Unit 6

Question 1

The requirement of corporate governance

Answer 1

To ensure that the correct people are accountable for the decisions that an org makes, the actions it takes, and the impacts those actions have.

Question 2

What does corporate governance provide

Answer 2

It provides assurance that orgs are directed and controlled in a way that ensures success and sustainability, not just to protect shareholder interests, but also the interests of the other internal and external stakeholders

Question 3

When did the FRC first publish their governance code

Answer 3

1992

Question 4

What is the FRC Corporate Governance Code used for

Answer 4

A benchmark for effective board operations, oversight and risk management

Question 5

When was the FRC Corporate Governance Code of 1992 updated and what is it called now

Answer 5

2018 - UK Corporate Governance Code

Question 6

What does the UK Corporate Governance code define corporate governance as

Answer 6

the system by which companies are directed and controlled

Question 7

What are the main features of the UK Corporate Governance Code

Answer 7

1. Leadership = every company should be headed by a Board which is responsible for the long term success of the company
2. Division of responsibilities = between the leadership of the board and the exec
3. Composition, succession and Evaluation = The board and the committee should have a combo of skills, experience and knowledge. The composition of the board should be evaluated every year
4. Audit, risk and internal control = the board should establish procedures to manage risk, oversee the internal control framework, and determine the nature and extent of the principal risks the company is willing to take to achieving its objectives
5. Renumeration = these policies should be designed to support the strategy and promote long term success. Should also be in line with the orgs purpose and values

Question 8

The Wates Corporate Governance Code

Answer 8

The FRC published this in 2018 along with the updated corporate governance code. Principles developed to improve the transparency and accountability for an org’s actions and the impact those actions could have to wider stakehodlers

Question 9

Materiality

Answer 9

The uk corporate governance code requires orgs to consider material controls and uncertainties.

• Materiality refers to anything of importance regarding the finances of an org.
• Something is material if it has the ability to affect the bottom line in a meaningful manner, or if by withholding that piece of info an investor would not be able to make an informed decision

Question 10

Unitary board structure

Answer 10

Exec and non exec directors come together on one board

Question 11

Two tier

Answer 11

Where the responsibility for supervision is separated from the responsibility for day to day operations

Question 12

The three key influences over corporate governance

Answer 12

FRC
US Sarbanes Oxley Act
OECD

Question 13

NED

Answer 13

Non - exec director
These are often board members
Independent of operational activities of an org and subject matter experts

Question 14

4 key responsibilities of the CRO

Answer 14

1) Insights and context = using knowledge of internal and external influences to ensure robust rm
2) Strategy and performance = developing a RM strategy to meet organisational needs
3) RM process = managing the RM process
4) Organisational capability = developing and managing a skilled, agile and responsible risk org

Question 15

What is the role of internal audit

Answer 15

Concerned with evaluating an orgs management of risk. This is done through an examination of actual business or organisational practices and controls.

Internal audit provides independent assurance on the effectiveness of the control environment and assesses the operational of the RM strategy and activities within the org.

Question 16

Assurance mapping

Answer 16

A technique to identify what types/mechanisms of assurance is present in an org.

Question 17

Three Lines of Defence

Answer 17

Governing body and senior management = sit above the three lines, setting strategy and objectives

First line = staff, day-ty-day management. Their primary responsibility is for managing and controlling the risks. They have responsibility for applying the rm framework

Second line = risk management and compliance functions in support of the first line. They facilitate and monitor rm practices.

Third line = providing independent assurance of the effectiveness of governance, rm and internal controls, across the first and second line. Internal audit

Question 18

External audit

Answer 18

It provides increased confidence in an orgs disclosures on sustainability by providing an independent, third party review. They consider whether the financial statements of a company provide a true and fair reflection of the org financially

Question 19

Different sources of internal risk assurance (H&T)

Answer 19

Culture measurement, audit reports, unit reports, performance of the unit documentation
Self certification of controls (CRSA) = control risk self assessment. Where local management complete a regular review that risk assurance has been achieved in that local area.

Question 20

Viable future

Answer 20

Going concern. Where there are material uncertainties that could affect an orgs ability to continue as a going concern, these need to be disclosed.

Question 21

Longer term viability statement

Answer 21

The UK Corporate Governance code requires orgs to state whether they have a reasonable expectation that they will be able to continue in operation and meet their liabilities

Question 22

International control system definition (FRC, 2014)

Answer 22

It encompasses the policies, processes, tasks, behaviours and other aspects of a company that, taken together:
- Facilitate the effective and efficient operation by enabling it to assess current and emerging risks, respond appropriately to risks and significant control failures and to safeguard its assets
- Helps to reduce the likelihood and impact of poor judgement in decision making; risk taking that exceeds the levels agreed by the board; human error, or control processes being deliberately circumvented.
- Helps ensure the quality of internal and external reporting
- Helps ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business

Question 23

What 3 things does the internal control system include

Answer 23

1) control activities
2) info and communication processes
3) processes for monitoring the continuing effectiveness of the system of internal control

Question 24

The system of internal control should:

Answer 24

• be embedded in the operations of the company and form part of its culture
• be capable of responding quickly to evolving risks to the business arising from factors within the company and to changes in the business environment
• Include procedures for reporting immediately to appropriate levels of management any significant control failures or weakened together with details of corrective action
• The system should be kept under review

Question 25

Definition of control environment

Answer 25

Can be viewed as the whole range and interaction of controls that address risks

Question 26

Definition of CoCO

Answer 26

Criteria of Control Framework Produced by the Canadian Institute of Chartered Accountants (1995) - Means of measuring he quality of the control enviornment within an org - Method of providing assurance on RM and internal control

