What is the anti-retaliation provision of Dodd-Frank?
Employees who provide information regarding a securities fraud (whistle-blowing) may sue to seek compensation for any retaliation they suffer
What is the whistle-blowing award percentage under Dodd-Frank for securities fraud information that results in SEC sanctions?
Between 10 and 30% of the sanctions imposed
What do corrective controls do?
Allow the user to recover from a problem once it has been identified
- reverse effect of error
- always with detective controls
What are internal controls?
A process designed to provide reasonable assurance
Who creates and maintains internal controls?
management, board of directors, and other personnel
Internal control goals?
Reasonable assurance of achieving objectives related to -
- effectiveness and efficiency of operations
- reliability of financial reporting
- compliance with laws and regulations
What are preventive controls?
- preventive an error or irregularity
- i.e. building locks, usernames and passwords, segregation of duties
What are detective controls?
- detect error after occurrence
- i.e. data entry edits and reconciling accounting records to physical assets
(often also have secondary preventive benefits)
What do feedback controls do?
evaluate and respond to the results of a process
What do feed-forward controls do?
project future results and alter inputs in response
What are general controls?
- apply broadly to most computerized functions
What are application controls?
- focus on accounting applications that include data entry, update and reporting
What are detective controls more costly than?
preventive and corrective controls
In COSO, what does information and communication enable?
an organization’s people to identify, process, and exchange the information needed to manage and control operations
What is COSO?
- est. 1987 - created by five organizations to develop an integrated internal control model
What are the five components of a control system on the COSO Cube?
- monitoring
- information and communication
- control activities
- risk assessment
- control environment
Why do we have internal control according to COSO (three components)?
- effectiveness and efficiency of operations
- reliability of financial reporting
- compliance with laws and regulations
What is a sustainability report primarily?
- external, non-financial report
What are the five principles of the control environment?
- commitment to integrity and ethical values
- board of directors demonstrates independence of management, and oversees the development and monitoring of internal control
- management establishes structures, reporting lines, and appropriate authorities and responsibilities to achieve objectives
- competence
- accountability
What are the four principles of risk assessment?
- objectives
- assessment
- fraud - considering potential fraud in assessing risks to achieving objectives
- change management
What are the three principles of control activities?
- risk reduction
- technology controls
- policies
what are the three principles of information and communication?
- quality - relevant, high-quality information supports the internal control processes
- internal - internal communication supports internal control processes
- external - communication with outsiders supports internal control processes
What are the two principles of monitoring?
- ongoing and periodic - to evaluate internal control functioning
- address deficiencies
What does ERM stand for?
Enterprise risk management
