CORPORATE GOVERNANCE

Auditing standards include objectives to provide reasonable assurance regarding the achievement of objectives in three categories: o (1) Reliability of financial reporting, o (2) Effectiveness and efficiency of operations o (3) Compliance with applicable laws and regulations. Reduction involves reducing the likelihood or impact by implementing controls or managing the risk. Which of the following factors is NOT included in the control environment component of internal control? o Commitment to competence o Organizational structure o Integrity and ethical values o Information and communication Information and communication is a separate component of internal control Responsibilities that should be assigned to the audit committee of the board of directors o Appointing the external auditor o Mediating differences of opinions regarding accounting matters between the external auditor and management o Determining the compensation of the external auditor Executive compensation is determined by the compensation committee.-not a responsibility that should be assigned to the audit committee of the board of directors Layton Company has implemented an enterprise risk management system and has responded to a particular risk by purchasing insurance. Such a response is characterized by COSOs Enterprise Risk Management Framework as o Avoidance involves exiting the activity that gives rise to the risk o Sharing- It involves reducing risk likelihood or impact by transferring or sharing a portion of the risk o Acceptance involves taking no action o Reduction involves taking action to reduce likelihood or impact A major aspect of an enterprise risk management system is the alignment of management risk taking with shareholder risk appetite. Forms of compensation that are more likely to result in shirking by management o With fixed compensation management may not be inclined to work hard or take appropriate risks o The base salary and bonus tends to motivate management to work hard to maximize compensation o The Base salary and stock options tend to motivate management to maximize stock price

o The Base salary and stock grants tend to motivate management to maximize stock price

Corporate governance standpoint the main goal of a form of executive compensation o From a corporate governance standpoint the main goal is to align the incentives of executives with those of the owners o Effective corporate governance involves establishing incentives (i.e., forms of compensation) and monitoring devices to prevent this inappropriate activity. The audit committee of the board of directors can be the most effective monitoring device for effective corporate governance. o Stock analysts cannot be as effective as the audit committee securities analysts act as an external monitoring device because they use financial and nonfinancial information, including information about corporate management to make their recommendations ISSUE- CONFLICT OF INTERESTmay be influenced by fees from services rendered by company o Shareholders cannot be as effective as the audit committee When management is not operating the corporation in the best interests of the shareholders, the shareholders may engage in activism. Large shareholders can be especially effective because they have the ability to elect board members. o The SEC cannot be as effective as the audit committee The SEC is responsible for protecting investors; maintaining fair, orderly, and efficient markets; and facilitating capital formation. Which of the following is NOT a responsibility that should be assigned to the audit committee of the board of directors? o Determining the incentive compensation of top management. YES- Executive compensation is determined by the compensation committee o Appointing the external auditor. responsibility of the audit committee o Mediating differences of opinions regarding accounting matters between the external auditor and management. responsibility of the audit committee o Determining the compensation of the external auditor. responsibility of the audit committee The chief executive officer and the chief financial officer (executives of an issuer corporation) must certify to the accuracy and truthfulness of financial reports filed with the SEC? The New York Stock Exchange rules related to corporate governance require a majority of board members to be independent o REFER-New York Stock Exchange (NYSE) & NASDAQ Rules Related to Corporate Governance and Director Independence

A financial statement audit performed under the requirements of the Sarbanes-Oxley Act of 2002 must include an examination and report upon an examination and report upon internal control as a part of a financial statement audit Which of the following committees of the board of directors generally has the responsibility of overseeing CEO succession--The nominating/corporate governance committee is responsible for overseeing CEO succession Which of the following is not required by the Sarbanes-Oxley Act of 2002? o It requires the principal executive and financial officers to disclose all significant internal control deficiencies to the company's auditors and audit committee. NO- Section 302 of the Act requires that the CEO and the CFO must disclose internal control deficiencies to both the auditors and the audit committee. o It requires management to provide an assessment of the effectiveness of internal control. NO- Section 404 of the Act requires that management provide an assessment of the effectiveness of internal control o It requires management to certify that the financial statements fairly present, in all material respects, the financial condition and results of operations of the company. NO- Section 906 of the Act requires management to certify the financial statements. o It requires management to certify that the company has violated no major laws. YES- because the Sarbanes-Oxley Act does not require a certification by management that it has violated no major laws.

Which of the following is the least effective device for monitoring management behavior o Security analysts is least effective device for monitoring management behavior because they have little access to, or control over, top management o Audit committee can be one of the more effective monitoring mechanisms o External auditor can be one of the more effective monitoring mechanisms o The internal auditor can be one of the more effective monitoring mechanisms The CEO & CFO must certify to the accuracy and truthfulness of the periodic financial reports of an issuer company Which of the following factors is NOT included in the control environment component of internal control? o Commitment to competence.- is a factor included in the control environment o Organizational structure. is a factor included in the control environment o Integrity and ethical values.- is a factor included in the control environment o Information and communication.

Information and communication is a separate component of internal control.

