TEST3 - AIS

What are some threats to AIS?

natural and political disasters, software and equipment malfunctions, unintentional acts, intentional acts

What was the primary charge of COSO?

to identify factors that could lead to fraudulent financial reporting, improving financial reporting quality and provide guidance on internal control evaluation

Which of the following XBRL documents contains the actual data values for a company's net income for a particular year? a. style sheets b. schema c. linkbases d. instance document

instance document

Which of the following is the correct order of the risk assessment steps discussed in this chapter? a. identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits b. identify controls, estimate risk and exposure, identify threats, and estimate costs and benefits c. estimate risk and exposure, identify controls, identify threats, and estimate costs and benefits d. estimate costs and benefits, identify threats, identify controls, and estimate risk and exposure

A

Which of the following statements about the control environment is FALSE? a. management's attitude toward internal control and ethical behavior have little impact on employee beliefs or actions b. an overly complex or unclear organizational structure may be indicative or problems that are more serious c. a written policy and procedures manual is an important tool for assigning authority and responsibility d. supervision is especially important in organizations that cannot afford elaborate responsibility reporting or are too small to have adequate separation of duties

A

employee uses assets for personal benefit; inventory theft

Asset Abuse

responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors, who report all critical accounting policies and practice to them

Audit Committee

allows transactions to be traced back and forth between their origination and the financial statements

Audit Trail

management establishes policies for employees to follow and then empowers them; documented by signing, initializing, or entering a ______________ code on a document or record

Authorization

What are the three effective ways to segregate accounting duties?

Authorization, Recording, Custody

To achieve effective segregation of duties, certain functions must be separated. Which of the following ist he correct listing of the accounting-related functions that must be segregated? a. control, recording, and monitoring b. authorization, recording, custody c. control, custody, authorization d. monitoring, recording, and planning

B

a specialized software based on the probability of digits; analytical technique used to detect possible errors, potential fraud, and other irregularities

Benford's Law

Which of the following is a control procedure relating to both the design and use of documents and records? a. locking blank checks in a drawer b. reconciling the bank account c. sequentially pre-numbering sales invoices d. comparing actual physical quantities with recorded amounts

C

process of making sure that changes are made smoothly and efficiently and that they do not negatively affect systems reliability, security, confidentiality, integrity, and availability

Change Management

artificially boost sales at end of fiscal year by offering distributors and dealers special incentives to purchase more goods than they need

Channel Stuffing

change the name of the payee/amount after check is written,

Check Tampering

checks accuracy of input data by using it to retrieve and display other related information

Closed-Loop Verification

What are the three components of opportunity within fraud?

Commit, Conceal, Convert

help the company comply with all applicable laws and regulations

Compliance Objectives

fraud that requires computer technology knowledge to perpetrate, investigate, or prosecute it; unauthorized theft, use, access, modification, copying, or destruction of software or data, theft of assets by altering computer records, theft of computer time, etc.

Computer Fraud

policies and procedures that provide reasonable assurance that control objectives are met and risk responses are carried out

Control Activities

the framework that consolidates control standards from 36 different sources into a single framework that allows 1)management to benchmark security and control practices of IT environment 2)users to be assured that adequate IT security and control exist and 3) auditors to substantiate their internal control opinions and to advise on IT security and control matters

Control Objectives for Information and Related Technology (COBIT)

Which of the following is not an independent check? a. bank reconciliation b. periodic comparison of subsidiary ledger totals to control accounts c. trial balance d. re-adding the total of a batch of invoices and comparing it with your first total

D

ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems output

Data Control Group

two or more items must be matched before an action can take place; before paying vendor, verify that invoice matches P.O.

Data Matching

what is the difference between the second line of defense and corrective controls?

Detective controls identify the errors and corrective controls fix them

means of signing a document with data that cannot be forged

Digital Signiture

each specific data item in an XBRL document

Element

the process the board of directors and management use to set strategies, identify events that may effect the entity, assess and manage risk, and provide reasonable assurance that the company achieves its objectives and goals

Enterprise Risk Management

mathematical product of impact and likelihood

Expected Loss

employee reports higher expenses for reimbursement than actually incurred; submits for expenses actually comped

Expense Padding

potential loss from threat

Exposure

need to be checked to ensure the correct amt most current files are being updated

File Labels

sums a field that contain monetary values (total $ amount)

Financial Total

what are the following pressures that can lead to employee fraud?

Financial, Emotional, Lifestyle

what are the pressures that can lead to financial statement fraud?

