(1) COSO provides guidelines for internal controls and risk management. It identifies 5 components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring activities.
(2) The key principles of COSO include establishing responsibility, maintaining adequate records, separating duties, applying technology controls, and performing regular reviews.
(3) Corporate governance involves balancing interests of stakeholders through transparency, oversight of management, and alignment of goals. A board of directors provides oversight and advice to ensure effective long-term functioning.
(1) COSO provides guidelines for internal controls and risk management. It identifies 5 components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring activities.
(2) The key principles of COSO include establishing responsibility, maintaining adequate records, separating duties, applying technology controls, and performing regular reviews.
(3) Corporate governance involves balancing interests of stakeholders through transparency, oversight of management, and alignment of goals. A board of directors provides oversight and advice to ensure effective long-term functioning.
(1) COSO provides guidelines for internal controls and risk management. It identifies 5 components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring activities.
(2) The key principles of COSO include establishing responsibility, maintaining adequate records, separating duties, applying technology controls, and performing regular reviews.
(3) Corporate governance involves balancing interests of stakeholders through transparency, oversight of management, and alignment of goals. A board of directors provides oversight and advice to ensure effective long-term functioning.
1.) Control environment- set of ethical Risk assessment
values, standards, and structures, and 6. Specifies suitable objectives processes that have an impact sa overall system ng control. 7. Identifies and analyzes risk 2.) Risk assessment- requires the management that may consider the 8. Assesses fraud risk impact of changers in internal and 9. Identifies and analyzes significant change external environment. Control activities 3.) Control activities- actions performed under management. Performed at all Control activities levels. Example: separation of duties. 10.Selects and develops control activities 4.) Information and communication- ability to convey info to perform activities. 11.Selects and develops general controls over Goal is to let everyone know, inside and technology outside the organization, has a clear 12.Deploys control activities through policies understanding about their roles in the and procedures Information and corporation. communication 5.) Monitoring activities- identified policies that are not working and correcting any Information and communication identified deficiencies. 13.Uses relevant information 3 objectives of COSO 14.Communicates internally Operation- effectiveness and efficiencies of 15.Communicates externally Monitoring activiti operation
Reporting- External and internal financial and
Monitoring non-financial reporting—timeliness, reliability, and transparency 16.Conducts ongoing and/or separate evaluations Compliance-adherence to laws and regulations that your organization is subject to. 17.Evaluates and communicates deficiencies
17 key principles of COSO
Control environment
1. Demonstrates commitment to integrity and
ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority, and
responsibility Internal Control system - Policies and procedures used to: o (3) Insure asset and bond key o Protect assets employees o Ensure reliable accunting ▪ Assets should be o Uphold company policies insured against losses ▪ Reward employees who ▪ Employees handling a follow lot of cash should be ▪ Penalize those who bonded don’t. o (4) Separate record keeping o Promote efficient operations from custody of assets - Sarbanes- Oxley Act ▪ People who has control o The Sarbanes-Oxley Act of 2002 to assets must not have came in response to financial access to accounting scandals in the early 2000s records and vice versa. involving publicly traded • To prevent theft companies such as Enron o (5) Divide responsibility for Corporation, Tyco International related transactions plc, and WorldCom.2 ▪ One person should act o The high-profile frauds shook investor confidence in the as a check to the other trustworthiness of corporate to prevent fraud. financial statements and led o (6) Apply technological controls many to demand an overhaul of o (7) Perform regular and decades-old regulatory independent reviews. standards. o The new law set out reforms Limitations of Internal Control: and additions in four principal - Human Error areas: o Carelessness o Misjudgment ▪ Corporate responsibility - Human Fraud ▪ Increased criminal o Intentionally defeating internal punishment controls for personal gain ▪ Accounting regulation NOTE: Cost-benefit principle: costs of internal ▪ New protections - The six principles include: (yt) controls must not exceed their benefits. o (1) establishment of What Is Corporate Governance? responsibility ▪ Each should know their - system of rules, practices, and responsibility. processes by which a company is ▪ Can be determined directed and controlled. who’s at fault. - essentially involves balancing the o (2) Maintain Adequate records interests of a company's ▪ Can protect asset many stakeholders,which involves: ▪ Helps manager monitor o shareholders activities o senior management o customers o suppliers profitable operation, it makes o lenders certain that shareholders o the government receive properly reported o the community financial data and any other - Communicating a company's corporate important information that governance is a key component of could impact their holdings. community and investor relations. o Managing risk–A board will establish policies that allow a Benefits of Corporate Governance company to identify, evaluate, and respond to financial, - Good corporate governance creates security, and legal risks, as well transparent rules and controls, guides as to mitigate actual loss. leadership, and aligns the interests of Facilitating ongoing risk shareholders, directors, management, monitoring is an essential and employees. responsibility of a board. - It helps build trust with investors, the o Engaging with stakeholders–A community, and public officials. - Corporate governance can give board will communicate with investors and stakeholders a clear idea individuals and firms with of a company's direction and business vested interests in the company integrity. so that it understands those - It promotes long-term financial interests, can address concerns, viability, opportunity, and returns. pursue necessary changes in - It can facilitate the raising of capital. corporate behavior, and make a - Good corporate governance can positive impact that translate to rising share prices. strengthens these relationships. - It can reduce the potential for financial - A board of directors is responsible for loss, waste, risks, and corruption. overseeing and advising a company so - It is a game plan for resilience and long- that it functions as effectively as term success. possible. Board of directors Types of Boards - The board makes decisions as a fiduciary on behalf of the company - Executive Board and its shareholders. Broadly speaking, o The role of this board is to take it provides insight, advice, and on the role of a chief executive leadership for important objectives officer (where there is none) such as: and manage a company's operations effectively and o Protecting the interests of profitably. It acts to ensure that shareholders–A board will a company has and maintains a promote efforts and activities mission and a purpose, and that maximize the value that meets its goals on an ongoing shareholders receive for their basis. investment. In addition to - Governing Board ensuring an efficiently run and o This board's purpose is to offer - Secretary a company owner specific o The secretary manages the guidance related to the board's administrative tasks. company's business mandate They take the board meeting so that it can operate minutes and maintain accurate effectively and achieve its corporate records. future goals. - Treasurer - Advisory Board o The treasurer focuses on a o Like the governing board, this company's budget, financial board brings insight to a policies and accounting, company's top executive. It investments, and other offers different perspectives financial issues. They work with and experience that can help other professionals concerned the company meet specific with the company's financial goals, such as growing a well-being. network, achieving Note: Does a CEO Outrank a Board of community brand Directors? recognition and connection, and building a new customer No, the CEO (who may be on the board) and segment. the directors work together on relevant company issues. The Board doesn't interfere Directors may have specific roles and titles. with the CEO's handling of a company's daily - Chairperson or President: operations. But it has the authority to evaluate o This individual leads and the performance of a CEO and remove them, if manages the board of directors. deemed necessary. They are responsible for setting The Principles of Corporate Governance agendas, running successful board meetings, establishing While there can be as many principles as a committees, and other duties. company believes make sense, some of the They normally represent the most common ones are: company at public events. - Vice chair or Vice president: • Fairness: The board of directors must o The vice chair works closely treat shareholders, employees, with the chairperson or vendors, and communities fairly and president in support of their with equal consideration. • Transparency: The board should responsibilities. They also help provide timely, accurate, and clear to facilitate directives and may information about such things as address potential conflicts of financial performance, conflicts of interest of board members. The interest, and risks to shareholders and vice chair normally fulfills the other stakeholders. chairperson's duties when the • Risk Management: The board and latter is unavailable. management must determine risks of all kinds and how best to control them. They must act on those recommendations to manage risks and • Contractual and social obligations (how inform all relevant parties about the a company approaches issues such as existence and status of risks. climate change) • Responsibility: The board is responsible • Relationships with vendors for the oversight of corporate matters • Complaints received from shareholders and management activities. It must be and how they were addressed aware of and support the successful, • Audits (the frequency of internal and ongoing performance of the company. external audits and how any issues that Part of its responsibility is to recruit those audits raised have been handled) and hire a chief executive officer (CEO). It must act in the best interests of a Types of bad governance practices include: company and its investors. • Accountability: The board must explain • Companies that do not cooperate the purpose of a company's activities sufficiently with auditors or do not and the results of its conduct. It and select auditors with the appropriate company leadership are accountable scale, resulting in the publication of for the assessment of a company's spurious or noncompliant financial capacity, potential, and performance. It documents must communicate issues of • Executive compensation packages that importance to shareholders. fail to create an optimal incentive for corporate officers How to Assess Corporate Governance • Poorly structured boards that make it too difficult for shareholders to oust As an investor, you want to select companies ineffective incumbents. that practice good corporate governance in the hope that you can thereby avoid losses and Interpretation of the Cash Ratio other negative consequences such as bankruptcy. - The cash ratio indicates to creditors, analysts, and investors the percentage You can research certain areas of a company to of a company’s current liabilities determine whether or not it's practicing good that cash and cash equivalents will corporate governance. These areas include: cover. - A ratio above 1 means that a company • Disclosure practices will be able to pay off its current • Executive compensation structure liabilities with cash and cash (whether it's tied only to performance or also to other metrics) equivalents, and have funds left over. • Risk management (the checks and - Creditors prefer a high cash ratio, as it balances on decision-making) indicates that a company can easily pay • Policies and procedures for reconciling off its debt. conflicts of interest (how the company - Cash Ratio= CCE/ current lia approaches business decisions that might conflict with its mission What is the current ratio? statement) - The current ratio is the difference • The members of the board of directors between current assets and current liabilities. (their stake in profits or conflicting interests) - Current refers to money you need and Solvency vs. Liquidity use in your short-term operations. Solvency- represents a company’s ability to Note: Keeping track of your current ratio, meet all of its financial obligations, generally will help you identify early warning signs the sum of its liabilities that your business doesn’t have sufficient cash flow to meet current liabilities. Liquidity- represents a company's ability to meet its short-term obligations. What Is a Liquidity Crisis? EBITDA over sales: - A liquidity crisis is a financial situation - Earnings before interest taxes characterized by a lack of cash or easily- amortization convertible-to-cash assets on hand - EBITDA is a measure of a company’s across many businesses or financial financial performance, acting as an institutions simultaneously. alternative to other metrics like revenue, earnings or net income. Long Term Solvency Issue: - EBITDA is how many people determine - Solvency is the ability of a company to business value as it places the focus on meet its long-term debts and financial the financial outcome of operating obligations. decisions. It does this by removing the - The quickest way to assess a company’s impacts of non-operating decisions solvency is by checking made by the existing management, such its shareholders’ equity on the balance as interest expenses, tax rates, or sheet, which is the sum of a company’s significant intangible assets. assets minus liabilities. Supplementary info: Special Considerations: Solvency Ratios • Interest – the expenses to a business - There are also other ratios that can caused by interest rates, such as loans provided by a bank or similar third- help to more deeply analyze a party. company's solvency. • Taxes – the expenses to a business Other ratios that may be analyzed when caused by tax rates imposed by their considering solvency include: city, state, and country as a whole. • Depreciation – a non-cash expense • Debt to equity referring to the gradual reduction in • Debt to capital value of a company’s assets • Debt to tangible net worth • Amortization – a non-cash expense • Total liabilities to equity referring to the cost of intangible (non- • Total assets to equity balance sheet) assets over time. • Debt to EBITDA What is LTM EBITDA? - The definition of LTM (Last Twelve Months) EBITDA, also known as Trailing Twelve Months (TTM), is a valuation metric that shows your earnings before interest, taxes, depreciation and to all revenue earned, and can use this as a amortization adjustments over the past benchmark in deciding which is the most 12 months. financially efficient. How to calculate EBITDA Benefits of EBITDA - EBITDA= net profit+ interest+ taxes + depreciation+ amortization; or - It’s commonly used – as mentioned - EBITDA= Operating income+ earlier, EBITDA is very commonly Depreciation + Amortization employed by many groups, notably buyers and investors. So, it is a language What is the EBITDA Margin? that they are very familiar with, meaning they can use it effectively to compare business valuations. - EBITDA margin = EBITDA / Total - It eliminates unhelpful variables – by Revenue removing elements like interest rates, - By determining a percentage of EBITDA tax rates, depreciation and amortization that are unique from business to against your company’s overall business, this provides a strict revenue, this margin gives an indication illustration of a company’s operating of how much cash profit a business performance. - It’s easy to calculate – all formulas makes in a single year. If your business associated with EBITDA are has a larger margin than another, it is straightforward to determine as long as likely a professional buyer will see more your financials are accurate. This also makes it easy to understand on all sides growth potential in yours. of any negotiations - It’s reliable – as it enables investors to For example, let’s say Company A has fully focus on a company’s baseline determined their EBITDA is $600,000, while profitability, EBITDA is considered a more reliable indicator of its financial their total revenue is $6,000,000. This soundness. results in an EBITDA margin of 10%. This is then compared to Company B, which has a What is the difference between cash flow and EBITDA? larger EBITDA of $750,000, but with total revenue of $9,000,000. This means that Free Cash Flow and EBITDA are two ways of while