Exam 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

The control goal called efficiency of operations strives to assure that a given operations system is fulfilling the purpose(s) for which it was intended.

A computer abuse technique called a ____ involves inserting unauthorized code in a program, which, when activated, may cause a disaster, such as shutting the system down or destroying files.

With the issuance of the SEC Interpretative Guidance and the implementation of AS5:

SAS No. 99 emphasizes auditors should brainstorm fraud risks, increase professional skepticism, use unpredictable audit test patterns, and detect management override of internal controls.

A(n) ______________________________ control plan is designed to rectify problems that have occurred.

The ERM framework addresses four categories of management objectives. Which category concerns high-level goals, aligned with and supporting its mission?

A fraud is a deliberate act or untruth intended to obtain unfair or unlawful gain.

A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

______________________________ are events that would have a positive impact on objectives.

A computer crime technique called worm involves the systematic theft of very small amounts from a number of bank or other financial accounts.

Events that could have a positive impact on organizational objectives:

Discrepancies between data items recorded by a system and the underlying economic events or objects they represent are a violation of the control goal of:

______________________________ are applied to all IT service activities.

Ensuring the security of resources is the control goal that seeks to provide protection of organization's resources from loss, destruction, disclosure, copying, sale, or other misuse of an organization's resources.

Under the Sarbanes Oxley Act of 2002, the section on Enhanced Financial Disclosures requires each annual report filed with the SEC to include an internal control report.

Why is there usually no control goal called update validity?

COSO's ______________________________ is a process that assesses the quality of internal control performance over time.

The ERM framework is comprised of eight components. Which component includes the policies and procedures established and implemented to help ensure the risk responses are effectively carried out?

______________________________ are business process objectives that an internal control system is designed to achieve.

A control that involves reprocessing transactions that are rejected during initial processing is an example of: