Corporate Governance and Financial Risk Management
Key Roles and Responsibilities for Internal Controls and Risk Management
Board of directors, board structure, board committees C-Suite Financial planning & analysis Risk and control personnel Other accounting and finance team members Internal and external audit Outsourced service providers Supply chain Legislators and regulator Analysts, bond rating agencies, news media, etc
What is COSO's definition of Risk Management?
"Risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
Strategy and Objective Setting - is a component of ERM It has 4 principles in order:
1) Business Context Analysis 2)Define Risk Appetite and align with mission and vision 3)Evaluate Alternative Strategies 4) Formulate Business Objectives With risk appetite the entity determines how aggressive or conservative they wish to be.
According to the 2017 Enterprise Risk Management model, ERM is defined by 5 Inter- related components supported by 20 risk management principles.
1) Governance and Culture 2) Strategy and Objective Setting 3) performance 4) Review and Revision 5) Information, Communication and Reporting
What are the 3 principles related to Information and Communication?
1) Obtain and Use Information 2) Internally Communicate Information 3) Communicate with External Parties
What are the 2 principles related to Monitoring Activities:
1) Ongoing and or Separate Evaluations 2) Communication of Deficiencies
According to COSO what are the 3 main categories of of Objectives?
1) Operational Objectives 2) compliance Objectives 3) Reporting Objectives
What are the 3 Components of Existing Control Activities?
1) Select and Develop Control Activities 2) Select and Develop Technology Controls 3. Deployment of Policies and Procedures
What are the principles related to risk assessment?
1) Specify Objectives 2) Identify and Analyze Risks 3) Consider Potential Fraud 4) Identify and Assess Changes
What are the 5 principles related to Control Environment?
1. Commitment to Ethics and Integrity 2) Board Independence and Oversight 3) Organizational Structure 4) Commitment to Comptence 5) Accountability
What are the 4 principles related to Risk Assessment?
1. Specify Objectives 2) identify and Analyze Risks 3) Consider Potential for Fraud 4) Identify and Assess Changes
Elan Corporation is considering borrowing $100,000 from a bank for 1 year at a stated interest rate of 9%. What is the effective interest rate to Elan if this borrowing is in the form of a discounted note?
9,000 Interest charged/ 91,000 cash proceeds 9K/91K = 9.89 Because your loan proceed is net of any costs , that's the interest here 9k - 100k= 91k is the net proceed. Because you are looking for the effective rate. You only divide by what was actually received. A discounted note takes the interest up front, so you only received the 91.
What is COSO's definition of Internal Control?
According to COSO, Internal Control is a process, designed and implemented by an entity's management, board of directors and other employees, to provide reasonable assurance about the achievement of entity objectives Also, according to COSO effective internal controls help the company in ways other than just effective financial reporting but also to be profitable and to comply with laws and regulations
Review and Revision - is a component of ERM
According to the 2017 WRM model, the organization continuously should assess how well the enterprise risk manage capabilities and practices have increased value over time and will continue to drive value in light of substantial changes
What is included in the operational objective of COSO?
Another objective of Internal control is effectiveness and efficiency of an entity's operations. This category includes financial and operational performance goals as well as assuring that the asset of the organization are properly safeguarded.
COSO's Mission
COSO's Mission is "To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations." COSO's Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations.
Pass Key
COSO, The Committee of Sponsoring Organization, issued Enterprise Risk Management - Integrated Framework that consists of four categories - strategic
Pass key
Change control considers the manner in which management monitors and authorize changes to a variety of information technology matters including software applications programs. Management override is a control weakness in which managers ignore or circumvent controls. Programmers are typically not management
Auburndale Corporation has a corporate compliance program that allows employees the option of anonymously reporting violations of laws, rules, regulations, policies or other issues of abuse through a hotline. Reported issues are reviewed by the internal auditor and either immediately forwarded to the CEO or summarized and reported to the CEO each month. The program also provides opportunities to report through supervisory channels and includes a biannual training class that all employees must complete. The corporate compliance program demonstrates that A. Sound integrity and ethical values are developed and understood and set the standard of conduct for financial reporting. B. The Board of Directors understands and exercises oversight responsibility related to financial reporting and related internal control. C. Management's philosophy and operating style support achieving effective internal control over financial reporting. D. Management and employees are assigned appropriate levels of authority and responsibility to facilitate effective internal control over financial reporting
Choice "a" is correct. The existence of a compliance program that includes both ethics training and a hotline for anonymous reporting is evidence of development of ethical values and ensuring that those values are understood and taken seriously. Wrong answers: Board oversight relates more to overall leadership than to the specifics of ethical behavior. Management operating styles relates more to work ethic and commitment to effective financial reporting rather than the specifics of ethical behavipr.
