ACC 321 Flashcards
(120 cards)
1
Q
Value system level model
A
Vendors, distributors, retailers, customers (supply chain partners)
2
Q
Value chain model
A
Processes and their systems within a company
3
Q
REA Model (business porocess model)
A
Rea model for sub-system
4
Q
Flowchart (task level model)
A
Specific tasks performed by specific individuals within sub-systems
5
Q
Business process
A
A set of activities that takes one or more inputs and creates an output that is of value to the customer
6
Q
Value chain
A
Is a purposeful network of business processes that asemble the individual compnents into a final product that has value to the customer
7
Q
Core business processes
A
Revenue cycle, expenditure cycle, production cycle, payroll cycle, finanacing cycle
8
Q
Four major steps in data processing
A
Data input, data storage, data processing, info output
9
Q
Master file
A
Stores cumulatice info about an organizations entities
10
Q
Transaction file
A
Contains records of individual events that occur dirinf a fiscal period
11
Q
Three main types of outputs
A
Documents reports queries
12
Q
Documents
A
Records of transactions or other company data printed or stored
13
Q
Reports
A
Documents that are used by employees to control operational activities and make decisions
14
Q
Queries
A
User request for specific pieces of information
15
Q
Different types of business enterprise risk
A
Economy, industry, enterprise, business process, accounting info systme
16
Q
Economic risk
A
Industry, economy, competitor, legal, regulatory, change, treasury, credit, trading
17
Q
Industry risk
A
Competitive, customers needs/wants, revolutionary product development
18
Q
Enterprise risk
A
Reputation, stragegic focus, parent company support, patent protection, employee turnover, training
19
Q
Operational risk
A
Operational and compliance
20
Q
Accounting information system risks
A
Financial, operational, and technology
21
Q
Enterprise risk management
A
Identifyinf, assessing and mitigating riaks for better business performance
22
Q
Sas #99
A
Auditors responsibility to detect fraud
23
Q
Sox
A
Ceo and cfo must certify quarterly and annual financial statements. Have to have internal control report
24
Q
The fraud triangle
A
Three conditions that are present when fraud occurs. Pressure, opportunity, and rationalization
25
Fraud tree
Corruption, asset misappropriation, and financial statement fraud
26
Frequency of fraud
Asset misappropriation happens the most then corruption then financial statement
27
Financial loss associated with fraud
Financial statement highest, then corruption then asset
28
Initial detection of fraud
Tip is the most way we find out
29
Three objectives of coso
Operations, reporting, and compliance
30
Four compnay units of coso
Entity, division, operating unit, function
31
Five risk and control components
Control enviornment, risk assesment, control activities, info and comminication, monitoring activities
32
Control enviornment
Demonstrates commitment to integrity and ethical values, exercises oversight responsibily, establishes structure authority abd responsibility demonstrates commitment to competence enforces accountablilty
33
Risk assesment
Specifies relevant objectives, identifies and analyses risk, assesses fraud risk, identifies and analyzes significant change
34
Likelihood
The probablility that the threat will occur
35
Exposure (impact)
The potential dollar loss
36
What happens if either likelihood or impact increases?
The materiality of the event and the need to protect against it rises
37
Four risk reponses
Reduce, avoid, share, accept
38
Reduce
Implement an effective system of internal controls
39
Avoid
Do not engage in any activities that produce risk
40
Share
Transfer some of the risk to others via insurance
41
Accept
Do not avoid reduce or share
42
Inherent risk
The risk that exsist before management takes any response
43
Residual risk
The risk that remains after management implements internal controls or some other risk response
44
Control activities
Selects and develops control activities, selects and develops general controls over technology, develops through policies and procedures
45
Information and communication
Uses relevant info, comminicated internally, communicates externally
46
Monitoring
Conducts ongoing and separate evaluations, evaluates and comminicated deficienties. Must be monitored on ongoing basis and change when needed
47
Cybersecurity information sharing act of 2015
Companies must let everyone know when there has been a breach
48
Organized crime motive
Immediate financial gain, collect info for future gain
49
Organized crime target
Financial payments, pii and phi, payment cards
50
Organized crime impact
Costly regulatory penalities, lawsuite, loss of customer confidence
51
Nation state motive
Economic political and military advantage
52
Nation state target
Trade secrets, sensitive business info, emerging tech, critical infrastructure
53
Nation state impact
Loss of competitive advantage, disruption of critical infrastructure
54
Insiders motive
Personal advantage or monetary gain profession revenge and patriotism
55
Insider target
Sales deals market strategies corp secretz ip and r&dn business operations and personal info
56
Insiders impact
Trade secret disclosure, operational disruption, brand and reputation and national security impact
57
Hacktivist motive
Influence political or social change pressure business to change your practices
58
Hackivist target
Corp secrets, sensitive business info, info related to key executives employees customers and partners
59
Hackivist impact
Disruption of business acticities brand and reputation and loss of customer confidence
60
Unsophisticated attackers
You are attacked because you are on the internet and have a vulnerability
61
Sophisticated attackers
You are hacked because you are on the internet and have info of value
62
Corporate espionage
Your current or former employee seeks financial gain from selling your ip
63
State sponsored attacks
You are targeted because of who you are what you do or the value of your ip
64
What can i do to protect myself?
Protect credentials, social engineering have security defense
65
Security defense
First line-management, second line-risk management, third line-internal audit
66
Database forms
Input data
67
Database reports
Output of database queries
68
What makes up an enterprise
Personnel, r&d, sales, production, services, accounting
69
Tier 1: client computer
Includes an interface that permits dats entry and retrieval
70
Tier 2: applicatiob server
Consisting of specialized computers that store application software programs
71
Tier 3: database
Consisting of a large centralized relational database and rdbms
72
Five categories of control activities
Approval or authroization, design and use of documents and records, safeguard assets records and data, independent checks on performance, segregation of duties
73
Internal controls perform three important functions
Preventitive controls, detective controls, corrective controls
74
Three functions that need to be separated to acheieve separation of duties
Custodial functions, recording functions, and authorization functions
75
Information security
Policies and procedures to secure info assets including it hardware softeare and stored data
76
Information risk management
Managing risk related to informatjon assets and it
77
COBIT
Private model of choice to sufficiently demonstrate it controls
78
COBIT controls
It delivery must enable the organization to achieve its objectives, promotes processes focus and process ownership, looks ar fiduciary quality and security needs of enterprises, 7info criteria to define business requirements
79
COBIT information criteria
Quality, fiduciary, security
80
COVIT IT processes
Domains, processes, and activities
81
COBIT IT resources
People, application systems, technology, facilities, data
82
IT architecture
Consists of architecture for computers networks and databases
83
Access control
For a user to be allowed access to a secured system the user should be identified authenticated and then authorized to access the system
84
Operations security
Actvitities and procedures required to keep information technology running securely
85
Crytography
Is the encoding dats in a form that only the sender and intended reciever can understand
86
Encryption
Is the method of convering plaintext data into unreadable for called ciphertext
87
Ciphertext
Is converted back into plaintext using decryption
88
Sales order entry
All the activities involved in soliciting and processing customer orders
89
DFD squares
People, companies, business functions
90
DFD circles
Processes
91
DFD rectangles
Database
92
DFD arrows
How information flows
93
DFD words on arrows
Documents
94
Picking list
A document that authorizes the warehouse to release merchandise to the shipping department
95
Outputs of the sales process
Bad debt report, cash receipts forecast, customer listing, sales analysis reports
96
Bill of lading
A document that acts as a legal contract defining responsibility of goods while they are in transit
97
Sales invoice
Notifies the customer of the amount to be paid and where to remit payment
98
Deposit slip
A itemized slip showing the exact amount of paper money, coin, and checks beinf deposited go an account
99
Sales returns
Authorizing, accepting, and providing credit for returned items
100
Three times account adjustements are made
Goods are returned, goods are damages, accounts are uncollectible
101
Foreign key
Is the same field that links to a primary key in another table
102
REA
Economic resource, economic event, economic agent
103
Step 1 REA
Identify the economic exchange of events. The pair of events that reflect the give get in the cycle
104
Step two REA
Identify resources and agents. Identify the resources affected by each event and the agents who participate in those events
105
Every event must be linked to at least one
Resources
106
Every event must be linked to at least two
Participating agents
107
Commitment
Orders goods but has not paid and has not recieved goods. A promise to execute and economic event in the future
108
Step three REA
Cardinalities. Determine for each relationship
109
Attributes
Contain information which is required to produce desidred forms and reports
110
Association class
Used for many to many associated with attributes
111
Controls for Incomplete or inaccurate customer order
Threat in sales orfer entry. Completeness checks, auto lookup of data, reasonableness test compairing historical dats
112
Controls for sales to customers with poor credit
Separation od duties, salespeople have read only access to customer credit data, credit approved before selling inventory, accurate records of customer sales and limits
113
Controls for orders that arent legitiamte
Receipt of signed purchase order, digital signitures and certificates, controls with online transactions
114
Controls for stockouts, carrying cost, and markdowns
Accurate inventory control and forecasting, online inventory systems that allow recording of changes in real time, physical counts of inventory, review of sales forecast
115
Control for shipping errors
Use bar codes and rfid tags, field checks and completion checks, packing slip and bill of lading shouldnt be printed until shipment is verrified
116
Controls for theft of inventory
Secure location with restricted access, rfid tags
117
Controls for failure to bill customers
Segregate shipping and billing functions and documents should be numbered in order
118
Controls for billing error
Computer retrieve prices from inventory master file, check quantities on packing slip against on sales orders
119
Controls for theft of cash
Segration of duties, min handling of money, remittance advice
120
Controls for loss alteration or unautorized disclousure of data
Everything backed up regularly, controls utilized, encryption
