Term
| Organizational Governance |
|
Definition
| process by which organization select objectives, establish processes to achieve objectives, and monitor performance. |
|
|
Term
|
Definition
| This includes defining a mission, vision, purpose, and strategies to establish relationships. |
|
|
Term
| Processes to achieve objectives |
|
Definition
| essential internal controls and monitoring activities. To review performance and provide feedback to provide a reasonable assurance that objectives are being achieved. |
|
|
Term
| Enterprise Risk Management(ERM) |
|
Definition
| process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. |
|
|
Term
| 4 categories of management objectives |
|
Definition
1. Strategic- High level goals aligned with and supporting its mission
2. Operations- Effective and efficient use of its resources
3. Reporting- reliability of reporting
4. Compliance- compliance with applicable laws and regulations. |
|
|
Term
|
Definition
1. Internal Environment
2. Objective Setting
3. Event Identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information and Communication
8. Monitoring |
|
|
Term
|
Definition
| encompasses the tone of an organization and sets teh basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate |
|
|
Term
|
Definition
| objectives must exist before management can identify potential events affecting their achievement. ERM ensures that management has a process in place to set objectives and that the chosen objectives support and align with the entity's mission and are consistent with its risk appetite. |
|
|
Term
|
Definition
| Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to managements strategy or objective-setting processes. |
|
|
Term
|
Definition
| Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risk are assessed on an inherent and residual basis |
|
|
Term
|
Definition
1. possibility that an event will occur
2. the effect of an event's occurrence. |
|
|
Term
|
Definition
management selects from one of four response types:
1. Avoid it by leaving the activity
2. Reduce it by taking actions that reduce the likelihood of the event.
3. Share it by buying insurance or outsourcing
4. Accept risk by taking no action. |
|
|
Term
|
Definition
| the risk that remains after one of these responses is chosen. |
|
|
Term
|
Definition
| policies and procedures that help ensure that risk responses are carried out. These controls include approvals, authorizations, verifications, reconciliations, reviews of operating performance, security procedures, and segregation of duties. |
|
|
Term
| Information and Communication |
|
Definition
| pertinent info must be identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. |
|
|
Term
|
Definition
| ERM process and its components are evaluated-via ongoing management activities, separate evaluations, or both-to determine its effectiveness and to make necessary modifications. |
|
|
Term
| Sarbanes-Oxley Act of 2002(SOX) |
|
Definition
affects managers, independent auditors, and other players who are integral to capital formation in the United States.
There are 11 parts to this |
|
|
Term
| Title I- Public Company Accounting Oversight Board |
|
Definition
| PCAOB- is an independent board to oversee public company audits. Oversight and Enforcement authority over the board to the SEC |
|
|
Term
| Title II- Auditor Independence |
|
Definition
| Auditor Independence- prohibits a CPA firm that audits a public company to engage in certain nonaudit services with same company. (financial information systems design) |
|
|
Term
| Title III-Corporate Responsibility |
|
Definition
| Requires CEO and CFO to certify reports and say that they are not misrepresented. Also they are responsible for establishing, maintaining, and reporting on effectiveness of controls. |
|
|
Term
| Title IV- Enhanced Financial Disclosures |
|
Definition
| Each annual report filed with SEC to include internal control audit. Has managements assessment of effectiveness of internal control and procedures for reporting. |
|
|
Term
| Title V-Analysts Conflicts and Interests |
|
Definition
| financial analysts must properly disclose in research reports and conflicts of interest they might hold with the companies they recommend. |
|
|
Term
| Title VI- Commission Resources and Authority |
|
Definition
| authorizes SEC to censure or deny any person the privilege of appearing or practicing before the SEC if that person is deemed to be unqualified, have acted in an unethical manner, or have aided and abetted in the violation of federal securities laws. |
|
|
Term
| Title VII-Studies and Reports |
|
Definition
| Authorizes General Accounting Office(GAO) to study the consolidation of public accounting firms since 1989 and offer solutions to any recognized problems. |
|
|
Term
| Title VIII-Corporate and Criminal Fraud Accountability |
|
Definition
| Felony to knowingly destroy, alter, or create records or documents with the intent to impede, obstruct, or influence and ongoing or contemplated federal investigation. Also offers legal protection to whistle blowers. 25 years of imprisonment. |
|
|
Term
| Title IX-White Collar Crime Penalty Enhancements |
|
Definition
| CEOs and CFOs certify that info contained in periodic reports fairly represents, in all material respects, the financial condition and results of the company's operations. |
|
|
Term
| Business Process Management(BPM) |
|
Definition
| handles the connections between processes to maintain the integrity of data moved among these processes. |
|
|
