OBJECTIVES 7-11

Question 1

means that the controls achieve a sensible balance of reducing risk when compared with the cost of the control.

Answer 1

REASONABLE ASSURANCE

Question 2

involves the ongoing review and evaluation of the system.

Answer 2

MONITORING

Question 3

To assess, manage, and control the efficiency and effectiveness of operations of an organization, management must have access to feedback information and reports.

Answer 3

INFORMATION AND COMMUNICATION

Question 4

is an independent check to assure the accuracy and completeness of transactions processed in a batch.

Answer 4

Review Of Batch Totals

Question 5

Is the examination of a report to assess the accuracy and reliability of the data in that report.

Answer 5

Analysis Of Reports

Question 6

The theft of proprietary company information, by digging through the trash of the intended target company.

Answer 6

INDUSTRIAL ESPIONAGE

Question 7

The unlawful copying of software programs.

Answer 7

SOFTWARE PIRACY

Question 8

When an employee of an organization attempts to conduct fraud through the misuse of a computer-based system, it is called

Answer 8

INTERNAL COMPUTER FRAUD

Question 9

usually involves altering data that is input into the computer.

Answer 9

INPUT MANIPULATION

Question 10

Occurs when a program is altered in some fashion to commit a fraud. Examples of program manipulation include the salami technique, Trojan horse programs, and trap door alterations.

Answer 10

PROGRAM MANIPULATION

Question 11

A fraudster uses the _______ to alter a program to slice a small amount from several accounts and then credit those small amounts to the perpetrator’s benefit.

Answer 11

SALAMI TECHNIQUE

Question 12

is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud

Answer 12

TROJAN HORSE PROGRAM

Question 13

is a valid programming tool that is misused to commit fraud. These entrance ways can be thought of as hidden entrances, or trap doors.

Answer 13

TRAP DOOR ALTERATION

Question 14

If a person alters the system’s checks or reports to commit fraud. This kind of fraud is often successful simply because humans tend to trust the output of a computer and do not question its validity or accuracy as much as they might if the output were manually produced.

Answer 14

OUTPUT MANIPULATION

Question 15

are conducted by someone outside the company who has gained unauthorized access to the computer.

Answer 15

EXTERNAL COMPUTER FRAUDS

Question 16

is the term commonly used for computer network break-ins

Answer 16

HACKING

Question 17

A particular kind of hacking that has increased dramatically in recent years is

Answer 17

denial of service (DoS) attacks

Question 18

is intended to overwhelm an intended target computer system with so much bogus network traffic that the system is unable to respond to valid network traffic.

Answer 18

denial of service attack

Question 19

Occurs when a person, through a computer system, pretends to be someone else.

Answer 19

SPOOFING

Question 20

is the most dangerous to the accounting and control systems, because a spoofer fools a computer into thinking that the network traffic arriving is from a trusted source

Answer 20

Internet spoofing

Question 21

might flood employees’ e-mail boxes with junk mail but usually does not result in defrauding their company

Answer 21

E-MAIL SPOOFING

Question 22

usually used in an attempt to scam consumers.

Answer 22

E-MAIL SPOOFING

Question 22

The Act was intended to reform accounting, financial reporting, and auditing functions of companies that are publicly traded in stock exchanges.

Answer 22

SARBANES–OXLEY ACT OF 2002

Question 23

Are designed to avoid errors, fraud, or events not authorized by management. Intend to stop undesirable acts before they occur.

Answer 23

Preventive Controls

Question 24

Help employees to uncover or discover errors, fraud, or unauthorized events. Examples include matching physical counts to inventory records

Answer 24

Detective Controls

Question 25

are those steps undertaken to correct an error or problem uncovered via detective controls.

Answer 25

CORRECTIVE CONTROLS

Question 26

Has provided the standard definition and description of internal control accepted by the accounting industry

Answer 26

COSO (Committee of Sponsoring Organizations) REPORT

Question 27

Sets the tone of an organization and influences the control consciousness of its employees. Is the foundation for all other components of internal control, and it provides the discipline and structure of all other components.

Answer 27

control environment

Question 28

In order for management to maintain control over these threats to its business, it must constantly be engaged in risk assessment, whereby it considers existing threats and the potential for additional risks and stands ready to respond should these events occur.

Answer 28

RISK ASSESSMENT

Question 29

The COSO report identifies _______ as the policies and procedures that help ensure that management directives are carried out and that management objectives are achieved.

Answer 29

Control Activities

Question 30

In any organization, it is important to try to ensure that the organization engage only in transactions which are authorized.

Answer 30

Authorization of transactions

Question 31

Refers to an approval, or endorsement, from a responsible person or department in the organization that has been sanctioned by top management.

Answer 31

AUTHORIZATION

Question 32

is a set of guidelines that allows transactions to be completed as long as they fall within established parameters.

Answer 32

General authorization

Question 33

b)means that explicit approval is needed for that single transaction to be completed.

Answer 33

Specific authorization

Question 34

When management delegates authority and develops guidelines as to the use of that authority, it must assure that the authorization is separated from other duties. This separation of related duties is called segregation of duties

Answer 34

Segregation of Duties

Question 35

Supervision is a ___________that lessens the risk of negative effects when other controls are lacking. Supervision as a compensating control is appropriate in larger organizations, too, where there may be situations in which it is difficult to fully segregate duties.

Answer 35

Compensating Control

Question 36

When management is conscientious and thorough about preparing and retaining documentation in support of its accounting transactions, internal controls are strengthened.

Answer 36

Adequate Records and Documents

Question 37

Which presents verifiable information about the accuracy of accounting records.

Answer 37

Audit Trail

Question 38

Organizations should establish control activities to safeguard their assets, documents, and records. These control activities involve securing and protecting assets and records so that they are not misused or stolen.

Answer 38

Security of assets and documents

Question 39

Serve as a method to confirm the accuracy and completeness of data in the accounting system.

Answer 39

Independent checks and reconciliations

Question 40

is a procedure that compares records from different sources.

Answer 40

RECONCILIATION

Question 41

occurs when a company takes a physical count of inventory and compares the results to the inventory records.

Answer 41

Comparison Of Physical Assets With Records

Question 42

can help uncover math or program logic errors.

Answer 42

Recalculation Of Amounts

Question 43

is the examination of a report to assess the accuracy and reliability of the data in that report.

Answer 43

Analysis Of Reports

Question 44

which is merely a summation of key items in the batch (such as hours worked), and compare this batch total along various stages of processing.

Answer 44

Batch Totals

Question 45

is extremely important guidance for those who design or audit IT systems

Answer 45

COBIT (Control Objectives for Information Technology)

Question 46

are designed to be the written guidance for CPAs who provide assurance services for organizations.

Answer 46

TRUST SERVICES PRINCIPLES

Question 47

The risk related to ________Vis unauthorized access, which may be both physical access and logical access. An example of unauthorized physical access would be a person breaking into the computer room and damaging computer equipment.

Answer 47

security

Question 48

The risk related to______ is system or subsystem failure due to hardware or software problems.

Answer 48

availability

Question 49

The risk related to _______ _______ could be inaccurate, incomplete, or improperly authorized information

Answer 49

processing integrity

Question 50

The risk in this area is that personal information about customers may be used inappropriately or accessed by those either inside or outside the company.

Answer 50

ONLINE PRIVACY

Question 51

The risk related to _________________ is that confidential information about the company or its business partners may be subject to unauthorized access during its transmission or storage in the IT system.

Answer 51

Confidentiality