ACCT 4240A Chapter 13 Accounting Information Systems and Internal Controls

Which of the following professional organizations have a code of ethics? (Select all that apply) -IIA -AICPA -IMA -AAA -ISACA

-IIA -AICPA -IMA -ISACA

Choose proper examples of detective controls. (Select all that apply) -Require authorization before recording a transaction. -Prepare quarterly balance sheets and income statements. -Prepare monthly trial balances. -Prepare monthly bank reconciliations.

-Prepare monthly trial balances. -Prepare monthly bank reconciliations.

Define the following batch totals. -Record count <-> -Financial total <-> -Hash total <-> -the sum of a field containing dollar values -the total records in the batch -the sum of a numeric field, such as employee number, which normally would not be the subject of arithmetic operations

-Record count <-> the total records in the batch -Financial total <-> the sum of a field containing dollar values -Hash total <-> the sum of a numeric field, such as employee number, which normally would not be the subject of arithmetic operations

To support a firm in its efforts to achieve internal control objectives, COSO 2013 suggests five components of internal control including (Select all that apply): -Risk assessment -Control environment -Control effectiveness -Control activities

-Risk assessment -Control environment -Control activities

What are the main purposes of corporate governance? (Select all that apply) -To identify approaches to manage disgruntled employees -To protect the interests of a firm's stakeholders -To promote accountability and transparency in a firm's operations -To encourage the efficient use of the resources a firm has

-To protect the interests of a firm's stakeholders -To promote accountability and transparency in a firm's operations -To encourage the efficient use of the resources a firm has

According to the COSO 2.0 framework, operations objectives are about _____ and _____ of a firm's operations on financial performance goals and safeguarding assets.

-effectiveness -efficiency

In the COSO ERM framework component ______ ______, firms identify events affecting achievement of their objectives.

-event -identification

The AICPA has indicated that issues on information security are critical to certified public accountants (CPAs) as one of the top 10 technologies that accounting professionals must learn. International Organization for Standardization (ISO) 27000 series is designed to address ______ ______ issues.

-information -security / securities

The ISO 27000 series of standards are designed to address _______ ______ issues.

-information -security

COBIT control objectives provide high-level requirements to be considered for effective control of IT processes. Three of the seven key criteria of business requirements for information in COBIT are about security and people often call them CIA: confidentiality, ______, and ______.

-integrity -availability

The IT Infrastructure Library (ITIL) is a de facto standard in Europe for the best practices in IT infrastructure management and service delivery. ITIL adopts a ______-______ approach to IT services.

-life -cycle

During the "Objective Setting" process, firms set specific objectives based on their ______ and ______.

-mission -vision

The process, ______ ______, is to identify and analyze risks systematically to determine the firm's risk response and control activities. It allows a firm to understand the extent to which potential events might affect corporate objectives.

-risk -assessment

Internal and external events affecting achievement of a firm's objectives must be identified. When using COSO ERM framework, management must distinguish between ______ and ______ after identifying all possible events.

-risks / risk -opportunities / opportunity

The COSO ERM framework indicates that an effective internal control system should consist of four categories of objectives: ______ objectives, operations objectives, ______ objectives, and ______ objectives.

-strategic -reporting / report -compliance

COBIT 2019 is a comprehensive framework for information and technology governance and management. This framework has five domains. Indicate the purpose of each domain. A. Align, plan and organize B. Build, acquire and implement C. Deliver, service and support D. Evaluate, direct and monitor E. Monitor, evaluate and assess -Governance -Management

A. Management B. Management C. Management D. Governance E. Management

IT Governance Institute (ITGI) developed a control framework for the governance and management of enterprise IT. This framework, ______, provides management with an understanding of risks associated with IT and bridges the gap between business among risks, control needs, and technical issues.