Company B demonstrates higher assessing the value and profitability of a EBITDA, it actually has a smaller margin business. While EBITDA demonstrates a than Company A (8% against 10%). company’s earning potential after removing Therefore, a prospective buyer weighing up essential expenses like interest, tax, both businesses might see more promise in depreciation and amortization, free cash flow is A over B. So, by using the EBITDA margin, an unencumbered. It instead takes a firm’s investor, owner or analyst can see how earnings and adjusts it by adding in depreciation much operating cash is generated relative and amortization, then reducing working capital - Examples include misstating financial figures in reports, overlooking changes and expenditures. important governance principles in decision-making, or failing to detect Both techniques should be utilized among the conflicts of interest. many used to determine business value. Mistake vs. Error in Corporate Governance: Is EBITDA a GAAP measure? Mistake:
- In corporate governance, mistakes can
EBITDA does not fall under a Generally occur in judgment, decision-making, or Accepted Accounting Principle (GAAP) as a interpretation of information. measure of financial performance. This means - Board members or executives might that its calculation can vary from one company make mistakes in assessing risks, evaluating performance, or to another as there is no standardized approach understanding market trends. to EBITDA. - These mistakes can lead to suboptimal decisions, missed opportunities, or Terminologies differentiation: strategic missteps. Irregularity vs. Error in Corporate Governance: Error: Irregularity: - Errors in corporate governance - Refers to a departure from established encompass tangible deviations from procedures or standards within the established standards or regulations. corporate governance framework. - These could include procedural errors in - Could involve actions that are not in line voting processes, inaccuracies in with regulatory requirements, company financial statements, or breaches of policies, or ethical standards. fiduciary duties. - May include instances like non- - Unlike mistakes, errors in corporate compliance with disclosure regulations governance often have clear regulatory or failure to adhere to board-approved or legal implications and may require procedures. corrective action or sanctions.
Error: Irregular Transaction vs. Fraudulent
Transaction in Corporate Governance: - In corporate governance, errors often involve inaccurate or incomplete Irregular Transaction: financial reporting, mismanagement of - An irregular transaction refers to a resources, or flawed decision-making deviation from standard or expected processes. business practices within the corporate - Errors can lead to financial loss, governance framework. reputational damage, or legal - It may not necessarily involve consequences for the company and its fraudulent intent but could result from stakeholders. errors, negligence, or misunderstandings. - Irregular transactions might include identify discrepancies or unusual or non-routine activities that do inconsistencies. not align with established policies or - Aims to provide evidence that can be procedures. used in legal proceedings or - While irregular transactions may raise investigations, requiring a high level of concerns about internal controls or scrutiny and attention to detail. oversight, they might not always involve - Often conducted by forensic deliberate deception or misconduct. accountants or specialists with expertise in fraud examination and investigative Fraudulent Transaction: techniques. - A fraudulent transaction involves Regular/Usual Analysis of Financial Statements: intentional deception, misrepresentation, or manipulation for - Typically involves the evaluation of personal gain or to the detriment of the financial performance, position, and company or its stakeholders. trends based on standard accounting - Fraudulent transactions often violate principles and practices. laws, regulations, or ethical standards - Focuses on assessing key financial and can have significant financial and metrics, ratios, and indicators to gauge reputational consequences. the company's health, profitability, and - Examples of fraudulent transactions in efficiency. corporate governance include - Utilizes commonly accepted analytical embezzlement, falsification of financial tools and methods such as ratio records, insider trading, or bribery. analysis, trend analysis, and - Fraudulent transactions are typically benchmarking. perpetrated by individuals or groups - Aimed at providing insights to seeking to exploit weaknesses in stakeholders, management, and controls, override checks and balances, investors for decision-making, strategic or abuse positions of trust for illicit planning, and performance evaluation. purposes. - Conducted routinely as part of financial reporting and disclosure obligations, Forensic Analysis of Financial Statements vs. internal management processes, and Regular Analysis in Corporate Governance: external audits. Forensic Analysis of Financial Statements: Key Differences: - Focuses on uncovering irregularities, Purpose: Forensic analysis is primarily focused anomalies, or potential fraud within on uncovering fraud or irregularities, while financial records. regular analysis aims to evaluate financial - Utilizes specialized techniques and performance and health. methodologies to detect signs of manipulation, misrepresentation, or Approach: Forensic analysis employs specialized concealment. techniques and tools tailored to detect fraud, - Involves a thorough examination of whereas regular analysis uses standard transactional data, accounting records, accounting and analytical methods. and supporting documentation to Rigor: Forensic analysis requires a high level of Fraud