Corporate Governance KB表紙 - Weebly · 2018. 9. 5. · 5. If a board of directors is not required, general concepts may still apply to those charged with governance (e.g., executive

Corporate Governance

MK


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

1

CORPORATE GOVERNANCE OVERVIEW

A. Corporate Governance Defined

1. Corporate governance refers to the manner in which an entity is managed andgoverned

2. Includes management, those charged with governance and other personnel

3. May include a board of directors, depending on an entity’s nature, size, andcomplexity

B. Benefits of Implementing an Appropriate Corporate Governance Framework

1. Operational effectiveness and efficiency

2. Reliable financial reporting

3. Compliance with laws and regulations

C. Internal Control Over Financial Reporting Defined

1. A process

2. Effected by the company’s board of directors, management and other personnel

3. Designed to provide reasonable assurance regarding the reliability of financialstatements

D. Those Charged With Governance Defined

1. Person or persons

2. Responsible for overseeing strategic direction on entity and obligations related toaccountability of the entity, including the financial reporting process

3. May include responsibility for approving the entity’s financial statements

4. Encompasses the board of directors or audit committee

5. May vary by entity, reflecting influences such as size and ownership characteristics

Corporate Governance ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾

2

6. Some or all may have management responsibilities (e.g., management committee)

7. May be owner-manager where there are no other owners, or a sole trustee

E. Management Defined

1. Person or persons

2. Responsible for achieving objectives of the entity

3. Have authority to establish policies and make decisions by which objectives arepursued

4. Responsible for financial statements

5. Responsible for designing, implementing and maintaining effective internal controlover financial reporting

F. COSO Defined

1. Committee of Sponsoring Organizations, comprised of representatives from variousrelevant financial and accounting bodies

2. The five components of COSO’s Internal Control ‒ Integrated Framework work intandem to mitigate the risks of an organization’s failure to achieve operating, financial,and compliance objectives

3. Widely accepted framework for designing a sound system of internal control

G. Materiality Defined

1. Fundamental concept that helps distinguish the important from the trivial in a specificdiscipline or application

2. Furnishes a threshold determination of criticality

3. Permits decision-maker to omit from consideration issues that do not matter

4. A financial statement misstatement is material if it would be reasonable to concludethat a user of the financial statements would alter her/his decisions as a result

Answer multiple choice questions 1 - 3 independently

day to day operation


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

3

BOARD OF DIRECTORS’ AUTHORITY

A. Board of Directors Defined

1. Body of elected or appointed members who jointly oversee the activities of a company

or organization

2. Also sometimes referred to as board of trustees, board of governors, board of managers or executive board

3. Activities are determined by the powers, duties, and responsibilities delegated to it or conferred on it by an authority outside itself

4. Typically governed by an organization’s bylaws, which often detail the number of board members, how they are chosen, etc.

5. Legal responsibilities vary with nature of the entity and the jurisdiction in which it operates

B. Differentiation in Boards by Nature of Entity

1. Organizations with voting members often have a board that acts on their behalf, subordinate to the entity’s full assembly

2. Boards are required for issuers regulated by the SEC and governed by the Sarbanes-Oxley Act, and may be required by statutory or regulatory bodies for other entities

3. In large public companies, boards tend to have “be facto” power, as they can comprise a voting bloc that may be difficult to overcome

4. In small private companies, the directors and shareholders are normally the same people, and, thus, there is no real division of power

5. If a board of directors is not required, general concepts may still apply to those charged with governance (e.g., executive management teams, sole business owners, etc.)

C. Types of Directors

1. Directors who are owners and/or managers are sometimes referred to as inside directors, insiders, or interested directors

2. Directors who are managers are sometimes referred to as executive directors


4

3. Directors who are not owners or managers are sometimes referred to as outsidedirectors, outsiders, disinterested directors, independent directors, or nonexecutivedirectors

D. Advisory Group Comparison

1. Group of people selected, but not elected

2. Has no decision-making authority, voting authority, or responsibility

3. Does not replace a board of directors

E. Bylaws, Charters, and Minutes

1. Responsibilities of the board of directors is often defined in the organization’s bylaws

2. Auditing committee responsibilities are typically defined in its charter, which requiresan annual review to confirm it reflects current activities of the committee and isconsistent with objectives

3. Certification of independence may be required annually, stating the audit committeemembers have no related-party transactions with the entity, is not involved inmanagement the business, and does not have any immediate family members inmanagement

4. Minutes are used to document key topics of discussion and decisions, including anyidentified internal control deficiencies, instances of executive fraud, financial reportingissues, etc.

