2011 B-1A Summary Notes

2011 Edition- Business Final Review

BUSINESS l A Corporate Governance

+ Rights, Duties, Responsibilities, and Authority of the

Board of Directors, Officers, and Other Employees

+ Control Environment

lA-1 © 2010 DeVry/Becker Educational Development Corp. All rights reserved.


NOTES

lA-2 1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.


SUMMARY NOTES

I. RIGHTS, DUTIES, RESPONSIBILITIES AND AUTHORITY OF THE BOARD OF DIRECTORS, OFFICERS, AND OTHER EMPLOYEES

A. Financial Reporting

The financial reporting issues associated with corporate governance generally relate to the provisions of the Sarbanes Oxley Act of 2002 (also called SOX). SOX has numerous provisions for expanded disclosures and specific representations by management that are described in two major titles.

1. Title Ill - Corporate Responsibility

a. Public companies (also known as issuers) must have an audit committee

b. The audit committee is comprised of board members who are independent of the company other than their membership on the board of directors. (To be independent, an audit committee member cannot be a paid consultant).

c. The external auditor reports to the audit committee.

d. The Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) have to sign off on published reports and represent that the reports are truthful and neither include falsehoods nor exclude material information.

e. The CEO and CFO represent that they are responsible for internal controls and that the controls are designed to ensure that all material information has been made available to the auditors, and that controls have been evaluated for effectiveness.

f. The CEO and CFO must represent whether there have been any significant changes to internal control.

g. If the CEO or CFO falsify information about the financial statements, a potential penalty may include that they repay the issuer any bonuses that are equity based or repay any gains they realized on the sale of the issuer's stock.

h. Other penalties also exist.

2. Title IV-Enhanced Financial Disclosures

a. Management must assess the organization's internal controls and make disclosure of that assessment.

b. Issuers must disclose that managers are subject to a code of ethics.

c. Audit committees must have a financial expert. The financial expert is an individual who has expertise developed through education or experience as an auditor or finance officer for an organization of similar complexity.

d. The financial expert must be disclosed.

lA-3 Cl 2010 DeVry/Becker Educational Development Corp. All rights reserved.

Derek

Sticky Note

1. section 906 -SOX requires the CEO and CFO certify accuracy of Fin Reports Section 404 - Mgt provides internal controls and audit gives assessment (Internal Control) If Fin Report found in accuracy Penalty 10-20 year AND fine of up to 5 million dollars. Under SOX, anyone who purposely defrauds a company or person can be fined AND imprisoned up to 25 years. Destruction/concealment of documentation with the intent to obstruct investigation Penalty fine OR imprisonment up to 20 years Punishment for inhibiting whistle blowers Penalty. Fine AND up to 10 years.


B. Internal Control (Including COSO)

The Committee on Sponsoring Organizations (COSO), an independent private sector initiative, was initially established in the mid 1980's to study the factors that can lead to fraudulent financial reporting. The private 'sponsoring organizations' included the five major financial professional associations in the United States. In 1992, the COSO issued Internal Control- Integrated Framework (the Framework) to assist organizations in developing comprehensive assessments of internal control effectiveness. The COSO's Framework is widely regarded as an appropriate and comprehensive basis to document the assessment of internal controls over financial reporting.

1. The COSO Framework is comprised of five components that logically begin with the lone at the top and conclude with monitoring the effectiveness of internal controls. Each component is supported by principles.

a. Control Activities

(1) The policies and procedures that respond to the risk assessment are the subject of the control activities component.

(2) Principles of control activities include policies and procedures, the selection of policies and procedures, and information and technology.

b. Risk Assessment

(1) The objective of financial reporting is generally fair presentation in accordance with GAAP.

(2) Financial reporting objectives and risks as well as fraud risks are principles of this component.

c. Information and Communication

(1) Capturing and processing information is the idea of the information and communication principle.

(2) Financial reporting and internal control information as well as internal and external information are supporting principles of the information and communication component.

d. Monitoring

(1) Monitoring the effectiveness of internal control is the goal ofthe monitoring component.

(2) Monitoring by way of ongoing and separate evaluations and reporting findings (deficiencies) are the related principles.

e. Control Environment

(1) Referred to as the 'lone at the top.'

(2) Ethics, Board oversight, financial reporting competencies, and organizational structure are the types of foundational principles that define this component (see below).

2. Smaller Organizations May Adapt to the COSO Framework

a. Size considerations may limit the number of specialized internal audit and monitoring functions undertaken.

b. Involvement of the owners is often a strong feature of controls in smaller organizations.



C. Enterprise Risk Management (Including COSO)

In 2004, the COSO issued Enterprise Risk Management- Integrated Framework (ERM) to assist organizations in developing a comprehensive response to risk management. The intent of enterprise risk management is to allow management to effectively deal with uncertainty, evaluate risk acceptance, and build value.

1. ERM seeks to align risk appetite and strategy.

2. Organizational responses to risk may be risk avoidance, risk reduction, risk sharing, or risk acceptance.

3. ERM anticipates a three dimensional model that coordinates an organization's four objectives by risk management component by layer of the organization.

