Family Feud
Name one of the sections of the CPA exam
Audit and Attestation Regulation Financial Accounting and Reporting Business Environment and Concepts
Name a certification that an auditor might earn
CPA CIA [internal auditor] CFE [fraud examiner] CISSP [information systems security professional] CISM [information security manager] CISA [information systems auditor]
Name one of the five components of internal controls as defined by COSO
CRIME control activities Risk assessment Information and communication Monitoring Environment (control)
Name a security technology that was used in the movie SNEAKERS to attempt to protect information or physical devices
Card readers and logs voice recognition encrytion passwords motion/heat sensors
name a piece of US legislation that addresses the inherent risk of collecting data
Data Privacy Act HIPPA SOX GLBA
Name a policy or procedure recommended to be included in a data security framework
Data protection policy Info security policy for electronic communications external communication policy code of conduct physical security document retention policy
Name a key area for testing IT general controls
Disposal on information system equipment Mobile Devices Development and maintenance of Applications Physical and logical security controls Access controls Database management
Name a specific project under way at the PCAOB that focuses on their objectives to improve audit perception
review auditor's reporting model disclosing who performed the audit in the audit report increase auditor independence
Name a step in the Analytic Methodology an IT auditor might use with CAATS
scope retention and archiving data acquisition execution of tests data validation documentation of results review
Name an area of an audit that is particularly important to maintain and apply professional skepticism
significant management judgements financing transactions auditors consideration of fraud
Name a benefit of the Accounting Quality Model to the SEC
speeds up the process for identifying financial statements that may contain fraud SEC can begin to review financials 24 hours after they are filed evaluate a company against its industry peers allows the SEC to review each reporting company at least once every three years
name reason for having a data analytics retention and archiving policy
support litigation reperformance needs meet regulatory requirements meet contractual requirements
Name a limitation of traditional fraud prevention activities in retail
resource constraints and inefficiencies oversight and lock of continuous monitoring inadequate control activities outdated technologies and limited data analytics
Name a type of data that is available in retail companies that could be used to identify areas of exposure for fraud
purchasing accounts payable store level video and audio recordings employee shifts records warehouse movements sales projections Point of sale returns
Name a component of professional skepticism as defined by the AICPA
questioning mind critical assessment of audit evidence being alert to conditions that may indicate possible misstatements due to fraud or error
Name an advantage of XBRL
reduced costs fluidity of shared information increased productivity improved data quality and validity improved access to financial information
Name an issue that is causing uncertainty among Google stakeholders as to their ability to protect data and privacy to "Do No Evil"
Enforce gold standard security measures including access controls, heat-sensitive cameras, round-the-clock guards and biometric ID verifications Legal jurisdiction of data that travels through international borders Synchronize large volume of information across international data centers Maintain thousands of miles of fiber cable for the exclusive use to connect data centers on 4 continents
Name one type of audit
External audit Internal audit forensic audit IT audit
Name a standard or framework that auditors look to for guidance
GAAP IFRS COBIT COSO FASB Codification GAAS SAS
Name a Google product that stores personal data
Gmail Google+ Chrome Google wallet YouTube Android Google Cloud/Drive Google Calendar Google Maps
Name a secutiry prediction from WatchGuards 2014 report
Hollywood type of cyber attack increase in social engineering type attacks increased cyber kidnapping Attacks on US healthcare system more destructive malware
Mr. Smith Goes to Washington
How to conduct a filibuster Steps for a bill to become a law steps to replace a senator that dies in office
Name a way of identifying a computer on a network
IP address MAC address Computer Name
Name a key topic discussed at the 2013 AICPA National Conference
Improving transparency and quality of financial reports using disclosures enforcement activities auditor transparency and quality audits incorporating IFRS reducing the complexity of standards
Name on of the predefined queries in a CAAT tool that perform scans for unusual items
Journal entries by source code journal entries by unusual amounts large or rounded amounts entries posted on unusual dates amounts ending in nines duplicate entries journal entries posted to certain accounts
Name one of the top hashtags used by CFOs that indicates what they were thinking about last quarter
Leadership obabamcare CFO Thanksgiving
Name a type of network
Local Area Network [LAN] PAN WAN [Wide-area] Wireless Network VPN
Name an example of personal data that is at risk of security breach
Medical information current physical location political affiliation employee performance appraisals customer credit information internet browsing history education records geneology religious affiliations
Name one of the common file formats used to import data
Microsoft Excel Microsoft Access comma delimited tab delimited XML pdf
Name one of the criteria in the "Wigmore Test" used to determine claim of privilege apply to persons in a given relation
Must be essential to the full and satisfactory maintenance of the relation between the parties communications must originate in a confidence that they will not be disclosed community must think the relation should be fostered injury in revealing the information must be greater than the benefit
Name a hardware component that makes up a network
Network Interface Card [NIC] gateway switch bridge hub router
Name a governing body or association that directly influences the work of external auditors
PCAOB AICPA FASB PCC SEC FAF NASBA TSBPA IASB
Name a key tenet in creating a cybersecurity operation model
Prioritize information assets based on business risks Test continuously to improve incident response Integrate cyberresistance into enterprise-wide risk-management and governance processes Enlist frontline personnel to help them understand the value of information assets Deeply integrate security into the technology environment to drive scalability Deploy active defenses to uncover attacks proactively Provide differentiated protection based on importance of assets
Name an objective of a corporate security awareness and training program
Providing data security tools and education to employees Providing clear leadership Communicating and enforcing sensible security policies Fostering a security-aware culture Proactively setting security expectations
Name one of the inherent risks of living in a hyper connected digital world
Risk of operational disruption Intellectual property loss public embarrassment fraud
Name a development that suggests that the SEC will increase the number of enforcement actions in 2014
RoboCop SEC is realizing monetary benefits from their actions formation of the Financial Reporting and Audit Task Force increased monetary incentives from the whistleblower bounty program
Name one of the best weapons to use against find reporting fraud in areas where judgement is required
Robust compliance program diligent audit committee appropriately skeptical auditor
Name one of the issues that the WatchGuard believes is contributing to cyber security controls not working
Security logs are so voluminous that important events are not seen most businesses still rely on legacy defenses such as firewalls security controls are not configured properly
Name one of the COBIT 5 Principles
Separating governance from management Covering the enterprise end-to-end Enabling a holistic approach Applying a single integrated framework Meeting stakeholder needs
Name a company who has public reported data breach in the last year
Target Google Neiman Marcus Michael's Yahoo
Name one of the 5 principles of the Code of Fair Information Practices established in 1972
There must be a way for a person to find out what info about them is in a record and why and organizational who has and releases their information a way to correct information a way to remove information
Name a cause of data security breaches in organizations that is initiated by user action
Unintended disclosure insider information portable devices being lost or stolen (phones, CDs, laptops, flash drives) physical documents being lost or stolen
name a type of retail fraud
refunds employee theft client service billing POS manipulation financial statements shoplifting salaries and wages vendor collusion
Name an analyses that CAATs could perform on the entire accounts receivable balance details
aging by invoice customers with balances greater than approved credit lines overdue balances with accounts greater than a certain amount balances including significant credit memos duplicate invoices or credits
Name a reason why a cybercriminal may steal intellectual property
avoid paying for IP sell to competitors disrupt/sabotage an entity gain a hostage.blackmail access confidential business information
Name an IT-enabled business trend for the next decade
big data and advanced analytics mobile-payment networks [PAYPAL] increased access to technology in emerging countries "renting" unused physical items as service [LYFT] using artificial intelligence to automate knowledge work customer expectations that services are free [Facebook] transformation of government, health care and education virtual-reality applications social matrix deploying the internet through small tracking and data devices
Name one type of application that banks might use XBRL for
business reporting management reporting preparation credit analysis financial consolidation process
Name one of the four characteristics of a financial statement that external auditors are providing an opinion about when they issue their financial audit report
complete fairly presented accurate relevant
name an example of cybercrime from the understanding cybercrime wave article
confiscating online bank accounts posting confidential business information on the internet stealing an organizations IP disrupting a country's critical national infrastructure creating and disturbing viruses on other computers
name an example of independent audit evidence that would satisfy PCAOB Auditing Standard No 15
contract terms obtained directly from the other party to the contract sales order obtained directly from the customer purchase invoices obtained directly from the vendor bank statements obtained directly from the bank
Name an issue that could flare up next shareholder meeting according to the named article
cybersecurity disaster planning spinoff advocacy global economic concerns auditor tenure new COSO framework M&A opportunity conflict minerals executive compensation
name something that cyber criminals steal
debit/credit card data personally identifiable info bank credentials intellectual property wire transfer access
Name a behavioral symptom that perpetrators of fraud often possess
