BEC CPA COMPLETE QUESTIONS AND ANSWERS 2024
Principals-based approach of COSO framework 🗸 management judgement
3 objectives of COSO 🗸 O-operating objectives (effectiveness and efficiency)
R-reporting objectives (reliability, timeliness, transparency)
C-compliance objectives (adhering to laws and regulations)
5 Components of COSO Framework 🗸 1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
Control Environment (EBOCA) 🗸 Ethics
Board independence and oversight Org. structure Commitment to competence Accountability
Risk Assesment (SAFR) 🗸 Specify objectives
Assess and identify changes
Fraud potential Risk (analyzed)
Information and Communication (OIE) 🗸 Obtain and use information Internally communicate information External parties communication
Monitoring (So D) 🗸 Separate/ongoing evaluations Deficiencies communicated Existing Control Activities (CA T P) 🗸 Control Activities Technology controls
Policies and procedures
According to the COSO Enterprise Risk Management, what is the definition of risk 🗸 Risk is the possibility that events will occur and affect the achievement of strategy and business objectives
ERM 🗸 Enterprise Risk Management is the culture, capabilities, and practices integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving and realizing value
5 components of ERM 🗸 G-governance and culture O-objective setting/strategy P-performance R-review and revision O-ongoing information, communication, and reporting
Governance & Culture ("DOVES") 🗸 D-desired culture
O-oversight from board
V-values commitment E-employees (capable)
S-structure established
Objective setting/strategy (SOAR) 🗸 S-strategies (alternative)
O-objectives (business)
A-analyzes business context
R-defines risk appetite
Performance (VAPIR) 🗸 V-view (portfolio)
A-assesses severity of risk
P-prioritizes risk
I-identifies risks (events)
R-responses to risk implemented Review and revision (SIR) 🗸 S-substantial change
I-improvement in ERM
R-reviews risk and performance
Ongoing information, communication, reporting (TIP) 🗸 T-technology and information leveraged I-information risk communicated P-performance and risk culture reports
Inherent Risk (ERM) 🗸 risk to an entity in the absence of any direct or focused actions by management to alter its severity
Target residual risk 🗸 risk entity prefers to assume knowing that management will or took action to alter the severity of the risk
Actual residual risk 🗸 risk remaining after management has taken action
5 common risk responses 🗸 Avoid
Share
Accept Pursue
Reduce
Title III of the Sarbanes-Oxley Act, "Corporate Responsibility," includes the following topics pertaining to financial reporting: 🗸 Public company audit committees Corporate responsibility for financial repots Improper influence on conduct of audits Forfeiture of certain bonuses and profits
Audit Committee Responsibilities 🗸 1. Appointment of the auditor 2. Compensation of the auditor 3. Oversight of the auditor a. resolve disagreements between management and the auditor b. the auditor reports directly to the audit committee
The Sarbanes-Oxley Act defines the criteria for the independence of audit committee members for issuers as: 🗸 1.
Each member of the audit committee shall be a member of the board of directors of the issuer but shall be otherwise independent 2. audit committee members may not accept any consulting, advisory, or other compensation or fees from the issuer other than pursuant to their role on the board 3. audit committee members may not be an affiliated person (a person who can influence financial decisions) of the issuer or any subsidiary of the issuer.
