CPA BEC EXAM WITH QUESTIONS AND ANSWERS
100% CORRECT
SOX in corporate governance - ANSWER SOX: Audit Committees - all independent
directors; select, compensate, oversee and dismiss outside auditor; procedures for
receiving whistleblowing complaints: Officer Certification of Financial Statements - CEO
and CFO certify they have reviewed quarterly SEC reports and it is fairly presented;
certify they are responsible for establishing/maintaining IC; certify design and
evaluation of IC; conclusions about effectiveness of IC including significant deficiencies,
fraud or material weaknesses; unlawful to fraudulently influence or coerce outside
auditors: Financial Statement Shenanigans - off-balance sheet transactions (requires
10-Ks and 10-Qs disclosing material off-b/s transactions); limited use of pro forma f/s,
must be reconciled to GAAP: Section 404 - annual report includes IC report audited:
install code of ethics for officers, cannot loan money to top officers, can claw back
incentive payments when wrongdoing was responsible for targets being attained
*Dodd-Frank imposes bounty of 10% and 30% of sanctions imposed for whistleblowers;
if over $1M
Accounting Controls - ANSWER IC is a process designed to provide reasonable
assurance, it is effected by management, BoD, other personnel; objective:
effective/efficient operations; reliability of fin rep; compliance with laws/regulations
Preventive (before) controls: cheaper; building locks, user names/passwords;
segregation of duties; access control software
Detective: After the event, controls: data entry edits; accounting record - physical asset
reconciliation (inventory counts); Corrective controls: reverse an error, restore
resource, backup files and disaster recovery plans, insurance; *Note some detective
controls also serve as preventives (i.e. security cameras) *contingency planning has
relation to detective and corrective processes Feedback controls: review and react to
the results of a process Feed-forward controls: forecast results and adjust inputs
accordingly
General holistic controls: apply broadly to most computerized functions - restricting
access to computer facility, backup file systems, background checks of personnel
,Application specific controls - accounting applications that include data entry, update
and reporting - data checks
COSO - ANSWER created by five organizations that came together - 1987
external financial reporting: annual/interim f/s; earning release; external nonfinancial
reporting: IC; report sustainability; supply chain/custody of assets; internal financial
reporting: divisional reporting; cash flow/budget; bank covenant calculations; internal
nonfinancial reporting: staff/asset utilization; customer satisfaction surveys; key risk
indicator dashboards; board reporting
CE: 1) commitment to integrity and ethical values through tone at the top; 2) board of
directors demonstrates independence of management and oversees monitoring of IC; 3)
management establishes, with board oversight, structures, reporting lines, appropriate
authorities and responsibilities to achieve objectives; 4) competent individuals; 5)
accountability for IC responsibilities
RA: 1) objectives having sufficient clarity to identify risks that threaten achievement of
objectives; 2) analyze risks and build strategy; 3) considers potential fraud in assessing
risks; 4) change management with external environment, organization leadership or
business model
CA: 1) reducing risk to acceptable levels including integrating IC (think SCARE) with RA;
2) selects and implements general controls over technology; 3) establish control
policies that are appropriate to the environment
IC: 1) qualify information; 2)internal communication that supports IC processes; 3)
external communication with outsiders supports IC processes
M: 1) ongoing and periodic; 2) address deficiencies with correction action along with
timely communication; 3) tests the system and its data
COSO Enterprise Risk Management - Framework - ANSWER expands on COSO; bigger
cube [objectives: strategic; operations; reporting; compliance]
[components: internal environment - objective setting - event identification - risk
,assessment - risk response - control activities - information & communication -
monitoring]
requires a portfolio of possible risk events that manages risks to be inside risk appetite
to provide reasonable assurance regarding accomplishment of entity objectives
defines key control elements and guides and directs
influenced by Bod, Management, others
IC Monitoring: Benefits and Processes - ANSWER controls decline (entropy); mitigate
adverse impact of entropy, timely valid & reliable info., ensure effectiveness lower costs
Assessors monitor IC (competent and board monitoring)
self-monitoring evaluate effectiveness of controls for their processes; self-check is
independent review of one's own work
compensatory controls can substitute for weaknesses in other controls
deficiency needs attention - repair or fixing
questionnaires, focus groups
Control monitoring process: 1) base for monitoring (tone at the top; effective
organizational structure); 2) designing and implementing monitoring procedures; 3)
