Exam 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

____________________ are those events that would have a negative impact on organization objectives.

A computer abuse technique called a ____ involves inserting unauthorized code in a program, which, when activated, may cause a disaster, such as shutting the system down or destroying files.

Establishing a viable internal control system is the responsibility of management.

Establishing a viable internal control system is the responsibility of ____________________.

The section of Sarbanes Oxley that makes it a felony to knowingly destroy, alter, or create records and or documents with the intent to impede, obstruct, or influence an ongoing or contemplated federal investigation and offers legal protection to whistle blowers is:

The section of Sarbanes Oxley that requires a company's CEO and CFO to certify quarterly and annual reports is _____________________________________________.

Discrepancies between data items recorded by a system and the underlying economic events or objects they represent are a violation of the information system control goal of:

Below is a list of control goals followed by a list of short scenarios describing system failures (i.e., control goals not met) and/or instances of successful control plans (i.e., plans that helped to achieve control goals).Required: On the blank line to the left of each numbered scenario, place the capital letter of the control goal that best matches the situation described.HINT: Some letters may be used more than once.Conversely, some letters may not apply at all.Control Goals

The information system control goal which relates to preventing fictitious events from being recorded is termed:

The section of Sarbanes Oxley that makes it a felony to knowingly destroy, alter, or create records and or documents with the intent to impede, obstruct, or influence an ongoing or contemplated federal investigation and offers legal protection to whistle-blowers is _______________________________________________________.

__________________________________________________ provides guidance on how an organization's IT might affect any of COSO's five components of internal control.This standard guides auditors in understanding the impact of IT on internal control and assessing IT-related control risks.

External directives are the policies and procedures that help ensure that management directives are carried out.

Which of the following is a control goal for the information system for the applicable master data?

Organizational governance is a process by which organizations select objectives, establish processes to achieve objectives, and monitor performance.

Assuring that the accounts receivable master data reflects all cash collections recorded in the cash receipts event data addresses the control goal of:

____________________ are events that would have a positive impact on objectives.

____________________ is a process that assesses the quality of internal control performance over time.

Control plans that relate to a multitude of goals and processes are called ________________________________________.

According to the 2008 Report to the Nation on Occupational Fraud and Abuse, frauds are more likely to be detected by:

____________________ is a series of actions or operations leading to a particular and usually desirable result.