Exam 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

The ERM framework addresses four categories of management objectives. Which category addresses the effective and efficient use of resources?

Under the Sarbanes Oxley Act of 2002, the section on Corporate Responsibility requires a company's CEO and CFO to certify quarterly and annual reports.

A(n) ______________________________ is a program that secretly takes over another Internet -attached computer and then uses that computer to launch attacks that can't be traced to the creator.

A(n) ______________________________ item is an object or event that is not authorized, never occurred, or is otherwise not genuine.

This component of the ERM framework that encompasses the tone of an organization and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values and the environment in which they operate.

Under the Sarbanes Oxley Act of 2002, the section on Auditor Independence establishes an independent board to oversee public company audits.

The control environment reflects the organization's general awareness of and commitment to the importance of control throughout the organization.

Opportunities are events that could have a positive impact on organization objectives.

A computer abuse technique called ______________________________ involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

Fraud is the possibility that an event or action will cause an organization to fail to meet its objectives (or goals).

A major reason management must exercise control over an organization's business processes is to provide reasonable assurance that the company is in compliance with applicable laws and regulations.

Assuring that the accounts receivable master data reflects all cash collections recorded in the cash receipts event data addresses the control goal of:

The control goal that is concerned with the correctness of the transaction data that are entered into a system is called ensure ______________________________.

Control goals of operations processes include:

____ is a process that evaluates the quality of internal control performance over time.

The section of Sarbanes Oxley that makes it a felony to knowingly destroy, alter, or create records and or documents with the intent to impede, obstruct, or influence an ongoing or contemplated federal investigation and offers legal protection to whistle-blowers is ______________________________.

The ERM framework addresses four categories of management objectives. Which category addresses the reliability of the financial statements?

A(n) ______________________________ is program code that can attach itself to other programs or macros thereby infecting those programs and macros.

Listed below are 13 specific fraud examples taken from some well-known fraud cases: MiniScribe, ZZZZ Best Carpet Cleaning, Lesley Fay, and Equity Funding. Required: For each fraud example, enter a letter corresponding to which information control goal was initially violated-Validity, Completeness, or Accuracy. Some examples might involve more than one violation. NOTE: When we say initially, we mean what control goal failure led to this example, not what is the present condition. For example, master data might contain information that is inaccurate, but it might have been an inaccurate input that initially caused the data to be inaccurate.

______________________________ are those events that would have a negative impact on organization objectives.