Watch the movie "Rogue Trader", Answer the questions on Exhibit 1.

Exhibit 1 briefly defines each of five components of COSO followed by a list of questions. While watching the movie you must answer a minimum of three, 3, questions from each category.

EXHIBIT 1

Summary of COSO and Barings Bank

1. The Control Environment establishes the tone of a company and influences the control awareness of the employees. It is the foundation for all the other internal control components and provides discipline and structure for the entire business operation (Bagranoff et al. 2008, 270).

Questions relating to the Control Environment

1. Do board members and senior executives set a consistent example of high integrity and ethical behavior?

2. Is there a written code of conduct for employees, and is it reinforced by training, top down communications, and requirements for periodic written statements of compliance from key employees?

3. Are performance and incentive compensation targets reasonable and realistic?

4. Is it clear that fraudulent financial reporting at any level and in any form will not be tolerated?

5. Are ethics woven into criteria that are used to evaluate individual and business unit performance?

6. Does management react appropriately when receiving bad news from subordinates and business units?

7. When instances of noncompliance are reported, do board members and senior executives take appropriate action and ensure effective action through testing?

8. Does a process exist to resolve close ethical calls?

9. Do board members and senior executives receive internal and external information from accounting and other information systems to make informed and timely decisions?

2. The purpose of Risk Assessment is to identify organizational risks, analyze their potential in terms of costs and likelihood of occurrence, and install those controls whose projected benefits outweigh their costs (Bagranoff et al. 2008, 243).

Questions relating to Risk Assessment:

1. Are business risks identified and candidly discussed with the board of directors?

2. Do the board and management properly evaluate risks with regard to new personnel and new or expanding lines of business activities?

3. Do the board and management discuss and appropriately consider control issues when entering new markets?

4. Are there sufficient personnel who are competent and knowledgeable to manage current and new business activities, and have they been provided with adequate resources?

5. Do the board and management involve auditors or other internal control experts in the risk assessment process?

3. Control Activities are the policies and procedures that an organization develops to help protect the assets of the firm (Bagranoff et al. 2008, 243).

Questions relating to Control Activities:

1. Do board members and senior executives demonstrate that they accept control responsibility, and not merely delegate that responsibility to financial and audit staff?

2. Does management clearly assign responsibilities for employee training and monitoring of internal controls?

3. Are periodic, systematic evaluations of control systems conducted and documented by personnel with appropriate responsibilities, experience, and knowledge?

4. Are control deficiencies reported to higher levels of management and corrected on a timely basis?

5. Are appropriate controls built in as new information systems are designed and implemented?

6. Are key risk-taking activities segregated from reconciliation activities?

4. Information and Communication include the methods that management uses to record, process, and exchange information within the firm so that employees understand their roles and responsibilities pertaining to internal control (Bagranoff et al. 2008, 244).

Questions relating to Information and Communication:

1. Do accounting systems properly identify, assemble, analyze, classify, record, and report the institutions transactions in accordance with GAAP?

2. Are the reports generated for operational, financial, managerial, and compliance-related activities sufficient to properly manage and control the institution?

3. Do accounting, information, and communication systems ensure that risk-taking activities were within policy guidelines?

4. Do all personnel understand their roles in the control system?

5. Do all personnel understand their accountability for the activities they conduct?

5. The Monitoring process is a management responsibility that assesses the quality of internal control performance over time (Bagranoff et al. 2008, 244).

Questions relating to Monitoring:

1. Does internal auditing have the support of board members and senior executives?

2. Is the organizational relationship between internal auditing and senior executives appropriate?

3. Are audit reports covering the right subjects distributed to the right people in a timely manner?

4. Do audit personnel possess an appropriate level of expertise?

5. Are managers held accountable if they do not effectively follow up on control weaknesses?