Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPA REVIEW - BEC > IT RISKS AND INTERNAL CONTROL > Flashcards

IT RISKS AND INTERNAL CONTROL Flashcards

1
Q

Five components of internal control - CRIM C

A 
Control environment
Risk assessment
Information and Communication
Monitoring 
Control Activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Reliable system?

A

sb capable of operating
without material error, fault, or failure
during a specified period
in a specified environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AICPA Trust Services

A

developed a framework for a reliable system

using 5 principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

5 Principles of a reliable system - PASCO

A 
Processing integrity
Availability
Security
Confidentiality
Online Privacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security?

A

protect the system
against unauthorized access
both physical and logical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Risks

A

physical and logical access risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Physical access security risks

A

Failure results in damage to the system
from:

weather
acts of war
disgruntled employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Logical access

A

Failure results in

malicious or accidental alteration, damage
to files and/or system
computer-based fraud
unauthorized access to confidential data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Availability control

A

system available for operation
use as committed or agreed
in conformity with entity’s policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Availability failure results in

A

interruption of business operations

loss of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Processing integrity?

A

complete system processing

accurate, timely, authorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Failure of processing integrity control results in

A

invalid, inaccurate, incomplete

data input and output
data processing
master file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Online privacy?

A 
all personal information
collected
used
disclosed
retained as agreed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Failure of online privacy control results in

A

compromise of customers’ personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Confidentiality?

A

keep information confidential and protected as agreed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Failure of confidentiality control results in

A

disclosure of confidential transactions data
business plans
banking and legal docs
confidential operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

5 components of internal control

  1. Control environment - principles?
A

commitment to integrity and ethical values
board independence and oversight
appropriate structures, reporting lines, authorities and responsibilities
commitment to attract, develop, and retain competent personnel
hold individuals accountable for internal control responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

2 distinct functions of the information systems department

A

systems development

data processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Steps in SD life cycle

A

Software concept - identify the need
Requirements analysis - need of users
Architectural design- resources-hardware, software, people needed
Coding and Debugging - acquiring and testing
System testing - testing and evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Organization Structure of the Information System

A

Segregate the functions of:

systems development manager - information systems department

data processing manager - user department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Information systems department

A

Cannot initiate or authorize transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Minimum segregation of duties:

A

Operations
Programming
Library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Organization structure in detail

A

Information Systems Manager
Systems development manager
Data processing manager

Systems development manager
  systems analysis
  systems programming
  applications programming
  database administration

Data processing manager

data preparation
operations
data library
data control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Systems Analyst Duties

A

analyze the present user environment and requirements

recommend specific changes
recommend purchasing of a new system
design a new information system

constant contact with users and programming staff
to ensure user’s actual and ongoing needs are met

