cpaexcel Flashcards
Define “general controls.”
Controls over the environment as a whole. Apply to all functions, not just specific accounting applications. General controls help ensure that data integrity is maintained.
Define “application controls.”
Controls over specific data input, data processing, and data output activities. Designed to ensure the accuracy, completeness, and validity of transaction processing. As such, application controls have a relatively narrow focus on those accounting applications that are involved with data entry, update, and reporting.
Define “feed-forward controls.”
A process in which future results are projected based on current and past information and, if the future results are undesirable, the inputs to the system are changed to avoid the projected outcome. Many inventory ordering systems are essentially feed-forward controls: the system projects product sales over the relevant time period, identifies the current inventory level, and orders inventory sufficient to fulfill the sales demand
Define “preventive controls.”
“Before the fact” controls designed to stop an error or irregularity from occurring. Examples of preventive controls include locks on building and doors, password protected access to files, and segregation of duties.
Define “feedback controls.”
A procedure in which the results of a process are evaluated and, if the results are undesirable, the process is adjusted to correct the results; most detective controls are also feedback controls.
Define “detective controls.”
“After the fact” controls designed to detect an error after it has occurred (though preferably before the erroneous information is used to update the database or appears in reports). Examples of detective controls include data entry edits (field checks, limit tests) and reconciliation of batch control totals.
Define “corrective controls.”
Paired with detective controls, they attempt to reverse the effects of the error or irregularity which has been detected. Examples of corrective controls include maintenance of backup files, disaster recovery plans, and insurance.
Define “internal control.
A process, effected by the entity’s Board of Directors, management, and other personnel, that is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
Which of the following is an example of a detective control?
A. Use of pre-formatted screens for data entry.
B. Comparison of data entry totals to batch control totals.
C. Restricting access to the computer operations center to data-processing staff only.
D. Employing a file librarian to maintain custody of the program and data files.
ans. B Reconciliation of data entry totals with batch control totals will detect errors made by the data entry clerks.
Milo Corp. maintains daily backups of its accounting system in a fireproof vault in the file library. Weekly, monthly, and annual backups are stored in a secure, fireproof vault at an off-site location.
Maintenance of the backup files is an example of
A. a detective control.
B. a feedback control.
C. a corrective control.
D. a preventive control.
ans. C Corrective controls allow the user to recover from a problem once it has been identified.
Which of the following statements presents an example of a general control for a computerized system?
A. Limiting entry of sales transactions to only valid credit customers.
B. Creating hash totals from Social Security numbers for the weekly payroll.
C. Restricting entry of accounts payable transactions to only authorized users.
D. Restricting access to the computer center by use of biometric devices.
ans: D Restricting access to the computer center is an example of a general control.
Review of the audit (also called transaction) log is an example of which of the following types of security control?
A. Governance.
B. Detective.
C. Preventive.
D. Corrective.
ans. B Reviewing an audit log is an example of a detective control since such reviews are useful in “detecting” problems in the system that have already occurred.
A company’s new time clock process requires hourly employees to select an identification number and then choose the clock-in or clock-out button. A video camera captures an image of the employee using the system. Which of the following exposures can the new system be expected to change the least?
A. Fraudulent reporting of employees’ own hours.
B. Errors in employees’ overtime computation.
C. Inaccurate accounting of employees’ hours.
D. Recording of other employees’ hours.
ans: B This is the best answer. Computing overtime requires a calculation (total hours - normal hours = overtime hours) that is independent of the system described. That is, the addition of a time clock and video camera will not directly help in allocating hours worked between normal and overtime hours. In addition, the other answers are, bad choices. Therefore, this is the best answer of the available choices.
Controls in the information technology area are classified into the categories of preventive, detective, and corrective. Which of the following is a preventive control?
A.
Contingency planning.
B. Hash total. C. Echo check. D. Access control software.
ansL D
Access control software is a preventive control.
t/f
Creating a daily backup of a real-time transaction processing system is an example of a corrective control.
true