COBIT

The information system of Carlsbad Bottle Inc. is deemed to be 90 percent reliable. A major threat in the procurement process has been discovered, with an exposure of $300,000. Two control procedures are identified to mitigate the threat. Implementation of control A would cost $18,000 and reduce the risk to 4 percent. Implementation of control B would cost $10,000 and reduce the risk to 6 percent. Implementation of both controls would cost $26,000 and reduce the risk to 2.5 percent. Given the information presented, and considering an economic analysis of costs and benefits only, which control procedure(s) should Carlsbad Bottle choose to implement? -Control A -Control B -Control A and B -Neither

Control B

Select the component not part of the COSO ERM 2017 framework. -Control Environment -Review and Revision -Governance and Culture -Information Communication and Reporting -Strategy and Objective Setting

Control Environment

_______ controls find problems when they arise.

Detective

Which of the five domains of COBIT 2019 is about IT governance? -MEA (Monitor, Evaluate, and Access) -EDM (Evaluate, Direct, and Monitor) -APO (Align, Plan, and Organize) -BAI (Build, Acquire, and Implement) -DSS (Deliver, Service, and Support)

EDM (Evaluate, Direct, and Monitor)

True or false: COBIT is one of the generally accepted internal control frameworks for enterprises. COSO is a generally accepted framework for IT governance and management.

False. Reason: COSO is one of the generally accepted internal control frameworks for enterprises. COBIT is a generally accepted framework for IT governance and management.

True or false: Each company should use only one of the control/governance frameworks in corporate and IT governance.

False. Reason: Companies may choose to use multiple frameworks in corporate and/or IT governance.

True or false: The control objectives for information and related technology (COBIT) framework is an internationally accepted set of best IT security and control practices and is required by PCAOB to be used for SOX section 404 audit.

False. Reason: The control objectives for information and related technology (COBIT) framework is an internationally accepted set of best IT security and control practices. SOX requires public companies to choose a framework in evaluating controls. However, the PCAOB or SOX did not require any specific control framework to be used in evaluating internal controls.

What are the purposes of the standards of ISO 27000 series? -It is designed to address information security issues. -It is designed to provide guidance on IT service management. -It is designed for IT governance and provides audit guidelines for both internal and external auditors.

It is designed to address information security issues.

_____ controls provide output to authorized people and ensure the output is used properly. -Processing -Input -Output

Output

Select a correct statement regarding control frameworks. -The most current COSO internal control framework focuses on enterprise risk management (ERM). -COSO enterprise risk management framework is the oldest internal control framework established by COSO. -The original COSO internal control integrated framework was created more than 20 years ago.

The original COSO internal control integrated framework was created more than 20 years ago.

True or false: Integrity and individual ethics are formed through a person's life experience.

True. Reason: Integrity and individual ethics are formed through a person's life experience.

True or false: The internal environment of the COSO ERM framework provides the discipline and structure for all other components of enterprise risk management. It is the most critical component in the framework.

True. Reason: The internal environment of the COSO ERM framework provides the discipline and structure for all other components of enterprise risk management. It is the most critical component in the framework.

Management selects risk responses according to the entity's risk tolerances and risk ______.

appetite

IT controls are a subset of a firm's internal controls and are categorized as IT general and ______ controls.

application / applications

Corrective controls fix problems that have been identified, such as using ______ files to recover corrupted data.

backup

Organizations derive their code of ______ from cultural values, societal traditions, and personal attitudes on issues of right and wrong.

ethics / ethic

We define corporate ______ as a set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders.

governance

The risk assessment process starts with ______ the risks.

identifying

IT application controls are activities specific to a subsystem's or an application's ______, processing, and output.

input

Most mistakes in an accounting information systems occur while entering data. Control efforts are focused on ______ rather than processing and output activities.

input / inputting / inputs

The processes of making sure changes to programs and applications are authorized and documented are called change ______ controls. Changes should be tested prior to implementation so they do not affect system availability and reliability.

management

In the COSO ERM framework, _______ is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model.

monitoring

Provide the process of risk assessment in correct sequence (i.e., seven steps). The last step is to base on the results of the cost/benefit analysis, determine whether to reduce the risk by implementing a control, or to accept, share, or avoid the risk. -Perform a cost/benefit analysis for each risk and corresponding controls -Identify controls to mitigate the risk -Identify risks to the firm -Estimate the likelihood of each risk occurring -Estimate the costs and benefits of implementing the controls -Estimate the impact

o 1. Identify risks to the firm o 2. Estimate the likelihood of each risk occurring o 3. Estimate the impact o 4. Identify controls to mitigate the risk o 5. Estimate the costs and benefits of implementing the controls o 6. Perform a cost/benefit analysis for each risk and corresponding controls