4. Objectives may be strategic, operations, reporting or compliance.

5. The components of ERM follow in logical sequence as follows:

a. Internal Environment

(1) The tone of the organization.

(2) The risk consciousness of the staff are influenced by the internal environment.

b. Objective Setting

(1) Strategic objectives establish the basis for related operations, reporting and compliance objectives.

(2) Objectives are aligned with the risk tolerances (risk appetite) of the organization.

c. Event Identification

(1) Events are identified that may positively impact the organization's ability to meet objectives (opportunities).

(2) Events are identified that negatively impact the organizations ability to meet objectives (risks).

(3) Risk and opportunities consider internal and external factors.

d. Risk Assessment

(1) Management assesses the likelihood (probability) and impact (severity) of events.

(2) Management looks at risk on an inherent basis (what may occur if no risk response is taken) and a residual basis (what risk is left after consideration of a risk response).

e. Risk Response

(1) Risk response can be risk avoidance, reduction, sharing, or acceptance.

(2) Risk response is considered in relation to affect on likelihood and severity and in relation to cost benefit.

f. Control Activities

Control activities are the policies and procedures that carry out risk response.

g. Information and Communication

Information is gathered and communicated in time to respond to risk.

lA·S 1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.


h. Monitoring

Risk management is assessed for presence and functioning over time.

6. Layers of the organization are entity-level: division, business unit and subsidiary.

SUMMARY OF COSO FRAMEWORK COMPONENTS

lntemol Control Fratrlf!work (Finandoll'f!port/ng} ERM Framf!work (Entity-with managemf!nt}

Control Enyironment Internal Enylronment

1. Integrity and Ethical Values 1. Risk management philosophy

2. Board of Directors 2. Risk appetite

3. Management's Philosophy and Operating Style 3. Board of Directors

4. Organizational Structure 4. Integrity and Ethical Values

5. Financial Reporting Competencies 5. Commitment to Competence

6. Authority and Responsibility 6. Organizational Structure

7. Human Resources 7. Assignment of Authority and Responsibility

8. Human Resources Standards

Oblectlve Setting

1. Strategic objectives

2. Related objectives

3. Selected objectives

4. Risk Appetite

5. Risk Tolerances

Event Identification

1. Events

2. Influencing Factors

3. Event Identification Techniques

4. Event Interdependencies

5. Event Categories

6. Distinguishing Risks and Opportunities

Risk Assessment Risk Assessment

1. Financial Reporting Objectives 1. Inherent and residual risk

2. Financial Reporting Risks 2. Establishing Likelihood and Impact

3. Fraud Risk 3. Data Sources

4. Assessment Techniques

5. Event Relationships

Risk ResPonse

1. Evaluating Possible Responses

2. Selected Responses

3. Portfolio View

Control Activities Control Activities

1. Risk Assessment Integration 1. Integration with Risk Response

2. Selection and Development 2. Types of Control Activities

3. Policies and Procedures 3. Policies and Procedures

4. Information and Technology 4. Controls over Information Systems

5. Entity Specific

Information and Communication Information and Communication

1. Financial Reporting Information 1. Information

2. Internal Control Information 2. Communication

3. Internal Communication

4. External Communication

Monitoring Monitoring

1. Ongoing and separate evaluations 1. Ongoing monitoring activities

2. Reporting deficiencies 2. Separate Evaluations

3. Reporting deficiencies



II. CONTROL ENVIRONMENT

A. Tone at the Top - Establishing Control Environment

Control environment considers:

1. The ethics and integrity of management demonstrated at all levels.

2. The Board of Directors active engagement in oversight (regular meetings, audit committee, etc.).

3. Management's philosophy and operating style represents commitment of full and fair financial reporting (i.e., properly documented transactions).

4. Organizational structure that is fully compatible with effective financial reporting (documented job descriptions, internal audit reporting lines outside of finance).

5. Management is committed to hiring and maintaining staff that are competent with regard to effective financial reporting.

6. Authority and responsibility are assigned effectively throughout the organizational structure.

7. Human Resource policies established to recruit and retain competent employees and regularly evaluate the competency of employees.

B. Monitoring Control Effectiveness

1. Ongoing evaluations can be made by line staff.

2. Separate evaluations might be undertaken by internal auditors or ad hoc committees.

3. Deficiencies should be reported to levels of management at least one level above the process owner or manager responsible for applying the controls.

C. Change Control Process

1. Less complex systems generally install pre-packaged software. Change control involves manufacturer patches. The individuals responsible for making the change and putting the change into production should be segregated.

2. More complex systems require adaptation to more sophisticated requirements. Changes that require documentation should be defined and the individuals responsible for making the change and putting the change into production should be segregated.

1A·7 1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.


NOTES



MULTIPLE-CHOICE QUESTIONS

QUESTION 1

Which of the following is true of audit committees under the provisions of the Sarbanes Oxley Act of 2002?

1. A majority of the audit committee must consist of financial experts.

2. No financial experts are required if the audit committee can consult with either the auditor or the chief financial officer.

3. At least one audit committee member must be a financial expert.

4. At least two audit committee members must be financial experts and one must be a CPA.

QUESTION 2

Which of the following is true regarding a financial expert serving on the audit committee of an issuer that is complying with the Sarbanes Oxley Act of 2002?

