Chapter 7

Question 1

Internal control

Answer 1

the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved

Question 2

Safeguard assets

Answer 2

prevent or detect unauthorized acquisitions, use or disposition

Question 3

6 control objectives of internal control

Answer 3

safeguard assets
maintain records
provide accurate and reliable info.
promote and improve operational efficiency
encourage adherence to prescribed management policies
comply with applicable laws and regulations

Question 4

preventive controls

Answer 4

deter programs before they arise

Question 5

detective controls

Answer 5

discover problems that are not prevented

Question 6

corrective controls

Answer 6

identify and correct problems as well as correct and recover from the resulting errors

Question 7

general controls

Answer 7

make sure an organizations control environemnt is stable and well managed

Question 8

applications controls

Answer 8

make sure transactions are processed correctly

Question 9

4 levels of control to help management reconcile the conflict between creativity and control

Answer 9

1. belief system
2. boundary system
3. diagnostic control system
4. interactive control system

Question 10

belief system

Answer 10

describes how the company creates values, helps employees understand management vision, communicates company core values, and inspires employees to live by those values

Question 11

boundary system

Answer 11

helps employees act ethically by setting boundaries on employee behavior

Question 12

diagnostic control system

Answer 12

measures monitors and compares actual company progress to budgets and performance goals

Question 13

interactive control system

Answer 13

helps managers to focus subordinates attention on key strategic issues and be more involved in their decisions

Question 14

threat

Answer 14

potential adverse consequences

Question 15

exposure or impact

Answer 15

financial, operation, reputation, legal loss

Question 16

likelihood or probability

Answer 16

estimated chance of occurrence

Question 17

control limitations

Answer 17

management override
collusion of two or more parties
excessive controls will reduce efficiency

Question 18

Foreign Corrupt Practices Act

Answer 18

companies must maintain internal control system. passed to prevent companies from bribing foreign officials to obtain business

Question 19

Sarbanes-oxley act

Answer 19

public company management must report on the effectiveness of internal control. Independent auditors attest to these assertions

Question 20

COBIT

Answer 20

consolidates control standards from 36 different sources into a single framework that allows management to benchmark security and control practices of IT environments, users to be assured that adequate IT security and control exist and auditors to substantiate their internal control opinions and to advice on IT security and control matters

Question 21

COSO

Answer 21

provide guidance for evaluation of controls. AAA, AICPA, IIA, IMA, FEI.

Question 22

COSO model - 5 element

Answer 22

Control activities
Risk assessment
Information and communication
Monitoring
Control environment

Question 23

internal environment consists of

Answer 23

managements philosophy, operating style, risk appetite
BOD
commitment to integrity, ethical values, and competence
organizational structure
methods of assigning authority and responsibility
human resource standards
external influences

Question 24

events

Answer 24

occurrences or incidents (positive or negative impact)

Question 25

inherent risk

Answer 25

risk exists before any action (earthquake theft accidents)

Question 26

residual risk

Answer 26

risk remaining after actions:
reduce
accept
share
avoid

Question 27

control activities

Answer 27

policies, procedures, and rules that provide reasonable assurance that managments contorl objectives are met and their risk responses are carried out

Question 28

general authorization

Answer 28

lower level employees or the systems approve routine transactions

Question 29

specific authorization

Answer 29

significant or unusual transactions require senior manager review and approval

Question 30

effective segregation of duties that should be seperated

Answer 30

authorization
recording
custody