Requiring a signed source document before recording a transaction is a _______ control. -detective -preventive -corrective

preventive

During the objective setting stage, management should have a ______ in place to set strategic, operations, reporting, and compliance objectives.

process

Internal control is a ______ consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

process

The application controls are grouped into three categories to ensure information processing integrity: input, ______, and output controls.

processing / process

According to the COSO 2.0 framework, reporting objectives are about the ______ of a firm's internal and external financial reporting.

reliability

Select the principles related to review and revision in the COSO ERM 2017 framework. (Select all that apply) -Evaluate alternative strategies -Leverage information and technology -Define risk appetite -Assess substantial change -Review risk and performance

-Assess substantial change -Review risk and performance

Choose the main purpose for each framework. COBIT <-> ITIL <-> ISO 27000 series <-> -provides the best IT security and control practices for IT management -address information security issues -provides the concepts and practices for IT service management

-COBIT <-> provides the best IT security and control practices for IT management -ITIL <-> provides the concepts and practices for IT service management -ISO 27000 series <-> address information security issues

Select correct statements about the COBIT framework. -COBIT is a generally accepted framework for IT governance and management. -COBIT 2019 enables IT to be governed in a holistic manner by taking in IT responsibility and considering the IT-related interests of stakeholders. -The most current version of the COBIT framework is COBIT 2013. -COBIT 2019 includes the main points of COSO ERM 2017.

-COBIT is a generally accepted framework for IT governance and management. -COBIT 2019 enables IT to be governed in a holistic manner by taking in IT responsibility and considering the IT-related interests of stakeholders. -COBIT 2019 includes the main points of COSO ERM 2017.

Match the following control or governance frameworks with their main purposes. -COSO <-> -COSO ERM <-> -COBIT <-> -ITIL <-> -ISO 27000 series <-> -a framework expands from internal control to risk management that can be applied to all firms -a framework for information security management -a general internal control framework that can be applied to all firms -a framework focusing on IT infrastructure and IT service management -a comprehensive framework for IT governance and management

-COSO <-> a general internal control framework that can be applied to all firms -COSO ERM <-> a framework expands from internal control to risk management that can be applied to all firms -COBIT <-> a comprehensive framework for IT governance and management -ITIL <-> a framework focusing on IT infrastructure and IT service management -ISO 27000 series <-> a framework for information security management

To support a firm in its efforts to achieve internal control objectives, COSO 2013 suggests five components of internal control including (Select all that apply): -Control environment -Control efficiency -Control activities -Information and communication -Risk assessment

-Control environment -Control activities -Information and communication -Risk assessment

COSO ERM framework indicates that: (Select all that apply) -ERM identifies historical events that affected the firm. -ERM provides reasonable assurance regarding the achievement of the firm's objectives. -ERM manages risk to be within the firm's risk appetite.

-ERM provides reasonable assurance regarding the achievement of the firm's objectives. -ERM manages risk to be within the firm's risk appetite.

COSO stands for Committee of Sponsoring Organizations. It composes of five organizations: ____, ____, ____, IMA, and AICPA. -FEI -ISACA -AAA -IIA

-FEI -AAA -IIA

Match the following data entry controls with their definitions. Field checks <-> Validity checks <-> Size checks <-> Completeness checks <-> -compare data entering the system with existing data in a reference file to ensure only valid data is are entered -ensure the data fit into the size of a field -ensure the characters in a field are of the proper type -ensure all required data are entered for each record

-Field checks <-> ensure the characters in a field are of the proper type -Validity checks <-> compare data entering the system with existing data in a reference file to ensure only valid data is are entered -Size checks <-> ensure the data fit into the size of a field -Completeness checks <-> ensure all required data are entered for each record

Define each type of controls properly. General controls <-> Application controls <-> Preventive <-> Detective <-> Corrective <-> -Internal controls deter problems before they arise -Internal controls find problems when they arise -Internal controls pertain to enterprise wide issues -Internal controls specific to a subsystem or an application -Internal controls fix problems that have been identified

