Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

85 Cards in this Set

  • Front
  • Back
material weakness
one or more significant deficiency that results in more than a remote likelihood that a material mistatement of financial statements will not be prevented or detected
significant deficiency:
a control deficiency that adversely effects tha companies ability to initiate authorize record, process or report external financial data reliably in accordance with GAAP.
control deficiency
exists when the design or operation of a control does not allow mgmt or employees, in teh normal course of business to prevent or detect misstatments on a timely basis.
The assessment of the effectiveness of internal controls is performed by the...
PCAOB stands for
public company accounting oversight board
The PCAOB recommends that companies use...
internal control framework
COSO is the most popular
internal control framework
COSO is the same as
SAS 78 (statements on auditing standards)
Objectives of COSO
financial reporting, operations and compliance.
Components of COSO:
Control environment
Risk Assessment
Information and Communication
Control Activities
COSO stands for:
Committee of Sponsoring Organizations of the Treadway Commision.
replicates itself by placing itself inside executable code. Will make a programs size grow. Its a Malware
A malware, propogates using the network.
Back door
created by hackers (crackers- black hat) so that they can come bck over and over undetected.
cold site
a type of disaster recovery facility, its an empty shell or room
Hot site
a disaster recovery facility that is a recovery operations center full of working computers.
mutual aid pact (or rediprocol agreement.
a risky disaster recovery facility
internally provided facility
multiple data centers iwth in a facility for disaster recovery
CDP stands for
Centralized data processing
CDP is
a data processing method in which all major computing power is haoused in central location
CDP has what kind of professionals
DBA, systems development manager, data processing manager
Pros of CDP
Better segregation of duties, better IS professionals, better documentation
DDP stands for
distributed data processing
DDP is
a data processign method in which computing power and or computing assets are distributed through out the system.
In DDP all departments have their own
computer function, general IT funciton supports needs of departments
In DDP, each department is responsible for
hiring personnel, determining needs, and running IT show.
Pros of DDP
better cost control
improved user satisfaction
RAID stand for
redundant array of inexpensive (or independant) disks
Method for using RAID
involves the use of parralel sisks tha contain redundant elements of of data and applications, if one disk fails lost data are automatically reconstructed form redundant components stored on other disk.
Raid is a component of
Fault tolerance
Fault tolerance
the ability of a system to continue operation when part of the system fails due to hardware failure, application program error, or operator error
Types of fault tolerance
UPS stand for
uninterruptible power supply
What is UPS
its is a short term battery backup power to allow system to shut down in a controlled manner in the events of a power outage. Also a component of fault tolerance
a component of fault tolerance
a simultaneous use of two or more processors that improves through put during normal operation. This will balance workload and provide complete backup in the event of processor failure.
two types of Incompatible IT functions
computer operators and computer programmers

system developers, system maintainers
5 compontents of COSO
control environment
risk assessment
information and communication
control activities
control environment
sets tone for organization and influences control awareness of its mgmt and employees
risk assesment
this identifies, analyzes, and manages risks relevant to financial reporting
infor and communication
effectiveness of AIS system and corp communication
process by which quality of internal control design and operation can be assessed
control activities
policies and procedures used to ensure appropriate action are taken to deal with risks.
two categories of control activities
two categories of computer control activities
general controls
application controls
Define application controls
programmed procedures designed to deal with potential exposures that threaten specific applications such as payroll, purchases, and cash disbursments
What is a hash total?
a simple control technique that uses non financial data to keep track of the records in a batch.
-a class of input control
What are the methods of controlling source documents
prenumbered source documents
source documents in secquence
limit physical access
periodicaly audit source documents
source documents:
documents that must have careful control in systems that use them to initiate transactions
What are 3 categories of applications controls
1 input controls
2 processing controls
3 output controls
define input controls
designed to ensoure that data brougt into system si lavid accurate and comlete.
they can be source document triggered (batch) or direct imput (real time)
define processing controls
after data input stage, transactions enter a processing stage. (3 categories, run-to-run, operator intervention, audit trail control)
define output controls
ensure system output is not lost, misdirected or corrupted adn privacy is not violated.
-output spooling
numeric/alphabetic data check
determine whether the correct form of data is in a field.. Used in field interrogation.
define field interrogation
an input validation control that involves programmed procedures that examine the characteristics of the data in the field.
common types of field interrogation
missing data check
numeric/alphabetic data check
zero value check
limit check
range checks
validity check
check digit
define input validation controls
intended to detect errors in transaction data before data is processed.
3 types of input validation controls
field interrogation
record interrogation
file interrogation
define record interrogation
an input validation control that validates the entire record by examining the interelationships of its field values.
types of record interrogation
reasonable checks
sign checks
sequence checks
define file interrogation
type of input validation control that ensures the correct file is being processed by the system, important for master files.
3 types of file interrogation
internal label checks
version checks
expiration date checks
define transaction log
permanent record of all validated transactions.
It maintains an audit trail in computerized systems
it records transactions with unique transaction codes
define transaction code
ensures correct type of transaction is being processed by comparing it with other transaction codes contained in control record
3 types of interrogation
3 categories of business fruad
mgmt fraud, employee fraud, corruption
management fraud
a performance fraud that often uses deceptive practices to inflate earnings or to fortell the recognition of either in solvency or a decline in earnings.
define employee fruad
fraud by nonmanagement employees ,generally designed to directly convert cash on other assets to employees personal benefits.
employee fraud is closely associated with
missapropriation of assets
missapropriation of assets
employee fruad
3 steps of missappropriation of assets
stealing an asset
converting asset to usable form
concealing crime to avoid detection
define corruption
bribery, conficts of interest, illegal grauities, economic extortion, oldest white collar crime, a type of fraud
3 corners of fraud triangle
opportunity, pressure, rationalization
Types of asset missapropriation
charges to income stmt accts
transaction fraud
payroll fraud
detecting potential fraud
multiple companies with same address
venders with employee address or PO boxes
invoice amt just below threshold
numerical sequence of invoices
auditor independance
an act by PCAOB that addresses auditor independance by creating more separation b/w firms attestation and non auditing acts.
specifies categories that a public acct firm cannot help clients with
General controls in computer control activities of COSO involve
operations, new system development, data management, system maintenance, networking/ecommerce
reason for lack of auditor independance in acct scandals
too much revenue from other consulting svcs garnered by audit firm.
management style or tone
a risk factor for fraud
What is OS
open source
advantages of OS
faster bug fixes, altruism, creativity, more eyes on project
Companies that make money off of open source
IBM, hardware, Redhat, support and integration svces, Linux, Apache
two risks for a company using open source
incomplete documentation and no one to take responsibility if something goes wrong.
What is GPL
general public licence-type of licence having to do with open source
What does GPL allow you to do?
allows you to download source code for free, but if altered the code will be available for others to download for free.
BSD licence
another type of open source licence which allows for free code to be modified and placed in proprietary software