BEC CPA Tested Questions and Answers 2025/2026 Graded
A+
Monitoring (So D) - Separate/ongoing evaluations
Deficiencies communicated
Existing Control Activities (CA T P) - Control Activities
Technology controls
Policies and procedures
According to the COSO Enterprise Risk Management, what is the definition of risk -
Risk is the possibility that events will occur and affect the achievement of strategy and
business objectives
ERM - Enterprise Risk Management is the culture, capabilities, and practices integrated
with strategy-setting and performance, that organizations rely on to manage risk in
creating, preserving and realizing value
5 components of ERM - G-governance and culture
O-objective setting/strategy
P-performance
R-review and revision
O-ongoing information, communication, and reporting
Governance & Culture ("DOVES") - D-desired culture
O-oversight from board
V-values commitment
E-employees (capable)
S-structure established
Objective setting/strategy (SOAR) - S-strategies (alternative)
O-objectives (business)
A-analyzes business context
R-defines risk appetite
Performance (VAPIR) - V-view (portfolio)
A-assesses severity of risk
P-prioritizes risk
I-identifies risks (events)
R-responses to risk implemented
Review and revision (SIR) - S-substantial change
I-improvement in ERM
R-reviews risk and performance
,Ongoing information, communication, reporting (TIP) - T-technology and information
leveraged
I-information risk communicated
P-performance and risk culture reports
Inherent Risk (ERM) - risk to an entity in the absence of any direct or focused actions by
management to alter its severity
Target residual risk - risk entity prefers to assume knowing that management will or took
action to alter the severity of the risk
Actual residual risk - risk remaining after management has taken action
5 common risk responses - Avoid
Share
Accept
Pursue
Reduce
Title III of the Sarbanes-Oxley Act, "Corporate Responsibility," includes the following
topics pertaining to financial reporting: - Public company audit committees
Corporate responsibility for financial repots
Improper influence on conduct of audits
Forfeiture of certain bonuses and profits
Audit Committee Responsibilities - 1. Appointment of the auditor
2. Compensation of the auditor
3. Oversight of the auditor
a. resolve disagreements between management and the auditor
b. the auditor reports directly to the audit committee
The Sarbanes-Oxley Act defines the criteria for the independence of audit committee
members for issuers as: - 1. Each member of the audit committee shall be a member of
the board of directors of the issuer but shall be otherwise independent
2. audit committee members may not accept any consulting, advisory, or other
compensation or fees from the issuer other than pursuant to their role on the board
3. audit committee members may not be an affiliated person (a person who can
influence financial decisions) of the issuer or any subsidiary of the issuer.
SOX assigns the following corporate responsibilities regarding internal controls that
must accompany financial reports: - The CEO and CFO must certify the following for
annual and quarterly reports:
1. The officers are responsible for establishing and maintaining internal controls
2. internal control is designed to ensure that material information is provided to internal
and external users
3. internal controls have been evaluated within 90 days prior to the report
, 4. the officer's conclusions regarding internal control effectiveness as of the evaluation
date
SOX required disclosures to the auditors and the audit committee by officers - The CEO
and CFO must certify the following for annual and quarterly reports to the auditors and
the audit committee:
1. All significant deficiencies in the design or operation of internal controls
2. any fraud, whether or not material, that involves management
SOX penalties on officers who are responsible for material misstatements resulting from
their misconduct. Penalties include: - 1. refund to the issuer of any bonus or other
incentive-based or equity-based compensation during the 12-month period following the
first public issuance of the financial document
2. Refund any profits realized from the sale of the securities of the issuer during the 12-
month period following the first public issuance of the financial document
Title IV SOX (Enhanced Financial Disclosures) - -disclosures in periodic reports
-enhanced conflict-of-interest provisions
-disclosure of transactions involving principal stockholders
-disclosure of audit committee financial expert
SOX disclosures for periodic reports - 1. all adjusting entries identified by the public
accounting firm reporting on the financial statements
2. the F/S disclose all material off-balance sheet transactions including operating
leases, contingent obligations, and relationships with unconsolidated subsidiaries.
