Chp 10 AIS (Exam 2)

Most important aspects of SOX

- Public Company Accounting Oversight Board (PCAOB) - New rules for auditors - New roles for audit committees - New rules for management - New internal control requirements

What should limited access safeguard?

- cash - inventory - supplies - records

What does comparison help with?

- mistakes - customer satisfaction - limits improper behavior

control objectives of internal controls

- safeguard assets - maintain records in sufficient detail to report company assets accurately and fairly - provide accurate and reliable info - prepare financial reports in accordance with established criteria - promote and improve operational efficiency - encourage adherence to prescribed managerial policies - comply with applicable laws and regulations

Data analytic techniques are often used to detect fraud. Which of the following are frequently used techniques?

- using regression analysis - semantic analysis - applying benford's law

5 components of COSO

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring

three frameworks used to develop internal control systems

1. Control Objectives for Information and Related Technology (COBIT) 2. Internal Control Integrated Framework (COSO) 3. Enterprise Risk Management (ERM)

two categories of internal controls

1. General Controls 2. Application Controls

3 Principles of Information and Communication

1. High quality information that supports internal control 2. Internally communicate the info 3. Communicate externally

Adequate records

"garbage in...... garbage out" having good data entry controls to avoid any problems

Internal control - integrated framework

A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems

Committee of Sponsoring Organizations (COSO)

A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.

threat

any potential adverse occurence

Sarbanes-Oxley Act of 2002

applies to publicly held companies and their auditors and was designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud

Control Objectives for Information and Related Technology (COBIT)

best practices for the effective governance and management of IT

Ethical values are a component of which aspect of the COSO Integrated Framework

control environment

collusion

cooperation between two or more people in an effort to thwart internal controls

control activites

policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out

application controls

prevent, detect, and correct transaction errors and fraud in application programs

Hiring qualified personnel is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control.

preventative; corrective

internal controls

processes implemented to provide reasonable assurance that control objectives are met

What does limited access help with?

segregation of duties

segregation of accounting duties

separating the accounting functions of authorization, custody, and recording to minimize an employee's ability to commit fraud

proper approvals

specific part of segregation duties that helps set materialist levels

COSO Internal Control-Integrated framework is the most commonly used control framework

true

Controls are costly, so we only want to implement where risk must be mitigated

true

One of the greatest control strengths is the honesty of employees; one of the greatest control weaknesses is the dishonesty of employees

true

The same individual can both receive goods from vendors and also ship goods to customers

true (because these are both custody procedures)

internal control categories (SCALP)

S - segregation of duties C - Comparisons (matching) A - Adequate Records (data entry) L - Limited Access (safeguarding) P - Proper approvals

With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?

entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal

SOX was the first legislation pertaining to internal controls

false

When using your ID card to enter a building at Baylor, it is polite and appropriate to hold the door for someone following closely behind you

false

Applying the COBIT framework, monitoring is the responsibility of internal audit.

false; board of directors responsibility

look over segregation of duties system chart

figure 10-5

According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for

hiring and firing the external auditors

corrective controls

identify and correct problems as well as correct and recover from the resulting errors

Robert Simons' four levers of control

1. belief system 2. boundary system 3. diagnostic control system 4. interactive control system

3 functions that need to separated in segregation of accounting duties

1. custody 2. authorize 3. record

What must CEOs and CFOs certify because of SOX?

1. financial statements and disclosures are fairly presented, were reviewed by management, and are not misleading 2. the auditors were told about all material internal control weaknesses and fraud

3 important functions that internal controls perform

1. preventative controls 2. detective controls 3. corrective controls

Public Accounting Oversight Board (PCAOB)

5 people who regulate public accounting firms and were appointed by the SEC

Which internal control framework is widely accepted as the authority on internal controls

COSO Integrated Framework

information and communication

Capture and exchange the information needed to conduct, manage, and control the organization's operations

general controls

make sure an organization's control environment is stable and well managed

Foreign Corrupt Practices Act (FCPA) in 1977

Prevents companies from bribing foreign officials; also requires internal controls for all public companies

What board did SOX create?

Public Company Accounting Oversight Board (PCAOB)

The principle of identifying and assessing changes that could significantly impact the system of internal controls belong to which of the COSO's Internal Control Model's component?

Risk assessment

risk appetite

The amount of risk a company is willing to accept to achieve its goals and objectives.

Duplicate checking of calculations is an example of a ________ control. Implementing customer credit limits is an example of a __________ control.

detective; preventative

preventative controls

deter problems before they arise

detective controls

discover problems that are not prevented

look over 10-1 table

do it

comparison

documents from appropriate resources

Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter?

employee fraud or embezzlement

segregation of systems duties

implementing control procedures to clearly divide authority and responsibility within the information system function

At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect?

the box office cashier accidently gives too much change to a customer

control environment

the company culture that is the foundation for all other internal control components, as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk

risk assessment

the organization must identify, analyze, and manage its risks

audit committee

the outside, independent board of director members responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors

exposure/impact

the potential dollar loss from a threat

likelihood/risk

the probability that a threat will happen