CIA - Part 1 Flashcards

Question

CH 2.8: Quality Assurance Improvement Program (QAIP)

Answer 1

- Designed to enable an evaluation of the Internal Auditing Activity's conformance with the Standards and the evaluation of whether internal auditors apply the Code of Ethics. - The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. - CAE should encourage board oversight. - Ongoing measurement and analysis of performance metrics

Answer 2

5 Components - Internal Assessment - External Assessment - Communication of QAIP Results - Proper use of a conformance Statement - Disclosure of non conformance

Answer 3

- Ongoing monitoring of the performance of IA Activity - Periodic self assessment/assessments by others within the organization - Provides an effective structure for the IA Activity to continuously assess its conformance with the Standards and whether IA apply the Code of Ethics.

Answer 4

- Must be conducted once every 5 years - Provide independent/objective evaluation of the IA Activity's conformance with the Standards and Code of Ethics (A) Full External Assessment - level of conformance/ efficiency and effectiveness, and meet expectations (B) Self Assessment (SAIV) - with independent external validation - self assessment/onsite validation/limited attention to other areas

Answer 5

Largely through the organization placement of the IA Activity, including the CAE's reporting lines, as well as the direct interaction of the CAE with the board and sr. management through dual reporting.

Answer 6

To manage IA objectivity effectively, many CAEs have a internal audit policy manual or handbook that describes expectations and requirements.

Answer 7

Whenever IA is offered a gift (other than minor value promotional items), the required course of action is to report the issue to the CAE or audit management.

Answer 8

An IA must NOT be involved in auditing areas where he/she was responsible for previous year or if the auditor has been promoted (i.e., will be transferred to the operating department under audit). If involved, adequate reporting and disclosure MUST be made.

Answer 9

The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. Corporate governance can be influences by internal or external mechanisms.

Answer 10

Internal - Corporate charters, by laws, board of directors, and internal audit function. External - Laws, regulations, and the government regulators who enforce them.

Answer 11

As the highest level governing body (i.e., a board of directors, a supervisory board, or a board of governors of trustees) charged with the responsibility to direct and/or oversee the organization's activities and hold sr. management accountable. A group or person charged with governance of the organization.

Answer 12

The board has the following duties: - Selection and removal of officers - Decisions about capital structure (mix of debt and equity, consideration to be received for shares, etc.) - Adding, amending, or repealing bylaws (unless this authority is reserved to the shareholders) Initiation of fundamental changes (mergers, acquisitions, etc.) - Decisions to declare and distribute dividends - Setting of management compensation (sometimes performed by a subcommittee called the compensation committee) - Coordinating audit activities (most often performed by a subcommittee called the audit committee) - Evaluating and managing risk (sometimes performed by a subcommittee called the risk committee)

Answer 13

Persons or entities who are affected by the activities of the entity. Among others, these include shareholders, employees, suppliers, customers, neighbors of the entity’s facilities, and government regulators.

Answer 14

Governance does not exist independently of risk management and control. Rather, governance, risk management, and control (collectively referred to as GRC) are interrelated. (1) Effective governance considers risk when setting strategy, and risk management relies on effective governance (e.g., tone at the top, risk appetite and tolerance, risk culture, and the oversight of risk management). (2) Effective governance relies on controls to manage risks and on communication of their effectiveness to the board.

Answer 15

Governance has two major components: strategic direction and oversight. 1) Strategic direction determines a. The business model, b. Overall objectives, c. The approach to risk taking (including the risk appetite), and d. The limits of organizational conduct. 2) Oversight is the governance component with which internal auditing is most concerned. It is also the component to which risk management and control activities are most likely to be applied. The elements of oversight are Risk management activities performed by senior a. management and risk owners and b. Internal and external assurance activities.

Answer 16

May be created that (1) Identifies key risks, (2) Connects them to risk management processes, (3) Delegates them to risk owners, and (4) Considers whether tolerance levels delegated to risk owners are consistent with the organization’s risk appetite.

Answer 17

Performs day-to-day governance functions. Senior management carries out board directives (within specified tolerances for unacceptable outcomes) to achieve objectives.

