Exam 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

The effect of an event's occurrence is:

Ethical behavior and management integrity are products of the "corporate culture".

Automated business process controls contained within IT systems are called:

Business process control plans relate to those controls particular to a specific process or subsystem, such as billing or cash receipts.

Achieving which control goal requires that all valid objects or events are captured and entered into a system's database once and only once?

A logic bomb is a computer abuse technique in which unauthorized code is inserted in a program, which, when activated, may cause a disaster such as shutting down a system or destroying data.

Risks are those events that could have a negative impact on organization objectives.

COSO's ______________________________ is the foundation for all other components of internal control, providing discipline and structure.

____ are the policies and procedures that help ensure that the risk responses are effectively carried out.

A(n) ______________________________ is a tool designed to assist you in evaluating the potential effectiveness of controls in a business process by matching control goals with relevant control plans.

A business event which is not properly authorized violates the control goal of:

Three terms used in the chapter to refer to when a control plan is exercised are ______________________________, ______________________________, and corrective control plans.

______________________________ is a process-effected by an entity's board of directors, management, and other personnel-designed to provide reasonable assurance regarding the achievement of objectives such as: effectiveness and efficiency of operations, reliability of reporting, and compliance with applicable laws and regulations.

The ERM framework addresses four categories of management objectives. Which category of concerns laws and regulations?

The control goal that seeks to protect an organization's resources from loss, destruction, disclosure, copying, sale, or other misuse of an organization's resources is called ensure ______________________________.

COSO's ______________________________ is the entity's identification and analysis of relevant risks to the achievement of its objectives, forming a basis for determining how the risks should be managed.

______________________________ is the possibility that an event will occur.

The section of Sarbanes Oxley that authorizes the SEC to censure or deny any person the privilege of appearing or practicing before the SEC if that person is deemed to be unqualified, have acted in an unethical manner, or have aided and abetted in the violation of federal securities laws is ______________________________.

Which component of the ERM framework is best described here: Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management's strategy or objective-setting processes.

A missing data field on a source document or computer screen is an example of an error that could undermine the achievement of the control goal of ensure ______________________________.