Chapter 3

Question 1

stewardship

Answer 1

the careful and responsible oversite and use of the assets entrusted to management

Question 2

code of ethics

Answer 2

following ethical business practices

Question 3

internal controls

Answer 3

a process affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
effectiveness and efficiency of operations
reliability of financial reporting
compliance with applicable laws and regulations

Question 4

fraud

Answer 4

the theft, concealment, and conversion to personal gain of another’s money, physical assets, or information

Question 5

misappropriation of assets

Answer 5

theft of any item of value, also referred to as defalcation, or internal theft, most common are cash or inventory

Question 6

misstatement of financial records

Answer 6

the falsification of accounting reports, referred to as earnings management, fraudulent financial reporting

Question 7

fraud triangle

Answer 7

Incentive
Opportunity                 Rationalization(attitude)

Question 8

incentive

Answer 8

things that motivate people to commit fraud

Question 9

opportunity

Answer 9

if there is a lack of internal controls it is possible to commit fraud

Question 10

rationalization

Answer 10

justifying fraud

Question 11

management fraud

Answer 11

conducted by one or more top level managers within the company, usually in reporting

Question 12

management override

Answer 12

where the management tells a lower level employee to do it despite the controls

Question 13

employee fraud

Answer 13

conducted by employees examples:

inventory theft, cash receipts theft, A?P theft, payroll fraud, expense account fraud

Question 14

skimming

Answer 14

taking money before it is entered into the system

Question 15

larceny

Answer 15

where money is taken after it is entered into the system

Question 16

collusion

Answer 16

when two or more people work together to commit a fraud

Question 17

customer fraud

Answer 17

when a customer improperly obtains cash or property from a company, or avoids a liability through deception

Question 18

credit card fraud or check fraud

Answer 18

customer use of stolen cc or checks

Question 19

refund fraud

Answer 19

when a customer tries to return stolen goods to collect a cash refund

Question 20

vendor fraud

Answer 20

when vendors obtain payments to which they are not entitled

Question 21

vendor audits

Answer 21

the examination of vendor records in support of amounts charged to the company

Question 22

industrial espeonage

Answer 22

the theft of proprietary company info by digging through the trash of the intended target company

Question 23

software piracy

Answer 23

the unlawful copying of software programs

Question 24

internal computer fraud

Answer 24

input manipulation, program manipulation, output manipulation

Question 25

salami technique

Answer 25

altering a program to slice a small amount from several accounts and then credit those small amounts to the perpetrator's benefit

Question 26

trojan horse program

Answer 26

a small unauthorized program within a larger legitimate program, used to manipulate the computer system to conduct a fraud

Question 27

trap door alteration

Answer 27

a valid programming tool that is misused to commit fraud

Question 28

hacking

Answer 28

term commonly used for computer network break ins

Question 29

denial of service attack

Answer 29

intended to overwhelm an intended target computer system with so much bogus network traffic that the system is unable to respond to valid network traffic.

Question 30

spoofing

Answer 30

when a person, through a computer system, pretend to be someone else

Question 31

prevent fraud

Answer 31

1 maintain code of ethics 2. maintain a system of accounting internal controls 3. maintaining a system of information technology controls

Question 32

Sarbanes Oxley Act (SOX)

Answer 32

passed to reform accounting, financial reporting, and auditing functions of public companies.

Question 33

SOX requirement code of ethics

Answer 33

SOX requires that public companies adopt and disclose a code of ethics

Question 34

preventive controls

Answer 34

designed to avoid errors, fraud, or events not authorized by management

Question 35

detective controls

Answer 35

help employees to uncover or discover errors, fraud, or unauthorized events

Question 36

corrective controls

Answer 36

steps to correct an error or problem uncovered via detective controls

Question 37

committee of sponsoring organization (COSO)

Answer 37

made the COSO report

Question 38

COSO report

Answer 38

five components of internal control: | control environment, risk assessment, control activities, information and communication, and monitoring

Question 39

control environment

Answer 39

the tone of the organization, a tone of ethics and integrity will make fraud less likely, as well as the assignment of authority, and responsibility

Question 40

risk assessment

Answer 40

considering existing threats and the potential for additional risks and stands ready to respond should these events occur, steps, 1 identify the sources of risk, both internal and external 2. determine the impact of such risks in terms of finances and reputation 3. estimate the chances of such risks occurring 4. develop an action plan to reduce the impact and probability of these risks 5. execute the action plan and continue the cycle, beginning again with the first step

Question 41

control activities

Answer 41

the policies and procedures that help ensure that management directives are carried out and that management objectives are achieved, examples: 1. authorization of transactions 2. segregation of duties 3. adequate records and documents 4. security of assets and documents 5. independent checks and reconciliation

Question 42

authorization

Answer 42

an approval or endorsement, from a responsible person in the department or organization that has been sanctioned by management

Question 43

general authorization

Answer 43

set of guidelines that allows transactions to be completed as long as they fall within established parameters

Question 44

specific authorization

Answer 44

that explicit authorization is needed for that single transaction to be completed

Question 45

segregation of duties

Answer 45

three parts should be separate, authorization, recording, and custody

Question 46

compensating control

Answer 46

lessens the risk of negative effects when other controls are lacking

Question 47

audit

Answer 47

presents verifiable information about the accuracy of accounting records

Question 48

independent checks

Answer 48

method to confirm the accuracy and completeness of data in the accounting system, examples, reconciliation comparison of physical assets with records recalculation of amounts analysis of reports review of batch totals

Question 49

reconciliation

Answer 49

procedure that compares records from different sources

Question 50

batch total

Answer 50

summation of key items in the batch

Question 51

monitoring

Answer 51

ongoing review and evaluation of a system

Question 52

reasonable assurance

Answer 52

controls achieve a sensible balance of reducing risk when compared with the cost of the control

Question 53

Control objectives for IT(COBIT)

Answer 53

framework developed by the ISACA(information systems audit and control association)

Question 54

trust services principles

Answer 54

designed to be the written guidance for CPA's who provide assurance services for organizations

Question 55

risk and controls in IT 5 categories

Answer 55

``` Security Availability Processing Integrity Online Privacy Confidentiallity ```