Answer 18

Are responsible for: 1. Evaluating the adequacy of the design of risk management activities and the organization’s ability to carry them out as designed; 2. Determining whether risk management activities are operating as designed; 3. Establishing monitoring activities; and 4. Ensuring that information to be reported to senior management and the board is accurate, timely, and available.

Answer 19

Consists of the attitudes, behaviors, and understanding about risk, both positive and negative, that influence the decisions of management and personnel and reflect the mission, vision, and core values of the organization.

Answer 20

The design and practice of effective governance vary with: - Size, complexity, and life cycle maturity - Its Stakeholders structure - Legal and Cultural Requirements

Answer 21

The internal audit activity’s ultimate responsibility is to evaluate and improve governance

Answer 22

CSR refers to (a) social responsibility, (b) sustainable development, and (c) corporate citizenship.

Answer 23

(1) Reaction - The organization denies responsibility and tries to maintain the status quo. (2) Defense - The organization uses legal action or public relations efforts to avoid additional responsibilities. (3) Accommodation - The organization assumes additional responsibilities only when pressured. (4) Proaction - The organization takes the initiative in implementing a CSR program that serves as an example for the industry.

Answer 24

Risk - is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood (The IIA Glossary). Risk management - is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives (The IIA Glossary)

Answer 25

- Assessment, treatment, monitoring, and reporting of risk are aggregated across the organization. - Risk management processes include (1) identification of context, (2) risk identification, (3) risk assessment and prioritization (i.e., risk analysis), (4) risk response, and (5) risk monitoring.

Answer 26

Across the organization, personnel who are competent and skilled participate in the risk management process.

Answer 27

Risk is considered and built into the decision-making, objective-setting, and compensation structure.

Answer 28

Risk identification should consider past events (trends) and future possibilities. Methods used include the following: - Event inventories - Questionnaires and surveys - Leading event indicators and escalation triggers - Facilitated workshops and interviews - Loss event data methodologies

Answer 29

Risk modeling is a method of risk assessment and prioritization. - Risk modeling ranks and validates risk priorities when setting the priorities of engagements in the audit plan. - Risk factors may be weighted based on professional judgments to determine their relative significance, but the weights need not be quantified.

Answer 30

- Risk responses are the means by which an organization elects to manage individual risks. - Each organization selects risk responses that align risks with the organization’s risk appetite (the level of risk the organization is willing to accept). (A) Controls - are actions taken by management to manage risk and ensure risk responses are carried out. (B) Control risk - is the risk that controls fail to effectively manage controllable risks. (C) Residual risk - is the risk that remains after risk responses are executed.

Answer 31

(1) Risk management is a key responsibility of senior management and the board. (2) Boards - have an oversight function. They determine that risk management processes are in place, adequate, and effective. (3) Management - ensures that sound risk management processes are functioning. (4) The internal audit activity - may be directed to examine, evaluate, report, or recommend improvements. It also has a consulting role in identifying, evaluating, and implementing risk management methods and controls.

Answer 32

Is based on the premise that every organization exists to provide value for its stakeholders. Accordingly, ERM is defined as; the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.

Answer 33

Is a composite view of the types, severity, and interdependencies of risks related to a specific strategy or business objective and their effect on performance.

Answer 34

- Portfolio view is similar to a risk profile. - The difference is that it is a composite view of the risks related to entity-wide strategy and business objectives and their effects on entity performance.

Answer 35

Consists of the amount and types of risk the organization is willing to accept in pursuit of value.

Answer 36

(1) Created - when the benefits obtained from the resources used exceed their costs. (2) Preserved - when the value of resources used is sustained. (3) Realized - when benefits are transferred to stakeholders. (4) Eroded - when management’s strategy does not produce expected results or management does not perform day-to-day tasks.

Answer 37

Management = Responsibility Board = Oversight IA Activity = Assistance/Assurance

Answer 38

The COSO ERM framework consists of five interrelated components. Twenty principles are distributed among the components. - The supporting aspect components are: (1) Governance and culture and (2) Information, communication, and reporting. - The common process components are: (1) Strategy and objective-setting, (2) Performance, and (3) Review and revision.

Answer 39

The following are the five categories of risk responses: 1. Acceptance (retention) - No action is taken to alter the severity of the risk. Acceptance is appropriate when the risk is within the risk appetite. This term is synonymous with self-insurance. 2. Avoidance - Action is taken to remove the risk. Avoidance typically suggests no response would reduce the risk to an acceptable level. For example, the risk of pipeline sabotage can be avoided by selling the pipeline. 3. Pursuit - Action is taken to accept increased risk to improve performance without exceeding acceptable tolerance. 4. Reduction (mitigation) - Action is taken to reduce the severity of the risk so that it is within the target residual risk profile and risk appetite. For example, the risk of systems penetration can be reduced by maintaining an effective information security function within the entity. 5. Sharing (transfer) - Action is taken to reduce the severity of the risk by transferring a portion of the risk to another party. Examples are insurance; hedging; joint ventures; outsourcing; and contractual agreements with customers, vendors, or other business partners.

Answer 40

Is a principles-based approach to risk management. Its principles are the foundation for risk management. They also communicate the characteristics, value, and purpose of effective and efficient risk management. Value creation and protection are the purposes of risk management.

Answer 41

Approach is based on the principle that effective risk management processes develop and improve with time as value is added at each phase in the maturation process. The basic principle is that risk management must add value. - Accordingly, this approach determines where the risk management process is on the maturity curve and evaluates whether it (1) is progressing as expected, (2) adds value, and (3) meets organizational needs.

Answer 42

Is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.

Answer 43

Are the policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept.

Answer 44

Is the attitude and actions of the board and management regarding the importance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: - Integrity and ethical values - Management’s philosophy and operating style - Organizational structure - Assignment of authority and responsibility - Human resource policies and practices - Competence of personnel

Answer 45

Internal control only provides reasonable assurance of achieving objectives. It cannot provide absolute assurance because any system of internal control has the following inherent limitations: - Human judgment is faulty, and controls may fail because of simple errors or mistakes. - Management may inappropriately override internal controls, e.g., to fraudulently achieve revenue projections or hide liabilities. - Manual or automated controls can be circumvented by collusion. - The cost of internal control must not be greater than its benefits.

Answer 46

The roles and responsibilities are as follows: - Senior management oversees the establishment, administration, and assessment of the system of controls. - Managers assess controls within their responsibilities. - The internal auditors provide assurance about the effectiveness of existing controls.

Answer 47

(1) Preventive controls deter the occurrence of unwanted events. (2) Detective controls alert the proper people after an unwanted event. They are effective when detection occurs before material harm occurs. (3) Corrective controls correct the negative effects of unwanted events. (4) Directive controls cause or encourage the occurrence of a desirable event.

Answer 48

(1) Compensatory (mitigative) controls may reduce risk when the primary controls are ineffective. However, they do not, by themselves, reduce risk to an acceptable level. (2) Complementary controls work with other controls to reduce risk to an acceptable level. In other words, their synergy is more effective than either control by itself.

Answer 49

Controls over information and related technologies can be broadly classified into two categories: (1) IT general controls and (2) application controls. - According to The IIA’s Global Technology Audit Guides (GTAGs), IT general controls are those that pertain to all systems components, processes, and data present in an organization’s IT environment. - The objectives of IT general controls are to ensure the appropriate development and implementation of applications, as well as the integrity of program and data files and of computer operations.

Answer 50

(1) Financial totals - summarize monetary amounts in an information field in a group of records. The total produced by the system after the batch has been processed is compared to the total produced manually beforehand. (2) Record counts - track the number of records processed by the system for comparison to the number the user expected to be processed. (3) Hash totals - are control totals without a defined meaning, such as the total of vendor numbers or invoice numbers, that are used to verify the completeness of the data.