3. Pro forma F/S shall include all relevant information and shall not include misleading
or untrue information
SOX's prohibits - personal loans to executives
SOX includes provisions for management assessment of internal controls. - 1.
managements assertion that it is responsible for adequate internal control structure
2. managements conclusions regarding its assessment of the effectiveness of the
internal control structure and procedures for financial reporting
3. the auditor's attestation regarding managements assessment of internal control
Audit committee disclosure - issuer must disclose the existence of a financial expert on
the committee or the reason why the committee does not have a member who is a
financial expert
Title VIII of Sarbanes-Oxley Act - -Criminal penalties for altering documents
-statue of limitations for securities fraud
-whistle-blower protection
-criminal penalties for securities fraud
A+
Monitoring (So D) - Separate/ongoing evaluations
Deficiencies communicated
Existing Control Activities (CA T P) - Control Activities
Technology controls
Policies and procedures
According to the COSO Enterprise Risk Management, what is the definition of risk -
Risk is the possibility that events will occur and affect the achievement of strategy and
business objectives
ERM - Enterprise Risk Management is the culture, capabilities, and practices integrated
with strategy-setting and performance, that organizations rely on to manage risk in
creating, preserving and realizing value
5 components of ERM - G-governance and culture
O-objective setting/strategy
P-performance
R-review and revision
O-ongoing information, communication, and reporting
Governance & Culture ("DOVES") - D-desired culture
O-oversight from board
V-values commitment
E-employees (capable)
S-structure established
Objective setting/strategy (SOAR) - S-strategies (alternative)
O-objectives (business)
A-analyzes business context
R-defines risk appetite
Performance (VAPIR) - V-view (portfolio)
A-assesses severity of risk
P-prioritizes risk
I-identifies risks (events)
R-responses to risk implemented
Review and revision (SIR) - S-substantial change
I-improvement in ERM
R-reviews risk and performance
,Ongoing information, communication, reporting (TIP) - T-technology and information
leveraged
I-information risk communicated
P-performance and risk culture reports
Inherent Risk (ERM) - risk to an entity in the absence of any direct or focused actions by
management to alter its severity
Target residual risk - risk entity prefers to assume knowing that management will or took
action to alter the severity of the risk
Actual residual risk - risk remaining after management has taken action
5 common risk responses - Avoid
Share
Accept
Pursue
Reduce
Title III of the Sarbanes-Oxley Act, "Corporate Responsibility," includes the following
topics pertaining to financial reporting: - Public company audit committees
Corporate responsibility for financial repots
Improper influence on conduct of audits
Forfeiture of certain bonuses and profits
Audit Committee Responsibilities - 1. Appointment of the auditor
2. Compensation of the auditor
3. Oversight of the auditor
a. resolve disagreements between management and the auditor
b. the auditor reports directly to the audit committee
The Sarbanes-Oxley Act defines the criteria for the independence of audit committee
members for issuers as: - 1. Each member of the audit committee shall be a member of
the board of directors of the issuer but shall be otherwise independent
2. audit committee members may not accept any consulting, advisory, or other
compensation or fees from the issuer other than pursuant to their role on the board
3. audit committee members may not be an affiliated person (a person who can
influence financial decisions) of the issuer or any subsidiary of the issuer.
SOX assigns the following corporate responsibilities regarding internal controls that
must accompany financial reports: - The CEO and CFO must certify the following for
annual and quarterly reports:
1. The officers are responsible for establishing and maintaining internal controls
2. internal control is designed to ensure that material information is provided to internal
and external users
3. internal controls have been evaluated within 90 days prior to the report
, 4. the officer's conclusions regarding internal control effectiveness as of the evaluation
date
SOX required disclosures to the auditors and the audit committee by officers - The CEO
and CFO must certify the following for annual and quarterly reports to the auditors and
the audit committee:
1. All significant deficiencies in the design or operation of internal controls
2. any fraud, whether or not material, that involves management
SOX penalties on officers who are responsible for material misstatements resulting from
their misconduct. Penalties include: - 1. refund to the issuer of any bonus or other
incentive-based or equity-based compensation during the 12-month period following the
first public issuance of the financial document
2. Refund any profits realized from the sale of the securities of the issuer during the 12-
month period following the first public issuance of the financial document
Title IV SOX (Enhanced Financial Disclosures) - -disclosures in periodic reports
-enhanced conflict-of-interest provisions
-disclosure of transactions involving principal stockholders
-disclosure of audit committee financial expert
SOX disclosures for periodic reports - 1. all adjusting entries identified by the public
accounting firm reporting on the financial statements
2. the F/S disclose all material off-balance sheet transactions including operating
leases, contingent obligations, and relationships with unconsolidated subsidiaries.
3. Pro forma F/S shall include all relevant information and shall not include misleading
or untrue information
SOX's prohibits - personal loans to executives
SOX includes provisions for management assessment of internal controls. - 1.
managements assertion that it is responsible for adequate internal control structure
2. managements conclusions regarding its assessment of the effectiveness of the
internal control structure and procedures for financial reporting
3. the auditor's attestation regarding managements assessment of internal control
Audit committee disclosure - issuer must disclose the existence of a financial expert on
the committee or the reason why the committee does not have a member who is a
financial expert
Title VIII of Sarbanes-Oxley Act - -Criminal penalties for altering documents
-statue of limitations for securities fraud
-whistle-blower protection
-criminal penalties for securities fraud
