Term
|
Definition
| deter problems before they arise |
|
|
Term
|
Definition
| discover problems that aren't prevented |
|
|
Term
|
Definition
| identify and correct problems as well as correct and recover from the resulting errors |
|
|
Term
|
Definition
| make sure an organization's control environment is stable and well managed |
|
|
Term
|
Definition
| make sure transactions are processed correctly |
|
|
Term
|
Definition
| how a company creates value, helps employees understand management's vision, and inspires employees to live by those values |
|
|
Term
|
Definition
| helps employees act ethically by setting boundaries on employee behavior |
|
|
Term
| Diagnostic Control System |
|
Definition
| measures, monitors, and compares actual company progress and performance goals |
|
|
Term
| Interactive Control System |
|
Definition
| helps managers to focus subordinates attention on key strategic issues and to be more involved in their decisions |
|
|
Term
| Foreign Corrupt Practices Act |
|
Definition
| passed to prevent companies from bribing foreign officials to obtain business |
|
|
Term
|
Definition
| 1. PCAOB 2. CEO and CFO responsible for signing off section 404 3. Audit committee 4. Enhanced Disclosures 5. Protection for whistleblowers 6. Enhanced Penalties |
|
|
Term
|
Definition
| self interest seeking with guile (intent to deceive) |
|
|
Term
| What do the four top columns represent on ERM and what do 8 horizontal rows represent? |
|
Definition
1. Company Goals
2. risk and control components |
|
|
Term
| What is the problem with IC framework? |
|
Definition
| Doesn't look at risks or business process. Doesn't show how to evaluate results. Primarily control base approach |
|
|
Term
|
Definition
| amount of risk management is willing to accept to achieve the goals |
|
|
Term
|
Definition
| provides a framework for operations. needs to me clear and organized or problems will occur. new trend flat level mgmt |
|
|
Term
|
Definition
| high level goals that are aligned with the company's mission |
|
|
Term
|
Definition
| deal with effectiveness and efficiency of company operations, determine how to allocate results |
|
|
Term
| What are the four components of ERM? |
|
Definition
| strategic, operational, reporting, and compliance |
|
|
Term
|
Definition
| exists before management tasks any steps to control the likelihood or impact of an event |
|
|
Term
|
Definition
| what remains after management implements internal controls or some other response to risk |
|
|
Term
| What are 4 ways to respond to risk? |
|
Definition
| Reduce, Accept, Share, and Avoid |
|
|
Term
|
Definition
| Authorization, Recording, Custodial |
|
|
Term
| How can someone commit fraud if segregation of duties aren't in place? |
|
Definition
| Person authorizes transactions, forged invocies for authorizig payments , then another department gave hime checks to deliver to fake property owners, He forged signatures and deposited checks in own account. WHY? BC HE HAD CUSTODY OF CHEKCS AND AUTHORIZED FAKE TRANSACTIONS |
|
|
Term
| What is the accepted authority or internal controls? |
|
Definition
| COSO internal control integrated framework |
|
|
Term
| What 3 things help a control environment? |
|
Definition
| Clear Organizational structure, written policy and procedures manual for assigning authority, and supervision |
|
|
Term
| What are 3 independent checks? |
|
Definition
| Bank Reconciliation, Periodic comparison of subsidiary ledger totals to control accounts, and trial balance |
|
|
Term
| What is the correct order of the risk assessment steps? |
|
Definition
Identify threats
Estimate risk and exposure
Identify Threats
Estimate Costs and Benefits |
|
|
Term
|
Definition
| natural disaster, software error, unintentional acts, intentional acts |
|
|
Term
|
Definition
false statement
material fact
intent to deceive
justifiable reliance
injury or loss |
|
|
Term
|
Definition
auditor's responsibility to detect fraud
1. Understand Fraud
2. Discuss the risks of fraud
3. Obtain Information
4. Identify, assess, and respond to risks
5. Evaluate results of audit test
6. Document and communicate findings
7. Incorporate a technology focus |
|
|
Term
| 3 Components of Fraud Triangle |
|
Definition
| Opportunity, rationalization, and pressure |
|
|
Term
| Opportunity Triangle consists of 3 parts |
|
Definition
| Commit, Conceal, and Convert |
|
|
Term
| 3 Parts of Rationalization Triangle |
|
Definition
| Attitude, Justification, and Lack of Personal Integrity |
|
|
Term
|
Definition
| cash is created using the lag between the time a check is deposited and the time it clears the bank |
|
|
Term
| 4 Computer Fraud Classifications |
|
Definition
| Data, Input, Output, and Computer Instructions Fraud |
|
|
Term
|
Definition
| later payments on account are used to pay off earlier payments that were stolen |
|
|
Term
| What cause the majority of computer security problems? |
|
Definition
|
|
Term
| What control procedure can deter lapping? |
|
Definition
| Periodic Rotation of Duties |
|
|
Term
| Once fraud has occurred which will reduce fraud losses |
|
Definition
| Insurance, Regular backup of data and programs, contingency plan |
|
|
Term
|
Definition
| information about a student (name, GPA, major) |
|
|
Term
| What is a general ledger control account? |
|
Definition
|
|
Term
| Used in expenditure Cycle? |
|
Definition
|
|
Term
|
Definition
| better access control, standardization of procedures and reports, and improved monitoring capabilities |
|
|
Term
| What are 4 types of coding techniques? |
|
Definition
| sequence, block, group, and mnemonic |
|
|
Term
|
Definition
| Create, Read, Update, and Delete |
|
|
Term
|
Definition
| Batch, online-batch, and online |
|
|
Term
|
Definition
| how you apply explicit knowledge; hard to capture |
|
|
Term
|
Definition
| People, Process, and technology can't use in isolation |
|
|
Term
|
Definition
| data that can be written down |
|
|
Term
|
Definition
|
|
Term
| 3 computer fraud and abuse techniques from 6.1 |
|
Definition
data leakage (unauthorized copying of company data)
eavesdropping (listening to private information)
hacking (unauthorized theft) |
|
|
Term
|
Definition
1. Homogenous buy whole package
2. Heterogenous can buy one part
3. Best of Breed- can buy best from each individual department
SAP and Oracle |
|
|
Term
|
Definition
CEO is risk adverse and can't figure out who to blame, no accountability
Solution: hire consultants |
|
|
Term
| Problem with Fraud Example |
|
Definition
| only know what we know dept of conservatism in cali |
|
|
Term
|
Definition
| lack of internal controls, failure to enforce internal controls, excessive trust or insufficient distrust, vacations, unenforced segregation of duties, and background checks |
|
|
Term
| Process for 3 stages of COSO IC framework |
|
Definition
identify events, estimate probability, and estimate impact
Ex: Data center failing bc of power failure or snow storm
One person should mitigate risks and another for services to keep everyone honest |
|
|
