ACC 321

Question 1

Value system level model

Answer 1

Vendors, distributors, retailers, customers (supply chain partners)

Question 2

Value chain model

Answer 2

Processes and their systems within a company

Question 3

REA Model (business porocess model)

Answer 3

Rea model for sub-system

Question 4

Flowchart (task level model)

Answer 4

Specific tasks performed by specific individuals within sub-systems

Question 5

Business process

Answer 5

A set of activities that takes one or more inputs and creates an output that is of value to the customer

Question 6

Value chain

Answer 6

Is a purposeful network of business processes that asemble the individual compnents into a final product that has value to the customer

Question 7

Core business processes

Answer 7

Revenue cycle, expenditure cycle, production cycle, payroll cycle, finanacing cycle

Question 8

Four major steps in data processing

Answer 8

Data input, data storage, data processing, info output

Question 9

Master file

Answer 9

Stores cumulatice info about an organizations entities

Question 10

Transaction file

Answer 10

Contains records of individual events that occur dirinf a fiscal period

Question 11

Three main types of outputs

Answer 11

Documents reports queries

Question 12

Documents

Answer 12

Records of transactions or other company data printed or stored

Question 13

Reports

Answer 13

Documents that are used by employees to control operational activities and make decisions

Question 14

Queries

Answer 14

User request for specific pieces of information

Question 15

Different types of business enterprise risk

Answer 15

Economy, industry, enterprise, business process, accounting info systme

Question 16

Economic risk

Answer 16

Industry, economy, competitor, legal, regulatory, change, treasury, credit, trading

Question 17

Industry risk

Answer 17

Competitive, customers needs/wants, revolutionary product development

Question 18

Enterprise risk

Answer 18

Reputation, stragegic focus, parent company support, patent protection, employee turnover, training

Question 19

Operational risk

Answer 19

Operational and compliance

Question 20

Accounting information system risks

Answer 20

Financial, operational, and technology

Question 21

Enterprise risk management

Answer 21

Identifyinf, assessing and mitigating riaks for better business performance

Question 22

Sas #99

Answer 22

Auditors responsibility to detect fraud

Question 23

Sox

Answer 23

Ceo and cfo must certify quarterly and annual financial statements. Have to have internal control report

Question 24

The fraud triangle

Answer 24

Three conditions that are present when fraud occurs. Pressure, opportunity, and rationalization

Question 25

Fraud tree

Answer 25

Corruption, asset misappropriation, and financial statement fraud

Question 26

Frequency of fraud

Answer 26

Asset misappropriation happens the most then corruption then financial statement

Question 27

Financial loss associated with fraud

Answer 27

Financial statement highest, then corruption then asset

Question 28

Initial detection of fraud

Answer 28

Tip is the most way we find out

Question 29

Three objectives of coso

Answer 29

Operations, reporting, and compliance

Question 30

Four compnay units of coso

Answer 30

Entity, division, operating unit, function

Question 31

Five risk and control components

Answer 31

Control enviornment, risk assesment, control activities, info and comminication, monitoring activities

Question 32

Control enviornment

Answer 32

Demonstrates commitment to integrity and ethical values, exercises oversight responsibily, establishes structure authority abd responsibility demonstrates commitment to competence enforces accountablilty

Question 33

Risk assesment

Answer 33

Specifies relevant objectives, identifies and analyses risk, assesses fraud risk, identifies and analyzes significant change

Question 34

Likelihood

Answer 34

The probablility that the threat will occur

Question 35

Exposure (impact)

Answer 35

The potential dollar loss

Question 36

What happens if either likelihood or impact increases?