create a systems flowchart - defines the systems requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Systems Programmer/Systems Engineer duties
implement, modify, debug software to make the hardware work create designs used by programmers
26
Applications Programmer
writing, testing, debugging the applications program from the specifications provided by the systems analyst Use program flowchart - defines the program logic
27
Database administrator
maintain database | restrict access to authorized personnel
28
Data preparation
data prepared by user departments | input by key to storage devices
29
Operations - The Operator
daily computer operations of hardware and software supervises operations on the operator's console accepts input distributes output maintains a run manual to document running of the program SHOULD NOT HAVE DETAILED PROGRAM INFORMATION!!!
30
Operator restrictions
CANNOT HAVE DETAILED PROGRAM INFORMATION
31
Data librarian
Custody of removable media | Maintain program and system documentation
32
Data Controller
control group acts as a liaison between users and processing center records input data in a control log follows the progress distributes output ensures compliance with control totals
33
Electronic commerce web related positions
``` Web administrator/ manager Web master Web designer - visual content Web coordinator - daily operations Internet developer Intranet/Extranet developer ```
34
Web master
website development expertise, leadership design, analysis, security maintenance, content development
35
Internet developer
writing programs for commercial use
36
Intranet/Extranet developer
writing programs for company use
37
Web administrator/ manager
overseeing development, planning and implementation of the website
38
5 components of internal control #2 Risk Assessment
assess the risk of improper financial reporting
39
5 components of internal control 3 Information and communication
involves the decision of which system to use small computers - use off the shelf software complex mainframe system - internally developed software
40
Controls needed for small computer systems
use off the shelf software controls are already well-known prior to testing analysis of exception reports generated during processing is needed
41
Controls needed for mainframe systems
software is internally developed (significant portion) controls are unknown to the auditor prior to testing analysis of exception reports is important more thorough testing needed in the generation of exception reports
42
5 Components of Internal Control #4 Monitoring
adequate computer skills required for proper monitoring review system access log to monitor inappropriate access constant evaluation of data and transactions highlight inconsistent items capture samples of items for audit review
43
5 Components of Internal Control #5 Control Activities
General control activities Computer application control activities Programmed application control activities Manual follow up of computer exception reports User control activities
44
Control activities flowchart
Computer general control activities Programmed control activities - 1. Computer exception reports -Manual follow up of exception reports 2. Output reporting computer processed transactions - User control activities to test the completeness and accuracy of computer processed transactions
45
4 types of general controls
Developing new programs and systems Changing existing programs and systems Controlling access to programs and data Controlling computer operations
46
``` #1 type of General Control Developing new programs and systems process ```
SEGREGATION OF CONTROLS User dept participates in the systems design Users and IT personnel both test the new system Management, users, IT personnel approve new system before placed into operation Control all master and transaction file conversions to prevent changes and to verify the accuracy of results Document all programs and systems
47
Computer hardware controls during development of new programs
``` parity check echo check diagnostic routines boundary protection periodic maintenance ```
48
Parity check
a special bit is added to each character | to detect if hardware loses a bit during internal movement of character
49
Echo check
used in telecommunications transmission During the sending and receiving process the receiver repeats back to the sender what it received and sender resends back to the receiver anby character incorrectly received
50
Diagnostic routines
hardware or software supplied by the manufacturer to check the internal operations and devices within the computer system
51
Boundary protection
ensure that simultaneous jobs being processed do not destroy or change the memory of another job
52
Periodic maintenance
system should be examined periodically by a qualified service technician
53
Documentation of developed systems and programs
Detailed system specification documents showing ``` performance levels reliability security privacy constraints and limitations functional capabilities data structure and elements ```
54
#2 Type of General Control Changing existing programs and systems
Use change request log when making suggestions for changes Modified program sb tested All changes documented Use code comparison program
55
Code comparison program
compare source and object codes of a controlled copy of a program with the program currently being used to process data - to identify unauthorized changes
56
#3 General control activities Controlling access to programs and data while developing the programs and systems
Program documentation access - limit only to those who need it in the performance of their duties Files and programs access - only to individuals authorized to process data Computer hardware access - only to authorized individuals like computer operators and supervisors Physical access to computer facility use visitor entry logs Hardware and software controls - use unique passwords call back method encryption
57
#3 General control activities Controlling computer operations
Operators should have access only to operations manual that contains instructions for processing programs solving routine operational program issues BUT NOT DETAILED PROGRAM DOCUMENTATION! Control group monitors the operator's activities and jobs sb scheduled Other controls: backup and recovery contingency processing internal and external labels
58
Contingency processing
detailed contingency processing plans detail responsibilities of individuals alternate processing sites sb utilized use backup facility with a vendor
59
Internal labels
identifies the file thru the use of machine readable identification in the first record of a file
60
External labels
gummed paper labels attached to storage media in order to identify the file
61
FIVE COMPONENTS OF INTERNAL CONTROL - CRIM C Control environment Risk assessment Information and Communication Monitoring Control Activities General control activities Developing new programs and systems Changing existing programs and systems Controlling access to programs and data Controlling computer operations Computer application control activities Programmed application control activities Input Controls Overall controls Input validation (edit) controls Processing controls Manual follow up of computer exception reports User control activities Disaster Recovery and Business Continuity
Overall controls inputs properly authorized and approved verify all significant data fields used to record information control the conversion of data into machine readable form and verified for accuracy
62
FIVE COMPONENTS OF INTERNAL CONTROL - CRIM C Control environment Risk assessment Information and Communication Monitoring Control Activities General control activities Developing new programs and systems Changing existing programs and systems Controlling access to programs and data Controlling computer operations Computer application control activities Programmed application control activities Input Controls Overall controls Input validation (edit) controls Processing controls Manual follow up of computer exception reports User control activities Disaster Recovery and Business Continuity
Input validation controls ``` preprinted form check digit control, batch, and proof total hash total record count limit (reasonableness) test menu driven input field check validity check missing data check field size check logic check redundant data check closed loop verification ```

CPA REVIEW - BEC (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions