CH:7 Control and AISs

Question 1

Threat

Answer 1

any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization

Question 2

exposure/impact

Answer 2

the potential dollar loss should a particular threat occur

Question 3

internal control

Answer 3

is to provide assurance that the following objectives are achieved :

• safeguard assets
• maintain sufficient records
• Prepare financial reports according to established criteria
• provide accurate and reliable information
• promote and improve operational efficiency
• Comply with laws and regulations

Question 4

Preventive controls

Answer 4

deter problems from occurring

Question 5

Detective controls

Answer 5

discover problems that are not prevented

Question 6

corrective controls

Answer 6

identify and correct problems

Question 7

controls are segregated into two categories :

Answer 7

• General controls which ensure that the organization’s control environment is stable and well managed
• application controls detect errors and fraud, they are concerned with accuracy , completeness , validity , and authorization of data captured . cv aa

Question 8

Foreign corrupt Practices (FCPA) 1977

Answer 8

prevent companies from bribing foreign officials to obtain business and make sure all publicly owned companies maintain a system of internal accounting controls

Question 9

Sarbanes Oxley Acts (SOX) 2002

Answer 9

• prevent financial statements fraud
• financial report transparent
• protect investors
• strengthen internal controls
• punish executives who perpetrate fraud

Question 10

COBIT framework version COBIT5 principles

Answer 10

• meeting stake holders needs
• covering the enterprise end to end
• applying a single integrated framework
• enabling a holistic approach
• separating governance from management

Question 11

the benefit of COBIT

Answer 11

• allows management to benchmark their environment and compare it other organizations
• comprehensive framework provides assurance that IT security and control exists
• allows auditors to substantiate their internal control opinions

Question 12

COBIT5 IDENTIFIES 5 GOVERNANCES processes using evaluate direct monitor (EDM)

Answer 12

• ensure governance framework setting and maintenance
• ensure benefits delivery
• ensure risk optimization
• ensure resource optimization
• ensure stock holders transparency

Question 13

there are 32 management process under 4 domains

Answer 13

• plan (APO)
• build (BAI)
• run(DSS)
• monitor(MEA)

Question 14

DIFFRENCE BETWEEN COSO and COSO-ERM

Answer 14

COSO-ERM focuses on a risk bases approach :

• objective setting
• event identification
• risk assessment
• risk response

Question 15

Internal environment

Answer 15

• management philosophy , operating style ,and risk appetite
• integrity
• organizing structure
• human resources standards

Question 16

objective setting

Answer 16

• strategic: high level goals
• operations : effectiveness and efficiency of operations
• reporting: improve decision making and monitor performance
• compliance :compliance with applicable law and regulations

Question 17

Risk is based on 2 perspectives

Answer 17

• likelihood

- impact (potential loss)

Question 18

types of risks

Answer 18

• inherent

- residual

Question 19

Risk response

Answer 19

-Reduce (implement effective internal control)
- Accept (do nothing)
-share (insurance)
-Avoid(don’t engage)
RASA

Question 20

Control Activities

Answer 20

• proper authorization of transactions and activities
• segregation of duties
• independent checks on performance

Question 21

segregation of accounting duties

Answer 21

• custodial functions: handling cash, inventory , checks
• authorization of functions : authorize transactions
• Recording function : entering data , journals , performance report

Question 22

Monitoring

Answer 22

• fraud hotline
• fraud detection software
• preform internal controls evaluations