OBJECTIVES 7-11 Flashcards
means that the controls achieve a sensible balance of reducing risk when compared with the cost of the control.
REASONABLE ASSURANCE
involves the ongoing review and evaluation of the system.
MONITORING
To assess, manage, and control the efficiency and effectiveness of operations of an organization, management must have access to feedback information and reports.
INFORMATION AND COMMUNICATION
is an independent check to assure the accuracy and completeness of transactions processed in a batch.
Review Of Batch Totals
Is the examination of a report to assess the accuracy and reliability of the data in that report.
Analysis Of Reports
The theft of proprietary company information, by digging through the trash of the intended target company.
INDUSTRIAL ESPIONAGE
The unlawful copying of software programs.
SOFTWARE PIRACY
When an employee of an organization attempts to conduct fraud through the misuse of a computer-based system, it is called
INTERNAL COMPUTER FRAUD
usually involves altering data that is input into the computer.
INPUT MANIPULATION
Occurs when a program is altered in some fashion to commit a fraud. Examples of program manipulation include the salami technique, Trojan horse programs, and trap door alterations.
PROGRAM MANIPULATION
A fraudster uses the _______ to alter a program to slice a small amount from several accounts and then credit those small amounts to the perpetrator’s benefit.
SALAMI TECHNIQUE
is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud
TROJAN HORSE PROGRAM
is a valid programming tool that is misused to commit fraud. These entrance ways can be thought of as hidden entrances, or trap doors.
TRAP DOOR ALTERATION
If a person alters the system’s checks or reports to commit fraud. This kind of fraud is often successful simply because humans tend to trust the output of a computer and do not question its validity or accuracy as much as they might if the output were manually produced.
OUTPUT MANIPULATION
are conducted by someone outside the company who has gained unauthorized access to the computer.
EXTERNAL COMPUTER FRAUDS
is the term commonly used for computer network break-ins
HACKING
A particular kind of hacking that has increased dramatically in recent years is
denial of service (DoS) attacks
is intended to overwhelm an intended target computer system with so much bogus network traffic that the system is unable to respond to valid network traffic.
denial of service attack
Occurs when a person, through a computer system, pretends to be someone else.
SPOOFING
is the most dangerous to the accounting and control systems, because a spoofer fools a computer into thinking that the network traffic arriving is from a trusted source
Internet spoofing
might flood employees’ e-mail boxes with junk mail but usually does not result in defrauding their company
E-MAIL SPOOFING
usually used in an attempt to scam consumers.
E-MAIL SPOOFING
The Act was intended to reform accounting, financial reporting, and auditing functions of companies that are publicly traded in stock exchanges.
SARBANES–OXLEY ACT OF 2002
Are designed to avoid errors, fraud, or events not authorized by management. Intend to stop undesirable acts before they occur.
Preventive Controls
Help employees to uncover or discover errors, fraud, or unauthorized events. Examples include matching physical counts to inventory records
Detective Controls
are those steps undertaken to correct an error or problem uncovered via detective controls.
CORRECTIVE CONTROLS
Has provided the standard definition and description of internal control accepted by the accounting industry
COSO (Committee of Sponsoring Organizations) REPORT
Sets the tone of an organization and influences the control consciousness of its employees. Is the foundation for all other components of internal control, and it provides the discipline and structure of all other components.
control environment
In order for management to maintain control over these threats to its business, it must constantly be engaged in risk assessment, whereby it considers existing threats and the potential for additional risks and stands ready to respond should these events occur.
RISK ASSESSMENT
The COSO report identifies _______ as the policies and procedures that help ensure that management directives are carried out and that management objectives are achieved.
Control Activities
In any organization, it is important to try to ensure that the organization engage only in transactions which are authorized.
Authorization of transactions
Refers to an approval, or endorsement, from a responsible person or department in the organization that has been sanctioned by top management.
AUTHORIZATION
is a set of guidelines that allows transactions to be completed as long as they fall within established parameters.
General authorization
b)means that explicit approval is needed for that single transaction to be completed.
Specific authorization
When management delegates authority and develops guidelines as to the use of that authority, it must assure that the authorization is separated from other duties. This separation of related duties is called segregation of duties
Segregation of Duties
Supervision is a ___________that lessens the risk of negative effects when other controls are lacking. Supervision as a compensating control is appropriate in larger organizations, too, where there may be situations in which it is difficult to fully segregate duties.
Compensating Control
When management is conscientious and thorough about preparing and retaining documentation in support of its accounting transactions, internal controls are strengthened.
Adequate Records and Documents
Which presents verifiable information about the accuracy of accounting records.
Audit Trail
Organizations should establish control activities to safeguard their assets, documents, and records. These control activities involve securing and protecting assets and records so that they are not misused or stolen.
Security of assets and documents
Serve as a method to confirm the accuracy and completeness of data in the accounting system.
Independent checks and reconciliations
is a procedure that compares records from different sources.
RECONCILIATION
occurs when a company takes a physical count of inventory and compares the results to the inventory records.
Comparison Of Physical Assets With Records
can help uncover math or program logic errors.
Recalculation Of Amounts
is the examination of a report to assess the accuracy and reliability of the data in that report.
Analysis Of Reports
which is merely a summation of key items in the batch (such as hours worked), and compare this batch total along various stages of processing.
Batch Totals
is extremely important guidance for those who design or audit IT systems
COBIT (Control Objectives for Information Technology)
are designed to be the written guidance for CPAs who provide assurance services for organizations.
TRUST SERVICES PRINCIPLES
The risk related to ________Vis unauthorized access, which may be both physical access and logical access. An example of unauthorized physical access would be a person breaking into the computer room and damaging computer equipment.
security
The risk related to______ is system or subsystem failure due to hardware or software problems.
availability
The risk related to _______ _______ could be inaccurate, incomplete, or improperly authorized information
processing integrity
The risk in this area is that personal information about customers may be used inappropriately or accessed by those either inside or outside the company.
ONLINE PRIVACY
The risk related to _________________ is that confidential information about the company or its business partners may be subject to unauthorized access during its transmission or storage in the IT system.
Confidentiality
