CH 9+10

Question 1

What is Expected Loss?

Answer 1

Exposure x Probability of Occurrence.

Question 2

What is Inherent Risk?

Answer 2

Risk that is faced prior to taking action.

Question 3

What is Residual Risk?

Answer 3

Risk that remains after management takes action to respond to the risks threats and implements counteractions.

Question 4

What is Collusion?

Answer 4

When two employees work together to defeat the system to commit fraud.

Question 5

What is Pressure in the context of the fraud triangle?

Answer 5

Element of the fraud triangle that is the motive to commit the fraud.

Question 6

What is Opportunity in the context of the fraud triangle?

Answer 6

Element of the fraud triangle that is the availability to commit the fraud.

Question 7

What is Rationalization in the context of the fraud triangle?

Answer 7

Element of the fraud triangle that is the reasoning to commit the fraud.

Question 8

What is the Fraud Triangle?

Answer 8

Requires all three elements, pressure, opportunity, and rationalization, to commit fraud.

Question 9

What is Segregation of Accounting Duties?

Answer 9

Different individuals should be responsible for each of the three major activities of a transaction: approval, recordkeeping, and custody.

Question 10

What is a Validity Check?

Answer 10

Ensures that account numbers or customers exist.

Question 11

What are Application Controls?

Answer 11

Ensures the accuracy of specific input, processing, and output.

Question 12

What is a Consistency Check?

Answer 12

Reviewing output to make sure there are no obvious problems.

Question 13

What is a Check Digit?

Answer 13

Extra character added to account number to ensure no transpositions or other data errors have been made.

Question 14

What is a Limit Check?

Answer 14

Checks to be sure that pre-established thresholds are not exceeded.

Question 15

What is a Completeness Check?

Answer 15

Ensures that all required fields are filled in.

Question 16

What is a Field Check?

Answer 16

Determines whether the characters in a field are of the proper type.

Question 17

What is Prenumbering?

Answer 17

Used to keep track of transactions and to ensure that all authorized transactions are processed once and only once.

Question 18

What is a Firewall?

Answer 18

Used to filter data packets from the internet and drop data packets coming from unauthorized network servers.

Question 19

What is Malware Prevention?

Answer 19

Software that prevents malicious code from infecting your computer.

Question 20

What are Reasonableness Tests?

Answer 20

Ensures that items make sense in relation to one another.

Question 21

What is Ransomware?

Answer 21

Malware that locks you out of the system and requires you to pay a ransom in order for your data to be unlocked.

Question 22

What is Patch Management?

Answer 22

Update to fix software bugs.

Question 23

What is Biometric Identification?

Answer 23

A security measure that can identify unique physical characteristics.

Question 24

What is a Lockout Procedure?

Answer 24

Tries at password then system shuts off.

Question 25

What are Callback Procedures?

Answer 25

Allows you to log in then shuts off and calls you back at an authorized location.

Question 26

What is Encryption?

Answer 26

Uses an algorithm to scramble data so that anyone gaining unauthorized access to it cannot read it without a key.

Question 27

What is IPE (Information Produced by the Entity)?

Answer 27

Information produced by the entity.

Question 28

What is Phishing?

Answer 28

Attempts to steal credit card and other sensitive information through social engineering.

Question 29

What is Source Data?

Answer 29

The total of all the dollars input to a particular batch.

Question 30

What are Disaster Recovery Plans?

Answer 30

Comprehensive outlines of the actions that should be taken before, during, and after an earthquake, fire, or terrorist attack along with tested procedures to ensure continuity of operations.

Question 31

Why is an understanding of internal control important?

Answer 31

Understanding internal control is critical because it helps ensure quality of information, efficient operations, security over assets, and compliance with regulations.

Question 32

What are internal controls? How does the Sarbanes-Oxley 404 view of internal control over financial reporting differ?

Answer 32

Internal controls are processes designed to provide reasonable assurance regarding financial reporting, operational efficiency, and regulatory compliance. Sarbanes-Oxley 404 requires management and auditors to assess and report on the effectiveness of internal controls over financial reporting.

Question 33

How does an error compare and contrast to an irregularity in financial reporting?

Answer 33

An error is an unintentional mistake in financial reporting, while an irregularity is a deliberate act of fraud or misrepresentation.

Question 34

What is the COSO (2013) framework? What is it used for?

Answer 34

The COSO (2013) framework is a model for designing and evaluating internal controls. It is used to ensure the effectiveness of internal controls in achieving financial reporting accuracy, operational efficiency, and regulatory compliance.