Internal control as included in the definition of internal control developed by the Committee of Sponsoring Organizations (COSO) --Auditing standards include objectives to provide reasonable assurance regarding the achievement of objectives in three categories: o (1) reliability of financial reporting, o (2) effectiveness and efficiency of operations, o (3) compliance with applicable laws and regulations. The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) in the professional standards includes o the reliability of financial reporting o compliance with applicable laws o The requirement is to identify the reply which is part of the definition of internal control developed by the Committee of Sponsoring Organizations (COSO). COSO defines internal control as a process--effected by an entity's board of directors, management, and other personnel--designed to provide reasonable assurance regarding the achievement of objectives in the following categories o (1) reliability of financial reporting, o (2) effectiveness and efficiency of operations, o (3) compliance with applicable laws and regulations. Internal control developed by the Committee of Sponsoring Organizations (COSO) in the professional standards includes o the reliability of financial reporting, o compliance with applicable laws o Effectiveness and efficiency of operations. The COSO definition of internal control considers control activities a component of internal control You need to know that Auditing Standards divide internal control into five components, and the nature of each o (a) control environment, o (b) risk assessment, o (c) control activities, o (d) information and communication o (e) monitoring Monitoring is one of the five interrelated components of internal control, NOT a factor of the control environment. The seven control environment factors are as follows: o (1) Integrity and ethical values o (2) Commitment to competence o (3) Human resource policies and practices o (4) Assignment of authority and responsibility o (5) Management's philosophy and operating style

o (6) Board of directors or audit committee participation o (7) Organizational structure. o Monitoring is characterized by ongoing activities and separate evaluations

Control activities encompass policies and procedures that ensure that managements directives are carried out o The control environment is an internal control component that includes the factor of managements philosophy and operating style.

If internal control is properly designed, the same employee should not be permitted to Sign checks and cancel supporting documents o NO because the person signing the checks should cancel supporting documents to avoid duplicate payment Receive merchandise and prepare a receiving report. o NO because the individual receiving the merchandise should prepare a receiving report so as to establish control over the goods. Prepare disbursement vouchers and sign checks. o YES because the preparation of disbursement vouchers and signing of checks places an individual in a position in which s/he can both prepare erroneous vouchers and then pay them. Initiate a request to order merchandise and approve merchandise received. o NO because the person requesting the merchandise will be able to determine whether the appropriate merchandise has been received and should, therefore, approve its receipt S--Segregation of duties (separate authorization, recordkeeping, and custody).

Which of the following controls is best at addressing the risk of sales to customers who are not able to pay for them? o Match shipping documents with sales invoices. NO-This control addresses the risk of sales that are not invoiced o An individual not involved with the order filling process checks shipments for accuracy NO- This control addresses the risk of misfiling orders o Independent credit approval process YES- An independent credit check addresses the risk of sales to customers that are not creditworthy o Independent sales department prepares sales orders NO- This control addresses the inappropriate sales SEE TABLE SALES & COLLECTIONS OF BUSINESS PROCESS COSO has developed a framework for enterprise risk management. o A major aspect of an enterprise risk management system is the alignment of management risk taking with shareholder risk appetite

Which of the following is not an advantage of the employment of an enterprise risk management (ERM) system? o Helps an organization seize opportunities- is an advantage of the employment of an ERM system. o Allows an organization to eliminate all risks.- An ERM system does not eliminate all risks o Improves the deployment of capital- It is an advantage of the employment of an ERM system o Reduces operational surprises- It is an advantage of the employment of an ERM system COSOs enterprise risk management framework o (1) internal environment, o (2) objective setting, o (3) event identification, o (4) risk assessment, o (5) risk response, o (6) control activities, o (7) information and communication, and (8) monitoring Which of the following is NOT a response to a risk as identified by COSOs Enterprise Risk Management Framework? o Avoidance.- response to risk identified by COSO o Reduction.- response to risk identified by COSO o Sharing.- response to risk identified by COSO o Delaying.- Delaying is NOT a response to risk identified by COSOs Enterprise Risk Management Framework Layton Company has implemented an enterprise risk management system and has responded to a particular risk by purchasing insurance. Such a response is characterized by COSOs Enterprise Risk Management Framework as: o Avoidance involves exiting the activity that gives rise to the risk o Sharing involves reducing risk likelihood or impact by transferring or sharing a portion of the risk. o Acceptance involves taking no action. o Reduction involves taking action to reduce likelihood or impact. Keller Company has implemented an enterprise risk management system and has responded to a particular risk by adding internal controls. Such a response is characterized by COSOs Enterprise Risk Management Framework as o Avoidance involves exiting the activity that gives rise to the risk o Sharing involves reducing the risk likelihood or impact by transferring or sharing a portion of the risk. o Acceptance involves taking no action. o Reduction involves reducing the likelihood or impact by implementing controls or managing the risk.

Which of the following is not a limitation of an enterprise risk management system? o Risk relates to the future that is uncertain. is a limitation of enterprise risk management o Collusion among two or more individuals can result in enterprise risk management failure. is a limitation of enterprise risk management o Companies cannot avoid risk. This is a fact that results in the need to have enterprise risk management o Enterprise risk management is subject to management override is a limitation of enterprise risk management Which of the following tasks would be included in a document flowchart for processing cash receipts? o Compare control and remittance totals. YES- because comparing control and remittance totals is one of the activities involved in processing cash receipts. The requirement is to identify the task that would be included in a document flowchart for processing cash receipts. o Record returns and allowances. NO- because it is an activity that is not part of processing cash receipts o Authorize and generate an invoice. NO- because it is an activity that is not part of processing cash receipts o Authorize and generate a voucher. NO- because it is an activity that is not part of processing cash receipts SEE TABLE SALES & COLLECTIONS OF BUSINESS PROCESS