Module 4: Control Frameworks

Question 1

T or F: The past business environment has resulted in a proliferation of vulnerabilities, risks, stakeholders, and activities much more complex than ever before

Answer 1

False. The current business environment

Question 2

Internal Control Frameworks are structures that ___, ____, and sometimes ___ an organization’s internal controls

Answer 2

organize, categorize, prioritize

Question 3

What are the main objectives internal controls?

Answer 3

1. Create value for stakeholders
2. Minimize risk

Question 4

What is the widely known internal controls framework?

Answer 4

COSO’s Internal Control Integrated Framework

Question 5

What are the IT Control Frameworks?

Answer 5

1. Control Objectives for Information and Related Technology (COBIT)
2. International Organization for Standardization 17799 (ISO)
3. Information Technology Infrastructure Library

Question 6

What internal control framework is used for project management, process assessment and performance improvement?

Answer 6

Capability Maturity Model Integration (CMMI)

Question 7

What are the 3 control objectives in the COSO Framework?

Answer 7

1. Operations
2. Reporting
3. Compliance

Question 8

What are the five components of internal control?

Answer 8

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring Activities

Question 9

What are the 4 depths of the COSO framework?

Answer 9

1. Entity
2. Divisions
3. Operating Unit
4. Function

Question 10

What are the five principles of the Control Environment?

Answer 10

1. Commitment to integrity and ethical values
2. BOD exercises oversight responsibility
3. Establish structure, authority, and responsibility
4. Commitment to competence
5. Enforce accountability

Question 11

Control Environment: the workplace environment, characterized by the way the organization is structured, the manner of leadership, the degree of ____, management’s ___ ___ having and practicing the tenets of its ___ __ ____ and
statement of values.

Answer 11

openness, operating style, code of ethics

Question 12

Control Environment: What should happen to the tone at the top?

Answer 12

Congruence

Question 13

Control Environment: Organizational culture of?

Answer 13

Collection of Learned Beliefs

Question 14

Control Environment: What is the result of a healthy culture and ethical environment?

Answer 14

advancement of employee morale

Question 15

Control Environment: T or F: The Control environment includes the development of personnel

Answer 15

T

Question 16

Control Environment: Management should also establish what in terms of risk?

Answer 16

1. Risk Management Philosophy
2. Risk Appetite

Question 17

Control Environment: According to Trompenaars, organizational culture includes three key elements:

Answer 17

1. The general relationship between employees and their organizations
2. The vertical or hierarchical system of authority defining superiors and subordinates
3. The general views of employees about the organization’s destiny, purpose, and goals, and their place in it

Question 18

Control Environment: What unethical behavior should not be done?

Answer 18

1. Undue emphasis on bottom-line performance
2. High-pressure sales tactics
3. Kickbacks or bribes

Question 19

Control Environment: New employees should do what?

Answer 19

Sign documents such as code of ethics, conduct, conflict of interest to indicate that they agree to comply with them

Question 20

Control Environment: State an example of what organization can do to enforce ethical behavior

Answer 20

1. Company Newsletter

Question 21

Control Environment: Consists of management practices where on the surface it appears like an essential activity has been performed when it hasn’t

Answer 21

Form over substance

Question 22

Control Environment: ___ ___ controls are used to determine if an organization’s values, systems, policies, and processes would?

Answer 22

Entity Level, enable or dissuad fraud and encourage proper conduct

Question 23

Control Environment: Entity level controls refer to?

Answer 23

the Entity’s Management Style

Question 24

Control Environment: What do we audit for entity level controls?

Answer 24

1. Tangibles like policies and procedures
2. Intangibles observation of management culture

Question 25

Control Environment: Internal auditors are encouraged to remember what in regards to entity level controls?

Answer 25

a person’s behavior is determined by the person and the environment

Question 26

Control Environment: In the context of tone in the middle, what decision is one of the most important?

Answer 26

deciding who becomes a manager

Question 27

Control Environment: workplace conditions leading to customer and employee satisfaction, turnover, profits, and the achievement of goals and objectives are dictated by what?

