Chapter 5&7 Flashcards

1
Q

Primary scope of SAS No. 99

A

Audit standard that defines procedures to identify potential fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why is computer fraud more difficult to detect than other types of fraud?

A

Computer fraud leaves little to no evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

5 Components of the COSO Internal Control (IC) framework

A

1) Control Environment
2) Risk Assessment
3) Control Activities
4) Information and Communication
5) Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A cost/benefit analysis should be performed to determine the extent of controls needed to address risks in the __________ component of the COSO framework.

A

Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

5 Components of Fraud

A

1) False statement/representation
2) Action is material
3) There was an intent to deceive
4) There is a justifiable reliance on the fraudulent fact
5) Victim suffers injury or loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Fraud triangle components

A

1) Opportunity
2) Rationalization
3) Pressure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Misappropriation of assets

A

1) Most common type of fraud
2) Theft/misuse of a company’s assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Corruption

A

Kickbacks or wrongful use of position to get a benefit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Lapping

A

Hiding the theft of cash by delaying collections to accounts receivable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Kiting

A

Creating cash using the lagtime between cashing a check and when it clears the bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SAS 99 fraud requirements of auditors

A

1) Understand and obtain evidence of fraud
2) Evaluate other audit tests
3) Document findings
4) Professional skepticism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Types of computer fraud

A

1) Input fraud
2) Processor fraud
3) Computer instructions fraud
4) Output/data fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Input fraud

A

Alteration of input data in the AIS; must have input/recording abilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Processor fraud

A

Using work computers for non-work activities, or using access you shouldn’t have been given.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Incidental access

A

When a user is accidentally given access they shouldn’t have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Computer instructions fraud

A

Modifying software to do unintended things; illegal copy of software and viruses

17
Q

Output/data fraud

A

Stealing, copying, or misusing AIS reports

18
Q

Biggest opportunity for fraud

A

Lack of segregation of duties

19
Q

Foreign Corrupt Practices Act

A

1) First act of regulation that required US companies to have internal controls. Passed in the 1970s.
2) Did NOT require audits of controls

20
Q

Sarbanes-Oxley (SOX)

A

1) Management is required to have internal controls over financial reporting. If controls aren’t about financial reports, not relevant to SOX compliance.
2) Audit partners must rotate periodically
3) Audit committee must be independent on the board of directors, and have at least one financial expert
4) Created Public Accounting Oversight Board (PCAOB)

21
Q

PCAOB responsibilities

A

Oversees the external auditing profession. They review audits and set standards. Audit standards are GAAS.

22
Q

Audit Committee responsibilities

A

1) Oversees external and internal auditors
2) Subordinate to the Board of Directors
3) Must be external to the company & have one financial expert

23
Q

Committee of Sponsoring Organizations

A

Group that creates the internal control frameworks, either ERM or IC

24
Q

ERM

A

Enterprise Risk Management - Broad focus, sets the risk level the company is willing to accept

25
Q

Restriction on companies that cannot address the 5 components of the COSO Internal Controls

A

Companies cannot say that they have strong controls in the 10-K, and auditors must not have a clean opinion on those controls

26
Q

Aspect of controls that SOX is primarily concerned with

A

How controls impact financial reporting

27
Q

Control Environment

A

How management/board of directors emphasizes integrity and honesty. What’s the “tone at the top?”

28
Q

How companies respond to risk

A

cost/benefit analysis to determine the controls needed; if costs are less than risk impact, implement control

29
Q

Impact vs likelihood of risks

A

Impact - how much damage the risk can cause
Likelihood - the probability of the risk occurring

30
Q

Inherent Risk

A

Cost impact if the risk is not controlled

31
Q

Residual Risk

A

Remaining risks after controls are put in place

32
Q

When should controls be implemented?

A

When the cost to implement is less than the inherent risk

33
Q

Categories of risk according to COSO Internal controls framework (top of the cube)

A

1) Operations
2) Reporting
3) Compliance

34
Q

Deficiencies found in any controls are communicated to who?

A

The audit committee