Notes :_______________________________________________________ ___________

_____________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

_____________________________________________________________ __________

______________________________________________________________ ____

________________________________________________________________________

________________________________________________________________________

Answer multiple choice questions 4-5 independently

Shareholders- BOD-CEO,CFO,CAO


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

5

BOARD OF DIRECTORS’ ATTRIBUTES

A. Requisite Qualities for Understanding and Exercising Oversight Responsibility Related to Financial Reporting and Related Internal Control

1. Financial reporting expertise

2. In-depth knowledge of business operations

3. Commitment to carry out responsibilities with due care

4. Keep the company’s and shareholder’s interests in the forefront

5. Act honestly and in good faith

6. Exercise authority for proper purpose

7. May not put themselves in a position where their interests and duties conflict with theduties they owe to the company

8. Should not use the entity’s assets, opportunities or information for their own profit,without the informed consent of the entity

9. Cannot compete directly with the company without a conflict of interest

10. Cannot act as directors of competing companies

11. Should not enter into transactions with a company, as there is a conflict between thedirector’s interest (to do well in the transaction) and duty to the company (to get asmuch as possible out of the transaction), unless ratified by management anddisclosed

B. Critical Mass of Independent Directors Preferable (at Least Two)

1. Appropriate monitoring of senior management

2. Provide value-added advice

3. Objective counsel

4. Maintain an appropriate level of skepticism regarding management’s assertions andjudgments affecting financial reporting

5. Ask probing and challenging questions of management


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

6

6. Entity has a process to periodically evaluate the independence of outside directors, including affiliations, relationships and transactions with the organization

C. Smaller Entity Challenges

1. Attracting independent directors with desired skills and expertise

2. Limited ability to provide commensurate compensation

3. Resistance from management to share governance responsibilities

4. Concerns about potential personal liability Notes :_______________________________________________________ ___________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ _____________________________________________________________ __________ ______________________________________________________________ ____ ________________________________________________________________________ ________________________________________________________________________ Answer multiple choice questions 6 - 7 independently


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

7

BOARD OF DIRECTORS’ RESPONSIBILITIES

A. General Responsibilities of Those Charged With Governance

1. Objectively review management’s judgments

2. Help identify and diagnose unusual activity potentially impacting financial reporting

3. Use recommendations from internal and external auditors to evaluate the overall quality of the company’s controls and financial reports

4. Offset effects of improper management override

5. Involves monitoring management performance in relation to all of the internal control components

B. Board Meeting Standard Agenda Items

1. Establish formal policies for specific decisions or events requiring discussion with or approval of those charged with governance

2. Establish a calendar for timing of discussions and topics C. Key Activities of Those Charged With Governance

1. Review performance reports, such as budget to actual comparisons with management explanations for significant variances

2. Participate in major decisions, such as acquisitions, capital expenditures, incentive compensation arrangements, etc.

3. Review audit plans

4. Engage the external auditor

5. Review management’s assessment of internal control over financial reporting

6. Be apprised by management on a timely basis of the entity’s approach for adopting significant new accounting standards

7. Perform a periodic self-assessment of performance D. Importance of Timely and Relevant Information for Board Members

1. Sufficient resources to explore issues


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

8

2. Time to understand and deal with issues

3. Most boards largely rely on management to report information to them, thus allowing management to place the desired “spin” on information, or even conceal or misrepresent the true facts or state of the entity

Notes :_______________________________________________________ ___________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ _____________________________________________________________ __________ ______________________________________________________________ ____ ________________________________________________________________________ ________________________________________________________________________ Answer multiple choice question 8 independently


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

9

AUDIT COMMITEES

A. Purpose of Audit Committee

1. Takes an active role overseeing the entity’s accounting and financial reporting policies and practices

2. Assists the board in fulfilling fiduciary responsibilities

3. A process exists for informing audit committee of significant issues on a timely basis

4. Should give adequate consideration to understanding how management identifies, monitors, and controls financial reporting risks affecting the organization

5. Assists the board in maintaining a direct line of communication with the internal and external auditors to discuss relevant matters

6. Should meet privately with the external auditors to discuss the reasonableness of the financial reporting process, system of internal control, significant comments and recommendations

7. Review full scope of external auditor activities, challenging whether independence impairments may exist

8. Interacts with regulators, when necessary

9. Exclusive authority to engage, replace, and determine external auditor compensation

B. Sarbanes-Oxley Act

1. Introduced a new standard of accountability, with internal control now a direct responsibility of directors

2. More than half of members should be outside directors (independent directors)

3. At least one of the outside directors must be financially literate, or the issuer must explain why not

4. Internal auditors required by law to report directly to the audit committee


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

10

C. Financial Expert Determination

1. Education and experience as a public accountant or auditor, principal financial officer, comptroller, or principal accounting officer of an issuer

2. An understanding of generally accepted accounting principles and financial statements

3. Experience in the preparation or auditing of financial statements of generally comparable issuers and the application of such principles in connection with the accounting for estimates, accruals and reserves

4. Experience with internal accounting controls

5. An understanding of audit committee functions D. Audit Committee Candidate Review

1. Perform background checks

2. Obtain independent references

3. Review current affiliations and directorships

4. Review information about financial and other relationships

5. Use an independent search firm or nomination committee to oversee due diligence

6. Monitor performance of due diligence procedures

7. Obtain annual certification of compliance with ethical guidelines and independence rules

E. Audit Committee Chairperson

1. Possesses financial reporting expertise

2. Submits draft agendas for upcoming meetings to other committee members

3. Appropriately involves external auditors for feedback, periodically meeting privately in executive sessions to discuss management performance, audit scopes, audit findings, financial reporting quality, etc.