Answer 51

(1) Preformatting - of data entry screens, i.e., to make them imitate the layout of a printed form, can aid the operator in keying to the correct fields. (2) Field/format checks - are tests of the characters in a field to verify that they are of an appropriate type for that field. (3) Validity checks - compare the data entered in a given field with a table of valid values for that field. (4) Limit (reasonableness) and range checks - are based on known limits for given information. (5) Check digits are an extra reference number that follows an identification code and bears a mathematical relationship to the other digits. This extra digit is input with the data. The identification code can be subjected to an algorithm and compared to the check digit. (6) Sequence checks - are based on the logic that processing efficiency is greatly increased when files are sorted on some designated field, called the “key,” before operations such as matching. If the system discovers a record out of order, it may indicate that the files were not properly prepared for processing. (7) Zero balance checks will reject any transaction or batch thereof in which the sum of all debits and credits does not equal zero.

Answer 52

Ensure that data are complete and accurate during updating.

Answer 53

Manage situations where two or more users attempt to access or update a file or database simultaneously. These controls ensure the correct results are generated while getting those results as quickly as possible.

Answer 54

Ensure that processing results are complete, accurate, and properly distributed. An important output control is user review. Users should be able to determine when output is incomplete or not reasonable, particularly when the user prepared the input. Thus, users as well as computer personnel have a quality assurance function.

Answer 55

Monitor data being processed and in storage to ensure it remains consistent and correct.

Answer 56

Are processing history controls that enable management to track transactions from their source to their output.

Answer 57

(1) Feedback controls - report information about completed activities. They permit improvement in future performance by learning from past mistakes. For example, the inspection of completed goods followed by performing variance analysis procedures helps identify deviations from what was expected. Thus, inspection and the analysis of variance provide feedback on how well the completion of goods meets expectations. (2) Concurrent controls - adjust ongoing processes. These real-time controls monitor activities in the present to prevent them from deviating too far from standards. An example is close supervision of production-line workers. (3) Feedforward controls - anticipate and prevent problems. These controls require a long-term perspective. Organizational policies and procedures are examples.

Answer 58

The three classes of objectives direct organizations to the different (but overlapping) elements of control. (1) Operations a. Operations objectives relate to achieving the entity’s mission. b. Objectives related to protecting and preserving assets assist in risk assessment and development of mitigating controls. (2) Reporting a. To make sound decisions, stakeholders must have reliable, timely, and transparent financial information. b. Reports may be prepared for use by the organization and stakeholders. c. Objectives may relate to (1) Financial and nonfinancial reporting, (2) Internal or external reporting (3) Compliance a. Entities are subject to laws, rules, and regulations that set minimum standards of conduct.

Answer 59

- Control environment - Risk assessment - Control activities - Information and communication - Monitoring

Answer 60

The control environment is a set of standards, processes, and structures that pervasively affects the system of internal control. Five principles relate to the control environment.

Answer 61

The risk assessment process encompasses an assessment of the risks themselves and the need to manage organizational change. It is a basis for determining how the risks should be managed. Four principles relate to risk assessment.

Answer 62

These policies and procedures help ensure that management directives are carried out. Whether automated or manual, they are applied at various levels of the entity and stages of processes. They may be preventive or detective, and segregation of duties is usually present. Three principles relate to control activities.

Answer 63

Information systems enable the organization to obtain, generate, use, and communicate information to (a) maintain accountability and (b) measure and review performance. Three principles relate to information and communication.

Answer 64

Control systems and the way controls are applied change over time. Monitoring is a process that assesses the quality of internal control performance over time to ensure that controls continue to meet the needs of the organization.

Answer 65

The CoCo model is thought to be more suited for internal auditing purposes. It consists of 20 criteria grouped into 4 components: - Purpose - Commitment - Capability - Monitoring and Learning

Answer 66

Best-known control and governance framework that addresses information technology

Answer 67

Effective systems of internal controls are most likely to detect an irregularity perpetrated by a single employee. Detection of irregularities resulting from collusion of a group or employees or a management position by more difficult since collusion of employees allows them to successfully perpetrate the control systems and managers are able to override existing controls.

Answer 68

Are graphical representations of the step-by-step progression of information through preparation, authorization, flow, storage, etc. The system depicted may be manual, computerized, or a combination of the two. - Flowcharting allows the internal auditor to analyze a system and to identify the strengths and weaknesses of internal controls and the appropriate areas of audit emphasis. - Flowcharting is typically used during the preliminary survey to gain an understanding of the client’s processes and controls.

