BEC exam grade A+ questions &
answers 2024/2025
COSO objectives , components and principals - ANSWERS3 objectives (ORC) , 5 components (CRIME) , 17
principles,
EBOCA
SAFR
OIE
SoD
CAT P
coso is an integrated framework to assess IC effectiveness, PRINCIPAL based not rules based,
how to do an open ended question, last module to write open ended questions, - ANSWERS1) read the
question twice bfore starting the asnwer
2)when writing answer= spelling counts, grammar counts, punctuation counts.
write in complete sentances and paragrphs, no bullet list
3) do not use abbreviation until you define it first, the securities exchange commission (SEC)
4) structure= follow I E C
a) introduction and issue , the reason you are writing this : intro -- "thank you for reaching out to us to
explain ..." ; issue -- "we are going to explain why ..."
b) explanation with details , 1- 3 paragraphs,
,c) conclusion and closing, wrap u= answer, draw con based on facts . One sentance closing
COSO 3 objectives (ORC) - ANSWERSOperations= effective and efficient operations, ensure assets are
safeguarded
Reporting= reporting needs to be reliable , timely and transparent, for external and internal users
Compliance = comply w all laws and regulations when you do business
ineffective controls can lead to not achieving ORC, and effective controls need reasonable assuranfce
that ORC will be acheived,
-> the 5 components adn 17 principals need to be present (designed) , and operating effeciently
COSO 5 components (CRIME) - ANSWERSControl environment
risk assessment
info and comm
monitoring
existing control activities
CONTROL ENVIRONMENT and its principals (EBOCA) - ANSWERStone at the top / ethics,
1) ethics = standards of conduct, like a code of conduct,
2) board independence, knowledgeable of the business, oversight resp
3) org structure =
4) competence= hire develop and retain competent employees
5) accountability= how we measure performance , no excessive pressures on employees
RISK ASSESSMENT and components SAFR - ANSWERSfs could be misstates, not efficient, breaking law
1) specific objectives, id and assess risks, will we or won't we comply,
,2) assess changes in external env, what's happening in economy, external environment, business model,
leadership (retirement)
3) fraud potential= always a risk , opportunities, pressure, attitudes
4) analyze risks, how are the risk managed
This is relevant to ERM (ISEARAIM)
INFORMATION AND COMM and OIE - ANSWERSwhat we report must be fair accurate complete and
timely
1) obtain and use info= how do we get relevant high quality info
2) internal comm info, in the org , like internal audit, and how they all communicate w each other
3) external party communication= there is a two way comm channel, like cpa firms, consultants, duty to
cooperative, cannot hinder each other
MONITORING and SoD - ANSWERSeffectiveness of IC and reporting any deficiency
1) ongoing and sep evaluations of control components, frequency of testing is dedicated by the risk
2) comm of deficiencies= how to report the def, in a timely manner and there is corrective action being
taken
EXISTING CONTROL ACTIVITY and CAT p - ANSWERSpolicies and procedures to mitigate any risks
Entity policies and procedures, to mitigate risk that we won't reach our 3 objectives , could be detective
or preventive like seg of duties,
1) control activities= mitigate risks
2) tech controls= achievement of objectives
3) policies and procedures= put policies into actions
COSO limits/ risk - ANSWERSno guarantee, doesnt prevent bad decisions, inherent limits even w effective
IC = human failure, faulty judgement, does not meet the suitability, external events, collusion,
management override of IC
, risks include:
Material omission= unintentional , risk can change over time, more complex, more risk
Fraud= intentional, misappropriation and theft of assets, or intentional misrepresentation, risks
increased with management bias, estimates and judgments or incentives for fraud
Management override of controls= for personal gains, may lead to fraud
Illegal acts= might not be intentional, need to abide by laws of all states you do business in, but there
could be conflict bw laws , if there are any payments for unspecified services.
APPLY IC FRAMEWORK - ANSWERSmanage application, evaluate effectiveness, deficiency assertions,
COSO framework document : COPS
Need to document the IC assessment
1) Component evaluation
2) Overall assessment
3) principle evaluation
4) SUmmary of IC def
ERM framework - ANSWERScompanys strategy to balance risk and return, assists orgs in developing a
comprehensive response to risk management
how to create value when facing risk (ERM, CPER) - ANSWERS1) creation= benefit needs to be bigger
than expense, rev > expense, ROIC > cost of capital, positive NPV, profitable,
resources= people, capital , tech, brand
2) preservation= sustainable profit, to come from core business, customer satisfaction, profitable
product lines
3) erosion= don't want the value to go down, - NPV investment, cost > benefit, stock price decreases,
faulty strategy,