4. Establishes an open channel for candid and ongoing dialogue with appropriate parties Answer multiple choice questions 9 - 10 independently

Corporate Governance ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾

11

OFFICERS’ AND OTHER EMPLOYEES’ ROLES

A. Senior Management

1. Attitudes trickle down to the ranks

2. High-level understanding of accounting principles

3. Understanding of financial reporting standards and applications

4. Ensure all company staff accepts responsibility for their part in internal controls overfinancial reporting

5. Primarily responsible for design, implementation, and monitoring of the financialreporting system and play a major role in preventing and detecting fraud

B. Financial reporting competencies are critical to ensure development of reliable financial statements

1. Organization should identify competencies that support accurate and reliable financialreporting

2. Organization should employ or otherwise retain individuals who possess the requiredcompetencies related to financial reporting

3. Organization should regularly evaluate and maintain needed competencies

C. Smaller Entity Considerations

1. Devote resources to hiring and retaining qualified individuals

2. Avoid unnecessary complexity in entity structure or business transactions

3. Invest in development and training of senior management

Notes :_______________________________________________________ ___________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

_____________________________________________________________ __________

______________________________________________________________ ____


Senior Management---CEO, CFO,COO etc.


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

12

INTERNAL CONTROL OVER FINANCIAL REPORTING

A. Internal Control Over Financial Reporting

1. An integrated system working together to reduce risk to reliable financial reporting toan acceptable level

2. Effected by the company’s board of directors, management and other personnel

3. Designed to provide reasonable assurance regarding the reliability of financialstatements

4. Determining effectiveness involves a judgment resulting from an assessment ofwhether the five components of the COSO Internal Control – Integrated Frameworkare present and functioning effectively without material weakness

5. Although all five components need to be satisfied, it does not mean that eachcomponent should function identically or at the same level in every entity

6. Controls in one component may serve the purpose of controls that might normally bepresent in that or another component

7. Several controls, each with limited effect, together may be satisfactory

B. Control Environment

1. Sets the control consciousness of the organization

2. Foundation for all other components of the COSO Internal Control – IntegratedFramework

C. Risk Assessment

1. Identification, evaluation, and analysis of internal and external risks

2. Includes the entity’s ability to record, process, summarize, and report financial dataconsistent with management’s financial statement assertions

3. Should have assigned responsibility for risk assessment within an entity


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

13

4. May be less formalized and structured for smaller entities

D. Information and Communication

1. The “nerve center” of an internal control system

2. Internal and external pertinent information that must be identified, captured, andcommunicated in a form and time frame that enable personnel to carry outresponsibilities

3. Information systems use or produce reports containing operational, financial, andcompliance-related information critical for operating and controlling a business

4. Effective communication must flow up, down, across and inside/outside theorganization to enable and support understanding and execution of internal controlobjectives, processes and responsibilities

5. Personnel must receive a clear message from top management about theseriousness of control responsibilities

6. Must understand own role, as well as how individual activities relate to the work ofothers

7. External parties who may need to be communicated with include customers, suppliers,regulators, external auditors and shareholders

E. Control Activities

1. Policies and procedures that help ensure management directives are carried out

2. Helps ensure that necessary actions are taken to address risks to achievingobjectives

3. Occur throughout the organization, at all levels and in all functions

4. Includes a range of activities as diverse as approvals, authorizations, verifications,reconciliations, reviews of operating performance, security of assets, and segregationof duties

F. Control Objectives

1. Provide specific targets against which to evaluate the effectiveness of controls

2. Typically stated in terms that describe the nature of the risk they are designed to helpmanage or mitigate


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

14

3. Example: All transactions should be properly authorized

G. Monitoring

1. Helps ensure that internal control continues to operate effectively over a period of time

2. May be on-going or a separate evaluation, with necessary corrective action

3. Ensures that controls are appropriately modified for changing circumstances in theentity and its environment

4. May involve communications from external parties, such as customer complaints

5. Considered effective if it leads to identification and corrective action of controlweaknesses before they materially affect the achievement of the entity’s financialreporting objectives

Notes :_______________________________________________________ ___________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