SOX assigns the following corporate responsibilities regarding internal controls that must accompany financial reports: 🗸 The CEO and CFO must certify the following for annual and quarterly reports: 1. The officers are responsible for establishing and maintaining internal controls 2. internal control is designed to ensure that material information is provided to internal and external users 3. internal controls have been evaluated within 90 days prior to the report 4. the officer's conclusions regarding internal control effectiveness as of the evaluation date
SOX required disclosures to the auditors and the audit committee by officers 🗸 The CEO and CFO must certify the following for annual and quarterly reports to the auditors and the audit committee:
1. All significant deficiencies in the design or operation of internal controls 2. any fraud, whether or not material, that involves management
SOX penalties on officers who are responsible for material misstatements resulting from their misconduct. Penalties include: 🗸 1. refund to the issuer of any bonus or other incentive-based or equity-based compensation during the 12-month period following the first public issuance of the financial document 2. Refund any profits realized from the sale of the securities of the issuer during the 12-month period following the first public issuance of the financial document
Title IV SOX (Enhanced Financial Disclosures) 🗸 -disclosures in periodic reports -enhanced conflict-of-interest provisions -disclosure of transactions involving principal stockholders
Principals-based approach of COSO framework 🗸 management judgement
3 objectives of COSO 🗸 O-operating objectives (effectiveness and efficiency)
R-reporting objectives (reliability, timeliness, transparency)
C-compliance objectives (adhering to laws and regulations)
5 Components of COSO Framework 🗸 1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
Control Environment (EBOCA) 🗸 Ethics
Board independence and oversight Org. structure Commitment to competence Accountability
Risk Assesment (SAFR) 🗸 Specify objectives
Assess and identify changes
Fraud potential Risk (analyzed)
Information and Communication (OIE) 🗸 Obtain and use information Internally communicate information External parties communication
Monitoring (So D) 🗸 Separate/ongoing evaluations Deficiencies communicated Existing Control Activities (CA T P) 🗸 Control Activities Technology controls
Policies and procedures
According to the COSO Enterprise Risk Management, what is the definition of risk 🗸 Risk is the possibility that events will occur and affect the achievement of strategy and business objectives
ERM 🗸 Enterprise Risk Management is the culture, capabilities, and practices integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving and realizing value
5 components of ERM 🗸 G-governance and culture O-objective setting/strategy P-performance R-review and revision O-ongoing information, communication, and reporting
Governance & Culture ("DOVES") 🗸 D-desired culture
O-oversight from board
V-values commitment E-employees (capable)
S-structure established
Objective setting/strategy (SOAR) 🗸 S-strategies (alternative)
O-objectives (business)
A-analyzes business context
R-defines risk appetite
Performance (VAPIR) 🗸 V-view (portfolio)
A-assesses severity of risk
P-prioritizes risk
I-identifies risks (events)
R-responses to risk implemented Review and revision (SIR) 🗸 S-substantial change
I-improvement in ERM
R-reviews risk and performance
Ongoing information, communication, reporting (TIP) 🗸 T-technology and information leveraged I-information risk communicated P-performance and risk culture reports
Inherent Risk (ERM) 🗸 risk to an entity in the absence of any direct or focused actions by management to alter its severity
Target residual risk 🗸 risk entity prefers to assume knowing that management will or took action to alter the severity of the risk
Actual residual risk 🗸 risk remaining after management has taken action
5 common risk responses 🗸 Avoid
Share
Accept Pursue
Reduce
Title III of the Sarbanes-Oxley Act, "Corporate Responsibility," includes the following topics pertaining to financial reporting: 🗸 Public company audit committees Corporate responsibility for financial repots Improper influence on conduct of audits Forfeiture of certain bonuses and profits
Audit Committee Responsibilities 🗸 1. Appointment of the auditor 2. Compensation of the auditor 3. Oversight of the auditor a. resolve disagreements between management and the auditor b. the auditor reports directly to the audit committee
The Sarbanes-Oxley Act defines the criteria for the independence of audit committee members for issuers as: 🗸 1.
Each member of the audit committee shall be a member of the board of directors of the issuer but shall be otherwise independent 2. audit committee members may not accept any consulting, advisory, or other compensation or fees from the issuer other than pursuant to their role on the board 3. audit committee members may not be an affiliated person (a person who can influence financial decisions) of the issuer or any subsidiary of the issuer.
SOX assigns the following corporate responsibilities regarding internal controls that must accompany financial reports: 🗸 The CEO and CFO must certify the following for annual and quarterly reports: 1. The officers are responsible for establishing and maintaining internal controls 2. internal control is designed to ensure that material information is provided to internal and external users 3. internal controls have been evaluated within 90 days prior to the report 4. the officer's conclusions regarding internal control effectiveness as of the evaluation date
SOX required disclosures to the auditors and the audit committee by officers 🗸 The CEO and CFO must certify the following for annual and quarterly reports to the auditors and the audit committee:
1. All significant deficiencies in the design or operation of internal controls 2. any fraud, whether or not material, that involves management
SOX penalties on officers who are responsible for material misstatements resulting from their misconduct. Penalties include: 🗸 1. refund to the issuer of any bonus or other incentive-based or equity-based compensation during the 12-month period following the first public issuance of the financial document 2. Refund any profits realized from the sale of the securities of the issuer during the 12-month period following the first public issuance of the financial document
Title IV SOX (Enhanced Financial Disclosures) 🗸 -disclosures in periodic reports -enhanced conflict-of-interest provisions -disclosure of transactions involving principal stockholders
