ACC 3510 Chapter 13

ITIL organizes IT service management into five high-level categories. Define each category.

ITIL organizes IT service management into five high-level categories. Define each category. Service strategy the strategic planning of IT service management capabilities and the alignment of IT service and business strategies Service design the design and development of IT services and service management processes Service transition the transition from strategy to design, and maintaining capabilities for the ongoing delivery of a service Service operation the effective and efficient delivery and support of services, with a benchmarked approach for event, problem, and access management Continual service improvement ongoing improvement of the service and the measurement of process performance required for the service

Identify physical control activities based on the COSO internal control framework.

Identify physical control activities based on the COSO internal control framework. authorization to ensure transactions are valid segregation of duties to prevent fraud and mistakes supervision to compensate imperfect segregation of duties accounting documents and records to maintain audit trails and accuracy of the financial data access control to ensure only authorized personnel have access to physical assets and information independent verification to double check for errors and misrepresentations

event identification

In the COSO ERM framework component event identification, firms identify events affecting achievement of their objectives.

monitoring

In the COSO ERM framework, monitoring is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model.

Risk and technology

Information technology controls involve processes that provide assurance for information and help to mitigate RISK associated with the use of Technology. Firms need such controls to protect information assets, remain competitive, and control costs in implementing IT projects.

RISK AND OPPORTUNITIES

Internal and external events affecting achievement of a firm's objectives must be identified. When using COSO ERM framework, management must distinguish between risk and opportunites after identifying all possible events.

PROCESS

Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

application controls.

IT controls are a subset of a firm's internal controls and are categorized as IT general and application controls.

It is designed to address information security issues.

What are the purposes of the standards of ISO 27000 series? It is designed to address information security issues. It is designed for IT governance and provides audit guidelines for both internal and external auditors. It is designed to provide guidance on IT service management.

IT control environment

Which of the following is an example of IT general controls (ITGC)? IT control environment Input controls regarding data entry Access control to a specific file in payroll

It is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model. The ERM components and internal control process should be monitored continuously and modified as necessary.

Select a correct statement on the monitoring component of the COSO ERM framework. It is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model. The ERM components and internal control process should be monitored continuously and modified as necessary. Monitoring is accomplished through occasional management activities. Deficiencies are reported only when the problems cannot be resolved.

CORPORATE GOVERNENCE

We define corporate CORPORATE GOVERNENCE as a set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders.

information security

he ISO 27000 series of standards are designed to address information security issues.

mission and vision

During the "Objective Setting" process, firms set specific objectives based on their mission and vision

Internal control

Ethical behavior prompted by a code of ethics can be considered a form of Internal control

strategic,

The COSO ERM framework categorizes objectives in the following four categories: strategic, operations, reporting, and compliance.

strategic objectives, operations objectives, reporting objectives, and compliance objectives.

The COSO ERM framework indicates that an effective internal control system should consist of four categories of objectives: strategic objectives, operations objectives, reporting objectives, and compliance objectives.

management controls

The processes of making sure changes to programs and applications are authorized and documented are called change management controls. Changes should be tested prior to implementation so they do not affect system availability and reliability.

identifying

The risk assessment process starts with identifying the risks.

False

True or false: Each company should use only one of the control/governance frameworks in corporate and IT governance.

process

during the objective setting stage, management should have a process in place to set strategic, operations, reporting, and compliance objectives.

FEI IIA AAA

COSO stands for Committee of Sponsoring Organizations. It composes of five organizations: ____, ____, ____, IMA, and AICPA. ISACA FEI IIA AAA

IT Controls and physical controls

Control activities are the policies and procedures that help ensure that necessary actions are taken to address risks to achieving the firm's objectives. There are two categories of control activities IT Controls and physical controls

Accept risks

Management selects risk responses and develops a set of actions to align risks with the entity''s risk tolerances and risk appetite. The four options to respond to risks are: reducing, sharing, avoiding, and accept risks

Match the following control or governance frameworks with their main purposes.

Match the following control or governance frameworks with their main purposes. COSO a general internal control framework that can be applied to all firms COSO ERM a framework expands from internal control to risk management that can be applied to all firms COBIT a comprehensive framework for IT governance and management ITIL a framework focusing on IT infrastructure and IT service management ISO 27000 series a framework for information security management

internal environment

One of the COSO ERM framework components, internal environment, encompasses the tone of a firm, influences the risk consciousness of its people, and sets the basis for how risk is viewed and addressed by the firm.

Preventive

Preventive controls require compliance with preferred procedures to deter undesirable issues from happening.

TRUE

True or false: The internal environment of the COSO ERM framework provides the discipline and structure for all other components of enterprise risk management. It is the most critical component in the framework.

False

True or false: The most recent control framework designed by COSO is called control objectives for information and related technology (COBIT).

1. Identify risks to the firm 2. estimate the likelihood of each risk occurring 3. estimate the impact 4. identify controls to mitigate the risk 5. estimate the costs and benefits of implementing the controls 6. perform a cost/benefit analysis for each risk and corresponding controls

Provide the process of risk assessment in correct sequence (i.e., seven steps). The last step is to base on the results of the cost/benefit analysis, determine whether to reduce the risk by implementing a control, or to accept, share, or avoid the risk.

preventive

Requiring a signed source document before recording a transaction is a _______ control. preventive detective Reason: a preventive control corrective Reason: a preventive control

The original COSO internal control integrated framework was created more than 20 years ago.

Select a correct statement regarding control frameworks. The most current COSO internal control framework focuses on enterprise risk management (ERM). COSO enterprise risk management framework is the oldest internal control framework established by COSO. The original COSO internal control integrated framework was created more than 20 years ago.

Information technology governance is a subset of corporate governance. IT governance is the responsibility of CIO and internal auditors.

Select correct statement regarding information technology governance and corporate governance. Information technology governance is the responsibility of management. Information technology governance is a subset of corporate governance. IT governance is the responsibility of CIO and internal auditors. COSO is a generally accepted framework for IT governance and management.

Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself. Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories.

Select the correct statement(s) regarding the concepts on internal control defined under COSO 2.0. Internal control can provide absolute assurance to an entity's management and board. Internal control is about policy manuals, systems, and forms, not affected by people. Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself. Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories.

False

True or false: COBIT is one of the generally accepted internal control frameworks for enterprises. COSO is a generally accepted framework for IT governance and management.

To promote accountability and transparency in a firm's operations To protect the interests of a firm's stakeholders To encourage the efficient use of the resources a firm has

What are the main purposes of corporate governance? To promote accountability and transparency in a firm's operations To identify approaches to manage disgruntled employees To protect the interests of a firm's stakeholders To encourage the efficient use of the resources a firm has

a firm's human resource policies/practices and development of personnel a firm's risk management philosophy and risk appetite a firm's integrity and ethical values a firm's organizational structure, board of directors and the audit committee

iven your understanding of COSO ERM framework, select factors regarding internal environment. a firm's human resource policies/practices and development of personnel a firm must have strong internal controls tested regularly a firm's risk management philosophy and risk appetite a firm's integrity and ethical values a firm's organizational structure, board of directors and the audit committee