_____________________________________________________________ __________

______________________________________________________________ ____

________________________________________________________________________

________________________________________________________________________


Control Objectives---Targets


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

15

ENTERPRISE RISK MANAGEMENT

A. Underlying Premise

1. Every entity exists to provide value for its stakeholders

2. Management’s challenge is to determine how much uncertainty to accept as it strivesto grow stakeholder value

3. Enterprise risk management enables management to effectively deal with uncertaintyand associated risk and opportunity, while still enhancing value

4. Helps ensure effective reporting and compliance with laws and regulations, and helpsavoid damage to the entity’s reputation and associated consequences

B. Defined

1. A process

2. Effected by an entity’s board of directors, management and other personnel

3. Applied in strategy setting and across the enterprise

4. Designed to identify potential events that may affect the entity

5. Manages risk to be within an entity’s risk appetite

6. Provides reasonable assurance regarding the achievement of entity objectives

C. Elements of Enterprise Risk Management

1. Aligning risk appetite and strategy by aligning strategic alternatives, setting relatedobjectives, and developing mechanisms to manage related risks

2. Enhancing risk response decisions by rigorously identifying and selecting amongalternative risk responses, including risk avoidance, risk reduction, risk sharing, andrisk acceptance


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

16

3. Reducing operational surprises and losses by gaining enhanced capabilities toidentify potential events and established responses, which should reduce surprisesand associated costs or losses

4. Identifying and managing multiple and cross – enterprise risks by facilitating effectiveresponse to interrelated impacts, and integrating responses to multiple risks

5. Seizing opportunities by considering a full range of potential events to identify andproactively realize opportunities

6. Improving deployment of capital by allowing management to effectively assess overallcapital needs and enhanced capital allocation

7. Provides reasonable assurance that management, and the board in its oversight role,are made aware, in a timely manner, of the extent to which the entity is moving towardachievement of objectives

D. Four Categories of Distinct But Overlapping Objectives

1. Strategic objectives, which are high-level goals aligned with and supporting an entity’smission

2. Operations objectives, which focus on effective and efficient use of its resources

3. Reporting objectives, which emphasize reliability of reporting

4. Compliance objectives, which enable compliance with applicable laws and regulations

E. Enterprise Risk Management Components

1. Internal environment encompassing the tone of the entity, setting a basis for how riskis viewed and addressed, including risk management philosophy and risk appetite,integrity and ethical values, and the environment in which they operate

2. Objective setting, which ensures that management has a process in place to supportand align with the entity’s mission and are consistent with its risk appetite

3. Identifying internal and external events that may affect achievement of an entity’sobjectives, including identifying and distinguishing between risks and opportunitiesthat can be channeled back into the management’s strategy


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

17

4. Risk assessment, where risks are analyzed, considering the likelihood and magnitudeof impact, and used as a basis for how they should be managed

5. Risk response, which allows management to select an appropriate response anddevelop a set of actions to align risks with the entity’s risk tolerance and risk appetite

6. Control activities, which are the policies and procedures established and implementedto help ensure the risk responses are effectively carried out

7. Information and communication, where relevant information is identified, captured andcommunicated in a form and timeframe to enable people to carry out theirresponsibilities

8. Monitoring and modification, as deemed necessary, through on – going and separateevaluations, or both

F. Relationship to COSO Internal Control – Integrated Framework

1. A broader concept than just internal control, as it expands and elaborates on internalcontrol to form a more robust conceptualization focusing more fully on risk

2. The reporting category is significantly expanded to cover all reports developed by anentity, disseminated both internally and externally, not just the reliability of financialstatements

3. Scope is expanded to cover both financial and nonfinancial information

4. Adds another category of objectives to include strategic objectives that operate at ahigher level than operations, financial reporting and compliance

5. Introduces the concepts of risk appetite (a broad - based amount of risk an entity iswilling to accept in pursuit of objectives) and risk tolerance (the acceptable levels ofvariation relative to achieving objectives)

6. Focus on composite risks from a portfolio perspective vs. individual objective basis

7. Creates four components out of the risk assessment component, including objectivesetting, event identification, risk assessment and risk response

8. Discusses an entity’s risk management philosophy, which is the set of shared beliefsand attitudes characterizing how an entity considers risks, reflecting its values andinfluencing its culture and operating style


18

9. Emphasizes that a board of directors should have a majority of independent outsidedirectors

10. Identifies four categories of risk response, including avoid, reduce, share and accept

11. Expands information and communication, highlighting the consideration of dataderived from past, present, and potential future events

Notes :_______________________________________________________ ___________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

_____________________________________________________________ __________

______________________________________________________________ ____

________________________________________________________________________

________________________________________________________________________


Enterprise Risk Management---Bigger picture


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

19

CONTROL ENVIRONMENT

A. Tone at the Top – Establishing an Appropriate Control Environment

1. Sets the tone of an organization

2. Influences the control consciousness of its people

3. Foundation of all other internal control components

4. Provides discipline and structure

B. Integrity, Ethical Values, and Competence of the Entity’s People

1. Most important for top management

2. Articulated values must be developed and understood and set the standard forconduct for all levels of the organization