What are the 5 Components of Internal Control:
Control Environment Risk Assessment Information and Communication Monitoring Existing Control Activities
What is the component of the 2017 ERM model that pertains to establishment of board oversight responsibilities for Enterprise Risk Management
Governance and Culture - sets the organization's tone, reinforcing the importance of and establishing oversight responsibilities for Enterprise Risk Management
The establishment of operating structures within an organization is a principle of which component of the 2017 ERM model?
Governance and Culture According to the 2017 ERM Model, The organization establishes operating structures such as centralized or decentralized structure. If an entity wants to make sure that unit managers can't make too many decisions on their own, the entity will have a highly centralized structure.
What are the component of the 2017 ERM Model that pertains to ethical values and desired behvior?
Governance and Culture. Culture pertains to ethical values and desired behaviors. According to the 2017 ERM model, the organization defines the desired behaviors that characterize the entity's desired culture. Governance and culture together form a base for all other components of ERM.
A manufacturer actively monitors a foreign country's political events whenever a supply chain disruption occurs within the country that exceeds 90 days. According to the COSO Enterprise Risk Management principles, the manufacturer is following which of the following risk-response strategies? A. Reduce B. Share C. Avoid D. Accept
If a manufacture is only monitoring political events without taking any actions, it is simply choosing to accept the risk.
What component of the 2017 ERM Model is being described when management of the entity seeks fair, accurate, complete and timely data from internal and external sources to support Enterprise Risk management
Information, Communication and Reporting, Management uses relevant information from both internal and external sources to support ERM. Enterprise risk management requires a continual process of obtaining and sharing necessary information from both internal and external sources, which flows up, down and across the organization
Pass Key- ERM
Inherent Risk is the risk that exist to an entity when management takes no action to alter the severity of the risk. Decreasing a company's inherent risk appetite is not a component of ERM. Managing risk such that it aligns with risk appetite is an appropriate component of the framework
What is COSO's definition of Internal Control
Internal control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.
Pass Key
Organizational sustainability is ability of an entity to withstand the impact of large scale events
Pass Key
Regular reporting to the audit committee represents reporting of deficiencies, not ongoing monitoring.
What does Reporting Objectives pertain to?
Reporting objectives pertain to the reliability, timeliness and transparency of an entity's external and internal financial and non financial reporting
Pass key
Short term financing options result in lower interest rates but higher interest rate risk because rates will fluctuate more dramatically for short term issues than long term issues. On the other hand with long term financing, credit risk will decrease because the company will seek refinancing less frequently and thereby have less credit risk or opportunity that the rates associated with debt will be changed unfavorably or that financing will be denied altogether.
What is the Enterprise Risk Management Integrated Framework?
The framework describes the critical principles and components of an effective enterprise risk management process, setting forth how all important risks should be identified, assessed, responded to and controlled. It also provides a common language, so that when executives, directors and others talk about risk management, they are truly communicating.
Generally, an organization will not operate beyond the limits of its risk appetite. Risk appetite has generally been exceeded when:
The likelihood and impact of negative events significantly exceed residual risks
Pass Key
The regular evaluation of employees for their competence in financial reporting is an important link between human resources policies and the achievement of financial reporting objectives.
The Committee on Sponsoring organizations prepared the Internal Control Integrated Framework to:
To help businesses assess internal control COSO issued Internal Control - integrated Framework to assist organizations in developing comprehensive assessments of internal control effectiveness. The framework was developed in 1992, ten years before the Sarbanes Oxley Act of 2002
According to the COSO Enterprise Risk Management Framework, uncertainty in enterprise risk management refers to
Uncertainty is a state of not knowing how or whether events may occur and the impact they may have on an organization if they do occur. Every entity exists to provide value to its individual stakeholders while managing inevitable uncertainty, which may create or erode value. The Possibility that events will occur and affect the achievement of objectives is more reflective of risk than of uncertainty.
Management has carefully evaluated the likelihood and impact of events on its foreign operations. In the event of a 3% variation in exchange rate, the impact is estimated at $10 million without any action taken by management and $4 million if the company purchases a hedge instrument. The impact of the inherent risk of changes in foreign currency exchange on achieving company's business objectives is:
ans: 4 Million The 4 million risk exposure after management purchases the hedge is the residual risk. Residual risk is the risk that remains after management responds to the risk.
A company obtained a short-term bank loan of $500,000 at an annual interest rate of eight percent. As a condition of the loan, the company is required to maintain a compensating balance of $100,000 in its checking account. The checking account earns interest at an annual rate of three percent. Ordinarily, the company maintains a balance of $50,000 in its account for transaction purposes. What is the effect interest rate of the loan? a. 7.77 percent. b. 8. 50 percent. c. 9.44 percent. d. 8.56 percent.
ans: 8.56% 38,500/450,000 = 8.56 50,000 is the extra the company must carry in its account per the terms of the loan. (100,000 is required less 50,000 it normally carries). Multiply this 50,000 by the 3% the company will earn in interest because this interest income reduces the interest expense it will pay on the loan.
The Mission and Vision of an organization most closely correlate with an entity's (ERM) A. strategy B. Culture C. Capabilities D. Practices
ans: A. Strategy The mission and vision of an organization most closely correlate with an entity's strategy. An organization's mission represents the purpose of an entity and its vision represents the organization's aspirations and what it hopes to achieve over time. Culture is most closely correlated with core values. An organization's mission represents the purpose of an entity and its vision represents the organizations aspirations and what it hopes to achieve over time.
The Enterprise Risk Management Integrated Framework states that an organization must identify events, both positive and negative as part of its risk management program. Which of the following is true with regard to events? A. Enterprise risk management is entirely focused on risks and ignores opportunities. B. Event Identification occurs after the development of objectives C. Events serve as the basis for establishing objectives and this occur simultaneously with development of objectives. D. Event identification occurs prior to development objectives.
ans: B Events can only be identified after the organizational objectives are identified. Events will either favorably or unfavorably impact the achievement of objectives. Risk (negative events) are only identifiable within the context of the objectives that they might impede. wrong. A Enterprise risk management considers both positive events (opportunities() and negative events (risks) Events are not the basis for establishing objectives. Events can only be identified after the organizational objectives are identified.
The required rate of return is generally computed as the risk free rate of return plus a number of risk premium adjustments. All of the following risk adjustments are used to compute the required rate of return except: A. Maturity risk preium B. Default Risk premium C. Purchasing power Risk Premium D. Credit Risk
ans: D. Credit Risk Credit Risk relates to the ability of a firm to obtain, not grant credit. Require rate of return adjustments do not include a credit risk adjustment Maturity Risk premium (MRP) or Interest rate risk is an appropriate risk adjustment to the risk free rate of return and the compensation investors demand for bearing risk. This risk increases with the term maturity Default Risk premium is an appropriate risk adjustment to the risk free rate of return and is the additional compensation demanded by lenders for bearing the risk that the issuer of the security will fail to pay interest or fail to repay the principal Purchasing Power risk premium or inflation premium is an appropriate risk adjustment to the risk free rate of return and is the compensation investors require to bear the risk that price levels may change and affect asset values or the purchasing power of invested dollars.
A company has a capital project with before tax cash inflow in real dollars that are expected to be $200K within two years. The inflation rate is expected to be 6% each year during that period. What is the before tax cash inflow expressed in nominal dollars. A. $224,000 B. $178,571 C. $177,999 D. $224,720
nominal dollars = current dollars nominal dollars are equal to the inflation rate applied to real dollars. If $200,000 is the amount expected in two years expressed in real dollars, the inflation rate of 6% needs to be applied each year for the next two years to derive nominal amount. answer: $224,720 200,000 x 1.06 x 1.06 = $224,720 A is incorrect. $224,000 does not account for compounding as it uses a simple interest calculation.
Linking the COSO Frameworks
study this chart
Who is COSO
• COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission • It all began in 1985 •Nearly all publicly traded companies in the US use the COSO Internal Control Integrated Framework (ICIF)