Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
Types of controls |
Detective Preventive Corrective |
|
Objectives of Internal control |
Effectiveness (and efficiency) of operations Reliability of Financial Reporting Compliance with laws and regulations *GAO addition: safeguarding of assets |
|
Management Control Problems |
Activity Elimination Automation Centralization: Info Overload Risk Sharing Info Asymetry: Adverse Selection/Moral Hazard Cultural Controls
|
|
Input Devices |
Observation Data Transcryption Preformatted Screen Point of Sale (observation by customer) Edit tests (automated tests for validity) |
|
Security Threats of Internal controls |
Confidentiality Integrity Availability Authenticity |
|
Edit tests |
Field restrictions (within a field) Valid Code Reasonableness check (within a range) Sign check (+/-) Completeness (all fields) Sequence (inputs occure in correct order) Consistency (one value among multiple entries) |
|
Processing Controls (for data integrity) |
Data Access: Batch control total, financial control total, nonfinancial control total, hash total, record count (before/after input) Data Manipulation: software documentation, compiler, test data (or duplicate system to test transactions)
|
|
Output controls |
Specialized forms (authenticity) Prenumbered Forms (also authenticity, ensures sequence) Document Mutilation |
|
Which COSO area: Staff meetings every Monday for important issues |
Communication and Information |
|
Which COSO area: Mgmt team meets monthly to discuss control deficiencies with internal auditors And, at same meeting, mgmt discusses potential for fraud in various departments |
Monitoring
Risk Assessment |
|
Which COSO area: Company has a dual signature requirement on all checks |
Control Activities |
|
Which COSO area: IT attempts to hack its own system |
Risk Assessment Not Control Activities, because it's not part of regular operations |
|
Types of duties for segregation |
Recording Authorization Custody
|
|
What type of control and objective: Periodic counts of inventory are performed to ensure proper level of stock |
Preventive
Effectiveness of operations
(Not safeguarding assets, no mention of theft risk) |
|
What type of control and objective: Employees with custody of assets are fully bonded (background check) |
Corrective (why?)
Safeguarding of asssets/compliance with laws and regulations |
|
Obtaining an insurance policy with a deductible is an example of: |
Risk Sharing |
|
In which phase of ais design would the designer actually determine the needs of specific users? |
Analysis |
|
Which of the following is not an input mgmt control? Redundancy Job Design Proper Hiring Training |
Redundancy |
|
Which of the following is a primary storage device? CD-ROM Hard Drive Magnetic Tape Random Access Memory |
RAM |
|
Testing whether integration systems can work together is known as? |
Integration testing |
|
What two factors are used to assess risk? |
Probability of the risk occurring Severity of the risk and its consequences
|
|
In responding to an identified risk (critical event), mgmt must implement controls to: |
Reduce the likelihood of the critical event occurring below mgmt's risk appetite |
|
A category of information in a database table: |
Attribute (usually a column) |