Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
85 Cards in this Set
- Front
- Back
|
material weakness
|
one or more significant deficiency that results in more than a remote likelihood that a material mistatement of financial statements will not be prevented or detected
|
|
|
significant deficiency:
|
a control deficiency that adversely effects tha companies ability to initiate authorize record, process or report external financial data reliably in accordance with GAAP.
|
|
|
control deficiency
|
exists when the design or operation of a control does not allow mgmt or employees, in teh normal course of business to prevent or detect misstatments on a timely basis.
|
|
|
The assessment of the effectiveness of internal controls is performed by the...
|
company
|
|
|
PCAOB stands for
|
public company accounting oversight board
|
|
|
The PCAOB recommends that companies use...
|
internal control framework
|
|
|
COSO is the most popular
|
internal control framework
|
|
|
COSO is the same as
|
SAS 78 (statements on auditing standards)
|
|
|
Objectives of COSO
|
financial reporting, operations and compliance.
|
|
|
Components of COSO:
|
Control environment
Risk Assessment Information and Communication Monitoring Control Activities |
|
|
COSO stands for:
|
Committee of Sponsoring Organizations of the Treadway Commision.
|
|
|
Virus:
|
replicates itself by placing itself inside executable code. Will make a programs size grow. Its a Malware
|
|
|
Worm
|
A malware, propogates using the network.
|
|
|
Back door
|
created by hackers (crackers- black hat) so that they can come bck over and over undetected.
|
|
|
cold site
|
a type of disaster recovery facility, its an empty shell or room
|
|
|
Hot site
|
a disaster recovery facility that is a recovery operations center full of working computers.
|
|
|
mutual aid pact (or rediprocol agreement.
|
a risky disaster recovery facility
|
|
|
internally provided facility
|
multiple data centers iwth in a facility for disaster recovery
|
|
|
CDP stands for
|
Centralized data processing
|
|
|
CDP is
|
a data processing method in which all major computing power is haoused in central location
|
|
|
CDP has what kind of professionals
|
DBA, systems development manager, data processing manager
|
|
|
Pros of CDP
|
Better segregation of duties, better IS professionals, better documentation
|
|
|
DDP stands for
|
distributed data processing
|
|
|
DDP is
|
a data processign method in which computing power and or computing assets are distributed through out the system.
|
|
|
In DDP all departments have their own
|
computer function, general IT funciton supports needs of departments
|
|
|
In DDP, each department is responsible for
|
hiring personnel, determining needs, and running IT show.
|
|
|
Pros of DDP
|
better cost control
improved user satisfaction |
|
|
RAID stand for
|
redundant array of inexpensive (or independant) disks
|
|
|
Method for using RAID
|
involves the use of parralel sisks tha contain redundant elements of of data and applications, if one disk fails lost data are automatically reconstructed form redundant components stored on other disk.
|
|
|
Raid is a component of
|
Fault tolerance
|
|
|
Fault tolerance
|
the ability of a system to continue operation when part of the system fails due to hardware failure, application program error, or operator error
|
|
|
Types of fault tolerance
|
RAID
UPS Mulitprocessing |
|
|
UPS stand for
|
uninterruptible power supply
|
|
|
What is UPS
|
its is a short term battery backup power to allow system to shut down in a controlled manner in the events of a power outage. Also a component of fault tolerance
|
|
|
multiprocessing
|
a component of fault tolerance
a simultaneous use of two or more processors that improves through put during normal operation. This will balance workload and provide complete backup in the event of processor failure. |
|
|
two types of Incompatible IT functions
|
computer operators and computer programmers
system developers, system maintainers |
|
|
5 compontents of COSO
|
control environment
risk assessment information and communication monitoring control activities |
|
|
control environment
|
sets tone for organization and influences control awareness of its mgmt and employees
|
|
|
risk assesment
|
this identifies, analyzes, and manages risks relevant to financial reporting
|
|
|
infor and communication
|
effectiveness of AIS system and corp communication
|
|
|
monitoring
|
process by which quality of internal control design and operation can be assessed
|
|
|
control activities
|
policies and procedures used to ensure appropriate action are taken to deal with risks.
|
|
|
two categories of control activities
|
computer
physical |
|
|
two categories of computer control activities
|
general controls
application controls |
|
|
Define application controls
|
programmed procedures designed to deal with potential exposures that threaten specific applications such as payroll, purchases, and cash disbursments
|
|
|
What is a hash total?
|
a simple control technique that uses non financial data to keep track of the records in a batch.
