| Developed and implemented to help achieve entity’s objective | Internal Control |
| It includes all of the means by which business are directed and controlled | Corporate governance |
| It arises from the fact that shareholders and the managers are different people | Agency problem |
| aligning the goals of two or more groups | Goal congruence |
| Importance of Corporate Governance | Vital for general health and well-being of a country as well the company and its investors |
| Also means Articles of Incorporation or Certificate of Incorporation | Charter |
| When does entity recognized as legal entity? | When certificate of incorporation has been issued |
| This board committee should oversee the accounting and financial reporting process and the audits of the financial statements | Audit Committee |
| Responsibilities of the CEO | Depends on the board of directors’ mandate |
| High level Risks Identification. Can arise both externally and internally | Entity Level Risks |
| Risk identification which occur at level of subsidiaries, divisions operating units or functions | Transaction Level Risks |
| Low likelihood of occurrence and low impact risks | Acceptance |
| High likelihood of occurrence and high impact risks | Avoidance/exiting |
| High likelihood of occurrence and low impact risks | Reduction / Mitigation |
| Low likelihood of occurrence and high impact risks | Sharing / Insurance |
| Compliance with anti-bribery provision of FCPA is responsibility of who? | Entire company |
| Inspect public accounting firm’s compliance with the Act | PCAOB |
| Develop US auditing standards | Public Company Accounting Oversight Board |
| Lead and Review Partner must rotate the audit client every how many years? | 5 years |
| Lead and Review Partner must remain OFF the audit | 5 |
| Other Audit Partner must rotate the audit client after every | 7 years |
| organization’s ethical values, foundation of internal control | Control Environment |
| process of identifying, analyzing, and managing risks | Risk Assessment |
| Internal control actions established | Control Activities |
| sharing the identified and captured info regarding internal control | Information and communication |
| assessing the effectiveness and operation of internal control | Monitoring |
| designed to support continued operation of technology and to support automated control activities | Technology general controls |
| 10k (Annual Report) and 10Q (Quarterly report) must be accompanied by | Certification of the company's principal executive director (MRL) |
| SEC and PCAOB prescribed what kind of approach in evaluating internal control? | Top-down, risk based approach |
| Who nominates company's independent auditors? | Audit committee, ratified by shareholders |
| Control which relate to system components, processes and data in a system environment | General controls |
| Controls which relate to specific to individual applications and are designed to prevent, detect and correct errors and irregularities in transactions during the input, processing and output stages | Application controls |
| The one who reviews the current systems to make sure that it is meeting the need of the organization | System analyst |
| The one who write, test and document the systems | Programmers |
| The one who perform the actual operation of the computers for processing data | Computer operator |
| The one who reconciles input to output. Distributes output to authorized users and checks that errors are corrected. | Data control group |
| The one who converts and transmit data | Data conversion operator |
| The one who maintain the documentation, programs, and data files | Librarians |
| The one who controls the access to various files, making program changes, and making source code details available only to those who need to know | Database administrator |
| Document created by a computer, then some additional information is added to it and it is returned to become an input document to the computer. | Turnaround document |
| Monitors the use of software and prevent unauthorized access to it | Software controls |
| Used to prevent unauthorized changes to application and system | Program security controls |
| The original which is written by the programmers in common words | Source code |
| The machine executable file which is the output of the compiler from source code | Object code |
| Controls which keeps the computer equipment physically secure | Hardware controls |
| Controls the access and ability to use equipment to protect from damage or theft. It includes access controls for users to limit actions they can perform | Logical security |
| prevent access to data files without authorization and prevent unauthorized or accidental change or destructions | Data security control |
| Are controls designed to provide reasonable assurance that the input entered into the system has:
a. Proper authorization
b. Has been converted to machine-sensible form
c. Has been entered accurately and completely | Input controls |
| Established predefined data limits in input | Limit checks |
| Match the input to an acceptable set of values | Validity checks |
| Limit the number of digits in input | Overflow checks |
| checks whether the input number that is part of a group has been transcribed properly | Check digits |
| input of information twice | Key verification |
| Control totals for nonmonetary information | Hash totals |
| Compares input with the existing records | Reasonable checks |
| Assure the numeric data are used only for input | Numeric checks |
| controls designed to provide reasonable assurance that no transactions have been lost or incorrectly added and prevent/discouraged improper manipulation of data | Processing controls |
| Processing controls at the time of data access | Data access controls |
| Used to control movement of data from source to the processing point or from processing point to another | Transmittal documents |
| Count transactions twice, during preparation and processing batch | Record count |
| Controls involving data manipulation later in the processing | Data manipulation controls |
| Checks for programming language errors | Compiler |
| Used to test a computer program | Test data |
| Test the interaction of several different computer programs | System testing |
| Comparing output total used as input total over subsequent processing | Run-to-run total |
| Provide reasonable assurance that the input and processing have resulted in valid output | Output controls |
| Provide all changes to master file and create an audit trail | Activity/proof listing |
| Reconciliation of input totals and processing totals | Output total reconciliation |
| resubmission of corrected error transactions as if they were new transactions | Upstream resubmission |
| uses feedback to measure differences between the actual and desired output | Feedback loop |
| A self-monitoring system | Cybernatic system |
| produce feedback that can be monitored to and evaluated to determine if the system is functioning as it is supposed to | Feedback control |
| attempts to predict when problems and deviations will occur before they actually occur. | Feedforward controls |
| running both the old and the new system together for a period of time | Parallel conversion |
| converting only parts of the application at a time or only a few locations at a time | Phased conversion |
| the new system is tested only in just one work site before full implementation | Pilot conversion |
| changing immediately from the old system to the new system | Direct conversion |
| process of assigning people account and passwords | User account management |
| barrier between the internal and the external networks and prevent unauthorized access to internal network. | Firewall |
| converts data into a code and then key is required to convert the code back to data | Encryption |
| computer users’ ability to observe transmission intended for someone else | Electronic eavesdropping |
| Any program that does something besides what a person believes it will do | Trojan horse |
| It executes and replicates itself which destroy computer system | Virus |
| Destroys computer system which do not need a host file to replicate itself | Worms |
| It will be deleted as it looks like virus but the file is actually needed for the computer to function properly | Virus hoax |
| repeatedly accessing website so that legitimate users cannot connect to it | Denial of Service (DOS) |
| spam email to deceive recipient in disclosing personal information | Phishing |
| Cybercrime tool which is intended to destroy or take control of another computer | Malware installation |
| a software that can probe a server or a computer for open ports | Port scanner |
| software that grabs all of the traffic flowing into and out of a computer attached to a network | Sniffers |
| errors in the logic of the computer programs that result in the destruction of computer data or malicious attack when specific criteria are met | Logic bombs |
| sends too much data to the buffer in a computer’s memory, crashing it or enabling the hacker to gain control over it | Buffer overflow |
| deceiving company employees to divulge information | Social engineering |
| sifting into company’s trash for information that can be used | Dumpster diving |
| limiting websites an organization can access | Proxy-server |
| eliminates the broadcasting of traffic to every machine | Switched network |
| used by auditor in understanding and assessing internal control within company system | Flowcharts |
| a point in the process where an error or irregularity is likely to occur | Control point (WCGWs) |
| Computerized audit technique where computer select, extract and process sample data from computer files | General Audit System |
| Computerized audit technique where processing of both valid and invalid data manually and electronically and comparing the output of both. | Test Data |