evaluate & report results w/ corrective action
The evaluation of changes in the IC effectiveness-monitoring-for-change continuum, 1)
to determine control baseline starting with the area where controls are well understood,
2) identification of the change, 3) revalidation of control from time to time for the
effectiveness and maintenance of continuous control baseline, 4) verification of change
management for effectiveness and new control baselines
International Professional Practices Framework- IIA; Mandatory elements; Principles
underlying code; Internal Auditing attribute and performance standards - ANSWER CIA -
certified internal auditor
Strongly recommended guidance position papers important issues related to IA,
practice advisories general matters related to IA, practice guides detailed guidance for
internal auditing
Mandatory guidance definition of internal auditing;- independent, objective assurance
and consulting activity designed to add value and improve an organization's operations
IIA code of ethics - see 4 principles; international standards for the professional
practice of internal auditing standards
, IIA principles: 1) integrity; 2) objectivity; 3) confidentiality; 4) competency
Standards: include 1. statements of basic requirements; and 2 interpretations
Attribute standards -involve characteristics of entities & individuals performing IA
Performance standards -involve the criteria to evaluate the quality of IA services
Includes implementation standards differentiating between assurance and consulting
activities
Standards are issued by IASB
Attribute Standards - ANSWER Chief Audit Executive - senior position responsible for
effectively managing IA activity in accordance with IA charter; need appropriate
professional certifications
4 Themes: 1) purpose, authority, responsibility; 2) independence and objectivity; 3)
proficiency & due care; 4) quality control and improvement program
Standard 1000: 1 above must be formally defined in a charter which must be periodically
reviewed and approved
Standard 1100:2 above
Standard 1200: 3 above
Standard 1300: 4 above
14 total standards
Performance Standards - ANSWER 26 total standards
7 primary themes: 1) managing IA activity; 2) nature of work; 3) engagement planning; 4)
performing the engagement; 5) communicating results; 6) monitoring progress; 7)
communicating the acceptance of risks
Standard 2000: 1 above; to ensure it adds value to organization
Standard 2100: evaluate and contribute to improvement of governance
Standard 2200: plan developed and documented w objectives, scope, timing and
resource allocations
100% CORRECT
SOX in corporate governance - ANSWER SOX: Audit Committees - all independent
directors; select, compensate, oversee and dismiss outside auditor; procedures for
receiving whistleblowing complaints: Officer Certification of Financial Statements - CEO
and CFO certify they have reviewed quarterly SEC reports and it is fairly presented;
certify they are responsible for establishing/maintaining IC; certify design and
evaluation of IC; conclusions about effectiveness of IC including significant deficiencies,
fraud or material weaknesses; unlawful to fraudulently influence or coerce outside
auditors: Financial Statement Shenanigans - off-balance sheet transactions (requires
10-Ks and 10-Qs disclosing material off-b/s transactions); limited use of pro forma f/s,
must be reconciled to GAAP: Section 404 - annual report includes IC report audited:
install code of ethics for officers, cannot loan money to top officers, can claw back
incentive payments when wrongdoing was responsible for targets being attained
*Dodd-Frank imposes bounty of 10% and 30% of sanctions imposed for whistleblowers;
if over $1M
Accounting Controls - ANSWER IC is a process designed to provide reasonable
assurance, it is effected by management, BoD, other personnel; objective:
effective/efficient operations; reliability of fin rep; compliance with laws/regulations
Preventive (before) controls: cheaper; building locks, user names/passwords;
segregation of duties; access control software
Detective: After the event, controls: data entry edits; accounting record - physical asset
reconciliation (inventory counts); Corrective controls: reverse an error, restore
resource, backup files and disaster recovery plans, insurance; *Note some detective
controls also serve as preventives (i.e. security cameras) *contingency planning has
relation to detective and corrective processes Feedback controls: review and react to
the results of a process Feed-forward controls: forecast results and adjust inputs
accordingly
General holistic controls: apply broadly to most computerized functions - restricting
access to computer facility, backup file systems, background checks of personnel
,Application specific controls - accounting applications that include data entry, update
and reporting - data checks
COSO - ANSWER created by five organizations that came together - 1987
external financial reporting: annual/interim f/s; earning release; external nonfinancial
reporting: IC; report sustainability; supply chain/custody of assets; internal financial