-a class of input control |
|
|
What are the methods of controlling source documents
|
prenumbered source documents
source documents in secquence limit physical access periodicaly audit source documents |
|
|
source documents:
|
documents that must have careful control in systems that use them to initiate transactions
|
|
|
What are 3 categories of applications controls
|
1 input controls
2 processing controls 3 output controls |
|
|
define input controls
|
designed to ensoure that data brougt into system si lavid accurate and comlete.
they can be source document triggered (batch) or direct imput (real time) |
|
|
define processing controls
|
after data input stage, transactions enter a processing stage. (3 categories, run-to-run, operator intervention, audit trail control)
|
|
|
define output controls
|
ensure system output is not lost, misdirected or corrupted adn privacy is not violated.
-output spooling |
|
|
numeric/alphabetic data check
|
determine whether the correct form of data is in a field.. Used in field interrogation.
|
|
|
define field interrogation
|
an input validation control that involves programmed procedures that examine the characteristics of the data in the field.
|
|
|
common types of field interrogation
|
missing data check
numeric/alphabetic data check zero value check limit check range checks validity check check digit |
|
|
define input validation controls
|
intended to detect errors in transaction data before data is processed.
|
|
|
3 types of input validation controls
|
field interrogation
record interrogation file interrogation |
|
|
define record interrogation
|
an input validation control that validates the entire record by examining the interelationships of its field values.
|
|
|
types of record interrogation
|
reasonable checks
sign checks sequence checks |
|
|
define file interrogation
|
type of input validation control that ensures the correct file is being processed by the system, important for master files.
|
|
|
3 types of file interrogation
|
internal label checks
version checks expiration date checks |
|
|
define transaction log
|
permanent record of all validated transactions.
It maintains an audit trail in computerized systems it records transactions with unique transaction codes |
|
|
define transaction code
|
ensures correct type of transaction is being processed by comparing it with other transaction codes contained in control record
|
|
|
3 types of interrogation
|
field
record file |
|
|
3 categories of business fruad
|
mgmt fraud, employee fraud, corruption
|
|
|
management fraud
|
a performance fraud that often uses deceptive practices to inflate earnings or to fortell the recognition of either in solvency or a decline in earnings.
|
|
|
define employee fruad
|
fraud by nonmanagement employees ,generally designed to directly convert cash on other assets to employees personal benefits.
|
|
|
employee fraud is closely associated with
|
missapropriation of assets
|
|
|
missapropriation of assets
|
employee fruad
|
|
|
3 steps of missappropriation of assets
|
stealing an asset
converting asset to usable form concealing crime to avoid detection |
|
|
define corruption
|
bribery, conficts of interest, illegal grauities, economic extortion, oldest white collar crime, a type of fraud
|
|
|
3 corners of fraud triangle
|
opportunity, pressure, rationalization
|
|
|
Types of asset missapropriation
|
charges to income stmt accts
lapping transaction fraud payroll fraud |
|
|
detecting potential fraud
|
multiple companies with same address
venders with employee address or PO boxes invoice amt just below threshold numerical sequence of invoices |
|
|
auditor independance
|
an act by PCAOB that addresses auditor independance by creating more separation b/w firms attestation and non auditing acts.
specifies categories that a public acct firm cannot help clients with |
|
|
General controls in computer control activities of COSO involve
|
operations, new system development, data management, system maintenance, networking/ecommerce
|
|
|
reason for lack of auditor independance in acct scandals
|
too much revenue from other consulting svcs garnered by audit firm.
|
|
|
management style or tone
|
a risk factor for fraud
|
|
|
What is OS
|
open source
|
|
|
advantages of OS
|
faster bug fixes, altruism, creativity, more eyes on project
|
|
|
Companies that make money off of open source
|
IBM, hardware, Redhat, support and integration svces, Linux, Apache
|
|
|
two risks for a company using open source
|
incomplete documentation and no one to take responsibility if something goes wrong.
|
|
|
What is GPL
|
general public licence-type of licence having to do with open source
|
|
|
What does GPL allow you to do?
|
allows you to download source code for free, but if altered the code will be available for others to download for free.
|
|
|
BSD licence
|
another type of open source licence which allows for free code to be modified and placed in proprietary software
|
