Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
91 Cards in this Set
- Front
- Back
|
Four Dimensions of Loss |
Scope Magnitude Duration Likelihood |
|
|
6 Steps of Risk Analysis |
Identify Vulnerabilities Identify Threats Calculate expected value of loss List controls to prevent, detect, and correct fraud Evaluate the cost of controls/response Make decision |
|
|
4 Responses to Risk |
Mitigate Transfer Avoid Accept |
|
|
5 Management Assertions |
Existence/Occurrence Completeness/Period Valuation/Allocation Rights/Obligations Presentation/Disclosure |
|
|
3 Control Functions |
Prevent Detect Correct |
|
|
4 Control Objectives |
Safeguard assets Promote accuracy and reliability Promote efficiency and effectiveness Measure compliance |
|
|
5 Components of the internal control system |
Control Environment Risk Analysis/Assessment Communication and information Control activities Monitoring |
|
|
General Controls |
controls that exist throughout the company |
|
|
Application controls |
controls on transaction cycles |
|
|
Operational Controls |
controls put in to identify and stop fraud while business is being run |
|
|
Development Controls |
controls put in while computer systems are being created |
|
|
Top Down Approach |
Financial Statements Management assertions on those financial statements Identify significant accounts Entity and transaction controls on significant accounts Identify management overrides of controls |
|
|
Safeguards |
Proactive, preventive controls Ex. Deterrent controls - Changesthreat’s mind about exploitation Directive controls – Assumes people will followdirections |
|
|
Countermeasures |
Reactive, corrective controls Ex. - Recovery controls - Fixesthe problem immediately Restorativecontrols – Getting back into the position we were in before the incident |
|
|
Foreign Corrupt Practices Act (FCPA) |
1977 U.S Congress Stopped American companies from entering foreigncountries to exploit their unregulated economies by creating government-sponsored monopolies |
|
|
National Commission on Fraudulent Financial Reporting (Treadway Commission) |
1985 Paid for by AICPA, called for by U.S Congress Commission to research amount of fraud occurringin corporate business Found that 1% of businesses commit fraud throughlack of internal controls |
|
|
COSO |
1992 Committee of Sponsoring Organizations Created by a bunch of professional organizations Created the “Internal Control IntegratedFramework” Established the four objectives of internal controls and the five components of the internalcontrol system |
|
|
SAS 78 |
1995 AICPA Gave guidance to external financial auditors Specified the need to test internal controls aspart of the audit process Based on Integrate Framework |
|
|
COBIT Framework |
1996 Information Systems Audit and Control Association (ISACA) Control Objectives for information technology Aimed at IT management |
|
|
SAS 94 |
2001 AICPA Adds IT consideration into standards for financial audits |
|
|
Sarbanes-Oxley Act |
2002 U.S Congress Created "Public Company Accounting Oversight Board" (PCAOB) PCAOB has the legal authority to regulateauditors/auditing Management responsible for maintaining andestablishing internal controls |
|
|
COSO ERM |
2004 COSO Expands on COSO 1992 Expands 5 components of the internal control system to 8 Corporate risk |
|
|
SAS 109 |
2006 AICPA Incorporates ERM and all of SAS 78 Emphasizes Assessing Risk and Risk response Emphasizes the need to understand the Entity |
|
|
Auditing Standard No. 5 |
2007 PCAOB Integrated financial audit Requires internal control review as integral part of audit Gave guidance on role of internal controls in audits Specifies “Top Down” approach Requires attention to the “Management Overrides” of internal controls Requires attention to the processes of making adjusting and closing entries |
|
|
SAS 115 |
2008 AICPA Guidance on how to communicate findings of the internal controls audit Defines “Material Weakness”, “Deficiency” etc. |
|
|
COSO Updated Framework |
2013
COSO Adds 17 principles to the 5 components of the internal control system Restates COSO's Integrated Framework of Internal Controls |
|
|
2 LAWS |
Sarbanes - Oxley Act Foreign Corrupt Practices Act (FCPA) |
|
|
1 REGULATION |
Auditing Standard No. 5 |
|
|
4 FRAMEWORKS |
COSO Framework Control Objectives for Information and Related Technology (COBIT) COSO ERM COSO Updated Framework |
|
|
4 STATEMENTS |
SAS 78 SAS 94 SAS 109 SAS 115 |
|
|
COSO ERM Objectives |
Internal environment Control Objectives Identification of events Risk assessment Risk response Communication and information Control activities Monitoring |
|
|
Characteristics of Reliability |
Accuracy Precision Timeliness Relevance Validity Completeness Occurrence/Existence Integrity |
|
|
Segregation of Duties |
•Custody from Recordkeeping •Authorization from Custody •Authorization from Recordkeeping •Initiation from Conclusion •Inbound from Outbound •Debit from Credit |
|
|
Wage Earners |
Little control over their work Perform highly-defined tasks |
|
|
Salaried Employees |
Work is less structured & less defined Duties change from day to day Required to apply judgement, direction, & discretion |
