Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITABP > Module 3: Internal Controls > Flashcards

Module 3: Internal Controls Flashcards

1
Q

Process affected by the Board, Managent, and Personnel to provide reasonable assurance on the achievement of business objectives

A

Internal Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Internal Control: Who affects the internal control

A

BoD, Management, Personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Internal Control: What are the 3 categories of interest?

A
  1. Reliability of Financial Statements/ Reports
  2. To provide reasonable assurance that operations achieve business Objectives
  3. Comply with regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internal Controls: What are the limitations of internal controls?

A
  1. It only provides reasonable, not absolute, assurance
  2. It is subject to human judgement in decision making
  3. It can be circumvented through collusion and overriding of controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internal Controls: What are the things that auditors consider when looking at controls?

A
  1. Internal Controls can be assessed in groups or individually
  2. Controls can encompass different business objectives
  3. Not all controls are relevant to an audit
  4. Having an understanding of controls is not enough to test its operational effectiveness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internal Controls: When can an understanding of a control be sufficient enough to test its operational effectiveness

A

When there’s automation that ensure the consistent application of controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the components of the enterprise risk management cube?

A
  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring Activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Set of standards, procedures, and processes that is the basis for internal controls across the organization

A

Control Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cube - Control Environment: Who sets the tone at the top?

A

The BoD and the management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cube - Control Environment: Auditors must check if the Management has created what?

A

A culture of honesty and ethical behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cube - Control Environment: What must be considered when auditing the control environment?

A
  1. Controls may mitigate fraud but not entirely deter the existence of fraud
  2. Weak Controls do not necessarily necessitate the existence of fraud
  3. The control environment cannot mitigate material misstatements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cube - Control Environment: Enumerate the relevant elements to be assessed by the auditor.

A
  1. Communication and enforcement of integrity and ethical behavior
  2. Commitment to competence
  3. Participation of those in charge of governance
  4. Organizational Structure
  5. Management philosophy and operating style
  6. Assignment of authority and responsibility
  7. Human resource practices and policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cube - Risk Assessment: two aspects that management sees risk assessment

A

Likelihood and Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dynamic and Iterative way for identifying and assessing risks to the achievement of business objectives

A

Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The process of which the management strives to achieve its business objectives

A

Control Activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cube - Control Activities: What are given to ensure that risk responses are properly carried out?

A

Policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Acts as support for the other functions

A

Information and communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cube - Information and communication: Information only comes from internal sources as it is more reliable (T or F)

A

False. Must consider both internal and external

19
Q

To monitor the performance of controls over time

A

Monitoring Activities

20
Q

Cube - Monitoring Activities: Evaluated using on going evaluation or separate evaluations (T or F)

A

False. Monitoring activities can be both on going and separate evaluations

21
Q

Cube - Monitoring Activities: May consider external sources (T or F)

A

True

22
Q

Cube - Monitoring Activities: What must the auditor know with regards to monitoring of controls?

A
  1. The source of the information
  2. The basis of management to know which controls are effective and reliable
23
Q

Objectives of a department or role to pursue the achievement of strategic goals of a company

A

Controls objectives

24
Q

Cube - Control Objectives: Implicitly related to the strategy of the company (T or F)

A

False. It must be EXPLICITLY related.

25
Q

Cube - Control Objectives: Statements of the desired result or purpose to be achieved
by implementing control activities

A

Procedures

26
Q

Cube - Control Objectives: Control objectives are applicable to which type of control?

A

All. Manual, Automated or Combination

27
Q

Cube - Control Objectives: is an activity contributing to the fulfillment
of a control objective

A

Control Measure

28
Q

What should the management do with regards to controls?

A
  1. What controls should be implemented
  2. How to implement it (freq., span, automation)
29
Q

Specific Information Systems Control Objectives: What are the specific objectives?

A
  1. Safeguarding Assets
  2. Established SDLC proesses
  3. Ensure the integrity of OS environments
  4. Ensure the integrity of Sensitive and critical application system environment
  5. Ensure appropriate identification and authentication of the users of IS resources
  6. Ensure the efficiency and effectiveness of operations
  7. Ensure the compliance towards user requirements, policies, and regulations
  8. Ensure the availability of IT services through proper DRP and BCP.
  9. Enhance the protection of data through incident response plan
  10. Ensuring the integrity and reliability of systems through proper change management procedures
  11. Ensure that outsourced IS processes have detailed service-level agreements and contracts to ensure the safety of assets.
30
Q

Specific Information Systems Control Objectives: information on automated systems must be?

A

up to date

31
Q

Specific Information Systems Control Objectives: Ensuring integrity of general OS environments, including?

A

Network management and operations

32
Q

Specific Information Systems Control Objectives: Ensuring the integrity of sensitive and critical application system environments, including

A
  1. Accounting information
  2. Managerial information
  3. Customer Data
33
Q

Specific Information Systems Control Objectives: Ensuring availability of IT services by developing efficient
business continuity plans and disaster recovery plans that
include?

A

Backup and recovery

34
Q

Compensating Control: Can back up or duplicate multiple controls but cannot operate across multiple process and risks

A

False. It can also operate across multiple processes and risk

35
Q

Type of Controls: What is the on the risks depending on the type of control?
1. Preventive
2. Detective
3. Directive
4. Corrective

A
  1. Preventive - Reduce likelihood of risk
  2. Detective - Reduce likelihood of risk
  3. Directive - Reduce likelihood of risk and impact
  4. Corrective - Reduce likelihood of impact
36
Q

Determine what type of control (Manual or Automated) is the advantage describing?
1. Enhance segregation of duties
2. Enhance timelines availability and accuracy of information
3. Monitoring the effectives of automated control
4. Outside the scope of existing IT controls
5. Minimize cirvumention of controls

A
  1. Automated
  2. Automated
  3. Manual
  4. Manual
  5. Automated
37
Q

Determine what type of control (Manual or Automated) is the disadvantage describing?
1. Heavy reliance on defective systems
2. High Volume and recurring transactions
3. Failure to affect necessary changes

A
  1. Automated
  2. Manual
  3. Automated
38
Q

T or F: Manual Controls can be replaced by automated controls if adequately designed

A

True

39
Q

General Controls: that are primarily directed at
accounting operations—controls that concern the
safeguarding of assets and reliability of financial records

A

Internal Accounting Controls

40
Q

General Controls: that concern day-to-day operations,
functions and activities, and ensure that the operation is
meeting the business objectives

A

Operational Controls

41
Q

General Controls: that concern operational efficiency
in a functional area and adherence to management
policies

A

Administrative Controls

42
Q

General Controls: What are the general controls that must be followed?

A
  1. Policies and procedures for proper usage of assets
  2. Policies for audit rails
  3. Procedures for safeguarding the access and use of assets
  4. Physical and logical security policies for all facilities, data centers and IT resources
43
Q

T or F: Each general control can be traced to an IS-specific control

A

False. General controls are translated into IS specific controls

ITABP (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions