exam 2

Question 1

Fraud Legal Definition

Answer 1

1. a false statement, representation, or disclosure is made
2. The fact is a material fact that induces a person to act
3. the fact was made with the intent to deceive
4. a justifiable reliance on the fraudulent fact in which the person was taking action
5. an injury or loss was suffered by the victim

Question 2

Three sides of the fraud triangle

Answer 2

Opportunity, rationalization, pressure

Question 3

Opportunity triangle

Answer 3

commit, conceal, convert

Question 4

Rationalization triangle

Answer 4

attitude, lack of personal integrity, justification

Question 5

employee pressure triangle (pressure)

Answer 5

financial, emotional, lifestyle incentives

Question 6

financial statement pressure triangle

Answer 6

financial, management characteristics, industry conditions

Question 7

missapropriation of assets

Answer 7

• theft of company assets

most common, smaller amounts with each instance

Question 8

largest factors for theft of assets

Answer 8

• absence of internal controls system

- failure to enforce the internal control system

Question 9

fraudulent financial reporting

Answer 9

intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements

Question 10

corruption

Answer 10

• wrongful use of a position to procure benefits

- kickbacks, conflicts of interest

Question 11

lapping

Answer 11

concealing the theft of cash through delays in posting collections to accounts recievable: often through applying payments to different customer balances

Question 12

kiting

Answer 12

creating cash using the lagtime between when a check is deposited and the time it clears the bank

Question 13

auditing standard SAS 99 (now AU-C 240)

Answer 13

• understand fraud
• discuss risks of material fraudulent statements amongst audit group
• obtain evidence supporting if fraud has occured or not
• evaluate the results of other audit tests
• document and communicate findings
• professional skepticism
• incorporate technology focus

Question 14

input fraud

Answer 14

alteration or falsifying input of data in the AIS: you have the ability to input this data as a part of your responsibilites

Question 15

Processor fraud

Answer 15

unauthorized system use, like using work computers for non-work activities or using access you incidentally have in the AIS but shouldnt be using

Question 16

computer instruction fruad

Answer 16

modifying software to do unintended things, illegal copying of software, creating software to undergo unauthorized activities

Question 17

output/data fraud

Answer 17

stealing, copying or missuing AIS reports/printouts or displaying information

Question 18

Foreign Corrupt Practices Act (FCPA)

Answer 18

• first piece of regulation that required internal controls - 1970s
• did not require an audit of the controls

Question 19

Sox act- MGMT rules

Answer 19

• Management is responsible for setting up internal controls over financial reporting, other operational controls are good just not necessary for SOX compliance
• auditors are told about material internal controls weaknesses and fraud even if its immaterial

Question 20

Sox act- External audit

Answer 20

• Audit partners must rotate periodically

- prohibited from performing certain non- audit services (consulting)

Question 21

SOX- new audit committee rules

Answer 21

• still part of board of directors with new independence rules ( cant be employees)
• one member must be a financial expert
• oversees external audit

Question 22

Sox- Creation of PCAOB

Answer 22

• entity that oversees the external audit profession includingprocess review and approv

Question 23

COSO

Answer 23

committee of sponsoring organizations, like US Gaap rules for internal controls

Question 24

ERM Framework

Answer 24

broad focus on strategic planning, setting risk the company is willing to take on

Question 25

Internal controls- integrated framework

Answer 25

this is the cube, many companies claim on their 10k that they follow the IC cube as a part of their internal controls

Question 26

5 elements of the front of the cube

Answer 26

control environment, risk assessment, control activities, information and communication, monitoring activities

Question 27

control environment

Answer 27

• how does management show “tone at the top”
• established by setting up board of directors, and independent audit, communication of ethics and values, organizational structure, HR activities

Question 28

risk assessment

Answer 28

• event identification
• risk assessment
• risk response

Question 29

impact risk assessment

Answer 29

how much money will you lose or how much will your reputation take a hit

Question 30

likelihood risk assessment

Answer 30

how often will this risk happen

Question 31

inherent risk response

Answer 31

cost potential if the risk is not controlled

Question 32

residual risk response

Answer 32

remaining risk after the controls are put in place

Question 33

cost of control

Answer 33

costs that go along with trying to implement a control and setting up cost benefit on this

Question 34

control activities

Answer 34

when determined to be appropriate and cost effective internal controls are set into place- manual automatic, preventative or detective

Question 35

information and communication

Answer 35

management should use a system that gathers information accurately and communicates it on demand

Question 36

monitoring

Answer 36

the 4 above components should be monitored by the company to ensure they are in place and defecencies found in any component are communicated by auditors to the audit committee

Question 37

top of the cube

Answer 37

• operations- day to day decisions and efficiency
• reporting- SOX
• compliance- OSHA, IRS, HIPAA, PCI

Question 38

COSO-IC and COSO-ERM

Answer 38

Address organizational-wide internal controls

Question 39

business process controls

Answer 39

designed to address specific financial risks

Question 40

COBIT

Answer 40

focuses on information technology internal control

Question 41

IT general control

Answer 41

• the risks that information stored electronically is complete and accurate
• developed by the information systems audit and control association (ISACA)

Question 42

IT Controls

Answer 42

intended to secure information and protect the functionality of any financially impacted system- broad and not linked to just one cycle

Question 43

Business process controls

Answer 43

intended to address a specific business process cycle risks. this may be automated or manual

Question 44

IT department responsibility

Answer 44

recording and custody

Question 45

accounting department responsibility of IT controls

Answer 45

Authorization

Question 46

Risk: Innapropriate user gains access to the AIS or database

Answer 46

controls:

• each user given unique ID
• authentication layers
• new user ID should be approved prior to access
• User ID of employee who leaves should be promptly removed
• users who change job responsibility should have access to AIS updated
• access reviewed periodically
• ability to change user access is restricted
• strong passwords
• physical access to databases is limited
• employees required to take security training

Question 47

tasks

Answer 47

the individual function a user can do in the AIS

Question 48

roles

Answer 48

the AIS groups together tasks to save time in granting access and assign a role (clerk, manager)

Question 49

Authentication examples

Answer 49

Passwords
randomized PINS that are required in addition to the password
biometrics
-requiring more than one of these is referred to as multifactor authentication

Question 50

physical access controls

Answer 50

requiring keys
security guards
laptops should be locked down in work places 
camera survelience
visitor escorts

Question 51

Risk: unauthorized disclosure of financial data or privacy data

Answer 51

controls

• read only access should be restricted
• encryption
• shredding of printed reports
• firewalls
• virus detection software
• review suspiscious activity
• penetration tests

Question 52

encrpytion

Answer 52

makes it to where you have to have a key to access a certain document and if you dont when you open it all you will see is gibberish

Question 53

digital certificates

Answer 53

built into electronic documents/transactions, this certifies the owner of the document is who they say they are

Question 54

digital signitures

Answer 54

confirms who created the file and that it is has not been altered since it was last saved by the creator

Question 55

what should be encrypted

Answer 55

• financial data
• EDI, FEDI, EFT transactions
• Ecommerce activity
• employee activity over the corporate network (VPN)
• company info stored on personal devices
• emails with sensitive data
• excels with sensitive data

Question 56

Encryption regulations

Answer 56

• Payment card industry (PCI)
• HIPPA
• customer data mainatained in the financial services industry (gramm-leach bliley act)
• EEOC- personal info of company employees

Question 57

firewall

Answer 57

brick wall around the server so no one outside can get in

Question 58

hacking

Answer 58

when firewalls fail or other control weaknesses are identified, hackers obtain unauthorized access to systems and data by

• exploiting weaknesses in the code
• guessing passwords
• viruses
• keystroke loggers

Question 59

intrusion detection systems

Answer 59

helps identify if anyone has gained access to the system

Question 60

risk: changes are made to the AIS code that makes financial data incomplete or inaccurate

Answer 60

controls-

• changes to the AIS should be tested and approved
• ability to implement coding changes is restricted
• changes are logged by IT
• AIS updates/patches offered by the vendor

Question 61

development version

Answer 61

dummy version of the system to test on

Question 62

production version

Answer 62

the live scale version of the AIS

Question 63

testing is done by

Answer 63

developers and managers

Question 64

risk: transactions are not processed/saved by the AIS completely or accurately

Answer 64

controls
-online processing integrity controls and batch process controls
- real time or batch processing transactions that fail/error should notify IT and ACCT to be reviewed
- reviews of financial information should be performed periodically
(this risk is generally addressed by business process controls)

Question 65

Risk: AIS data is not available when needed, resulting in inaccurate or incomplete financial data

Answer 65

controls-

• backups
• data center controls reduce the risk of system downtime
• disaster recovery plans clearly defined
• business continutity plans should be defined for non-IT functions

Question 66

data center controls

Answer 66

• natural disaster proof
• adequate AC
  uniterupped power supply or backup generators
• physical access is restricted

Question 67

incrementally backups

Answer 67

captures all activity since the last backup was performed

Question 68

differential backup

Answer 68

captures all activity since last full backup was performed

Question 69

disaster recovery plans

Answer 69

how a company will restore its IT functions when the data center fails due to disaster

Question 70

business recovery plans

Answer 70

how a company restores business process functions the compans operations are affected by disaster

Question 71

cold site ( disaster recovery)

Answer 71

cheapest slow and the company purchases rughts to an empty warehouse to set up

Question 72

hot site (disaster recovery location)

Answer 72

Expensive and fast, a duplicate of the current data center and backed up frequently

Question 73

warm site ( disaster recovery site)

