Card Set Information

2011-10-17 20:45:45

Chapter 7
Show Answers:

  1. Threat
    Any potential adverse occurrence.
  2. Exposure
    The potential dollar loss from the threat.
  3. Likelihood
    The probability that a threat will happen.
  4. Internal control
    • Is the process implemented to provide reasonable
    • assurance that the following control objectives are achieved
    • o Safeguard assets: prevent or detect their unauthorized acquisition, use, or disposition.
    • o Maintain records in sufficient detail or report company assets accurately and fairly.
    • o Provide accurate and reliable information.
    • o Encourage adherence to prescribed managerial policies
    • o Comply with applicable laws and regulations.
  5. Preventive control
    Deter problems before they arise. Examples include hiring qualified personal, segregating employee duties, and controlling physical access to assets and information. These are superior to detective because it is good to stop bad things before they happen.
  6. Detective control
    Discover problems that are not prevented. Examples include duplicate checking of calculations and preparing bank reconciliations and monthly trial balances.
  7. Corrective control
    Identify and correct problems as well as correct and recover from the resulting errors. Examples include maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing.
  8. General control
    Make sure an organizations control environment is stable and well managed. Examples include security; IT infrastructure: and software acquisition, development and maintenance controls.
  9. Application control
    Make sure transactions are processed correctly. They are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported.
  10. Belief system
    Describes how the company creates values, helps employees understand managements vision.
  11. Boundary system
    Helps employees act ethically by setting boundaries on employee behavior.
  12. Diagnostic control system
    Measures, monitors, and compares actual company progress to budgets and performance goals.
  13. Interactive control system
    Helps managers to focus subordinates attention on key strategic issues and be more involved in their decision.
  14. Foreign corrupt policies act
    Was passed to prevent companies from bribing officials to obtain business.
  15. Surbanes-oxyley act
    Passed in 2002, applied to publicly help companies and their auditors and was designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud.
  16. Public company accounting oversight board PCAOB
    Created by SOX to control the auditing profession. This sets and enforces auditing, quality control, ethics, independence, and other auditing standards.
  17. Control objectives for information and related technology COBIT
    • Consolidates control standards from 36 different sources into a single framework that allows;
    • 1. Management to benchmark security and control
    • practices of IT environments.
    • 2. Users to be assured that adequate IT security and control exist.
    • 3. Auditors to substantiate there internal control opinion and to advise on IT security and control matters.
  18. Committee of sponsoring organizations COSO
    • Consists of the American accounting association,the American institute of CPAs, the institute of internal auditors, the institute of management accountants, and the financial executives institute.
    • 1. internal control-integrated framework
    • 2. enterprise risk management-integrated framework
  19. Internalcontrol-integrated framework IC·
    • the first control framework created by COSO. Is widely accepted as the authority on IC and is incorporated into policies,rules, and regulations used to control business activities. COSO's five components are;
    • 1. control environment
    • 2. control activities
    • 3. risk assessment
    • 4. information and communication
    • 5. monitoring.
  20. Enterprise riskmanagement-integrated framework ERM·
    A second control framework created by COSO. This is the process the board of directors and management use to set strategy,identify events that may affect the entity, assess and manage risk, and providereasonable assurance that the company achieves its objectives and goals. The basic principles are;