Answer 69

Sometimes called system flowcharts, depict areas of responsibility (departments or functions) arranged horizontally across the page in vertical columns. Accordingly, activities, controls, and document flows that are the responsibility of a given department or function are shown in the same column.

Answer 70

Sometimes called program flowcharts, present successive steps in a top-to-bottom format. Their principal use is in the depiction of the specific actions carried out by a computer program.

Answer 71

Show how data flow to, from, and within an information system and the processes that manipulate the data. A data flow diagram can be used to depict lower-level details as well as higher-level processes. - A system can be divided into subsystems, and each subsystem can be further subdivided at levels of increasing detail. Thus, any process can be expanded as many times as necessary to show the required level of detail.

Answer 72

A simple form of flowcharting used to depict a client process.

Answer 73

A properly designed system of internal controls should reduce the risk of errors and prevent an individual from perpetrating and concealing fraud. The structure of an organization and the assignment of job duties should be designed to segregate certain functions within this environment. - Cost-benefit criteria must be considered.

Answer 74

For any given transaction, the following three functions preferably should be performed by separate individuals in different parts of the organization: - Authorization of the transaction - Recording of the transaction - Custody of the assets associated with the transaction

Answer 75

Management - The chief executive officer (CEO) should establish the tone at the top. Organizations reflect the ethical values and control consciousness of the CEO. - The chief accounting officer also has a crucial role to play. Accounting staff have insight into activities across all levels of the organization. Board of Directors - The entity’s commitment to integrity and ethical values is reflected in the board’s selections for senior management positions. - To be effective, board members should be capable of objective judgment, have knowledge of the organization’s industry, and be willing to ask the relevant questions about management’s decisions. - Important subcommittees of the board in organizations of sufficient size and complexity include the audit committee, the compensation committee, the finance committee, and the risk committee. Internal Auditors - Management is ultimately responsible for the design and function of the system of internal controls. However, an organization’s internal audit function may play an important consulting and advisory role. - The internal audit function also evaluates the soundness of the system of internal control by performing systematic reviews according to professional standards. - To remain independent in the conduct of these reviews, the internal audit function cannot be responsible for selecting and executing controls.

Answer 76

Fraud - is any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. Stated differently, fraud is any act characterized by intentional deception or misrepresentation. Fraud risk - is the possibility that fraud will occur and the potential effects to the organization when it occurs.

Answer 77

1. Pressure or incentive - is the need a person tries to satisfy by committing the fraud. - Situational pressure - can be personal (e.g., financial difficulties in an employee’s personal life) or organizational (e.g., the desire to release positive news to the financial media). 2. Opportunity - is the ability to commit the fraud. - Opportunity to commit is a factor in low-level employee fraud. Lack of controls over cash, goods, and other organizational property, as well as insufficient segregation of duties, are enabling factors. - Opportunity is the characteristic that the organization can most influence, e.g., by means of controls. 3. Rationalization - is the ability to justify the fraud. It occurs when a person attributes his or her actions to rational and creditable motives without analysis of the true and, especially, unconscious motives. - Feeling underpaid is a common rationalization for low-level fraud. - Fraud awareness training minimizes rationalization by - Supporting the ethical tone at the top, - Promoting an environment averse to fraud, and - Emphasizing that the organization does not tolerate misconduct of any kind.

Answer 78

Monetary losses from fraud are significant, but its full cost is immeasurable in terms of time, productivity, and reputation, including customer relationships. Thus, an organization should have a fraud program that includes awareness, prevention, and detection programs. It also should have a fraud risk assessment process to identify fraud risks.

Answer 79

1. A document symptom - is any tampering with the accounting records to conceal a fraud. Keeping two sets of books or forcing the books to reconcile are examples. 2. A lifestyle symptom - is an unexplained rise in an employee’s social status or level of material consumption. 3. A behavioral symptom - (i.e., a drastic change in an employee’s behavior) may indicate the presence of fraud. Guilt and other forms of stress associated with perpetrating and concealing the fraud may cause noticeable changes in behavior.