3. Articulation may be accomplished through such ways as interactions with others,performance appraisals and incentives, day-to-day actions, and intolerance of ethicalviolations

4. Mechanisms for informing employees include new hire orientation, periodicallytraining all employees, making ethical guidelines readily available, periodicallycommunicating ethics policies, confirming understanding of key principles withemployees, and recognizing positive actions that reflect sound integrity and ethicalvalues

5. Processes are in place to monitor adherence to principles of sound integrity andethics

6. Deviations are identified in a timely manner and appropriately addressed andremedied

7. Inform personnel of appropriate investigation and corrective actions taken whendeviations are identified

C. Management’s Philosophy and Operating Style

1. Sets tone for reliable financial reporting

2. Influences attitudes towards accounting principles and estimates

3. Supports a disciplined, objective process for selecting accounting principles anddeveloping estimates


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

20

4. Establishes and clearly articulates financial reporting objectives, including the role ofinternal control over financial reporting

5. Emphasizes the importance of minimizing risks related to financial reporting during allinteractions with others, both internal and external to the entity

D. Way in Which Management Assigns Authority and Responsibility

1. Clearly define appropriate levels to facilitate effective internal control, includingappropriate limitations

2. Set forth clear business and management objectives and position descriptions toreinforce management’s responsibility for effective internal control over financialreporting

3. Those charged with governance should review management’s descriptions ofresponsibilities and authorities and authorities, and consider any revisions necessaryto improve the strength of internal control over financial reporting

4. Strike an adequate balance between authority necessary to “get the job done” and theneed to maintain adequate internal control over key processes

E. Way in Which Entity Organizes and Develops its People

1. Establishes appropriate lines of financial reporting for each functional area andbusiness unit in the entity

2. Maintains an organizational structure that facilitates effective reporting and othercommunications about internal control over financial reporting

3. May include an organizational chart that sets forth roles and respective reporting linesfor all employees

4. May include job descriptions for key employees that are updated as conditions andcircumstances warrant

5. Identifies competencies that support reliable financial reporting, and ensures they areregularly evaluated and maintained

6. Employs or otherwise retains individuals who possess the required competencerelated to financial reporting


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

21

F. Attention and Direction Provided by Those Charged With Governance

1. Should define and communicate authorities retained by those charged withgovernance, as opposed to management

2. Actively evaluates and monitors risk of management override of internal control andconsiders risks affecting financial reporting reliability

3. One or more members has financial reporting expertise

4. Provides oversight to the effectiveness of internal control and financial statementpreparation

5. Oversees internal and external auditors

6. Interacts with regulatory auditors, if necessary

G. Human Resources

1. Policies and procedures designed and implemented to facilitate effective internalcontrol by demonstrating commitment to integrity, ethical behavior, and competence

2. Recruitment and retention of key financial reporting positions are guided by principlesof integrity and necessary competencies

3. Provide tools and training necessary to perform financial reporting roles

4. Management and employee performance evaluations and compensation practicessupport achievement of financial reporting objectives

5. Compensation plans should not be excessively tied to short-term results as reflectedin the financial statements

6. May include exit interviews with terminated employees including inquiries aboutconcerns related to the company’s financial reporting and internal control

Notes :_______________________________________________________ ___________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________



￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

22

FINANCIAL REPORTING OVERSIGHT

A. Financial reporting objectives should have sufficient clarity and criteria to enable the identification of risks to reliable financial reporting

1. Financial reporting objectives align with the requirements of generally acceptedaccounting principles

2. Selected accounting principles are appropriate to the circumstances

3. Financial statements are informative of matters that may affect their use,understanding and interpretation

4. Information presented is classified and sumarized in a reasonable manner, neither toodetailed nor too condensed

5. Financial statements reflect the underlying transactions and events in a manner thatpresents the financial position, results of operations, and cash flows within a range ofacceptable limits

6. Financial reporting objectives for each significant account and disclosure aresupported by financial statement assertions that underlie an organization’s financialstatements, with relevance depending on the circumstances (e.g., existence oroccurrence, completeness, etc.)