1. The audit committee member may qualify for recognition as a financial expert using most any combination of education and experience.

2. An audit committee member must have been a member of the board of directors for five years before serving as a financial expert.

3. An audit committee member qualifying as a financial expert must have adequate technical training and experience as an auditor.

4. Disclosure of the financial expert is made at the election of the audit committee.

QUESTION 3

The Committee on Sponsoring Organization's (COSO) Internal Control- Integrated Framework includes a risk assessment component that includes all of the following in its principles, except:

1. Choices of financial accounting principles

2. Adequacy of disclosures

3. Fraud

4. Organizational structure

QUESTION 4

The Committee on Sponsoring Organization's (COSO) Internal Control- Integrated Framework includes five distinct components that include all the following, except:

1. Control environment.

2. Risk assessment.

3. Risk response.

4. Control activities.



QUESTION 5

An issuer concluding as to the effectiveness of the design and operation of internal control under the Sarbanes Oxley Act of 2002 would most likely look to what document or source for guidance on the evaluation of internal control and related documentation?

1. Sarbanes Oxley Act of 2002.

2. Internal Control- Integrated Framework.

3. Enterprise Risk Management- Integrated Framework.

4. Statements on Auditing Standards.



TASK-BASED SIMULATIONS

TASK-BASED SIMULATION 1: Written Communication

Written Communication

Paste I It) Undo (111 Redo

The Chairman of the Board of Directors is worried about the upcoming audit. Specifically, he is concerned about how he will prove to the auditors that the Board of Directors has fulfilled its' oversight function in accordance with the COSO Internal Control-Integrated Framework. As the Chief Financial Officer, draft a memo to the Chairman describing what the auditors might look for in regards to the following board attributes:

• Operates independently

• Monitors risk

• Retains financial reporting expertise

• Oversees audit activities

Type your communication in the response area below using the word processor provided.

REMINDER: Your response will be graded for both technical content and writing skills. Technical content will be evaluated for information that is helpful to the intended reader and clearly relevant to the issue. Writing skills will be evaluated for development, organization, and the appropriate expression of ideas in professional correspondence. Use a standard business memo or letter format with a clear beginning, middle, and end. Do not convey information in the form of a table, bullet point list, or other abbreviated presentation.

To:

Subject:

Chairman, Board of Directors

Board Oversight

[Response area]

I Slnce,ely,

Chief Financial Officer

MEMORANDUM

lA-11 © 2010 DeVry/Becker Educational Development Corp. All rights reserved.


TASK-BASED SIMULATION 1: Solution

MEMORANDUM

To: Chairman, Board of Directors

Subject: Board Oversight

The purpose of this memo is to identify and explain the kinds of activities that will enable the auditors to conclude that the

Board of Directors is fulfilling its' oversight function in accordance with the COSO Internal Control-Integrated Framework.

One of the characteristics of an effective board is the ability of each member to provide independent advice to our company.

You may recall, annually our company requires each board member to disclose in writing any personal relationships and

material direct or indirect financial transactions with our company. In addition to this, we have a process in place where the

Vice President of the board reviews these disclosures and evidences his review via signature on the certification statement.

Before any vote is taken, the VP verbally reminds board members to vote independently and, if applicable, has the power to

ask board members to recuse themselves from the vote in the event that they are not entirely independent on the issue at

hand. While our by-laws document the responsibilities of the Vice President, the board minutes document the actions of the

board and VP, consistent with the policy defined in the by-laws. Rest assured that the auditors will review both of these

documents and find the evidence to support a conclusion on board oversight.

We also have a separate nominating committee that identifies and screens potential board members. Evidence that the

nominating committee has performed their duties includes a review of background checks performed as well as the written

recommendations made by this committee.

Another attribute that the auditors will assess is the board's ability to monitor risk. One of the most powerful ways to

demonstrate effective board oversight is to establish an empowered audit committee with the authority and responsibility to

meet privately with internal and external auditors and respond directly to significant audit findings. Even staffing the audit

committee with knowledgeable financial professionals such as CPA's provides additional comfort to auditors that the board

has the capacity to understand the gravity of the issues put before the them. While the auditors have both the charter and

by-laws to support the creation and empowerment of the audit committee, their selection and retention provides further

support that the audit committee is actually performing the responsibilities assigned to it.

Further proof of effective oversight can be obtained by reviewing the certification statements made by the audit committee,

which attest to review activities performed and decisions made. In addition, the board minutes document the adoption of

new accounting policies and procedures. And lasHy, the auditors can examine whistleblower logs to determine how

complaints were handled and the timeliness of the board response.

As you can see, we have a number of mechanisms already in place that will objectively demonstrate the effectiveness of

our board. The board does an excellent job and you will be very well prepared to speak to these issues with our auditor.

Feel free to contact me should need anything further regarding this matter.

Sincerely,

Chief Financial Officer

lA-lZ 1:1 2010 DeVry/Becker Educational Development Corp. All rights reserved.

2011 B-1A Summary Notes

Documents

Transcript of 2011 B-1A Summary Notes