Answer 80

Uses accounting and auditing knowledge and skills in matters having civil or criminal legal implications. Engagements involving fraud, litigation support, and expert witness testimony are examples. Forensic auditing procedures include interviewing, investigating, and testing. Forensic auditors are primarily engaged in audit assignments since they possess knowledge of what constitutes evidence acceptable in a court of law.

Answer 81

An investigation gathers sufficient information to determine (1) whether fraud has occurred, (2) the loss exposures, (3) who was involved, and (4) how fraud occurred. It should discover the full nature and extent of the fraud. Internal auditors, lawyers, and other specialists usually conduct fraud investigations. The investigation and resolution activities must comply with local law, and the auditors should work effectively with legal counsel and become familiar with relevant laws. Management implements controls over the investigation. They include (1) developing policies and procedures, (2) preserving evidence, (3) responding to the results, (4) reporting, and (5) communications.

Answer 82

Fraud always involves scienter i.e., intentional false representation or concealment of material facts.

Answer 83

The IA must have sufficient knowledge to identify indicators that fraud may have been committed, must be able to identify control weaknesses that could allow fraud to occur, and must be able to evaluate the indicators of fraud sufficiently to determine if a fraud investigation in warranted.

Answer 84

Are items or actions that have been associated with fraudulent conduct. The auditor need only be aware of red flags that may warrant further search for facts and need not document identified red flags during the engagement. The mere existence of red flags does not mean an employee is actually committing fraud and would not immediately warrant a fraud investigation nor should the auditor discuss the issue with management, legal counsel, or the audit committee. These discussions occur only after the auditor has gathered sufficient factual evidence that suggests the occurrence of fraud.

Answer 85

If an internal auditor has sufficient corroborated evidence to suspect fraud, the next step would be to notify the appropriate level of audit management, which ultimately considers all information, and notifies the correct level of management within the organization and NOT external parties (i.e., external auditors, external legal counsel, the police, SEC, etc).

Answer 86

During the interrogation, the interrogator should: - Attempt to obtain general information prior to obtain specific information. - Consider making follow-up questions based upon interviewee's response and should not strictly adhere to predetermined order. - Avoid leading questions, that is, questions that suggest an answer. - Concentrate on certain subject or topic so as not to confuse the interviewee. Take the role of the one seeking the truth and avoid attempting to obtain a confession.

Answer 87

ERM considers the more traditional view of potential hazards (threats), as well as opportunities. Management must consider how managing risk might create new opportunities for the organization. as well as how to de-risk any new or existing opportunities.

Answer 88

Using ISO 31000 recommends the documentation of key characteristics of risk management process such as the following: - An overall strategy for risk management - Risk communication structures - Allocation of resources - Analysis of cost-effectiveness of controls using technology - Performance of Monitoring - Inclusion of risk management as a principle in decision making an performance management decisions

Answer 89

Risk Assessment process has three steps: - Risk Identification - Risk Analysis - Risk Evaluation

Answer 90

Four units associated are the following: - Review - Seek errors - Find - Identify errors - Define - Determine the nature of the errors - Correct - Correct the errors

Answer 91

Logic behind a net worth analysis is that one cannot spend more than one makes.

Answer 92

A type of input control, consisting of a single digit at the end of an identification code that is computed from other digits in a field. If the identification code is mis-keyed, an algorithm will reveal that the check digit is not correct, and the field will not accept the entry.

Answer 93

CSR program can be audited by their program elements or their stakeholder groups. When auditing by elements, the audit should consider how compliance with laws, regulations, and contractual obligations are managed. Elements to audit by include the following: - Governance - Ethics - Environment - Transparency - Heath, Safety, and Security - Human rights an work conditions - Community investment

Answer 94

The effect of uncertainty on objectives.

Answer 95

Auditing, facilitating, and consulting are all approaches the CAE may take in evaluating an organization's CSR program.

Answer 96

Increase the uniformity of data acquisition because the same data must be collected each time the checklist is used.

Answer 97

Mitigate the risk of processing the wrong file. It ensures the accuracy and completeness of file updating by verifying consistency of opening and closing balances and thus ensuring the right files is processed.

CIA - Part 1 Flashcards

(121 cards)