7. Financial statement presentation reflects the idea of materiality

B. Financial reporting risks should be identified, analyzed and managed

1. The organization’s risk identification process includes consideration of theoperational/business processes that impact financial statement accounts anddisclosures

2. Risk identification and assessment considers the competence of organizationpersonnel dedicated to supporting the financial reporting objectives

3. Information technology infrastructure and processe support the financial reportingobjectives included in the financial reporting risk assessment

4. The organization has placed in operation an effective risk assessment machanismthat involves appropriate levels of management

5. Risk identification considers both internal and external factors and their impact on theachievement of financial reporting objectives


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

23

6. Identified risks are analyzed through a process that includes estimating the likelihoodof the risk occurring and the potential impact of the risk

7. Management has triggers for reassessment of risks as changes occur that mayimpact financial reporting objectives

C. Fraud risk considerations are integral to financial reporting oversight

1. Organization’s assessment of fraud considers incentives and pressures, attitudes,and rationalizations, as well as opportunity to commit fraud

2. The organization’s assessment considers risk factors that influence the likelihoodsomeone committing a fraud and the impact of a fraud on financial reporting

3. Responsibility and accountability for fraud policies and procedures reside with themanagement of the business function in which the risk resides

D. Financial reporting information relies on pertinent information being identified, captured, used at all levels of the organization, and distributed in a form and timeframe that supports achievement of financial reporting objectives

1. Data underlying financial statements is captured completely, accurately and timely

2. Information is identified and captured for all financial transactions and events

3. Information is used for adjesting entries and accounting estimates, as well asmonitoring the reasonableness of recorded transations

4. Information is developed using internal and external sources

5. Operating information used to develop accounting and financial information serves asa basis for reliable financial reporting

6. Information systems produce information that is timely, current, accurate andaccessible

E. Information necessary to facilitate the functioning of other control components should be identified, captured, used, and distributed in a form and timeframe that enables personnel to carry out their internal control responsibilities

1. Date required to execute each control component is captured completely, accurately,timely, and in compliance with laws and regulations


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

24

2. Reporting triggers prompt exception resolution, root-cause analysis, and controlupdates, as needed

3. The quality of system information is periodically reviewed to assess its reliability andtimeliness in meeting the company’s internal control objectives

F. Policies related to reliable finnacial reporting should be established and communicated throughout the entity, with corresponding procedures resulting in management directives to be carried out

1. Control activities are built into operational processes and day-to-day activities to the

extent possible

2. Responsibility for accountability for policies and procedures resides with themanagement of the business or function in which the relevant risk resides

3. Procedures are performed in a timely manner

4. Procedures are implemented thoughtfully, conscientiously, and consistently, andconsistently across the entity

5. Procedures reflect policies developed at the senior management level and aredeveloped in increasing specificity within each layer of the organization (e.g.,functions, departments, and processes)

6. Conditions identified as a result of executing procedures are investigated andappropriate actions are taken

7. Policies and procedures are periodically reviewed to determine continued relevance

Notes :_______________________________________________________ ___________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

_____________________________________________________________ __________

______________________________________________________________ ____

________________________________________________________________________

________________________________________________________________________



￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

25

MONITORING CONTROL EFFECTIVENESS

A. Primary Purpose of Monitoring

1. Provides comfort on whether controls continue to operate effectively over time, asunmonitored controls tend to deteriorate over time

2. Gathers important information for targeting more detailed testing of the control system

3. All five components of internal control must be appropriately designed and operatingeffectively, but proper monitoring allows for tradeoffs in the strength of variouscomponents, as well as the scope and testing of control assessment work

4. Includes monitoring any changes in the contorl environment

5. Consider control activities conducted at higher levels as a part of monitoring

6. May be manual or automated

7. Ineffective monitoring leads to internal control breakdowns which reduce theefficiency of the entire internal control system, which may limit an entity’s ability tofocus limited resources in the areas of greatest risk

B. Benefits to an Entity That Properly Monitors Internal Control

1. Identifies and corrects internal control problems on a timely basis

2. Produces more accurate and reliable information for use in decisionmaking

3. Prepares accurate and timely financial statements

4. Is in a position to provide periodic certifications or assertions on the effectiveness ofinternal contorl

5. Over time, can lead to organizational efficiencies and reduced costs

6. Problems are identified and addressed in a proactive rather than a reactive manner


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

26

C. Important Foundational Elements for Monitoring

1. Proper tone at the top regarding the importance of monitoring

2. Effective organizational structure that assigns monitoring roles to people withappropriate capabilities, objectivity and authority

3. A starting point, or baseline, of known effective internal control from which ongoingmonitoring and separate evaluations can be implemented

4. Uses persuasive information about the operation of key contorls that addressmeaningful risks to entity objectives

5. Includes evaluating the severity of any identified deficiencies and reporting themonitorig results of the appropriate personnel and those charged with governance fortimely action and follow-up, if needed

6. Appropriate communication depends on the level of identified risk and the importanceof the related controls

D. Competence of Evaluators Important for Effective and Efficient Monitoring

1. Individuals within the organization with appropriate skills, knowledge and authority

2. Knowledge of the controls and related processes is critical

3. Includes how controls should operate and what constitutes a control weakness

4. Must understand the risks that controls are intended to mitigate

5. Should be objective and free of factors that might influence inaccurate or incompletereporting, including a vested interest in the outcome of the monitoring procedures

E. Smaller Entity Considerations

1. Nature, size and complexity of entity may impact the design and conduct of monitoring

2. Larger entities rely on competent and objective parties closer to operations to performmonitoring activities on behalf of management and those charged with governance