Financial, Industry Conditions, Management Characteristics

What act was passed to prevent companies from bribing foreign officials to obtain business?

Foreign Corrupt Practices Act

intentional conduct by act or omission that results in materially misleading financial statements; F/S falsified to deceive investors and creditors, increase stock prices, meet cash flow needs, hide company losses/problems

Fraudulent Financial Reporting

What two categories are internal controls segregated into?

General and application controls

sums of nonfinancial numeric field (total quantity ordered)

Hash Totals

at beginning of file with file name, expiration data, etc.

Header Record

risk that exists before management takes any steps to control the likelihood or impact of an event

Inherent Risk

XBRL file containing the tagged data that is delivered to users; contains facts about specific F/S line items, including values, and contextual information such as measurement unit and whether for specific point in time

Instance Document

process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that these control objectives are met

Internal Control

the process implemented to provide reasonable assurance that the following objectives are achieved: - safeguard assets - maintain records in sufficient detail to report company assets accurately and fairly - provide accurate and reliable information - prepare financial reports in accordance with established criteria - promote and improve operational efficiency - encourage adherence to prescribed managerial policies - comply with applicable laws and regulations

Internal Control

COSO identified five interrelated components of internal control. Which of the following is NOT one of those five? A. risk assessment B. internal control policies C. monitoring D. information and communication

Internal Control Policies

influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk

Internal Environment

Who benefits from XBRL?

Investors, companies, relations with lenders

cash is created using the lag between the time a check is deposited and the time it clears the bank

Kiting

a perpetrator steals the cash or checks customer A mails in to pay A/R. Then funds from customer B are used to pay off customer A's balance, etc.

Lapping

test numerical amount against fixed values; hours work >/= 40 hours

Limit Check

any significant deficiency or aggregation of significant deficiencies

Material Weakness

committed by a person or group for personal financial gain; the most significant contributing factor in most of these cases is the absence of I.C. ad failure to enforce existing I.C.

Misappropriation of Assets

ensures that devices are linked to the organization's internal and external networks and that those networks operate properly

Network Management

what are the three components of the fraud triangle?

Opportunity, Rationalization, Pressure

system requests each input data item and waits for an acceptable response, ensures that all necessary data are entered; online completeness check

Prompting

created to control auditing profession; sets and enforces auditing, quality control, ethics, independence, and other auditing standards

Public Company Accounting Oversight Board (PCAOB)

What are the four ways management can respond to risk?

Reduce, Accept, Share, Avoid

help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance

Reporting Objectives

what remains after management implements internal controls or some other response to risk

Residual Risk

In the ERM model, COSO specified four types of objectives that management must meet to achieve company goals. Which of the following is NOT one of those types? a. responsibility objectives b. strategic objectives c. reporting objectives d. operations objectives

Responsibility Objectives

probability that the threat will occur

Risk (probability * exposure)

What act applies to publicly held companies and their auditors and was designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud?

Sarbanes-Oxley Act of 2002

The definition of an XBRL element, including such information as whether its normal account balance as a debit or a credit, is found in which of the following? a. linkbase b. instance document c. schema d. style sheet

Schema

file that contains the definitions of every element that could appear in the instance document

Schema

maintains that management should provide reasonable assurance that control is adequate, management should provide timely, reliable financial information, a system of internal controls is necessary to discharge these obligations

Securities and Exchange Commission

makes sure that systems are secure and protected from internal and external threats

Security management

check if data has correct arithmic sign; quantity ordered should never be negative

Sign Check

an internal control deficiency or combination of deficiencies that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the registrant's financial reporting

Significant Deficiency

check if input will fit into assigned field

Size Check

employee pockets cash received from a customer, then reduces the amount of sale or omits the sale altogether

Skimming

provides instructions on how to appropriately display the content of an instance document

Style Sheet

makes sure all information system components operate smoothly and efficiently

System Administration

help users determine their information needs and design systems to meet those needs

System Analysts

set of files that defines various elements and the relationship between them

Taxonomy

any potential adverse occurrence that could harm the AIS

Threat

at end of file and contain batch totals

Trailer Data

compares account number with data in master file

Validity Check

Which of the following statements is false? a. the psychological profiles of white-collar criminals differ from those of violent criminals b. the psychological profiles of white-collar criminals are significantly different from those of the general public c. there is little to no difference between computer fraud perpetrators and other types of white-collar criminals d. computer fraud perpetrators often do not view themselves as criminals

b. the psychological profiles of white-collar criminals are significantly different from those of the general public

