Chapter 4

Question 1

Risks

Answer 1

A risk is any exposure to the chance of injury or loss (also known as a threat)

Question 2

Opportunities and Objectives

Answer 2

Opportunity and risk can go hand in hand. You can’t have an opportunity without some risk and with every risk there is some potential opportunity

Question 3

Controls

Answer 3

A control is an activity performed to minimize or eliminate a risk

Question 4

Sarbanes-Oxley Act

Answer 4

Requires publicly traded companies to issue reports on their internal control systems along with their annual financial reports

Question 5

Principle 6

Answer 5

Specify Suitable Objectives
-Operations objectives
-External Financial Reporting Objectives
External Non-Financial Reporting Objectives
-Internal Reporting Objectives
-Compliance Objectives

Question 6

Principle 7

Answer 6

Identify, Analyze and Respond to Risk

Question 7

Principle 8

Answer 7

Assess Fraud Risk

Question 8

Principle 9

Answer 8

Identify and Analyze Significant Changes

Question 9

Principle 10

Answer 9

Select and develop control activities

Question 10

Principle 11

Answer 10

Select and develop general controls over technology

Question 11

Principle 12

Answer 11

Deploy through policies and procedures

Question 12

Principle 13

Answer 12

Obtain or generate and use relevant, quality information to support the functioning of other components of internal conrol

Question 13

Principle 14

Answer 13

Internally communicate information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control

Question 14

Principle 15

Answer 14

Communicate with external parties regarding matters affecting the functioning of other components of internal ocontrol

Question 15

Principle 16

Answer 15

Conduct ongoing and/or separate evaluations

Question 16

Principle 17

Answer 16

Evaluate and communicate deficiencies

Question 17

Economy Risks

Answer 17

Affect an entire economy - ex - global economic downturn, war

Question 18

Industry Risks

Answer 18

Affect an entire industry - ex - industry wide cost increases or demand decreases

Question 19

Enterprise Risks

Answer 19

Internal - lack of ethics, low employee morale, employee incompetence
External - increased competition, reduced brand quality perceptions

Question 20

COSO Objectives (3)

Answer 20

Preventive - controls focus on preventing an error or irregularity
Detective - controls focus on identifying when an error or irregularity has occurred
Corrective - controls focus on recovering from, repairing the damage from, or minimizing the cost of an error or irregularity.

Question 21

Resource Risks

Answer 21

Theft, loss, waste, damage, obsolescence

Question 22

Resource Risk Controls

Answer 22

Separation of duties, physical counts and reconciliations, insurance

Question 23

Instigation Event Risks

Answer 23

Failure to inform customers of product features, mistakes in ads or promotions, unproductive salespeople

Question 24

Mutual Commitment Event Risks

Answer 24

Failure to accept desirable, valid sales orders, acceptance of undesirable or invalid sale orders

Question 25

Economic Decrement Event Risks

Answer 25

Failure to ship goods in response to valid sale order, poor packaging used in shipment

Question 26

Economic Increment Event Risks

Answer 26

Failure to receive cash as result of sale, accepting duplicate cash receipts for same sale

Question 27

Physical Access controls

Answer 27

Keys, locks, etc

Question 28

Logical Access controls

Answer 28

Passwords, key cards, biometric, terminal identification codes, etc.

Question 29

Encryption

Answer 29

Public and private key schemes

Question 30

System Failure protection

Answer 30

Virus and worm protection, firewalls