• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/23

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

23 Cards in this Set

  • Front
  • Back

Types of controls

Detective


Preventive


Corrective

Objectives of Internal control

Effectiveness (and efficiency) of operations


Reliability of Financial Reporting


Compliance with laws and regulations


*GAO addition: safeguarding of assets

Management Control Problems

Activity Elimination


Automation


Centralization: Info Overload


Risk Sharing


Info Asymetry: Adverse Selection/Moral Hazard


Cultural Controls


Input Devices

Observation


Data Transcryption


Preformatted Screen


Point of Sale (observation by customer)


Edit tests (automated tests for validity)

Security Threats of Internal controls

Confidentiality


Integrity


Availability


Authenticity

Edit tests

Field restrictions (within a field)


Valid Code


Reasonableness check (within a range)


Sign check (+/-)


Completeness (all fields)


Sequence (inputs occure in correct order)


Consistency (one value among multiple entries)

Processing Controls (for data integrity)

Data Access: Batch control total, financial control total, nonfinancial control total, hash total, record count (before/after input)


Data Manipulation: software documentation, compiler, test data (or duplicate system to test transactions)



Output controls

Specialized forms (authenticity)


Prenumbered Forms (also authenticity, ensures sequence)


Document Mutilation

Which COSO area:


Staff meetings every Monday for important issues

Communication and Information

Which COSO area:


Mgmt team meets monthly to discuss control deficiencies with internal auditors


And, at same meeting, mgmt discusses potential for fraud in various departments

Monitoring



Risk Assessment

Which COSO area:


Company has a dual signature requirement on all checks

Control Activities

Which COSO area:


IT attempts to hack its own system

Risk Assessment


Not Control Activities, because it's not part of regular operations

Types of duties for segregation

Recording


Authorization


Custody


What type of control and objective:


Periodic counts of inventory are performed to ensure proper level of stock

Preventive



Effectiveness of operations



(Not safeguarding assets, no mention of theft risk)

What type of control and objective:


Employees with custody of assets are fully bonded (background check)

Corrective (why?)



Safeguarding of asssets/compliance with laws and regulations

Obtaining an insurance policy with a deductible is an example of:

Risk Sharing

In which phase of ais design would the designer actually determine the needs of specific users?

Analysis

Which of the following is not an input mgmt control?


Redundancy


Job Design


Proper Hiring


Training

Redundancy

Which of the following is a primary storage device?


CD-ROM


Hard Drive


Magnetic Tape


Random Access Memory

RAM

Testing whether integration systems can work together is known as?

Integration testing

What two factors are used to assess risk?

Probability of the risk occurring


Severity of the risk and its consequences


In responding to an identified risk (critical event), mgmt must implement controls to:

Reduce the likelihood of the critical event occurring below mgmt's risk appetite

A category of information in a database table:

Attribute (usually a column)