Which of the following is designed primarily to improve the efficiency of financial reporting? a. XML b. XBRL c. IFRS d. the balanced score card

XBRL

the general purpose language used to communicate financial data

XBRL

a file containing a set of customized tags to define new XBRL elements that are unique to a specific organization

XBRL extension taxonomy

Which data entry application control would detect and prevent entry of alphabetic characters as the price of an inventory item? a. field check b. limit check c. reasonableness check d. sign check

a

Once fraud has occurred, which of the following will reduce fraud losses? a. insurance b. regular backup of data and programs c. contingency plan d. segregation of duties

a, b, c

Which of the following conditions is/are usually necessary for a fraud to occur? (select all correct answers) a. pressure b. opportunity c. explanation d. rationalization

a, b, d

Which of the following causes the majority of computer security problems? a. human errors b. software errors c. natural disasters d. power outages

a. human errors

Which of the following is a fraud in which later payments on account are used to pay off earlier payments that were stolen? a. lapping b. kiting c. Ponzi scheme d. salami technique

a. lapping

make sure transactions are processed corrective

application controls

Which type of fraud is associated with 50% of all auditor lawsuits? a. kiting b. fraudulent financial reporting c. Ponzi scheme d. lapping

b. fraudulent financial reporting

Which of the following statements is true? a. COSO's enterprise risk management framework is narrow in scope and is limited to financial controls b. COSO's internal control integrated framework has been widely accepted as the authority on internal controls c. The Foreign Corrupt Practices Act has no impact on internal accounting control systems d. it is easier to add controls to an already designed system that to include them during the initial design stage

b. COSO's internal control integrated framework has been widely accepted as the authority on internal controls

Which of the following is an example of the kind of batch total called a hash total? a. the sum of the purchase amount field in a set of purchase orders b. the sum of the purchase order number field in a set of purchase orders c. the number of completed documents in a set of purchase orders d. all of the above

b. the sum of the purchase order number field in a set of purchase orders

summarize important values for bath input records

batch totals

All other things being equal, which of the following is true? a. Detective controls are superior to preventive controls b. Corrective controls are superior to preventive controls c. Preventive controls are equivalent to detective controls d. Preventive controls are superior to detective controls

d. Preventive controls are superior to detective controls

Which of the following is NOT an example of computer fraud? a. theft of money by altering computer records b. obtaining information illegally using a computer c. failure to perform preventative maintenance on a computer d. unauthorized modification of a software package

c. failure to perform preventative maintenance on a computer

Which of the following is a control that can be used to verify the accuracy of information transmitted over a network? a. completeness check b. check digits c. parity bit d. size check

c. parity bit

Which of the following is the most important, basic, and effective control to deter fraud? a. enforced vacation b. logical access control c. segregation of duties d. virus protection controls

c. segregation of duties

Which of the following controls would prevent entry of a nonexistent customer number in a sales transaction? a. field check b. completeness check c. validity check d. batch total

c. validity check

check if required items have been entered

completeness check

run the software on the company's computers. ensure that data are input properly, that they are processed correctly, and that output is produced when needed

computer operations

identify and correct problems as well as correct and recover from the resulting errors

corrective controls

make sure an organizations control environment is stable and well managed

general control

maintains custody of corporate databases, files, and programs in a separate storage area called:

information system library

Which of the following is NOT one of the responsibilities of auditors in detecting fraud according to SAS No. 99? a. evaluate the results of their audit tests b. incorporate a technology focus c. discuss the risks of material fraudulent misstatements d. catch the perpetrators in the act of committing the fraud

d. catch the perpetrators in the act of committing the fraud

Which of the following control procedures is most likely to deter lapping? a. encryption b. continual update of the access control matrix c. background check on employees d. periodic rotation duties

d. periodic rotation duties

discover problems that are not prevented

detective control

What does XBRL stand for?

eXtensible Business Reporting Language

check if character in field is proper type

field check

deal with the effectiveness and efficiency of company operations

operation objectives

a person's incentive or motivation for committing fraud

pressure

Which control is superior - preventative or detective?

preventative

deter problems before they arise

preventative control

What are the three important functions that internal controls perform?

preventative, detective corrective

take the analysts' design and create a system by writing the computer programs

programming

number of records in a batch

record count

the amount of risk they are willing to accept to achieve their goals

risk appetite

high-level goals that are aligned with the company's mission, support it, and create shareholder value

strategic objectives