Question 27

4 components of CoCo

Answer 27

1) Purpose = understanding the purpose of the task 2) Commitment = commitment to perform the task well 3) Capability = support in the implementation of the task 4) = Monitoring and learning = monitoring of the task to learn lessons and improve These are the essence of control Many use CoCo as a benchmark to measure their risk culture against

Question 28

Definition of internal control (COSO Internal control cube, 2004)

Answer 28

Differentiator from other definitions = focus on the criteria of objectives “Internal control is a process effected by the Board of directors, management and other relevant personal, designed to provide reasonable assurance regarding the achievement of the following categories of objectives: effective and efficient operations, compliance with relevant laws and regulations, reliability of financial reporting”

Question 29

Definition of internal control (CoCo)

Answer 29

Differentiator from other definitions = focus on limiting out the elements of internal control rather than the different objectives “Internal control is all the elements of an org that support people achieving the objectives of the org, these include resources, systems, processes, culture structure and tasks”

Question 30

Definition of internal control (IIA)

Answer 30

Differentiator from other definitions = Focus on people being either grouped together or deliberately segregated as a control “Internal control is the set of processes, functions, activities, systems and people who are either grouped together or consciously segregated to ensure the achievement of a orgs. Objectives”

Question 31

What year was the uK Corporate Governance code published and by whom?

Answer 31

1992, Cadbury Committee

Question 32

Turnbull Report 1999

Answer 32

Update to the UK Corporate Covernance Code which provided assistance to directors of listed companies on ensuring they had effective risk management and internal control systems for the management of risks to achieve their objectives

Question 33

Definition of principal risks by the UK Corporate Governance Code

Answer 33

They should include, but are not necessarily limited to, those that could result in events or circumstances that might threaten the company’s business model, future performance, solvency or liquidity and reputation.

Question 34

Comply or explain = Comply or sign =

Answer 34

Principles based, not mandatory Prescriptive or rules based, regulatory required instilled into law

Question 35

Nomination committee = Remuneration committee = Audit committee =

Answer 35

Responsible for the appotiment of new directors and ensuring succession plans are in place Responsible for setting exec pay Responsible for an organisations financial reporting and reviewing the effectiveness of internal controls and risk management.

Question 36

Who and when published the 3LOD model

Answer 36

The Institute of Internal Auditors in 2013

Question 37

What is the 3LOD

Answer 37

Provides a framework for managing risk and exercising control within an organisation with associated responsibilities.

Question 38

Factors that will influences the effectives . Implementation of ERM

Answer 38

SENIOR management influence External influences, corporate governance Nature of the business, products and cutlure Corporate atttitudes (previous RM expereinces) Legacy of previous RM initiatives

Question 39

What are orgs with a risk aware culture characterised by

Answer 39

Communication founded on mutual trust and a shared perception of the importance of rm. THERE laso needs to be a sharing of confidence in the selected control measures and a commitment to adhering to the established risk control procedures

Question 40

CoCo stands for

Answer 40

The Canadian Criteria of Control framework of international control

Question 41

What are the control environments and the internal environment measures of

Answer 41

The risk culture and the level of risk awareness

Question 42

How to improve the control or internal environment

Answer 42

The level of risk maturity, the achievement of a risk aware culture and fulfilment of the LILAC criteria

Question 43

Measure of how well ERM is embedded in an org

Answer 43

FOIL / 4 NS F = fragmented and Naive. Orgs are unaware of the need for ERM. RM activities are fragmented and focused on legal compliance O = orgs are aware of the benefits of eRM but have only just started to implement. Organized actions are planned to coordinate rm activities. Therefore, it is at novice stage. I = Orgs have embedded ERM into business processed but management effort still required. ERM processes are influencing processs and behaviours but not consistently. Therefore at normalised stage L = risk aware culture. Consideration of risk is leading business decisions and thus it is a natural part of doing business

Question 44

What does coco focus heavily on

Answer 44

Maturity . If risk cutlure and risk architecture, strategy and protocols are correct then good levels of risk management and internal control will be achieved.

Question 45

Internal control summary definition

Answer 45

Level of maturity of the Organization with regard to internal control activities.

Question 46

4 approach’s to evaluate the control environment

Answer 46

LILAC, CoCo, FOIL and 4NS

Question 47

LILAC or Coco =

Answer 47

Tool to drive and measure improvements in the control environment

Question 48

FOIL and 4Ns

Answer 48

Level of success in implementing the selected framework reflected in risk maturity measured by foil and 4NS

Question 49

Coco three major objectives of controls

Answer 49

Effectiveness and efficiency of operations Reliability of interna land external reporting Compliance with applicable laws and regulations and internal policies

Question 50

Components of CoCo framework

Answer 50

1) Purpose = when establishing and analysis g the purpose of the org, CoCo makes it clear that the risks and opportunities facing the org should be analysed in detail. THe importance of risk assessment and organisational resilience is emphasised, together with the importance of recognising the sources and origins of risk 2) Commitment = concerned with shared ethical values, including integrity. Also concerned with human resource policies and practices and coms through out the org. Authority, responsibility and accountability are included, and an atmosphere of mutual trust 3) Capability - concerned with the fact that people should have the necessary knowledge and skills to support objective, as well as its values. Suffice en info should be identified and communication. Activity should be co ordinated and designed as a integral part of the org 4) Monitoring and learning component of COCO = conerncde with interna land external environments and that they need to be monitored to obtain info. Performance needs to be monitored against targets and indicators and assumptions behind the objectives should be challenged Management should periodically assess the effectiveness of controls in the org and communicate results