-General controls <-> Internal controls pertain to enterprise wide issues -Application controls <-> Internal controls specific to a subsystem or an application -Preventive <-> Internal controls deter problems before they arise -Detective <-> Internal controls find problems when they arise -Corrective <-> Internal controls fix problems that have been identified

Please match the control components with the principles in the COSO 2013 framework. Information and Communication <-> Control Activities <-> Risk Assessment <-> Control Environment <-> Monitoring Activities <-> -The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. -The organization deploys control activities through policies that establish what is expected and procedures that put policies into place. -The organization identifies and assesses changes that could significantly impact the system of internal control. -The organization communicates with external parties regarding matters affecting the functioning of internal control. -The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

-Information and Communication <-> The organization communicates with external parties regarding matters affecting the functioning of internal control. -Control Activities <-> The organization deploys control activities through policies that establish what is expected and procedures that put policies into place. -Risk Assessment <-> The organization identifies and assesses changes that could significantly impact the system of internal control. -Control Environment <-> The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. -Monitoring Activities <-> The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.

Select correct statement regarding information technology governance and corporate governance. (Select all that apply) -Information technology governance is the responsibility of management. -COSO is a generally accepted framework for IT governance and management. -IT governance is the responsibility of CIO and internal auditors. -Information technology governance is a subset of corporate governance.

-Information technology governance is the responsibility of management. -Information technology governance is a subset of corporate governance.

Match the following definitions with the different types of risks. Inherent risk <-> Control risk <-> Residual risk <-> -the risk related to the nature of the business activity itself -the product of inherent risk and control risk -the threat that errors or irregularities in the underlying transactions will not be prevented, detected, and corrected by the internal control system

-Inherent risk <-> the risk related to the nature of the business activity itself -Control risk <-> the threat that errors or irregularities in the underlying transactions will not be prevented, detected, and corrected by the internal control system -Residual risk <-> the product of inherent risk and control risk

Select the correct statement(s) regarding the concepts on internal control defined under COSO 2.0. (Select all that apply) -Internal control can provide absolute assurance to an entity's management and board. -Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories. -Internal control is about policy manuals, systems, and forms, not affected by people. -Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

-Internal control is geared toward the achievement of objectives in one or more separate but overlapping categories. -Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

What is enterprise risk management (ERM)? (Select all that apply) -It involves a company's board of directors, management, and other personnel in the process. -It aims to provide reasonable assurance regarding the achievement of objectives. -It is a process focuses on internal controls. -It is designed to identify historical events that affected the entity. -It is applied in strategy setting and across the enterprise.

-It involves a company's board of directors, management, and other personnel in the process. -It aims to provide reasonable assurance regarding the achievement of objectives. -It is applied in strategy setting and across the enterprise.

Determine the type of each internal control mechanism. Require authorization before recording transactions <-> Prepare monthly bank reconciliations <-> Using a backup file to recover corrupted data. <-> -Preventive control -Corrective control -Detective control

-Require authorization before recording transactions <-> Preventive control -Prepare monthly bank reconciliations <-> Detective control -Using a backup file to recover corrupted data. <-> Corrective control

Determine the type of each internal control mechanism. Require using user names and passwords to access the company's network <-> When entering a sales transaction, use an input control to ensure the customer account number is entered accurately <-> -General control -Application control

-Require using user names and passwords to access the company's network <-> General control -When entering a sales transaction, use an input control to ensure the customer account number is entered accurately <-> Application control

Please match the control components with the principles in the COSO 2013 framework. Risk assessment <-> Control environment <-> Monitoring <-> Control activities <-> Information and communication <-> -The organization selects and develops general control activities over technology to support the achievement of objectives. -The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. -The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. -Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. -The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.

-Risk assessment <-> The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. -Control environment <-> Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. -Monitoring <-> The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. -Control activities <-> The organization selects and develops general control activities over technology to support the achievement of objectives. -Information and communication <-> The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.

