CMA Part 1 - Section E - Details

Levels:

1) Chapter 1 View

Questions:

148 questions

🇬🇧		🇬🇧

Developed and implemented to help achieve entity’s objective

Internal Control

It includes all of the means by which business are directed and controlled

Corporate governance

It arises from the fact that shareholders and the managers are different people

Agency problem

Aligning the goals of two or more groups

Goal congruence

Importance of Corporate Governance

Vital for general health and well-being of a country as well the company and its investors

Also means Articles of Incorporation or Certificate of Incorporation

Charter

When does entity recognized as legal entity?

When certificate of incorporation has been issued

This board committee should oversee the accounting and financial reporting process and the audits of the financial statements

Audit Committee

Responsibilities of the CEO

Depends on the board of directors’ mandate

High level Risks Identification. Can arise both externally and internally

Entity Level Risks

Risk identification which occur at level of subsidiaries, divisions operating units or functions

Transaction Level Risks

Low likelihood of occurrence and low impact risks

Acceptance

High likelihood of occurrence and high impact risks

Avoidance/exiting

High likelihood of occurrence and low impact risks

Reduction / Mitigation

Low likelihood of occurrence and high impact risks

Sharing / Insurance

Compliance with anti-bribery provision is responsibility of who?

Entire government

Compliance with anti-bribery provision of FCPA is responsibility of who?

Entire company

Inspect public accounting firm’s compliance with the Act

PCAOB

Develop US auditing standards

Public Company Accounting Oversight Board

Lead and Review Partner must rotate the audit client every how many years?

5 years

Lead and Review Partner must remain OFF the audit

Other Audit Partner must rotate the audit client after every

7 years

Organization’s ethical values, foundation of internal control

Control Environment

Process of identifying, analyzing, and managing risks

Risk Assessment

Internal control actions established

Control Activities

Sharing the identified and captured info regarding internal control

Information and communication

Assessing the effectiveness and operation of internal control

Monitoring

Designed to support continued operation of technology and to support automated control activities

Technology general controls

10k (Annual Report) and 10Q (Quarterly report) must be accompanied by

Certification of the company's principal executive director (MRL)

SEC and PCAOB prescribed what kind of approach in evaluating internal control?

Top-down, risk based approach

Who nominates company's independent auditors?

Audit committee, ratified by shareholders

Control which relate to system components, processes and data in a system environment

General controls

Controls which relate to specific to individual applications and are designed to prevent, detect and correct errors and irregularities in transactions during the input, processing and output stages

Application controls

The one who reviews the current systems to make sure that it is meeting the need of the organization

System analyst

The one who write, test and document the systems

Programmers

The one who perform the actual operation of the computers for processing data

Computer operator

The one who reconciles input to output. Distributes output to authorized users and checks that errors are corrected.

Data control group

The one who converts and transmit data

Data conversion operator

The one who maintain the documentation, programs, and data files

Librarians

The one who controls the access to various files, making program changes, and making source code details available only to those who need to know

Database administrator

Document created by a computer, then some additional information is added to it and it is returned to become an input document to the computer.

Turnaround document

Monitors the use of software and prevent unauthorized access to it

Software controls

Used to prevent unauthorized changes to application and system

Program security controls

The original which is written by the programmers in common words

Source code

The machine executable file which is the output of the compiler from source code

Object code

Controls which keeps the computer equipment physically secure

Hardware controls

Controls the access and ability to use equipment to protect from damage or theft. It includes access controls for users to limit actions they can perform

Logical security

Prevent access to data files without authorization and prevent unauthorized or accidental change or destructions

Data security control

Are controls designed to provide reasonable assurance that the input entered into the system has: a. Proper authorization b. Has been converted to machine-sensible form c. Has been entered accurately and completely

Input controls

Established predefined data limits in input

Limit checks

Match the input to an acceptable set of values

Validity checks

Limit the number of digits in input

Overflow checks

Checks whether the input number that is part of a group has been transcribed properly

Check digits

Input of information twice

Key verification

Control totals for nonmonetary information

Hash totals

Compares input with the existing records

Reasonable checks

Assure the numeric data are used only for input

Numeric checks

Controls designed to provide reasonable assurance that no transactions have been lost or incorrectly added and prevent/discouraged improper manipulation of data

Processing controls

Processing controls at the time of data access

Data access controls

Used to control movement of data from source to the processing point or from processing point to another

Transmittal documents

Count transactions twice, during preparation and processing batch

Record count

Controls involving data manipulation later in the processing

Data manipulation controls

Checks for programming language errors

Compiler

Used to test a computer program

Test data

Test the interaction of several different computer programs

System testing

Comparing output total used as input total over subsequent processing

Run-to-run total

Provide reasonable assurance that the input and processing have resulted in valid output

Output controls

Provide all changes to master file and create an audit trail

Activity/proof listing

Reconciliation of input totals and processing totals

Output total reconciliation

Resubmission of corrected error transactions as if they were new transactions

Upstream resubmission

Uses feedback to measure differences between the actual and desired output

Feedback loop

A self-monitoring system

Cybernatic system

Produce feedback that can be monitored to and evaluated to determine if the system is functioning as it is supposed to

Feedback control

Attempts to predict when problems and deviations will occur before they actually occur.

Feedforward controls

Running both the old and the new system together for a period of time

Parallel conversion

Converting only parts of the application at a time or only a few locations at a time

Phased conversion

The new system is tested only in just one work site before full implementation

Pilot conversion

Changing immediately from the old system to the new system

Direct conversion

Process of assigning people account and passwords

User account management

Barrier between the internal and the external networks and prevent unauthorized access to internal network.

Firewall

Converts data into a code and then key is required to convert the code back to data

Encryption

Computer users’ ability to observe transmission intended for someone else

Electronic eavesdropping

Any program that does something besides what a person believes it will do

Trojan horse

It executes and replicates itself which destroy computer system

Virus

Destroys computer system which do not need a host file to replicate itself

Worms

It will be deleted as it looks like virus but the file is actually needed for the computer to function properly

Virus hoax

Repeatedly accessing website so that legitimate users cannot connect to it

Denial of Service (DOS)

Spam email to deceive recipient in disclosing personal information

Phishing

Cybercrime tool which is intended to destroy or take control of another computer

Malware installation

A software that can probe a server or a computer for open ports

Port scanner

Software that grabs all of the traffic flowing into and out of a computer attached to a network

Sniffers

Errors in the logic of the computer programs that result in the destruction of computer data or malicious attack when specific criteria are met

Logic bombs

Sends too much data to the buffer in a computer’s memory, crashing it or enabling the hacker to gain control over it

Buffer overflow

Deceiving company employees to divulge information

Social engineering

Sifting into company’s trash for information that can be used

Dumpster diving

Limiting websites an organization can access

Proxy-server

Eliminates the broadcasting of traffic to every machine

Switched network

Used by auditor in understanding and assessing internal control within company system

Flowcharts

A point in the process where an error or irregularity is likely to occur

Control point (WCGWs)

Computerized audit technique where computer select, extract and process sample data from computer files

General Audit System

CMA Part 1 - Section E

Practice Known Questions

Exams

Learn New Questions

CMA Part 1 - Section E - Leaderboard