3. Smaller entity management and those charged with governance tend to have moreimplicit knowledge and control operation

Corporate Governance ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾

27

4. Larger entities require more formalized policies and procedures regardingaggregation, evaluation and reporting of weaknesses to management and thosecharged with governance

5. Smaller entities require less documentation to support monitoring conclusions

Notes :_______________________________________________________ ___________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

_____________________________________________________________ __________

______________________________________________________________ ____

________________________________________________________________________

________________________________________________________________________


Proactive-----Reactive

Starting point-----Baseline


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

1. Which of the following documents would most likely contain specific rules for the

management of a business corporation?

a. Articles of incorporation.

b. Bylaws.

c. Certificate of authority.

d. Shareholders’ agreement.

2. In general, which of the following must be contained in articles of incorporation?

a. Names of states in which the corporation will be doing business.

b. Name of the state in which the corporation will maintain its principal place of business.

c. Names of the initial officers and their terms of office.

d. Number of shares of stock authorized to be issued by the corporation.

3. Which of the following corporate actions is subject to shareholder approval?

a. Election of officers.

b. Removal of officers.

c. Declaration of cash dividends.

d. Removal of directors.

4. Which of the following actions is required to ensure the validity of a contract between a

corporation and a director of the corporation?

a. An independent appraiser must render to the board of directors a fairness opinion on the

contract.

b. The director must disclose the interest to the independent members of the board and

refrain from voting.

c. The shareholders must review and ratify the contract.

d. The director must resign from the board of directors.

28

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

29

5. The board of directors performs all of the following duties except

a. Managing day-to-day operations.

b. Selection and removal of officers.

c. Adding or repealing bylaws.

d. Initiation of fundamental changes.

6. The principle that protects corporate directors from personal liability for acts performed in

good faith on behalf of the corporation is known as

a. The clean hands doctrine.

b. The full disclosure rule.

c. The responsible person doctrine.

d. The business judgment rule.

7. The proper organization role of internal auditing is to

a. Assist the external auditor to reduce external audit fees.

b. Help manage operations of the organization.

c. Serve as the investigative arm of the board of directors.

d. Serve as an independent, objective assurance and consulting activity that adds value to

operations.

8. The reporting structure that is most likely to allow the internal audit activity to accomplish

its responsibilities is to report administratively to the

a. Board and functionally to the chief executive officer.

b. Controller and functionally to the chief financial officer.

c. Chief executive officer and functionally to the board of directors.

d. Chief executive officer and functionally to the external auditor.

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

9. An internal auditor who had been supervisor of the accounts payable section should not

perform an assurance review of that area

a. Because there is no way to measure a reasonable period of time in which to establish

independence.

b. Until at least 1 year has elapsed.

c. Until after the next annual review by the external auditors.

d. Until it is clear that the new supervisor has assumed the responsibilities.

10. The actions taken to manage risk and increase the likelihood that established objectives

and goals will be achieved are best described as

a. Supervision.

b. Quality assurance.

c. Control

d. Compliance.

11. The authority of the internal audit activity is limited to that granted by

a. The board and the controller.

b. Senior management and the Standards.

c. Management and the board.

d. The board and the chief financial officer.

12. What is the responsibility of the internal auditor with respect to fraud?

a. The internal auditor should have sufficient knowledge to identify the indicators of fraud but

is not expected to be an expert.

b. The internal auditor should have the same ability to detect fraud as a person whose

primary responsibility is detecting and investigating fraud.

c. An internal auditor should have sufficient knowledge and training so that (s) he is able to

detect fraud.

d. An internal auditor’s primary role is to detect and investigate fraud.

30

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

31

13. The Sarbanes-Oxley Act of 2002 has strengthened auditor independence by requiring

that management

a. Engage auditors to report in accordance with the Foreign Corrupt Practices Act.

b. Report the nature of disagreements with former auditors.

c. Select auditors through audit committees.

d. Hire a different CPA firm from the one that performs the audit to perform the company’s

tax work.

14. Under the Sarbanes-Oxley Act of 2002 (SOX),

a. At least one member of the audit committee must be a financial expert.

b. The chairman of the board of directors must be a financial expert.

c. The audit committee must rotate at least one seat on an annual basis.

d. All members of the audit committee must be financial experts.

15. The Sarbanes-Oxley Act of 2002(SOX) imposes which of the following requirements?

a. The board of directors must be composed entirely of independent shareholders.

b. At least one member of the audit committee must be a former partner of the independent

public accounting firm.

c. The audit committee must be composed entirely of independent members of the board.

d. Once the audit committee has selected the independent public accounting firm, the

committee must not interfere with the firm’s conduct of the financial statement audit.