    • 1. Companies are formed to create value fortheir owners.
    • 2. Management must decide how much uncertaintyit will accept as it creates value.
    • 3. Uncertainty results in risk, which ispossibility that something positively affects the company’s to create orpreserve value.
    • 4. Uncertainty results in opportunity, which isthe possibility that something positively affects the company’s ability tocreate or preserve value.
  21. Internal environment
    Or company culture, influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk
  22. Risk appetite
    The amounts of risk companies are willing to accept to achieve their goals.
  23. Audit committee
    Is responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors, who report all critical accounting policies and practices to them.
  24. Policy and procedures manual
    Explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and list the resources provided to carry out specific duties. Includes the chart of accounts and is helpful on the job reference for current employees and a useful tool for training new employees.
  25. Background check
    Includes talking to references, checking for a criminal record, examining credit records, and verifying education and work experience.
  26. Strategic objective
    High-level goals that are aligned with the company’s mission, support it, and create shareholder value, are set first.
  27. Operations objective
    Deals with the effectiveness and efficiency of company operations, determine how to allocate resources.
  28. Reporting objective
    Helps to ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance.
  29. Compliance objective
    Help the company comply with all applicable laws and regulations.
  30. Event
    COSO defines an event as an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.
  31. Inherent risk
    Exist before management takes any steps to control the likelihood or impact of the event.
  32. Residual risk
    Is what remains after management implements internal controls of some other response to risk.
  33. Expected loss
    Impact X likelihood
  34. Control activities
    • Are policies and procedures that provide
    • reasonable assurance that control objectives are met and risk responses are
    • carried out.
    • 1. Proper authorization of transactions and activities.
    • 2. Segregation of duties.
    • 3. Project development and acquisition controls.
    • 4. Change management controls
    • 5. Design and use documents and records
    • 6. Safeguarding assets, records, and data.
    • 7. Independent checks on performance.
  35. Authorization
    When management establishes policies for employees to follow and then empowers them.
  36. Digital signature
    A means of signing a document with data that cannot be forged.
  37. Specific authorization
    Special approval required by management. For example, management having to approve transactions over 10,000.
  38. General authorization
    When management authorizes employees to handle routine transactions.
  39. Segregation of accounting duties
    This is achieved when authorization, recording, and custody are all separated.
  40. Collusion
    Collusion occurs when tow people are in a system of the separation of duties are working together to embezzle.
  41. Segregation of system duties
    • In an information system, procedures once performed by components operate smoothly and efficiently.
    • 1. System administrator
    • 2. Network manager
    • 3. Securitymanagement
    • 4. Change management system analyst
    • 5. Users
    • 6. System analysis
  42. System administrator
    make sure all information system components operate smoothlyand efficiently.
  43. Network manager
    ensure that devise are linked to the organizations internal and external networks and that those networks operate properly.
  44. Security management
    makes sure that systems are secure and protected from internal and external threats.
  45. Change management system analyst
    is the process of making sure that changes are made smoothly and efficiently and that they do not negatively affects systems reliability, security, confidentiality, integrity, and availability.
  46. Users
    users record transactions, authorize data to be processed, and use system output.
  47. System analysis
    helps users determine their information needs and design systems to meet those needs.
  48. Programmer
    takes the analysts’ design and creates a system by writing the computer programs.
  49. Computer operator
    runs the software on the company’s computers. They ensure that data are input properly, that they are processed correctly, and that output is produced when needed.
  50. Information system library
    the information system librarian maintains custody of corporate databases, files, and program in a separate storage area called the information system library.
  51. Data control group
    ensures that source data have properly approved, monitors that flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems output.
  52. Steering committee
    Guides and oversees system development and acquisition.
  53. Strategic master plan
    Is developed and updated yearly to align an organization’s information system with its business strategies.
  54. Project development plan
    Shows the tasks to be performed, who will perform them, project cost, completion cost, and project milestones.
  55. Project milestone
    Significant points when progress is reviewed and actual and estimated completion times are compared.
  56. Data processing schedule
    Shows when each task should be performed.
  57. System performance measurements
    • Are established to evaluate the system.
    • 1. Throughput – output per unit of time.
    • 2. Utilization– percentage of time the system is used.
    • 3. Response time – how long it takes the system to respond.
  58. Post-implementation review
    Is performed after a development project is completed to determine whether the anticipated benefits where achieved.
  59. System integrator
    Manages a system development effort involvingits own personnel, its clients, and other vendors.
  60. Analytical review·
    is an examination of the relationships between different sets of data.
  61. Audit trail·
    the accounting records and procedures,supporting documents, and financial statements, that allows transactions to betraced back and forth between their origination and the financial statements.
  62. Computer security officer CSO·
    Is in charge of system security, independent ofthe information system function, and reports to the COO and the CEO.
  63. Chief compliance officer CCO·
    In charge of making sure that a company is complying with SOX.
  64. Forensic investigators·
    Specialize in fraud are Computer forensics specialist Discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will notsuccumb to legal challenges.
  65. Neural network·
    Programs with learning capabilities than can accurately identify fraud.
  66. Fraud hot line·
    Is an effective way to comply with the law and resolve whistle-blower conflict.
  67. management can respond to risk in one of four ways:
    reduce, accept, share, avoid
  68. risk assessment steps
    • 1. identify threats
    • 2. estimate risk and exposure
    • 3. identify controls
    • 4. estimate costs and benefits