ITIL organizes IT service management into five high-level categories. Define each category. -Service strategy <-> -Service design <-> -Service transition <-> -Service operation <-> -Continual service improvement <-> -the effective and efficient delivery and support of services, with a benchmarked approach for event, problem, and access management -the strategic planning of IT service management capabilities and the alignment of IT service and business strategies -ongoing improvement of the service and the measurement of process performance required for the service -the transition from strategy to design, and maintaining capabilities for the ongoing delivery of a service -the design and development of IT services and service management processes

-Service strategy <-> the strategic planning of IT service management capabilities and the alignment of IT service and business strategies -Service design <-> the design and development of IT services and service management processes -Service transition <-> the transition from strategy to design, and maintaining capabilities for the ongoing delivery of a service -Service operation <-> the effective and efficient delivery and support of services, with a benchmarked approach for event, problem, and access management -Continual service improvement <-> ongoing improvement of the service and the measurement of process performance required for the service

Select a correct statement on the monitoring component of the COSO ERM framework. (Select all that apply) -The ERM components and internal control process should be monitored continuously and modified as necessary. -It is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model. -Monitoring is accomplished through occasional management activities. Deficiencies are reported only when the problems cannot be resolved.

-The ERM components and internal control process should be monitored continuously and modified as necessary. -It is the process of evaluating the quality of internal control design and operation and the effectiveness of the ERM model.

What is the impact of Sarbanes-Oxley Act 2002 (SOX) on the accounting profession? -SOX is perceived by the accounting profession as decreasing oversight over companies' efficiency in operations. -Under SOX, the PCAOB replaces AICPA to issue audit standards. -SOX established the PCAOB to regulate and audit public accounting firms.

-Under SOX, the PCAOB replaces AICPA to issue audit standards. -SOX established the PCAOB to regulate and audit public accounting firms.

Given your understanding of COSO ERM framework, select factors regarding internal environment. (Select all that apply) -a firm's human resource policies/practices and development of personnel -a firm's organizational structure, board of directors and the audit committee -a firm must have strong internal controls tested regularly -a firm's risk management philosophy and risk appetite -a firm's integrity and ethical values

-a firm's human resource policies/practices and development of personnel -a firm's organizational structure, board of directors and the audit committee -a firm's risk management philosophy and risk appetite -a firm's integrity and ethical values

Input controls ensure the authorization, entry, and verification of data entering the system. Authorization of data entry is accomplished by using an _______ ______ matrix.

-access -control

Identify physical control activities based on the COSO internal control framework. -authorization <-> -segregation of duties <-> -supervision <-> -accounting documents and records <-> -access control <-> -independent verification <-> -to maintain audit trails and accuracy of the financial data -to ensure only authorized personnel have access to physical assets and information -to ensure transactions are valid -to double check for errors and misrepresentations -to prevent fraud and mistakes -to compensate imperfect segregation of duties

-authorization <-> to ensure transactions are valid -segregation of duties <-> to prevent fraud and mistakes -supervision <-> to compensate imperfect segregation of duties -accounting documents and records <-> to maintain audit trails and accuracy of the financial data -access control <-> to ensure only authorized personnel have access to physical assets and information -independent verification <-> to double check for errors and misrepresentations

COBIT control objectives provide high-level requirements to be considered for effective control of IT processes. Four of the seven key criteria of business requirements for information in COBIT are similar to COSO control objectives: effectiveness, efficiency, confidentiality, availability, ______, and ______.

-compliance -reliability

Information technology controls involve processes that provide assurance for information and help to mitigate ______ associated with the use of ______. Firms need such controls to protect information assets, remain competitive, and control costs in implementing IT projects.

-risks / risk -techonolgy

Which types of input controls would best mitigate the following threats? A. Posting the amount of a sale to a customer account that does not exist. B. A customer entering too many characters into the five-digit zip code while making an online purchase, causing the server to crash. C. An intern's pay rate was entered as $150 per hour, not $15 per hour. D. Approving a customer order without the customer's address so the order was not shipped on time. E. Entering the contract number of a critical contract as 13688 instead of 16388, which is a serious mistake for the company. -Size check -Reasonableness check -Completeness check -Authorization (for sales transactions) or the use of a validity check on the customer number. -Check digit verification

A. Authorization (for sales transactions) or the use of a validity check on the customer number. B. Size check C. Reasonableness check D. Completeness check E. Check digit verification

Match the following control frameworks with their main purposes. A. COSO 2013 B. COSO ERM 2004 C. COBIT 2019 D. ITIL E. ISO 27000 series -Expand internal controls to provide a broader view on risk management to maximize firm value. -Manage IT infrastructure and service delivery. -Provide a framework and guidelines for information security. -Improve quality of financial reporting through internal controls and corporate governance. -Provide management an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT.

A. Improve quality of financial reporting through internal controls and corporate governance. B. Expand internal controls to provide a broader view on risk management to maximize firm value. C. Provide management an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. D. Manage IT infrastructure and service delivery. E. Provide a framework and guidelines for information security.

The COSO ERM 2017 framework codifies 20 principles associated with the five components of enterprise risk management. Match the following principles with the five components. A. Report on risk, culture, and performance B. Review risk and performance C. Pursue improvement in ERM D. Exercise board risk oversight E. Attract, develop, and retain capable individuals F. Prioritize risks G. Define risk appetite H. Assess substantial change -Information, Communication and Reporting -Governance and Culture -Review and Revision -Strategy and Objective-setting -Performance

A. Information, Communication and Reporting B. Review and Revision C. Review and Revision D. Governance and Culture E. Governance and Culture F. Performance G. Strategy and Objective-setting H. Review and Revision

Identify each of the following internal controls as a primarily preventive, detective, or corrective control. A. Limit access to petty cash funds. B. Reconcile the petty cash fund before replenishing it. C. Require two signatures on checks above a specified limit. D. Enable hidden flags or audit trails on accounting software. E. Examine credit card statements and corresponding receipts each month, independently, to determine whether charges are appropriate. F. Keep checks in a locked box or drawer and restrict the number of employees who have access to the key. G. Back up accounting records daily.

A. Preventive B. Detective C. Preventive D. Detective E. Detective F. Preventive G. Corrective

Match the following internal controls with the categories of control activities. A. Separate handling cash (receipt and deposit) functions from record-keeping functions (recording transactions in the accounts receivable subsidiary ledger). B. Require purchases, payroll, and cash disbursements to be authorized by a designated person. C. Require accounting department employees to take vacations. D. Separate purchasing functions from payables functions. E. Ensure that the same person isn't authorized to write and sign a check. F. When opening mail, endorse or stamp checks "For Deposit Only". G. Periodically reconcile the incoming check log against deposits. H. Require supervisors to approve employees' time sheets before payroll is prepared. I. List customer checks on a log before turning them over to the person responsible for depositing receipts. -Segregation of duties -Authorization -Supervision -Accounting documents and records -Access controls -Independent verification

A. Segregation of duties B. Authorization C. Independent verification D. Segregation of duties E. Segregation of duties F. Access control G. Independent verification H. Authorization I. Accounting documents and records

Identify professional organizations that the accounting profession is involved in. AICPA <-> IMA <-> IIA <-> ISACA <-> This organization is for internal auditors. This organization is for public accountants. This organization is for management accountants. This organization is for information systems auditors.

AICPA <-> This organization is for public accountants. IMA <-> This organization is for management accountants. IIA <-> This organization is for internal auditors. ISACA <-> This organization is for information systems auditors.

Which of the following is an example of IT general controls (ITGC)? -IT control environment -Input controls regarding data entry -Access control to a specific file in payroll

IT control environment

COBIT defines the overall IT control framework, and ____ provides the details for IT service management which is released by the UK Office of Government Commerce (OGC) and is the most widely accepted model for IT service management.

ITIL

While COBIT defines the overall IT control framework, another framework, ______, provides the details for IT service management and adopts a life-cycle approach to IT services, focusing on practices for service strategy, service design, service transition, service operation, and continual service improvement.

ITIL

______ controls require compliance with preferred procedures to deter undesirable issues from happening.

Preventive

PCAOB stands for ______ ______ ______ _____ board.

-Public -Company -Accounting -Oversight

Management selects risk responses and develops a set of actions to align risks with the entity's risk tolerances and risk appetite. The four options to respond to risks are: reducing, sharing, avoiding, and ______ risks.

accepting / accept

The COSO ERM framework categorizes objectives in the following four categories: ______, operations, reporting, and compliance.

strategic