Answer 73

in between the two and may have stuff in it but not a duplicate site

Question 74

Changes in AIS (waterfall method)

Answer 74

request- authorization- development- testing- approval- implementation

Question 75

changes in AIS ( agile method)

Answer 75

request (auth)- development- test- user- devlop-user……- test- approve implement
little sprints rather than one long marathon

Question 76

Sales organization

Answer 76

the organizational unit that is responsible for the sale and distribution of goods and services

Question 77

distribution channel

Answer 77

the structure through which salable materials or services reach customers

Question 78

a sales organization must be linked to

Answer 78

a plant

Question 79

controlling module

Answer 79

assigns costs and revenues to appropriate subledgers

Question 80

outbound delivery

Answer 80

picking, packing, and transportation scheduling are accomplished through the creation of this

Question 81

material master record

Answer 81

automatically proposes data for pricing, delivery, schedule, weight volume and tax determination

Question 82

a given delivery can be carried out by multiple shipping points

Answer 82

false

Question 83

a delivery cannot be created if the order is for less than the minimum order quantity

Answer 83

false

Question 84

document flow

Answer 84

processing status of a given sale can be determined by referencing this

Question 85

delivery unit

Answer 85

unit in which sold materials can be delivered is the

Question 86

Database

Answer 86

where all data (transaction and master data) used by an AIS is stored

Question 87

Relational Database Model

Answer 87

data is stored in separate tables but structured together to where they are linked

Question 88

who is the database administrator (DBA)

Answer 88

IT

Question 89

attributes

Answer 89

columns

Question 90

records

Answer 90

rows

Question 91

fields

Answer 91

individual cells

Question 92

primary key

Answer 92

every item has one of these and it is an attribute or combination of attributes that can be used to uniquely identify a specific row in a table

Question 93

Foreign key

Answer 93

an attribute in one table that is a primary key in another table

Question 94

Non-Key

Answer 94

an attribute that describes a key (name, color, price)

Question 95

Design requirements for relational databases

Answer 95

1. every attribute must be single valued
2. primary keys must contain data (not null) and cannot have duplicates
3. foreign keys must be the primary key in another table
4. all other non key attributes must identify a characteristic of the table identified by the primary key

Question 96

update anomaly

Answer 96

changes to existing data on one table may not update another table that uses the data (when not properly linked)

Question 97

insert anomaly

Answer 97

unable to add a new record to the database tables if the primary key is not defined

Question 98

delete anomaly

Answer 98

removing a record also removes other unintended data from the database (delete one thing messes up something else)

Question 99

Data integration

Answer 99

if properly set up a database can be accessed by various programs

Question 100

data sharing

Answer 100

with data in one place it is more easily accessed by- and limited to - only authorized users

Question 101

minimizing data redundancy and data inconsistency

Answer 101

eliminates the same data being stored in multiple files/places, thus reducing inconsistency in multiple versions of the same data

Question 102

data independence

Answer 102

data is separate from the programs that access it

Question 103

cross functional analysis

Answer 103

relationships between data from various organizational departments can be more easily combined

Question 104

risk: info stored in the database is not complete/accurate

Answer 104

controls

• access is approved upon hire and taken away upon termination (prevent)
• access should be reviewed periodically (detective)
• non-routine changes to the DBMS should be tested and approved (prevent)
• log of changes is reviewed to make sure appropriate (detective)
• log of changes cannot be edited (detective)- this one supports the prior one

Question 105

Risk: info stored in the database is leaked to unauthorized users

Answer 105

controls

• login with password required
• encryption

Question 106

SELECT

Answer 106

required and shows the output of attributes

Question 107

FROM

Answer 107

required and shows from what table

Question 108

WHERE or HAVING

Answer 108

optional, applies a filter to the data

Question 109

GROUP BY

Answer 109

optional, consolidates like records together

Question 110

ORDER BY or SORT BY

Answer 110

optional- organizes the output by date, alphabetically, numerically, etc

Question 111

JOIN or JOIN ON

Answer 111

used to link together two or more tables

Question 112

customer master record

Answer 112

Financial accounting and sales logistics are linked primarily through the

Question 113

vendor number

Answer 113

The account used to track amounts owed to a vendor is the

Question 114

procurement logistics

Answer 114

Authorization to make payments to vendors for goods purchased comes from

Question 115

primary costs

Answer 115

The costs transferred from financial accounting to controlling are known as

Question 116

distribution

Answer 116

The allocation method in which a primary cost is allocated to a receiver cost object is a

Question 117

The use of allocations helps enhance data entry accuracy by increasing the amount of data entry at the time the cost is initially recorded.

Answer 117

False

Question 118

An entry to a primary expense account in Financial Accounting results in an automatic entry to the related cost object in Controlling.

Answer 118

true

Question 119

A given company code may have multiple controlling areas

Answer 119

False