WEEK 4: CONTROL & ACCOUNTING IS

Question 1

Business exposure to risks ( in terms of technology/it development ) leading to control failure

Answer 1

• more IS means info available to more people
• decentralized / distributed networks - makes it difficult to implement central controls
• wide area networks compromising confidentiality

Question 2

inherent idiosyncratic material risks of the currency ( crypto )

Answer 2

• business risk:
  ( value is strictly determined by the value that market participants place on them through their transactions, which means that loss of confidence may bring about a collapse of trading activities and an abrupt drop in value)
• not backed:
• cyber/fraud risk :
  ( cryptocurrency is highly reliant upon unregulated companies, including some that may lack appropriate internal controls & , If the keys are stolen to a user’s wallet, the thief can fully impersonate the original owner of the account and has the same access to the monies in the wallet that the original owner has)

> associated risks also include

• operational risks
• regulatory/ compliance risk
• market risks

Question 3

challenges in accounting for cryptocurrencies

Answer 3

• not backed & not cash
• volatile
• not financial instrument - no right to something
• how do we classify then?

Question 4

why do we need controls - this links to “what is internal control”

Answer 4

• assurance in terms of business processes
• mitigate risk
• assurance in terms of laws

Question 5

4 Internal control objectives ( similar to GAA )

Answer 5

• to safeguard assets
• to check the accuracy and reliability of accounting data
• to promote operational efficiency
• to encourage adherence to prescribed managerial policies

Question 6

Primary objective of AIS

Answer 6

• control the organization so it can achieve objectives
• includes people - people who use frequently should be able to detect and correct/ minimize system threats, systems can be complex so this is essential

Question 7

Types of internal controls

Answer 7

• Preventive controls
• Detective controls
• Corrective controls

Question 8

General and application controls

Answer 8

important general:
1. Information systems management controls

2. Security management controls
3. Information technology infrastructure controls
4. Software acquisition, development, and maintenance controls

Application controls - IOI of data

Question 9

Five interrelated components of internal control

Answer 9

1. control environment
2. risk assessment
3. control activities
4. information &communication
5. monitoring

Question 10

The Sarbanes-Oxley and Foreign Corrupt Practices Acts 1977

Answer 10

• The primary purpose of this Act was to prevent the bribery of foreign officials in order to obtain business
• Applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud.

Question 11

New rules for auditors CPA

Answer 11

COMMITEE
Audit committee members must be on the company’s board of directors and be independent of the company ( committee )

MANAGEMENT:
Requires the CEO and CFO to certify that financial statements and disclosures are fairly presented, were reviewed by management, and are not misleading.

Management can be imprisoned up to 20 years and fined up to $5,000,000.

INTERNAL CONTROL REQUIREMENTS:
Requires publicly held companies to issue a report accompanying the financial statements that states management is responsible for establishing and maintaining an adequate internal control structure and appropriate control procedures.

Question 12

aftermath Barbanes-Oxley Act

Answer 12

• evaluations must be based on recognized control frameworks ( COSO)
• disclose any and all material internal control weaknesses
• conclude that a company does not have effective internal controls over financial reporting is there are any material weaknesses.

Question 13

IT governance involves

Answer 13

• Value delivery :
• strategic IT alignment
• Risk management
• Resource management
• performance management

Question 14

Risk IT

Answer 14

providing a framework for enterprises to identify, govern and manage IT risk

Allows an enterprise to make appropriate risk-aware decisions

Question 15

VAL IT

Answer 15

Enables the creation of business value from IT-enabled investments

Integrates governance principles, processes, practices and supporting guidelines that help boards, the executive and other enterprise leaders to optimise the realisation of value from IT investments

Question 16

how COBIT addresses the issue of control from five key principles
MC SEA

Answer 16

1. meeting stakeholder needs
2. covering the enterprise end-to-end
3. applying a single integrated framework
4. enabling holistic approach
5. separating governance from management

Question 17

COSO 5 components

basically components of internal control

Answer 17

• control ( internal) environment
• risk assessment
• control activities
• information and communication
• monitoring

Question 18

COSO-ERM, ERM basic principles

Answer 18

Companies are formed to create value for their owners

Management must decide how much uncertainty it will accept as it creates value

Uncertainty results in risk, which is the possibility that something negatively affects the company’s ability to create or preserve value

Uncertainty results in opportunity, which is the possibility that something positively affects the company’s ability to create or preserve value

The ERM framework can manage uncertainty as well as create and preserve value

Question 19

COSO ERM objectives

scor

Answer 19

Strategic
operations
reporting
compliance

Question 20

COSO ERM : internal environment

Answer 20

• management philosophy, operating and risk appetite
• commitment to integrity, ethical values and competence
• internal control oversight by board of directors
• organizational structure
• methods of assigning authority and responsibility

Question 21

COSO: objective setting

Answer 21

strategic objectives
operational objectives
reporting objectives
compliance objectives

> this is the cube in the slides

Question 22

types of risk

Answer 22

inherent

residual

Question 23

Risk response

Answer 23

• reduce
• accept
• share
• avoid

Question 24

COSO: Control activities

Answer 24

Proper authorization of transactions and activities

Segregation of duties

Project development and acquisition controls]

Change management controls

Design and use of documents and records

Safeguarding assets, records, and data

Independent checks on performance

Question 25

Updates COSO ERM Framework - 2017

Answer 25

• governance and culture
• strategy and objective setting
• performance
• review and revision
• information, communication and reporting

(NB, this is all in relation to the risk based approach)

Question 26

risk governance components

Answer 26

• risk appetite & tolerance
• responsibility and accountability for IT risk management
• awareness and communication
• risk culture

Question 27

risk capacity

Answer 27

amount of risk an organization is able to support in pursuit of its objectives

Question 28

risk appetite

Answer 28

amount of risk an organization is willing to accept

Question 29

risk tolerance

Answer 29

“cushion”

Question 30

Trust services framework: foundation principles

Answer 30

security, confidentiality,
privacy,
processing integrity,
availability

Question 31

security life cycle

Answer 31

1. asses the threats&select risk response
2. development and communicate policy
3. Aquire& implement solutions
4. monitor performance

repeat.

Question 32

security approacches

Answer 32

1. defense in depth
2. time-based model
   ( P > D+C), where

P: is time it takes an attacker to break through preventive controls

D: is time it takes to detect an attack is in progress

C: is time it takes to respond to the attack and take corrective action