reporting: divisional reporting; cash flow/budget; bank covenant calculations; internal
nonfinancial reporting: staff/asset utilization; customer satisfaction surveys; key risk
indicator dashboards; board reporting
CE: 1) commitment to integrity and ethical values through tone at the top; 2) board of
directors demonstrates independence of management and oversees monitoring of IC; 3)
management establishes, with board oversight, structures, reporting lines, appropriate
authorities and responsibilities to achieve objectives; 4) competent individuals; 5)
accountability for IC responsibilities
RA: 1) objectives having sufficient clarity to identify risks that threaten achievement of
objectives; 2) analyze risks and build strategy; 3) considers potential fraud in assessing
risks; 4) change management with external environment, organization leadership or
business model
CA: 1) reducing risk to acceptable levels including integrating IC (think SCARE) with RA;
2) selects and implements general controls over technology; 3) establish control
policies that are appropriate to the environment
IC: 1) qualify information; 2)internal communication that supports IC processes; 3)
external communication with outsiders supports IC processes
M: 1) ongoing and periodic; 2) address deficiencies with correction action along with
timely communication; 3) tests the system and its data
COSO Enterprise Risk Management - Framework - ANSWER expands on COSO; bigger
cube [objectives: strategic; operations; reporting; compliance]
[components: internal environment - objective setting - event identification - risk
,assessment - risk response - control activities - information & communication -
monitoring]
requires a portfolio of possible risk events that manages risks to be inside risk appetite
to provide reasonable assurance regarding accomplishment of entity objectives
defines key control elements and guides and directs
influenced by Bod, Management, others
IC Monitoring: Benefits and Processes - ANSWER controls decline (entropy); mitigate
adverse impact of entropy, timely valid & reliable info., ensure effectiveness lower costs
Assessors monitor IC (competent and board monitoring)
self-monitoring evaluate effectiveness of controls for their processes; self-check is
independent review of one's own work
compensatory controls can substitute for weaknesses in other controls
deficiency needs attention - repair or fixing
questionnaires, focus groups
Control monitoring process: 1) base for monitoring (tone at the top; effective
organizational structure); 2) designing and implementing monitoring procedures; 3)
evaluate & report results w/ corrective action
The evaluation of changes in the IC effectiveness-monitoring-for-change continuum, 1)
to determine control baseline starting with the area where controls are well understood,
2) identification of the change, 3) revalidation of control from time to time for the
effectiveness and maintenance of continuous control baseline, 4) verification of change
management for effectiveness and new control baselines
International Professional Practices Framework- IIA; Mandatory elements; Principles
underlying code; Internal Auditing attribute and performance standards - ANSWER CIA -
certified internal auditor
Strongly recommended guidance position papers important issues related to IA,
practice advisories general matters related to IA, practice guides detailed guidance for
internal auditing
Mandatory guidance definition of internal auditing;- independent, objective assurance
and consulting activity designed to add value and improve an organization's operations
IIA code of ethics - see 4 principles; international standards for the professional
practice of internal auditing standards
, IIA principles: 1) integrity; 2) objectivity; 3) confidentiality; 4) competency
Standards: include 1. statements of basic requirements; and 2 interpretations
Attribute standards -involve characteristics of entities & individuals performing IA
Performance standards -involve the criteria to evaluate the quality of IA services
Includes implementation standards differentiating between assurance and consulting
activities
Standards are issued by IASB
Attribute Standards - ANSWER Chief Audit Executive - senior position responsible for
effectively managing IA activity in accordance with IA charter; need appropriate
professional certifications
4 Themes: 1) purpose, authority, responsibility; 2) independence and objectivity; 3)
proficiency & due care; 4) quality control and improvement program
Standard 1000: 1 above must be formally defined in a charter which must be periodically
reviewed and approved
Standard 1100:2 above
Standard 1200: 3 above
Standard 1300: 4 above
14 total standards
Performance Standards - ANSWER 26 total standards
7 primary themes: 1) managing IA activity; 2) nature of work; 3) engagement planning; 4)
performing the engagement; 5) communicating results; 6) monitoring progress; 7)
communicating the acceptance of risks
Standard 2000: 1 above; to ensure it adds value to organization
Standard 2100: evaluate and contribute to improvement of governance
Standard 2200: plan developed and documented w objectives, scope, timing and
resource allocations