Answer 27

Tone in the middle

Question 28

the identification, quantification,
analysis, and management of organizational risks.

Answer 28

Risk Assessment

Question 29

Events that can hinder an organization’s ability to achieve its objectives

Answer 29

Risk

Question 30

Risk Assessment: Typically are assessed along two dimensions

Answer 30

1. Likelihood or Probability
2. Impact or Consequence

Question 31

Risk Assessment: What is a precondition to risk assessment?

Answer 31

Establish objectives

Question 32

Risk Assessment: What are the 4 principles

Answer 32

6. Set suitable objectives
7. Identify and analyzes risks
8. Assess risk of fraud
9. Identify and analyze significant change

Question 33

Control Activities: How are controls established?

Answer 33

policies and procedures

Question 34

Control Activities: T or F: Controls are performed at all levels at specific stages within processes

Answer 34

false. at various stages

Question 35

Control Activities: What are the 3 principles?

Answer 35

10. Select and develop control activities
11. Select and develop IT GCCs
12. Mobilize through policies and procedures

Question 36

Control Activities: What do you also call directive controls?

Answer 36

Corrective Controls

Question 37

Control Activities: What control activity category is training and programs

Answer 37

Directive

Question 38

Control Activities: What is the main task of internal auditors?

Answer 38

1. Verify if controls are designed appropriately
2. If the controls are operating effectively

Question 39

Control Activities: What are the most common answers to nonperforming controls?

Answer 39

1. Inadequate Knowledge
2. Sabotage
3. Emotional and Physical Reasons

Question 40

Control Activities: An increase in no-value activities is an effect of?

Answer 40

Excessive Controls

Question 41

Information and Communication: What are the principles?

Answer 41

13. Use relevant information
14. Communicate internally
15. Communicate externally

Question 42

Information and Communication: ideally, there should be what from the top of the organization?

Answer 42

clear and consistent directions to provide criteria to measure performance results

Question 43

Information and Communication: What information should be flowing up in the organization?

Answer 43

feedback about results and issues

Question 44

Information and Communication: What should be in place to ensure cooperation and coordination among operating units?

Answer 44

Lateral flows

Question 45

Information and Communication: What does clear lateral communication prevent?

Answer 45

1. duplication of efforts
2. purchase of asset
3. confusion

Question 46

consist of ongoing, separate
or a combination of evaluations used to determine
whether each of the five components of internal
control is present and functioning.

Answer 46

Monitor Activities

Question 47

Monitoring Activities: T or F: Ongoing evaluations are built into business processes at different levels of the organization and provide past information on how well or poorly activities are performing

Answer 47

False. Not past, timely dapat

Question 48

Monitoring Activities: Separate or cyclical evaluations will vary in terms of what?

Answer 48

Scope and Frequency based on risk assessment and previous evaluation

Question 49

Monitoring Activities: What are its principles

Answer 49

16. Conduct ongoing/separate evaluations
17. Evaluate and communicate deficiencies

Question 50

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: What should organization consider regarding the IT function?

Answer 50

Turn it into a business service partner instead of a back-end support unit

Question 51

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: Cobit is created by? and focused on?

Answer 51

ISACA, ensures quality, control, and reliability of information systems

Question 52

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: Cobit has four specific domains (PDAM)

Answer 52

1. Planning
2. Delivery
3. Acquisition
4. Monitoring

Question 53

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: What is GTAG and who prepared it?

Answer 53

Global Technology Audit Guide, Institute of Internal Auditors

Question 54

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: What is a specific attribute of GTAG?

Answer 54

written in a straightforward business language to address a timely issue related to IT management

Question 55

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS:T or F: ISO is an independent and governmental international organization

Answer 55

False. Non governmental

Question 56

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: ISO is greek for?

Answer 56

Equal

Question 57

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: ISO 9000 addresses what?

Answer 57

1. Quality Management
2. ensure products meet customer requirements
3. continuous improvement

Question 58

IT AND ITS IMPACT ON ORGANIZATIONAL SUCCESS: ISO 17799 and 27001 addresses what and using?

Answer 58

1. Best practices for Information Security
2. IS Management Systems