display control issues or are unwilling to share their job duties are going through a divorce or experiencing other family problems act noticeably irritable, suspicious or defensive have an unusually close relationship with a vendor or customer are experiencing financial difficulties are living beyond their means have known problems with addiction display a wheeler dealer attitude
Name one of three General Standards under GAAS
due professional care technical training and proficiency independence
Name a potential user of financial statements
employees investors vendors financial institutions government entities owners and managers media and general public
Name something that the SEC is relying on to improve the quality of the XBRL filings
ensure that missing or incorrect calculation link bases are not used minimize the use of extended custom elements review the signage for all elements
Name a topic that is a top priority for board of directors in 2014
executive compensation board compensation compliance requirements strategic planning cybersecurity independence of board chair and CEO healthcare reform
Name an issue that causes extracted data to need to be corrected or cleaned
format/structure of data/reports presentation of data values data types
Name a reason why spam is a problem
frauds and scams takes up storage space irritating slows down network traffic loss of productivity malware and virus infection
Name one of the employee surveillance metrics mentioned in the article "Account's Big Data Problem"
geographical location time not he internet telephone calls made sites visited
Name an alternative accounting method that is now approved by the FASB and available for private companies to use
goodwill alternative interest rate swap alternative
Name an incentive that companies have to improve their XBRL reporting process
if the model is created well it can be reused for multiple years inaccurate XBRL filings increase the change of an SEC review it is a requirement for filing their financial statements with the SEC Banks have proven that accurate XBRL tagged data is achievable companies that starting to see it as a tool to manage big data technical training is available through the XBRL US GAAP Certificate program
Name an area that auditors are likely to focus on because of susceptibility to fraud and error
inventory revenue recognition accounts receivable journal entry accounts payable accruals and reserves
name a reason why it has been difficult for XBRL to become accepted
it was perceived as just another regulatory burden difficult to agree on common terms so companies create their own extended custom elements new and detailed technology that people are not familiar with companies don't want their data to be transparent
name a lesson that you hopefully learned from Helen Sharkey's Story
listen to your guy good people make bad decisions look out for yourself. no one else will don't do anything you wouldn't want to tell your grandmother/spouse/children importance of having an ethical mentor outside of work don't give up on yourself. no mistake defines you It could happen to you
Name a potential consequence under the current rules for a private company that considers going public
might prevent companies from electing to use alternative methods and gain those advantages could incur even greater costs if they use an alternative method must restate financial statements using original public methods
Name an example of ways that data could be messy
nonprinting characters leading or trailing spaces leading or trailing zeros 00000 inconsistencies in data entry hanging parentheses))))))
Name one of the significant factors that differentiate the financial reporting considerations of private companies from public companies
the ownership structure and capital structures the investment strategies of primary users the manner in which preparers learn about new financial reporting guidance the number of primary financial statement users and their access to management accounting resources
Name one really big data problem listed by
theoretical soundness disclosure estimation probability representation logicalness correctness timeliness
name something that remediation starts with in respect to defending against cybercrimes
think through how that particular toll or understand the tools and vectors that have a high risk for the audit finding an effective remediation to prevent and detect an intrusion understanding where the original point go entry is for identified risk
Name one of the three categories of management assertions in a financial audit
transactions account balances presentation and disclosures
Name a module where financial accounting and reporting guidance might differ for private and public companies
transition methods recognition measurement presentation effective dates disclosures
name a pattern in responses that an individual might do to try to avoid providing a truthful answer
using oaths qualifying answers repeat the questions back respond with another question
Name a trend or pattern that the SEC financial Reporting and Audit Task Force is using the Accounting Quality Model to monitor
using one accounting method to maximize book earnings while using a different method to minimize tax income multiple revisions over a short period time high proportion of off-balance sheet transactions
Name a method of checking the validity of data acquired for data analytics
verifying data completeness based on given scope independent validation of balances verifying time periods reconciling to control totals validating data types
name something that NASDAQ private market was designed to give a company more control over
when transactions occur how many shares can be sold which employees can but and sell shares