16. Which of the following is most likely a violation of the rules of the Public Company

Accounting Oversight Board (PCAOB)?

a. An issuer’s independent auditor also performs consulting work for the issuer on the design

and operation of its internal controls.

b. An issuer offers its common shares and preferred shares on different stock exchanges.

c. An issuer’s management is not independent of its board of directors.

d. An issuer uses the same independent auditor in 2 consecutive years.

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

17. Section 302 of the Sarbanes-Oxley Act of 2002(SOX) requires the CEO and CFO, in

every annual or quarterly filing with the SEC, to certify all of the following expect

a. That they have taken every practical step to correct significant control deficiencies

identified in the previous audit.

b. That they have evaluated the effectiveness of the system of internal control.

c. That they have taken responsibility for the system of internal control.

d. That to the best of their knowledge, the financial statements are free of material

misstatements.

18. Under the reporting requirements of Section 404 of the Sarbanes-Oxley Act of

2002(SOX), the CEO and CFO must include a statement in the annual report to the effect

that

a. The system of internal control has been assessed by an independent public accounting

firm that is registered with the PCAOB.

b. The system of internal control has been assessed by an independent public accounting

firm that is not currently the subject of any PCAOB investigation.

c. The board of directors has taken responsibility for establishing and maintaining an

adequate system of internal control over financial reporting.

d. The issuer has used the COSO model to design and assess the effectiveness of its

system of internal control.

19. Internal control is a process designed to provide reasonable assurance regarding the

achievement of objectives related to

a. Reliability of financial reporting.

b. Effectiveness and efficiency of operations.

c. Compliance with applicable laws and regulation.

d. All of the answers are correct.

32

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

33

20. Internal control can provide only reasonable assurance that the entity’s objectives and

goals will be met efficiently and effectively. One factor limiting the likelihood of achieving

those objectives is that

a. The internal auditor’s primary responsibility is the detection of fraud.

b. The audit committee is active and independent.

c. The cost of internal control should not exceed its benefits.

d. Management monitors performance.

21. Which of the following represents an inherent limitation of internal controls?

a. Bank reconciliations are not performed on a timely basis.

b. The CEO can request a check with no purchase order.

c. Customer credit checks are not performed.

d. Shipping documents are not matched to sales invoices.

22. The policies and procedures helping to ensure that management directive are executed

and actions are taken to address risks to achievement of objectives are best described as

a. Risk assessments.

b. Control environments.

c. Control activities.

d. Monitoring activities.

23. Which term best reflects the attitude and actions of the board and management

regarding the significance of control within the organization?

a. Risk assessment.

b. Control activities.

c. Control environment.

d. Monitoring.

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

24. Management’s aggressive attitude toward financial reporting and its emphasis on

meeting projected profit goals most likely would significantly influence an entity’s control

environment when

a. The audit committee is active in overseeing the entity’s financial reporting policies.

b. External policies established by parties outside the entity affect its accounting practices.

c. Management is dominated by one individual who is also a shareholder.

d. Internal auditors have direct access to the board of directors and entity management.

25. Control activities constitute one of the five components of internal control described in

the COSO model. Control activities do not encompass

a. Performance reviews.

b. Information processing.

c. Physical controls.

d. An internal auditing function.

26. Enterprise risk management (ERM) helps managements achieve all of the following

except

a. Reaching objective.

b. Reporting on a timely basis.

c. Preventing loss of reputation and resources.

d. Complying with laws and regulations.

27. Which on the following is a category of objectives of ERM?

a. Compliance.

b. Control expenses.

c. Planning.

d. Information and communication.

34

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円


￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣

35

28. The components of ERM should be present and functioning effectively. What dose

“present and functioning effectively” mean?

Ⅰ. No material weaknesses exist.

Ⅱ. Risk is within the risk appetite.

a. Ⅰ only

b. II only.

c. Both I and II.

d. Neither I nor II

29. Inherent risk is

a. A potential event that will adversely affect the organization.

b. Risk response risk.

c. The risk after management takes action to reduce the impact or likelihood of an adverse

event.

d. The risk when management has not taken action to reduce the impact or likelihood of an

adverse event.

30. Under the COSO’s ERM framework, which of the following most accurately describes

risk management responsibilities?

a. In practice, management has primary responsibility.

b. The internal audit activity has an oversight role.

c. The board provides assurance about the effectiveness of ERM.

d. The chief audit executive should serve as chief risk officer.

31. Which of the following members of an organization has ultimate ownership responsibility

of the enterprise risk management, provides leadership and direction to senior managers,

and monitors the entity’s overall risk activities in relation to its risk appetite?

a. Chief risk officer.

b. Chief executive officer.

c. Internal auditors.

d. Chief financial officer.

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Yoko Sobajima

楕円

Documents

Corporate Governance KB表紙 - Weebly · 2018. 9. 5. · 5. If a board of directors is not required, general concepts may still apply to those charged with governance (e.g., executive