|
|
Non-exempt Salaried Employees |
Salaried employee making less than minimum wage per week OR Salaried employee who has very little control over the number of hours it takes to get a job done Must be compensated for all hours over 40 a week |
|
|
Exempt Salaried Employees |
Makes more than minimum wage per week OR Has control over how much time their work requires Exempt from receiving overtime pay |
|
|
ACFE |
Association of Certified Fraud Examiners |
|
|
XBRL |
eXtensible Business reporting language |
|
|
CBK |
Common Body Knowledge |
|
|
SDLC Phases |
Preparation Design Development Implementation Maintenance |
|
|
BIBA's Principles of Data Integrity |
Prevent modification by unauthorized parties Prevent unauthorized modifications by authorized parties Maintain internal and external information consistent |
|
|
CIA pillars of information security |
Confidentiality Integrity Availability |
|
|
Most Frequent Misappropriation Fraud |
Misappropriation of non-cash assets Billing Check tampering |
|
|
Most Frequent Initial Detection Methods |
Tips Management Review |
|
|
3 Categories of Occupational Fraud |
Corruption Asset Misappropriation Financial Statement Fraud |
|
|
Major Transaction Cycles |
Purchasing Revenue Payroll |
|
|
Minor Transaction Cycles |
Conversion/Manufacturing R & D Financing Capital Asset Acquisition |
|
|
Hash Total |
Numerical total of a set of numberswhose addition has no real-world meaning |
|
|
Steps of the Payroll Cycle |
Setting up a new employee Maintaining employee records Payroll run |
|
|
Requisitioner |
Purchase Requisition PO |
|
|
Purchasing Agent |
Purchase Requisition RFP, RFQ, RFB PO Order Acknowledgement Shipping Advice |
|
|
Receiving Dock |
PO Packing Slip bill of lading shipping advice |
|
|
A/P Dept. |
PO packing slip invoice payment voucher (authorized by management) (cut) check Remittance Advice |
|
|
Disbursement Clerk |
(sign) check check register |
|
|
Carrier |
Packing slip bill of lading |
|
|
Controller |
check register bank reconciliation report bank statement |
|
|
Sales Manager |
Price list product master file (authorize) sales order sales summary |
|
|
sales rep. |
price list product master file rfp, rfq, rfb sales order order acknowledgement |
|
|
credit manager |
credit application customer master file |
|
|
Warehouse |
sales order picking ticket shipping label |
|
|
shipping dept. |
picking ticket shipping label packing slip bill of lading shipping advice |
|
|
carrier (seller) |
packing slip bill of lading |
|
|
A/R dept |
invoice A/R sub ledger remittance advice deposit slip cash receipts journal |
|
|
Billing Dept. |
bill of lading picking ticket invoice sales summary |
|
|
bank (seller's) |
check deposit slip deposit receipt bank statement |
|
|
controller |
deposit receipt cash report cash receipts journal bank statement reconciliation report |
|
|
Department/Functional Manager |
Authorization document pool of job applications job offer (verify) time card payroll summary |
|
|
Management |
Authorization document |
|
|
H/R (Personnel Dept.) |
Authorization document job applications job offer Employee Master File = I-9 form, I.D, W-4 form, Benefits enrollment, pay rates, bank information |
|
|
new hire |
job applications job offers i-9 form I.D W-4 form Benefits enrollment |
|
|
Employee |
time card payroll stub W2 form (tax refund at the end of the year) |
|
|
Payroll clerk |
time card payroll report |
|
|
Controller (payroll) |
tax tables (prepared) payroll checks check register bank statement bank reconciliation report payroll report |
|
|
Treasurer (payroll) |
(signed) payroll checks check register payment disbursement report (when checks are sent electronically to employees, IRS, vendors) payroll report |
|
|
IRS |
Form 941 Withholding deposit W-2 Transmit (Refunds at the end of the year) |
|
|
Types of incidents |
Derivative Natural Accidental Deliberate |
|
|
HTML |
Hyper Text Markup Language Derived from Standard Generalized Markup Language (SGML) |
|
|
XML |
eXtensible Markup Language |
|
|
REA |
Resources Events Agents |
|
|
George Sorter |
Events approach - less aggregation by accountants = better information for decision makers |
|
|
Yuji Ijiri |
REPORT MORE THAN SIMPLE GAAP INFO. SHOULD BE ACCOMPANIED W/ BUSINESS CONTEXT |
|
|
WILLIAM MCCARTHY |
SEMANTIC MODELING - PHILOSOPHY, LANGUAGE, PATTERN RECOGNITION, DATABASE DEVELOPMENT & DESIGN ALSO CALLED E-R (ENTITY RELATIONSHIP) MODEL |
|
|
COSO CONSTITUENTS |
Institute of Management Accountants (IMA) Financial Executives Institute (FEI) American Accounting Association (AAA) American Institute of CPAs (AICPA) Institute of Internal Auditors (IIA) |
|
|
PREPARATION STAGE |
DETERMINATION OF: INITIAL SCOPE INITIAL BUDGET ESTIMATE INITIAL TIME TABLE FEASIBILITY STUDY (LIKELIHOOD) |
|
|
PREPARATION -> DESIGN |
PROJECT TEAM ASSEMBLED |
|
|
DESIGN -> DEVELOPMENT |
DEVELOPMENT OF DATABASE STRUCTURE |
|
|
TEST BED |
TEST SCRIPT - THINGS PROGRAM NEEDS TO DO AND WHAT IT SHOULDN'T DO TEST DATA - ERROR TRAPS |
|
|
DEVELOPMENT ->IMPLEMENTATION |
USER SIGN OFF |
|
|
CUT APPROACHES |
MODULAR PARALLEL DROP DEAD |
|
|
IMPLEMENTATION -> MAINTENANCE |
SHAKEDOWN CRUISE |
