Midterm 2 Chapter 10

Question 1

Threat

Answer 1

Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization

Question 2

Exposure/Impact

Answer 2

The potential dollar loss should a particular threat become reality

Question 3

Likelihood

Answer 3

The probability that the threat will happen

Question 4

What is the primary objective of an AIS?

Answer 4

To control the organization so the organization can achieve its objectives/goals

Question 5

Management expects accountants to:

Answer 5

• Take a proactive approach to eliminating system threats
• Detect, correct, and recover from threats when they occur

Question 6

Strategic, operating, reporting, compliance objectives

Answer 6

• What does the company want to accomplish?
• What are the risks to that?
• What are the ways we can mitigate those risks?

Question 7

Internal Controls

Answer 7

Safeguard assets
Maintain sufficient records
Provide accurate and reliable information
Prepare financial reports according to established criteria
Promote and improve operational efficiency
Encourage adherence with management policies
Comply with laws and regulations

Question 8

Preventative Controls

Answer 8

Deter problems from occuring

Question 9

Detective Controls

Answer 9

Discover problems that are not prevented

Question 10

Corrective Controls

Answer 10

Identify and correct problems; correct and recover from the problems

Question 11

General Controls

Answer 11

Ensure that organization’s control environment is stable and well managed

Question 12

Application Controls

Answer 12

Controls that prevent, detect, and correct transaction errors and fraud in application programs. These controls are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported.

Question 13

Design

Answer 13

The first test
Would it mitigate the risk?

Question 14

Operating

Answer 14

Is it working effectively?

Question 15

COBIT

Answer 15

Framework for IT control

Question 16

COSO

Answer 16

Framework for enterprise internal controls (control-based approach)

Question 17

COSO-ERM

Answer 17

Expands COSO framework taking a risk-based approach

Question 18

What is the current framework version of COBIT?

Answer 18

COBIT 2019

Question 19

What principles is COBIT based on?

Answer 19

Meeting stakeholder needs
Covering the enterprise end-to-end
Applying a single, integrated framework
Enabling a holistic approach
Separating governance from management

Question 20

What are the 3 benefits of a standard framework for IT controls?

Answer 20

1. Management to benchmark their environments and compare it to other organizations
2. Because the framework is comprehensive, it provides assurances that IT security and controls exist
3. Auditors to substantiate their internal control opinions

Question 21

What 5 principles is COBIT based on?

Answer 21

1. Meeting stakeholders’ needs means that enterprises exist to create value to their shareholders. Thus, the governance objective is value creation. (stakeholder and NOT shareholders)
2. Covering the enterprise from end-to-end means that COBIT 2019 addresses governance and management of information and information-related technologies throughout the enterprise. This means that it is not focused solely on the IT function as information technology runs throughout the enterprise.
3. Applying a single, integrated framework means that COBIT 2019 can align with other governance frameworks such as COSO and COSO-ERM.
4. Enabling a holistic approach
5. Separating governance from management (segregation of duties)

Question 22

Stakeholder

Answer 22

Effected by the company

Question 23

Stakeholder

Answer 23

Effected by the company

Question 24

Shareholder

Answer 24

Has an ownership interest

Question 25

TCWG

Answer 25

Those charged with governance. Referring to the board of directors.

Question 26

What are the 5 components of the COSO Internal Control Framework?

Answer 26

Control environment
Risk assessment
Control activities
Information and communication
Monitoring

Question 27

Control Environment

Answer 27

People and their individual attributes (integrity, discipline, ethical values, and competence)
Oversight by BOD, retain individuals, hold individuals accountable

Question 28

Risk Assessment

Answer 28

Identify, analyze, and manage risks.
Specify objectives, consider potential fraud, identify changes that could impact the system

Question 29

Control Activities

Answer 29

Ensure management identifies risks and mets objectives.
Select controls that might mitigate risks to an acceptable level, select controls over technology, control policies

Question 30

Information and Communication

Answer 30

Systems that capture and exchange information need to conduct, manage, and control the organization’s operations.
Generate relevant/high quality information, communicate information for internal control, communicate to external parties.

Question 31

Monitoring

Answer 31

Monitor and modify process.
Evaluate and communicate deficiencies to those responsible