Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS 414 > IS 414 CH. 7 > Flashcards

IS 414 CH. 7 Flashcards

1
Q

Threat/event

A

Any potential adverse occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Exposure/impact

A

the potential dollar loss from a threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Likelihood

A

the probability that a threat will come to pass

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internal controls

A

the processes and procedures implemented to provide reasonable assurance that control objectives are met

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Control Concepts/Objectives

SMPPPEC

A

+Safeguard assets - prevent or detect their unauthorized acquisition, use, or disposition
+Maintain records in sufficient detail to report company assets accurately and fairly
+Provide accurate and reliable information
+Prepare financial reports in accordance with established criteria
+Promote and improve operational efficiency
+Encourage adherence to prescribed managerial policies
+Comply with applicable laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Preventive controls

A

controls that deter problems before they arise

EX: hiring qualified personnel, segregating duties, and controlling physical access to assets and info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Detective controls

A

controls designed to discover control problems that were not prevented
EX: duplicate checking of calculations, and preparing bank reconciliations, and monthly trial balances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Corrective controls

A

Controls that identify and correct problems as well as correct and recover from the resulting errors
EX: maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

general controls

A

Controls designed to make sure an organization’s information system and control environment is stable and well managed
examples include: security, software acquisition, development, IT infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

application controls

A

controls that prevent, detect, and correct transaction errors and fraud in application programs
concerned with validity, accuracy, completeness, and authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Internal controls perform 3 functions and segregating into 2 categories

A

preventive, detective, corrective

general, application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

new rules for auditors

A
  • auditors must report specific info to company’s audit committee (crucial accounting practices/policies)
  • prohibited from certain nonaudit services such as designing and implementing IS
  • audit firms cannot perform services for company where top management was employed by firm and audit company within last 12 months
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

new rules for audit committee

A
  • part of the board of directors
  • independent from company
  • 1 person has to be financial expert
  • hire, compensate, oversee auditors who report directly to them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

new rules for management

A
  • CEO and CFO must certify that
    (1) financial statements and disclosures are
    (a) fairly presented
    (b) reviewed by management
    (c) not misleading
    (2) tell auditors about internal control weaknesses and fraud
  • disclose changes in financial conditions on timely basis
  • can be fined if rules violated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

new rules for internal controls

A

report must be given with financial statements that states

(1) management is responsible for establishing and maintaining adequate internal control system
(2) attest to their accuracy
(3) report significant weaknesses or material noncompliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

COBIT Framework (MCASE)

A

COBIT - Control Objectives for Information and Related Technology

  1. Meeting stakeholder needs
  2. Covering the enterprise end to end
  3. Applying a single, integrated framework
  4. Separating governance from management
  5. Enabling a holistic approach
17
Q

GOVERNANCE vs. Management

A

Governance: create value by optimizing use of organizational resources to produce desired benefits in a manner that effectively addresses risk
Responsibility of the board of directors:
(1) evaluate stakeholders need to justify objectives
(2) provide management with direction by prioritizing objectives
(3) monitor management’s performance

18
Q

Governance vs. MANAGEMENT

A

responsible for planning, building, running, and monitoring the activities and processes used by the organization to pursue the objectives established by the board of directors
periodically provide board of directors with feedback to modify existing plans and procedures or develop new strategies to respond to changes in business objectives and new developments in IT

19
Q

Figure 7-2 Governance (EDM –> FmBROS)

A

Evaluate, Direct, Monitor

  1. Ensure governance framework setting and maintenance
  2. Ensure benefits delivery
  3. Ensure risk optimization
  4. Ensure resource optimization
  5. Ensure stakeholder transparency
20
Q

Figure 7-2 Governance (APO –> FSAI, PBHR, ASQRS)

A

Align, Plan, and Organize

  1. Manage IT management framework
  2. Manage Strategy
  3. Manage enterprise architecture
  4. Manage Innovation
  5. Manage portfolio
  6. Manage budget/costs
  7. Manage human resources
  8. Manage relationships
  9. Manage service agreements
  10. Manage suppliers
  11. Manage quality
  12. Manage risk
  13. Manage security
21
Q

Figure 7-2 Governance (BAI –> PRICE, CAtKAC)

A

Build, Acquire, Implement

  1. Manage programs/projects
  2. Manage requirement definitions
  3. Manage solution identification and build
  4. Manage availability and capacity
  5. Manage organizational change enablement
  6. Manage changes
  7. Manage change acceptance and transitioning
  8. Manage knowledge
  9. Manage asset
  10. Manage configuration
22
Q

Figure 7-2 Governance (DSS –> OSiP, CSB)

A

Design, Service, Support

  1. Manage operations
  2. Manage Service requests and incidents
  3. Manage problems
  4. Manage continuity
  5. Manage security service
  6. Manage business processes and controls
23
Q

Figure 7-2 Governance (MEA –> PC, SIC, CER)

A

Monitor, evaluate, assess

  1. Monitor, evaluate, assess performance and conformance
  2. Monitor, evaluate, assess systems of internal control
  3. Monitor, evaluate, assess compliance with external requirements
24
Q

COSO - IC

A

Committee of Sponsoring Organizations - Internal Control

25
Q

COSO (IC) - Five Components (CCRIM)

A
  1. Control environment
  2. Control activities
  3. Risk assessment
  4. Info and communication
  5. Monitoring
26
Q

Control Environment

A

FOUNDATION for all other components of internal control. Core of any business is its people - their attributes: integrity, discipline, ethical values, and competence, and environment they operate in. They are the engine that drives the organization and the foundation on which everything rests.
EX: commitment to integrity/ethics, internal control oversight by management/board of directors, responsibility established by board

27
Q

Control Activities

A

Help ensure that the actions identified by management to address risks and achieve the organizations objectives are effectively carried out. Performed at all levels and at various stages within the business process and over technology

28
Q

Risk Assessment

A

Organization must identify, analyze, and manage its risks. Management must consider changes in the external environment and within the business that may be obstacles to its objectives

29
Q

Info and Communication

A

Capture and exchange the info needed to conduct, manage, and control the organization’s operations. Communication must occur internally and externally to provide info needed to carry out day-to-day internal control activities

30
Q

Monitoring

A

Entire process must be monitored, and modifications made as necessary so the system can change as conditions warrant. Evaluation ascertain whether each component of internal control is present and functioning. Deficiencies are communicated in a timely manner, with serious matters reported to senior management and the board.

31
Q

COSO - ERM Framework (CCRRIMEO)

A
  1. control (internal) environment
  2. control activities
  3. risk assessment
  4. risk response
  5. info and communication
  6. monitoring
  7. event identification
  8. objective setting
32
Q

objective setting

A

Management determines what the company hopes to achieve, often referred to as the corporate vision or mission. Management sets objectives at the corporate level and then subdivides them into more specific objectives for company subunits

IS 414 (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions