Mock A Problem Areas Flashcards
What are the five integrated elements of COSO?
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
What are the responsibilties of an audit committee?
Review of financial statements
Review of company’s internal financial controls
Discussion with auditors about any significant matter that arose on the audit
Review of internal audit programme
Recommendations of the appointment and removal of auditors
Setting of audit fee in discussion with auditors
Review of audit report
Review of company’s internal control and risk management systems
Ensure that a system is in place for whistleblowing
What are the principles that underpin the control environment?
Organisation shows a commitment to ethical values
Board has appropriate expertise and oversees five competencies
Management must establish an appropriate organisational structure to help achievement of objectives
HR policies and practices to help attract, develop and retain suitable talent
Accountability of employees for their areas of responsibility
What are the eight components in the COSO ERM framework?
- Internal environment
- Objective setting
- Event identification
- Risk assessment
- Risk response
- Control activities
- Information and communication
- Monitoring
What are the five key principle of the UK Corporate Governance Code?
- Board leadership and company purpose
- Division of responsibilities
- Composition, succession and evaluation
- Audit, risk and internal control
- Remuneration
What is a control environment set by?
Tone of management, its philosophy and management style, the way in which authority is delegated, the way in which staff are organised and developed, and the commitment of the board of directors.
What is the purpose of disaster planning?
Minimise potential losses and disruption of business activities
What is included in an organisation’s fraud response plan?
- Purpose of fraud response plan
- Corporate policy
- Definition of fraud
- Roles and responsibilities
- The response
- The investigation
- Organisation’s objectives with respect to fraud
- Follow up action
What is network discovery?
Involves understanding the scope of network i.e. identifying all of the devices that are on a network and connect with the internet.
What is internal network penetration testing?
Identifies any vulnerabilities that exist and are accessible to both approved and unapproved users.
This test allows an organisation to test the damage an internal user could do, but also considers if unauthorised access could be possible.
What is web application penetration testing?
Identify any security issues from poor design, coding and publishing.
What is wireless network penetration testing?
Looking for any access points or devices that should not be in an organisations secured environment.
What are the characteristics of technology?
Type
Connections
Service Providers
Delivery channels
What is audit interrogation software?
Consists of computer programs used by auditors to interrogate the files of a client.
What is computer-assisted audit techniques (CAATs)?
Methods of using a computer to carry out an audit of a computer system.
Two main categories are:
1. Audit software, such as audit interrogation software
2. Test data
What are the benefits of CAATs?
Force auditor to rely on programmed controls during the audit
Large number of items can be tested quickly and accurately
CAAT’s test original documentation instead of print outs, therefore authenticity of the document is more valid this way
After initital set up costs, using CAATs are likely to be cost-effective
What are the weaknesses of CAATs?
CAAT’s will be limited depending on how well the computer system is intergrated
Takes time to design CAATs tests therefore, may not be cost-effective
If there is a change in the accounting year then software will have be reset and designed
What is forensic analysis?
Process of examining things that have been left behind by the attack/attacker to increase understanding behind the attack and how the systems were breached to be able to improve defences in the future
What are the three main areas to consider in forensic analysis?
System level analysis
Storage analysis
Network analysis
What is system level analysis?
Identify what part of system is affected. Identify what changes have been made to the system.
System Components
Configuration changes
Services enabled without authorisation
Fake accounts created
What is network analysis?
Focussed of monitoring the amount of data moving across a network at a single point in time, often referred to as network traffic.
What is advocacy threat?
Occurs when a member promotes a position or opinion to the point that subsequent objectivity may be compromised.
What is self review threat?
May occur when previous judgement needs to be re-evaluated by the member responsible for that judgement
What is trojans?
it pretends to be a useful piece of software whilst secretly releasing malware into the system, usually with the capability to be controlled by the attacker from a different location
What is polymorphic malware?
type of malware that avoids being identified by systems and networks by constantly changing its identifiable features
What are the six principles in social engineering identified by Robert Cialdini?
Reciprocity
Consistency and commitment
Consensus
Liking
Authority
Scarcity
What are the eight components in COSO ERM framework?
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information & Communication
- Monitoring