Answer 36

The materiality of the event and the need to protect against it rises

Question 37

Four risk reponses

Answer 37

Reduce, avoid, share, accept

Question 38

Reduce

Answer 38

Implement an effective system of internal controls

Question 39

Avoid

Answer 39

Do not engage in any activities that produce risk

Question 40

Share

Answer 40

Transfer some of the risk to others via insurance

Question 41

Accept

Answer 41

Do not avoid reduce or share

Question 42

Inherent risk

Answer 42

The risk that exsist before management takes any response

Question 43

Residual risk

Answer 43

The risk that remains after management implements internal controls or some other risk response

Question 44

Control activities

Answer 44

Selects and develops control activities, selects and develops general controls over technology, develops through policies and procedures

Question 45

Information and communication

Answer 45

Uses relevant info, comminicated internally, communicates externally

Question 46

Monitoring

Answer 46

Conducts ongoing and separate evaluations, evaluates and comminicated deficienties. Must be monitored on ongoing basis and change when needed

Question 47

Cybersecurity information sharing act of 2015

Answer 47

Companies must let everyone know when there has been a breach

Question 48

Organized crime motive

Answer 48

Immediate financial gain, collect info for future gain

Question 49

Organized crime target

Answer 49

Financial payments, pii and phi, payment cards

Question 50

Organized crime impact

Answer 50

Costly regulatory penalities, lawsuite, loss of customer confidence

Question 51

Nation state motive

Answer 51

Economic political and military advantage

Question 52

Nation state target

Answer 52

Trade secrets, sensitive business info, emerging tech, critical infrastructure

Question 53

Nation state impact

Answer 53

Loss of competitive advantage, disruption of critical infrastructure

Question 54

Insiders motive

Answer 54

Personal advantage or monetary gain profession revenge and patriotism

Question 55

Insider target

Answer 55

Sales deals market strategies corp secretz ip and r&dn business operations and personal info

Question 56

Insiders impact

Answer 56

Trade secret disclosure, operational disruption, brand and reputation and national security impact

Question 57

Hacktivist motive

Answer 57

Influence political or social change pressure business to change your practices

Question 58

Hackivist target

Answer 58

Corp secrets, sensitive business info, info related to key executives employees customers and partners

Question 59

Hackivist impact

Answer 59

Disruption of business acticities brand and reputation and loss of customer confidence

Question 60

Unsophisticated attackers

Answer 60

You are attacked because you are on the internet and have a vulnerability

Question 61

Sophisticated attackers

Answer 61

You are hacked because you are on the internet and have info of value

Question 62

Corporate espionage

Answer 62

Your current or former employee seeks financial gain from selling your ip

Question 63

State sponsored attacks

Answer 63

You are targeted because of who you are what you do or the value of your ip

Question 64

What can i do to protect myself?

Answer 64

Protect credentials, social engineering have security defense

Question 65

Security defense

Answer 65

First line-management, second line-risk management, third line-internal audit

Question 66

Database forms

Answer 66

Input data

Question 67

Database reports

Answer 67

Output of database queries

Question 68

What makes up an enterprise

Answer 68

Personnel, r&d, sales, production, services, accounting

Question 69

Tier 1: client computer

Answer 69

Includes an interface that permits dats entry and retrieval

Question 70

Tier 2: applicatiob server

Answer 70

Consisting of specialized computers that store application software programs

Question 71

Tier 3: database

Answer 71

Consisting of a large centralized relational database and rdbms

Question 72

Five categories of control activities

Answer 72

Approval or authroization, design and use of documents and records, safeguard assets records and data, independent checks on performance, segregation of duties

Question 73

Internal controls perform three important functions

Answer 73

Preventitive controls, detective controls, corrective controls

Question 74

Three functions that need to be separated to acheieve separation of duties

Answer 74

Custodial functions, recording functions, and authorization functions

Question 75

Information security

Answer 75

Policies and procedures to secure info assets including it hardware softeare and stored data

Question 76

Information risk management

Answer 76

Managing risk related to informatjon assets and it

Question 77

COBIT

Answer 77

Private model of choice to sufficiently demonstrate it controls

Question 78

COBIT controls

Answer 78

It delivery must enable the organization to achieve its objectives, promotes processes focus and process ownership, looks ar fiduciary quality and security needs of enterprises, 7info criteria to define business requirements

Question 79

COBIT information criteria

Answer 79

Quality, fiduciary, security

Question 80

COVIT IT processes

Answer 80

Domains, processes, and activities

Question 81

COBIT IT resources

Answer 81

People, application systems, technology, facilities, data

Question 82

IT architecture

Answer 82

Consists of architecture for computers networks and databases

Question 83

Access control

Answer 83

For a user to be allowed access to a secured system the user should be identified authenticated and then authorized to access the system

Question 84

Operations security

Answer 84

Actvitities and procedures required to keep information technology running securely

Question 85

Crytography

Answer 85

Is the encoding dats in a form that only the sender and intended reciever can understand

Question 86

Encryption

Answer 86

Is the method of convering plaintext data into unreadable for called ciphertext

Question 87

Ciphertext

Answer 87

Is converted back into plaintext using decryption

Question 88

Sales order entry

Answer 88

All the activities involved in soliciting and processing customer orders

Question 89

DFD squares

Answer 89

People, companies, business functions

Question 90

DFD circles

Answer 90

Processes

Question 91

DFD rectangles

Answer 91

Database

Question 92

DFD arrows

Answer 92

How information flows

Question 93

DFD words on arrows

Answer 93

Documents

Question 94

Picking list

Answer 94

A document that authorizes the warehouse to release merchandise to the shipping department

Question 95

Outputs of the sales process

Answer 95

Bad debt report, cash receipts forecast, customer listing, sales analysis reports

Question 96

Bill of lading

Answer 96

A document that acts as a legal contract defining responsibility of goods while they are in transit

Question 97

Sales invoice

Answer 97

Notifies the customer of the amount to be paid and where to remit payment

Question 98

Deposit slip

Answer 98

A itemized slip showing the exact amount of paper money, coin, and checks beinf deposited go an account

Question 99

Sales returns

Answer 99

Authorizing, accepting, and providing credit for returned items

Question 100

Three times account adjustements are made

Answer 100

Goods are returned, goods are damages, accounts are uncollectible

Question 101

Foreign key

Answer 101

Is the same field that links to a primary key in another table

Question 102

REA

Answer 102

Economic resource, economic event, economic agent

Question 103

Step 1 REA

Answer 103

Identify the economic exchange of events. The pair of events that reflect the give get in the cycle

Question 104

Step two REA

Answer 104

Identify resources and agents. Identify the resources affected by each event and the agents who participate in those events

Question 105

Every event must be linked to at least one

Answer 105

Resources

Question 106

Every event must be linked to at least two

Answer 106

Participating agents

Question 107

Commitment

Answer 107

Orders goods but has not paid and has not recieved goods. A promise to execute and economic event in the future

Question 108

Step three REA

Answer 108

Cardinalities. Determine for each relationship

Question 109

Attributes

Answer 109

Contain information which is required to produce desidred forms and reports

Question 110

Association class

Answer 110

Used for many to many associated with attributes

Question 111

Controls for Incomplete or inaccurate customer order

Answer 111

Threat in sales orfer entry. Completeness checks, auto lookup of data, reasonableness test compairing historical dats

Question 112

Controls for sales to customers with poor credit

Answer 112

Separation od duties, salespeople have read only access to customer credit data, credit approved before selling inventory, accurate records of customer sales and limits

Question 113

Controls for orders that arent legitiamte

Answer 113

Receipt of signed purchase order, digital signitures and certificates, controls with online transactions

Question 114

Controls for stockouts, carrying cost, and markdowns

Answer 114

Accurate inventory control and forecasting, online inventory systems that allow recording of changes in real time, physical counts of inventory, review of sales forecast

Question 115

Control for shipping errors

Answer 115

Use bar codes and rfid tags, field checks and completion checks, packing slip and bill of lading shouldnt be printed until shipment is verrified

Question 116

Controls for theft of inventory

Answer 116

Secure location with restricted access, rfid tags

Question 117

Controls for failure to bill customers

Answer 117

Segregate shipping and billing functions and documents should be numbered in order

Question 118

Controls for billing error

Answer 118

Computer retrieve prices from inventory master file, check quantities on packing slip against on sales orders

Question 119

Controls for theft of cash

Answer 119

Segration of duties, min handling of money, remittance advice

Question 120

Controls for loss alteration or unautorized disclousure of data

Answer 120

Everything backed up regularly, controls utilized, encryption