返回列表 发帖

[2008]Topic 61: Aligning Basel II Operational Risk and Sarbanes Oxley 404 P

AIM 1: List, identify, and summarize the eight principles for an operational risk management framework in the “Sound Practices” study published by BIS in February 2003 relevant to banks.

 

1、Which of the following statements regarding the eight principles for an operational risk management framework is (are) CORRECT?

The “Sound Practices” study, 2003, was published by the Bank for International Settlements (BIS).
The “Sound Practices” study, 2003, develops eight key principles for market risk management framework relevant to banks.
According to the “Sound Practices” study, 2003, the board of directors should not be involved in approval or periodic review of an operational risk management plan.
According to the “Sound Practices” study, 2003, an interest rate risk management plan must be subjected to scrutiny by internal auditors.
A) II and III only.
 
B) I only.
 
C) II, III, and IV only.
 
D) I, II, III, and IV.

The correct answer is B


The “Sound Practices” study, 2003, develops eight key principles for operational (op) risk management plans, and one of the principles recommends that the op risk plan must be scrutinized by internal auditors. The study also recommends an active participation, in terms of approval, review, and implementation, of the board of directors.

TOP

2、With respect to integration of the “Sound Practices” principles in a firm-wide operational risk management framework, all of the following are correct EXCEPT:

A) a list of key op risk events and preventive controls must be developed.
 
B) dependencies among various functional areas must be recognized.
 
C) control standards must be reviewed every three years for certification purposes.
 
D) roles and responsibilities across managers and functional areas must be identified.
 

TOP

The correct answer is C


Control standards must be reviewed periodically for certification purposes. Thus, there is no specific three-year review condition.

TOP

3、The key principles relevant to banks for operational risk management as established by the 2003 “Sound Practices” study include how many of the following?

Monitoring and reporting of potential op risk events.
Controlling and mitigating op risk policies.
Contingency strategies in the event of severe operational disruption.
Public disclosure of the details of the op risk management plan.
A) All of these.
 
B) None of these.
 
C) Two of these.
 
D) Three of these.

TOP

The correct answer is A


All of the above are key op risk management principles established by the 2003 “Sound Practices” study as published by the Bank for International Settlements.

TOP

4、All of the following statements regarding SOX and Basel are correct EXCEPT:

A) according to the Sarbanes-Oxley Act section 404, a firm must present in the annual report a certification report of the Board of Directors about the effectiveness of internal controls established by management.
 
B) one of the eight key principles, established by the 2003 “Sound Practices” study, states that an op risk plan should state the definition and principles for identification, assessment, mitigation, control, and ongoing monitoring of op risk.
 
C) one of the eight key principles, established by the 2003 “Sound Practices” study, states that op risk inherent in all activities, systems, processes, and material products must be identified and assessed.
 
D) according to the Sarbanes-Oxley Act section 404, a firm must disclose in the annual report the weakness of its internal controls which can have bearing in preparation of financial statements.
 

TOP

The correct answer is A


A firm must present in the annual report a certification report of auditors (and not the board of directors) about the effectiveness of internal controls established by management.

TOP

AIM 2: List and summarize the overriding objective of the Sarbanes-Oxley Act section 404.

 

1、Implications for designing an internal control system compliant with the requirements of the Sarbanes-Oxley Act section 404 include which of the following?

Assessment mechanism.
Control design.
Design testing.
Fraud disclosure.
A) II, III, and IV only.
 
B) I, II, and III only.
 
C) I, II, III, and IV.
 
D) I and II only.

TOP

The correct answer is C


Management must identify the mechanism of assessing the effectiveness of the control system, and must provide sufficient information about the design of controls related to significant accounts. In addition, management should offer an explanation regarding its decision as to which controls need to be tested. Finally, management must disclose any fraud, material or nonmaterial, committed by all those involved in establishing internal control processes over financial reporting.

TOP

返回列表