Question 35

What are the components of the COSO framework?

Answer 35

The five components are: 1. Control Environment – Ethical culture, governance, and accountability. 2. Risk Assessment – Identifying and evaluating risks. 3. Control Activities – Policies and procedures to mitigate risk. 4. Information & Communication – Effective data flow and reporting. 5. Monitoring – Continuous assessment of controls.

Question 36

Provide three examples of control activities. What activities should be segregated?

Answer 36

Examples: 1. Authorization procedures. 2. Reconciliation of accounts. 3. Physical asset security. Segregation of duties should be applied to authorization, recordkeeping, and custody of assets.

Question 37

How does the control environment affect the effectiveness of control activities?

Answer 37

A strong control environment enhances effectiveness by promoting ethical behavior and accountability, while a weak environment can undermine controls.

Question 38

How do ethical values affect internal control over financial reporting?

Answer 38

Ethical values ensure integrity in financial reporting. The SEC emphasizes corporate ethics, and organizations can measure them through audits, surveys, and monitoring of compliance programs.

Question 39

What is risk assessment, and how does it relate to the COSO (2013) framework?

Answer 39

Risk assessment is the identification and evaluation of risks that may impact an organization. It is a key component of COSO and helps determine necessary internal controls.

Question 40

What is monitoring, and how does it relate to the COSO (2013) framework?

Answer 40

Monitoring is the continuous assessment of internal controls to ensure they function properly. It differs from control activities as it focuses on oversight rather than execution.

Question 41

What are management’s responsibilities under Section 404 of the Sarbanes-Oxley Act?

Answer 41

Management must assess and report on the effectiveness of internal controls over financial reporting.

Question 42

What are the inherent limitations of a “perfectly” designed internal control system?

Answer 42

No system is perfect due to human error, collusion, management override, and evolving risks.

Question 43

What is the main difference between application and general IT security controls?

Answer 43

Application controls focus on transaction-level security, while general controls apply to the overall IT environment, such as network security and access management.

Question 44

What are the three types of application controls? Provide an example.

Answer 44

1. Input controls – Validity checks on entered data. 2. Processing controls – Ensuring calculations are performed correctly. 3. Output controls – Restricting access to reports.

Question 45

What is phishing, and why is it a threat?

Answer 45

Phishing is a cyberattack where attackers trick users into providing sensitive information. It threatens data security and financial integrity.

Question 46

What is ransomware, and why is it harmful to businesses?

Answer 46

Ransomware is malicious software that encrypts data and demands payment for decryption. It disrupts operations and leads to financial losses.

Question 47

Why is encryption used in accounting?

Answer 47

Encryption protects sensitive financial data from unauthorized access and ensures data integrity.

Question 48

What is patch management?

Answer 48

Patch management is the process of updating software to fix security vulnerabilities and improve system performance.

Question 49

What is a disaster recovery plan? Are they necessary? What should be included?

Answer 49

A disaster recovery plan outlines procedures for restoring IT operations after an incident. It is necessary for business continuity and should include data backup strategies, alternate processing sites, and emergency response protocols.

Question 50

What are the three types of disaster recovery options?

Answer 50

1. Hot site – Fully operational backup facility. 2. Cold site – Infrastructure without pre-installed systems. 3. Warm site – A balance between hot and cold, with some pre-configured resources.

Question 51

Which control would reduce the likelihood of someone receiving an expense check for $65,000 more than they were entitled to?

Answer 51

Limit check.

Question 52

What best describes a computer virus?

Answer 52

A list of instructions to a computer that can replicate itself and attach to another program.

Question 53

Which approach to alternate processing facilities presents the least risk to a company?

Answer 53

Recovery operations center.

Question 54

Physical access and protection falls under which category of control?

Answer 54

General control.

Question 55

What control can prevent a vendor payment due date from being entered as 2001 instead of 2010?

Answer 55

Validity check.

Question 56

What control can prevent omission of a due date from a payment input?

Answer 56

Completeness check.

Question 57

What control can prevent an accounts payable clerk from missing one of 52 check requisitions sent for processing?

Answer 57

Reconciliation and batch totals.

Question 58

What control can prevent unauthorized access to a school’s computer system to change grades?

Answer 58

Strong password policies and access control measures.

Question 59

What control can prevent an employee from coding an expense to a non-existent department?

Answer 59

Validity check.

Question 60

What control can prevent an employee from entering a letter instead of a number in a payroll deduction form?

Answer 60

Field check.