuations.
- It eliminates unhelpful variables – by
removing elements like interest rates,
tax rates, depreciation and amortization
that are unique from business to
business, this provides a strict
illustration of a company’s operating
performance.
- It’s easy to calculate – all formulas
associated with EBITDA are
straightforward to determine as long as
your financials are accurate. This also
makes it easy to understand on all sides
of any negotiations
- It’s reliable – as it enables investors to
fully focus on a company’s baseline
profitability, EBITDA is considered a
more reliable indicator of its financial
soundness.
What is the difference between cash flow and
EBITDA?
Free Cash Flow and EBITDA are two ways of
assessing the value and profitability of a
business. While EBITDA demonstrates a
company’s earning potential after removing
essential expenses like interest, tax,
depreciation and amortization, free cash flow is
unencumbered. It instead takes a firm’s
earnings and adjusts it by adding in depreciation
and amortization, then reducing working capital
changes and expenditures.
Both techniques should be utilized among the
many used to determine business value.
Is EBITDA a GAAP measure?
EBITDA does not fall under a Generally
Accepted Accounting Principle (GAAP) as a
measure of financial performance. This means
that its calculation can vary from one company
to another as there is no standardized approach
to EBITDA.
Terminologies differentiation:
Irregularity vs. Error in Corporate Governance:
Irregularity:
- Refers to a departure from established
procedures or standards within the
corporate governance framework.
- Could involve actions that are not in line
with regulatory requirements, company
policies, or ethical standards.
- May include instances like non-
compliance with disclosure regulations
or failure to adhere to board-approved
procedures.
Error:
- In corporate governance, errors often
involve inaccurate or incomplete
financial reporting, mismanagement of
resources, or flawed decision-making
processes.
- Errors can lead to financial loss,
reputational damage, or legal
consequences for the company and its
stakeholders.
- Examples include misstating financial
figures in reports, overlooking
important governance principles in
decision-making, or failing to detect
conflicts of interest.
Mistake vs. Error in Corporate Governance:
Mistake:
- In corporate governance, mistakes can
occur in judgment, decision-making, or
interpretation of information.
- Board members or executives might
make mistakes in assessing risks,
evaluating performance, or
understanding market trends.
- These mistakes can lead to suboptimal
decisions, missed opportunities, or
strategic missteps.
Error:
- Errors in corporate governance
encompass tangible deviations from
established standards or regulations.
- These could include procedural errors in
voting processes, inaccuracies in
financial statements, or breaches of
fiduciary duties.
- Unlike mistakes, errors in corporate
governance often have clear regulatory
or legal implications and may require
corrective action or sanctions.
Irregular Transaction vs. Fraudulent
Transaction in Corporate Governance:
Irregular Transaction:
- An irregular transaction refers to a
deviation from standard or expected
business practices within the corporate
governance framework.
- It may not necessarily involve
fraudulent intent but could result from
errors, negligence, or
misunderstandings.
 - Irregular transactions might include
unusual or non-routine activities that do
not align with established policies or
procedures.
- While irregular transactions may raise
concerns about internal controls or
oversight, they might not always involve
deliberate deception or misconduct.
Fraudulent Transaction:
- A fraudulent transaction involves
intentional deception,
misrepresentation, or manipulation for
personal gain or to the detriment of the
company or its stakeholders.
- Fraudulent transactions often violate
laws, regulations, or ethical standards
and can have significant financial and
reputational consequences.
- Examples of fraudulent transactions in
corporate governance include
embezzlement, falsification of financial
records, insider trading, or bribery.
- Fraudulent transactions are typically
perpetrated by individuals or groups
seeking to exploit weaknesses in
controls, override checks and balances,
or abuse positions of trust for illicit
purposes.
Forensic Analysis of Financial Statements vs.
Regular Analysis in Corporate Governance:
Forensic Analysis of Financial Statements:
- Focuses on uncovering irregularities,
anomalies, or potential fraud within
financial records.
- Utilizes specialized techniques and
methodologies to detect signs of
manipulation, misrepresentation, or
concealment.
- Involves a thorough examination of
transactional data, accounting records,
and supporting documentation to
identify discrepancies or
inconsistencies.
- Aims to provide evidence that can be
used in legal proceedings or
investigations, requiring a high level of
scrutiny and attention to detail.
- Often conducted by forensic
accountants or specialists with expertise
in fraud examination and investigative
techniques.
Regular/Usual Analysis of Financial Statements:
- Typically involves the evaluation of
financial performance, position, and
trends based on standard accounting
principles and practices.
- Focuses on assessing key financial
metrics, ratios, and indicators to gauge
the company's health, profitability, and
efficiency.
- Utilizes commonly accepted analytical
tools and methods such as ratio
analysis, trend analysis, and
benchmarking.
- Aimed at providing insights to
stakeholders, management, and
investors for decision-making, strategic
planning, and performance evaluation.
- Conducted routinely as part of financial
reporting and disclosure obligations,
internal management processes, and
external audits.
Key Differences:
Purpose: Forensic analysis is primarily focused
on uncovering fraud or irregularities, while
regular analysis aims to evaluate financial
performance and health.
Approach: Forensic analysis employs specialized
techniques and tools tailored to detect fraud,
whereas regular analysis uses standard
accounting and analytical methods.
Rigor: Forensic analysis requires a high level of
scrutiny and attention to detail, often involving
in-depth investigation and examination,
compared to the more routine nature of regular
analysis.
Outcome: The outcome of forensic analysis may
be used as evidence in legal proceedings or
investigations, whereas regular analysis informs
decision-making and performance evaluation.
Regular/Normal Audit vs. Fraud Audit in
Corporate Governance:
Regular/Normal Audit:
- Objective: A regular audit aims to
provide an independent examination of
financial statements and related
disclosures to ensure they present a
true and fair view of the company's
financial position and performance.
- Scope: It covers a broad range of
financial activities, transactions, and
controls to assess compliance with
accounting standards, regulatory
requirements, and internal policies.
- Focus: The primary focus of a regular
audit is on verifying the accuracy and
reliability of financial information,
assessing internal controls, and
providing assurance to stakeholders.
- Methodology: Regular audits typically
follow generally accepted auditing
standards (GAAS) and involve testing of
transactions, analytical procedures, and
substantive testing.
- Outcome: The outcome of a regular
audit is an auditor's report expressing
an opinion on the fairness of the
financial statements and the
effectiveness of internal controls over
financial reporting.
Fraud Audit:
- Objective: A fraud audit is specifically
designed to detect and investigate
instances of fraud, including fraudulent
financial reporting or misappropriation
of assets.
- Scope: It focuses on identifying
potential fraud risks, analyzing red flags,
and gathering evidence to determine if
fraud has occurred or is likely to occur.
- Focus: The primary focus of a fraud
audit is on uncovering fraudulent
activities, schemes, or irregularities that
may not be detected through regular
audit procedures.
- Methodology: Fraud audits employ
specialized techniques such as data
analytics, forensic accounting,
interviews, and observation to identify
patterns, anomalies, or indicators of
fraud.
- Outcome: The outcome of a fraud audit
is a report detailing findings, including
recommendations for remedial actions,
strengthening internal controls, and
pursuing legal recourse if necessary.
Key Differences:
Objective: While both audits aim to enhance
governance and mitigate risks, a regular audit
focuses on financial accuracy and compliance,
while a fraud audit targets the detection and
prevention of fraudulent activities.
Scope: Regular audits cover a broad spectrum of
financial activities and controls, whereas fraud
audits specifically target areas vulnerable to
fraud.
Focus: Regular audits emphasize financial
statement accuracy and internal control
effectiveness, while fraud audits prioritize the
detection of fraudulent behavior and activities.
Methodology: Regular audits follow standard
auditing procedures, while fraud audits utilize
specialized techniques tailored to detect and
investigate fraud.
Outcome: Regular audits result in an opinion on
financial statements and internal controls, while
fraud audits provide insights into fraud risks,
occurrences, and recommendations for
mitigation.
Business Continuity Planning (BCP) vs.
Disaster/Business Recovery Planning in
Corporate Governance:
Business Continuity Planning (BCP):
- Objective: Business Continuity Planning
(BCP) focuses on ensuring that essential
business functions and operations can
continue or resume swiftly in the event
of a disruption or disaster.
- Scope: BCP encompasses a
comprehensive set of strategies,
policies, and procedures designed to
minimize the impact of potential threats
and maintain critical business
operations.
- Focus: BCP addresses a broad range of
potential disruptions, including natural
disasters, cyberattacks, pandemics,
supply chain interruptions, and other
unforeseen events.
- Methodology: BCP involves risk
assessments, impact analyses,
development of contingency plans,
communication strategies, and regular
testing and exercises to ensure
preparedness and resilience.
- Outcome: The goal of BCP is to minimize
downtime, reduce financial losses,
safeguard stakeholders' interests, and
maintain business continuity during and
after a crisis.
Disaster/Business Recovery Planning:
- Objective: Disaster Recovery Planning
(DRP) or Business Recovery Planning
(BRP) focuses on restoring IT systems,
infrastructure, and operational
capabilities following a significant
disruption or disaster.
- Scope: DRP/BRP primarily addresses the
recovery of technology assets, data, and
IT services critical to business
operations.
- Focus: DRP/BRP is primarily concerned
with restoring data integrity, system
functionality, and IT operations to
minimize downtime and mitigate the
impact of technology-related
disruptions.
- Methodology: DRP/BRP involves
identifying critical systems and data,
developing recovery strategies,
establishing backup and recovery
procedures, and implementing
measures to ensure data resilience and
continuity.
- Outcome: The outcome of DRP/BRP is
the rapid recovery and restoration of IT
infrastructure, data, and systems to
support business operations and
continuity following a disruptive event.
Key Differences:
Scope: BCP addresses a broader spectrum of
business functions and operations, while
DRP/BRP focuses specifically on IT systems and
technology infrastructure.
Focus: BCP emphasizes maintaining overall
business continuity and resilience, while
DRP/BRP is centered on restoring IT capabilities
and services.
Methodology: BCP involves holistic risk
assessment, planning, and preparedness
measures, whereas DRP/BRP focuses on
technical recovery procedures and IT-specific
strategies.

Outcome: The goal of BCP is to ensure the

continuity and resilience of all critical business
functions, while DRP/BRP aims to quickly
restore IT operations and minimize downtime
following a disruption.