Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
51 Cards in this Set
- Front
- Back
- 3rd side (hint)
Articles of Incorporation |
Filled in the state in which the corporation is incorporated; provides a basic structure for the company |
|
|
By-laws |
Contains more detailed information than the articles of incorporation |
|
|
Policies and Procedures |
Provide structure for the day to day operations of a corporation |
|
|
Audit Committee Members |
3 to 5 independent directors |
|
|
Sarbanes-Oxley Act of 2002 (SOX) |
Enacted as a result of massive fraud committed by Enron and WorldCom |
|
|
Public Company Accounting Oversight Board (PCAOB) Member Composition |
2 CPAs 3 Non-CPAs |
|
|
PCAOB duties (3) |
The board is subject to oversight by SEC and has the duty to: 1. Register public acctg firms that prepare audit reports 2. Establish rules regarding preparation of audit reports 3. Conduct inspections/investigations |
|
|
Rotation |
Lead Audit or coordinating partner and the reviewing partner must rotate off the audit engagement every 5 years |
|
|
Foreign Corrupt Practices Act (FCPA) |
Enacted to prohibit US individuals and entities from paying bribes to advance their business interests |
|
|
Penalties for violation of FCPA |
1. 5 yrs prison 2. $100k fine 3. Both |
|
|
Inherent Risk |
The susceptibility of an assertion to a material misstatement |
|
|
Control Risk |
The likelihood that a misstatement that could occur in an assertion will not be prevented, detected or corrected on a timely basis by the entity's internal control |
|
|
Detection Risk |
The likelihood that the auditor will not detect a misstatement that exists in the assertion that could be material |
|
|
Emphasis-of-matter paragraph |
Used when referring to a matter that is appropriately presented or disclosed in the financial statements fundamental to the user's understanding of the FS |
|
|
Other-matter paragraph |
Matters other than those presented/ disclosed in FS that are relevant to user's understanding of the audit |
|
|
Paragraphs used for nonissuers or privately held companies (2) |
1. Emphasis-of-matter paragraph 2. Other-matter paragraph |
|
|
Explanatory paragraph |
For issuers; included when required by PCAOB auditing standards or at auditor's discretion |
|
|
Internal control |
A process that is designed and implemented by an organization's management, BOD, to provide reasonable assurance that the organization will achieve its operating, reporting, and compliance objectives |
|
|
3 Objectives of Internal Control |
1. Operations 2. Reporting 3. Compliance |
|
|
5 Components of Internal Control |
1. Control Activities 2. Risk Assessment 3. Information and Communication 4. Monitoring Activities 5. Control Environment |
CRIME |
|
Control Environment |
-Tone at the top -commitment to ethics and integrity -board independence and oversight -organizational structure -commitment to competence -accountability |
|
|
Risk Assessment |
-identification and analysis of risks to achieve objectives -consider potential for fraud -identify and assess changes |
|
|
Information and Communication |
Identification, capture, and exchange of information in a timely and useful manner |
|
|
Monitoring activities |
Assessing the quality of internal control performance over time |
|
|
Control Activities |
Set forth by the entity's policies and procedures to ensure that the directives initiated by management to mitigate risks are performed |
|
|
System Flowcharts |
Shows document origin, subsequent processing, and final disposition |
|
|
Program Flowchart |
IT flowchart that documents the logic and flow of a computer program |
|
|
Narratives |
Written version of a flowchart that describes the internal control system |
|
|
Preventive Controls |
Proactive measures designed to prevent errors and fraud |
|
|
Detective Controls |
Designed to provide reasonable assurance that errors and irregularities will be detected and corrected on a timely basis |
|
|
Safeguarding Controls |
Limit access to authorized personnel |
|
|
Physical Controls |
Security devices and limited access to programs and restricted areas |
|
|
Segregation of Duties (4) |
Custody Authorization Recording Execution |
|
|
Input Controls |
Designed to ensure the data being entered in the system is both factually accurate and properly authorized |
|
|
Processing Controls |
Designed to ensure that transformations to the input data are executed correctly |
|
|
Output Controls |
Ensure that processing results are presented in a useful state to authorized persons |
|
|
Storage Controls |
Ensure that appropriate records are retained, retrieved, and accessed by authorized people and processes |
|
|
Phishing |
E-mails are used to coax an employee to provide access credentials |
|
|
Trojan Horse |
Apparently benign program or application that contains malicious script or program designed to steal data, alter files, or destroy systems |
|
|
Ransomware |
Encryption of data by an attacker who demands payment to decrypt data |
|
|
Viruses |
Programs that invade host systems, replicate, and hide within the system while carrying out a mission |
|
|
Encryption |
Computer algorithm that encodes data from a readable to unreadable state |
|
|
Firewalls |
Network security system that monitor, control, and restrict incoming and outgoing traffic |
|
|
Business Continuity Planning |
Process of creating plans and pre-positioning assets to allow a business to function during and after a business disruption |
|
|
5 steps in Disaster Recovery |
1. Assess Risk 2. Identify mission-critical applications and data 3. Develop plans to handle mission-critical applications 4. Determine personnel responsibilities in disaster recovery 5. Test Disaster Recovery Plan |
|
|
Full backup |
Exact copy of the entire database |
|
|
Incremental Backup |
Restoration starts from last full backup with each incremental backup in sequence thereafter |
|
|
Differential backup |
Back up all items changed since prior full backup |
|
|
Cold Site |
Off-site; electrical connections and physical data processing requirements |
|
|
Hot-site |
Off-site; equipped to quickly take over data processing, personnel must relocate to off-site facility to restore function |
|
|
Warm-site |
Stocked with hardware needed to create a data center facsimile; represents a compromise between hot-site speed and cold-site cost |
|