Chapter 10 - Control and Accounting Information Systems

Question 1

What are internal controls?

Answer 1

The processes and procedures implemented to provide reasonable assurance that control objectives are met.

Question 2

What are preventive controls?

Answer 2

Controls that deter problems before they arise, such as hiring qualified accounting personnel; appropriately segregating employee duties; and effectively controlling physical access to assets, facilities, and information.

Question 3

What are detective controls?

Answer 3

Controls designed to discover control problems that were not prevented, such as duplicate checking of calculations and preparing bank reconciliations and monthly trial balances.

Question 4

What are corrective controls?

Answer 4

Controls that identify and correct problems as well as correct and recover from the resulting errors, such as maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processings.

Question 5

What are general controls?

Answer 5

Controls designed to make sure an organization’s information system and control environment is stable and well managed, such as security; IT infrastructure; and software acquisition, development, and maintenance controls.

Question 6

What are application controls?

Answer 6

Controls that prevent, detect, and correct transaction errors and fraud in application programs. They are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered into the system, processed, stored, transmitted to other systems, and reported.

Question 7

What is a belief system?

Answer 7

Systems that describe how a company creates value, helps employees understand management’s vision, communicates company core values, and inspires employees to live by those values.

Question 8

What is a boundary system?

Answer 8

System that helps employees act ethically by setting boundaries on employee behavior. Instead of telling employees what to do, they are encouraged to creatively solve problems and meet customer needs while meeting minimum performance standard, shunning off-limit activities, and avoiding actions that might damage their reputation.

Question 9

What is a diagnostic control system?

Answer 9

System that measures, monitors, and compares actual company progress to budgets and performance goals; feedback helps management adjust and fine-tune inputs and processes so future outputs more closely match goals.

Question 10

What is an interactive control system?

Answer 10

System that helps managers to focus subordinates’ attention on key strategic issues and to be more involved in their decisions; system data are interpreted and discussed in face-to-face meetings of superiors, subordinates, and peers.

Question 11

What is the Foreign Corrupt Practices Act (FCPA)?

Answer 11

Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls.

Question 12

What is the Sarbanes-Oxley Act?

Answer 12

Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud.

Question 13

What is the PCAOB?

Answer 13

A board created by SOX that regulates the auditing profession.

Question 14

What is COBIT?

Answer 14

A security and control framework that allows management to benchmark the security and control practices of IT management, users of IT services to be assured that adequate security and control exist, and auditors to substantiate their internal control opinions and advice on IT security and control matters.

Question 15

What is COSO?

Answer 15

A private-sector group consisting of the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.

Question 16

What is the Internal Controls - Integrated Framework?

Answer 16

A COSO framework that defines internal controls and provides guidance for evaluation and enhancing internal control systems; widely accepted authority on internal controls incorporated into policies, rules, and regulations used to control business activities.

Question 17

What are the five components of the integrated framework?

Answer 17

Control environment, risk assessment, control activities, information and communication, and monitoring.

Question 18

What is the control enivronment?

Answer 18

The company culture that is the foundation for all other internal control components, as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk.

Question 19

What is risk appetite?

Answer 19

The amount of risk a company is willing to accept to achieve its goals and objectives.

Question 20

What is the policy and procedures manual?

Answer 20

A document that explains proper business practices, describes needed knowledge and experience, explains document procedures, and lists the resources provided to carry out specific duties; it includes the chart of accounts, copies of forms and documents, and is a helpful on-the-job reference and training tool.

Question 21

What is inherent risk?

Answer 21

The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal controls.

Question 22

What is residual risk?

Answer 22

The risk that remains after management implements internal controls or some other response to risk.

Question 23

What is expected loss?

Answer 23

Impact (dollar loss that occurs if a threat becomes reality) x likelihood (probability that the threat will occur).

Question 24

What are control activities?

Answer 24

Policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out.

Question 25

What is authorization?

Answer 25

The process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform.

Question 26

What is a digital signature?

Answer 26

A hash encrypted with the hash creator’s private key.

Question 27

What is specific authorization?

Answer 27

Special approval an employee needs in order to be allowed to handle a transaction.

Question 28

What is general authorization?

Answer 28

The authorization given employees to handle routine transactions without special approval.

Question 29

What is segregation of accounting duties?

Answer 29

Separating the accounting functions of authorization, custody, and recording to minimize an employee’s ability to commit fraud.

Question 30

What is a collusion?

Answer 30

Cooperation between two or more people in an effort to thwart internal controls.

Question 31

What is a steering committee?

Answer 31

An executive-level committee to plan and oversee the information systems function; it typically consists of management from systems and other areas affected by the information systems function.

Question 32

What is a strategic master plan?

Answer 32

A multiple-year plan o the projects the company must complete to achieve its long-range goals.

Question 33

What is a project development plan?

Answer 33

Document showing project requirements, a cost-benefit analysis, and how a project will be completed.

Question 34

What is a data processing schedule?

Answer 34

A schedule that shows when each data processing task should be performed.

Question 35

What are system performance measurements?

Answer 35

Ways to evaluate and assess a system. Common measurements include the throughput, utilization, and response time.

Question 36

What is throughput?

Answer 36

The total amount of useful work performed by a computer system during a given period of time.

Question 37

What is utilization?

Answer 37

The percentage of time a system is used?

Question 38

What is response time?

Answer 38

How long it takes for the system to respond.

Question 39

What is a postimplementation review?

Answer 39

Review made after a new system has been operating for a brief period to ensure that the new system is meeting its planned objectives, identify the adequacy of system standards, and review systems controls.

Question 40

What is a systems integrator?

Answer 40

An outside party hired to manage a company’s systems development effort?

Question 41

What is an analytical review?

Answer 41

An examination of the relationships between different sets of data; abnormal or unusual relationships should be further investigated.

Question 42

What is a computer security officer?

Answer 42

An employee independent of the information system function who monitors the system, disseminates information about improper system uses and their consequences, and reports to top management.

Question 43

What is a chief compliance officer?

Answer 43

An employee responsible for the compliance tasks associated with SOX and other laws and regulatory rulings.

Question 44

What are forensic investigators?

Answer 44

Individuals who specialize in fraud, most of whom have specialized training with law enforcement agencies such as the FBI or the IRS or have professional certifications such as certified fraud examiner.