Payments Risk Management Controls

Question 1

What are bio-metrics?

Answer 1

Technological and scientific authentication methods based on biology

Question 2

What are control activities?

Answer 2

Policies and procedures established to manage risks and ensure predefined objectives are met, and are designed to identify operational weaknesses and help effect corrective actions

Question 3

What are control self-assessments?

Answer 3

Assessments performed by those closest to the enviroment being testing and used to validate the adequacy and effectiveness of the control environment

Question 4

What are controls requirements?

Answer 4

The process used to document and track internal processes to determine that established procedures and / or physical security policies are being followed

Question 5

What are controls?

Answer 5

A means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative technical, management, or legal nature

Question 6

What are detective controls?

Answer 6

Controls designed to identify, or detect, operational weaknesses to effect corrective actions

Question 7

What are internal controls?

Answer 7

The policies and procedures that organizations establish to reduce risks and ensure they meet operating, reporting, and compliance objectives

Question 8

What are logical access controls?

Answer 8

The policies, procedures, organizational structure, and electronic access controls designed to restrict access to computer software and data files

Question 9

What are preventative controls?

Answer 9

Controls designed to deter, or prevent, the occurrence of an undesirable event

Question 10

What are reasons to revise business continuity plan?

Answer 10

Changes in business operations, audit and examination recommendations, or due to testing results

Question 11

What are risk assessments?

Answer 11

Assessments that should analyze threats to all significant business lines, the sufficiency of mitigating controls, and any residual risk exposures

Question 12

What is a business impact analysis (BIA)

Answer 12

An organization’s first step in its business continuity process that should include a workflow analysis involving an assessment and prioritization of business functions and processes that must be recovered

Question 13

What is a control environment?

Answer 13

An internal system designed to provide reasonable assurance that internal controls will prevent or detect materially inaccurate; incomplete or unauthorized transactions; deficiencies in the safeguarding of assets; and unreliable financial and regulatory reporting and deviations from laws, regulations, and internal policies

Question 14

What is a corrective control?

Answer 14

A mitigating technique designed to lessen the impact to the institution when adverse events occur

Question 15

What is a credit analysis?

Answer 15

The method used to calculate the creditworthiness of an individual or organization

Question 16

What is a network administrator?

Answer 16

An individual responsible for the installation, management, and control of a network

Question 17

What is an audit committee?

Answer 17

A committee, established by a board of directors, responsible for reviewing, approving, and reporting on audit strategies as well as monitoring the effectiveness of an organization’s audit function

Question 18

What is an operating system?

Answer 18

The system that supports and manages software applications

Question 19

What is business continuity management?

Answer 19

The process for management to oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, products, and services

Question 20

What is dual control?

Answer 20

The concept of requiring more than one person to complete a task

Question 21

What is quality control?

Answer 21

A process using random work samples to ensure staff are acting according to procedures and that procedures are in line with policy

Question 22

What is segregation of duties?

Answer 22

An internal control designed to prevent error and fraud by dispersing critical functions of a process to more than one person or department

Question 23

What is the goal of the business continuity plan (BCP)?

Answer 23

To minimize financial losses to the institution, serve customers, and financial markets with minimal disruptions, and mitigate the negative effects of disruptions on business operations

Question 24

What is the Mastercard Alert to Control High-Risk Merchants (MATCH) list?

Answer 24

It is a detailed database of Merchants that Mastercard has determined to be high-risks

Question 25

What is the purpose of risk monitoring and testing?

Answer 25

To ensure an organization’s business continuity planning process remains viable

Question 26

What are the five components of an internal control program?

Answer 26

1. Control environments
2. Risk assessments
3. Control activities
4. Information and communication
5. Monitoring

Question 27

What is encryption used for?

Answer 27

To secure communications and data storage, particularly with authentication credentials and the transmission of sensitive information

Question 28

What is a trend analysis?

Answer 28

A technique that uses historical results to predict future outcome

Question 29

What is predictive modeling?

Answer 29

A process of using known results to create, process, and validate a model that can be used to forecast future outcomes

Question 30

What are nature related control types?

Answer 30

Administrative, technical, and physical

Question 31

What are timing related control types?

Answer 31

Preventative, detective, and corrective

Question 32

What is the importance of having layered security?

Answer 32

To allow the strength of one or more controls to compensate for weakness or failure of another control

Question 33

What are administrative controls?

Answer 33

Defines the human factors of security at all levels of personnel, and includes, for example, training, recruitment, and separation strategies

Question 34

What are technical controls?

Answer 34

The use of technology as a basis to control access and usage of sensitive data throughout physical structures and over networks

Question 35

What are physical controls?

Answer 35

Security measures for premises used to deter or prevent unauthorized access to sensitive material

Question 36

A switch that activates an alarm is what type of control?

Answer 36

Detective control

Question 37

Segregation of duties is what type of control?

Answer 37

Preventative control

Question 38

Permitting access to a system on an “as needed” basis is what type of control?

Answer 38

Logical access control