Audit: scrutiny and attention to detail, often involving - Objective: A fraud audit is specifically in-depth investigation and examination, designed to detect and investigate compared to the more routine nature of regular instances of fraud, including fraudulent analysis. financial reporting or misappropriation Outcome: The outcome of forensic analysis may of assets. be used as evidence in legal proceedings or - Scope: It focuses on identifying investigations, whereas regular analysis informs potential fraud risks, analyzing red flags, decision-making and performance evaluation. and gathering evidence to determine if fraud has occurred or is likely to occur. Regular/Normal Audit vs. Fraud Audit in - Focus: The primary focus of a fraud Corporate Governance: audit is on uncovering fraudulent Regular/Normal Audit: activities, schemes, or irregularities that may not be detected through regular - Objective: A regular audit aims to audit procedures. provide an independent examination of - Methodology: Fraud audits employ financial statements and related specialized techniques such as data disclosures to ensure they present a analytics, forensic accounting, true and fair view of the company's interviews, and observation to identify financial position and performance. patterns, anomalies, or indicators of - Scope: It covers a broad range of fraud. financial activities, transactions, and - Outcome: The outcome of a fraud audit controls to assess compliance with is a report detailing findings, including accounting standards, regulatory recommendations for remedial actions, requirements, and internal policies. strengthening internal controls, and - Focus: The primary focus of a regular pursuing legal recourse if necessary. audit is on verifying the accuracy and reliability of financial information, Key Differences: assessing internal controls, and Objective: While both audits aim to enhance providing assurance to stakeholders. governance and mitigate risks, a regular audit - Methodology: Regular audits typically focuses on financial accuracy and compliance, follow generally accepted auditing while a fraud audit targets the detection and standards (GAAS) and involve testing of prevention of fraudulent activities. transactions, analytical procedures, and substantive testing. Scope: Regular audits cover a broad spectrum of - Outcome: The outcome of a regular financial activities and controls, whereas fraud audit is an auditor's report expressing audits specifically target areas vulnerable to an opinion on the fairness of the fraud. financial statements and the Focus: Regular audits emphasize financial effectiveness of internal controls over statement accuracy and internal control financial reporting. effectiveness, while fraud audits prioritize the detection of fraudulent behavior and activities. Methodology: Regular audits follow standard Disaster/Business Recovery Planning: auditing procedures, while fraud audits utilize - Objective: Disaster Recovery Planning specialized techniques tailored to detect and (DRP) or Business Recovery Planning investigate fraud. (BRP) focuses on restoring IT systems, Outcome: Regular audits result in an opinion on infrastructure, and operational financial statements and internal controls, while capabilities following a significant fraud audits provide insights into fraud risks, disruption or disaster. occurrences, and recommendations for - Scope: DRP/BRP primarily addresses the mitigation. recovery of technology assets, data, and IT services critical to business Business Continuity Planning (BCP) vs. operations. Disaster/Business Recovery Planning in - Focus: DRP/BRP is primarily concerned Corporate Governance: with restoring data integrity, system Business Continuity Planning (BCP): functionality, and IT operations to minimize downtime and mitigate the - Objective: Business Continuity Planning impact of technology-related (BCP) focuses on ensuring that essential disruptions. business functions and operations can - Methodology: DRP/BRP involves continue or resume swiftly in the event identifying critical systems and data, of a disruption or disaster. developing recovery strategies, - Scope: BCP encompasses a establishing backup and recovery comprehensive set of strategies, procedures, and implementing policies, and procedures designed to measures to ensure data resilience and minimize the impact of potential threats continuity. and maintain critical business - Outcome: The outcome of DRP/BRP is operations. the rapid recovery and restoration of IT - Focus: BCP addresses a broad range of infrastructure, data, and systems to potential disruptions, including natural support business operations and disasters, cyberattacks, pandemics, continuity following a disruptive event. supply chain interruptions, and other unforeseen events. Key Differences: - Methodology: BCP involves risk Scope: BCP addresses a broader spectrum of assessments, impact analyses, business functions and operations, while development of contingency plans, DRP/BRP focuses specifically on IT systems and communication strategies, and regular technology infrastructure. testing and exercises to ensure preparedness and resilience. Focus: BCP emphasizes maintaining overall - Outcome: The goal of BCP is to minimize business continuity and resilience, while downtime, reduce financial losses, DRP/BRP is centered on restoring IT capabilities safeguard stakeholders' interests, and and services. maintain business continuity during and Methodology: BCP involves holistic risk after a crisis. assessment, planning, and preparedness measures, whereas DRP/BRP focuses on technical recovery procedures and IT-specific strategies.
Outcome: The goal of BCP is to ensure the
continuity and resilience of all critical business functions, while DRP/BRP aims to quickly restore IT operations and minimize downtime following a disruption.