Exam 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

The business process objectives that an internal control system is designed to achieve are:

The ____________________ framework suggests that organizations and auditors should continue to use COSO as a basis for internal control.

The section of Sarbanes Oxley that authorizes the SEC to censure or deny any person the privilege of appearing or practicing before the SEC if that person is deemed to be unqualified, have acted in an unethical manner, or have aided and abetted in the violation of federal securities laws is _______________________________________________________.

A computer abuse technique where unauthorized instructions are inserted into a program to systemati- cally steal very small amounts, usually by rounding to the nearest cent in financial transactions

Below is an alphabetical list of sources with information and guidance on internal controls.The second list contains descriptions or information provided by these sources.Required: On the blank line to the left of each numbered item, place the capital letter of the source that best matches that description.HINT: Some letters may be used more than once.Conversely, some letters may not apply at all.

A logic bomb is a computer abuse technique in which unauthorized code is inserted in a program, which, when activated, may cause a disaster such as shutting down a system or destroying data.

______________________________ is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.

Events that could have a negative impact on organizational objectives:

A control plan requires that a manager sign his/her approval of timecards for employees in that department.This control plan is an example of:

Under the Sarbanes Oxley Act of 2002, the section on Enhanced Financial Disclosures requires each annual report filed with the SEC to include an internal control report.

This component of the ERM framework encompasses the tone of an organization and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values.

The control matrix is a computer virus that takes control of the computer's operating system for malicious purposes.

Risks are those events that could have a negative impact on organization objectives.

Which of the following business scandals involved accusations that bribes were paid in at least a dozen countries, and that senior executive may have been aware of the practice?

The _____________________________________________ states that "a fundamental aspect of management's stewardship responsibility is to provide shareholders with reasonable assurance that the business is adequately controlled."

The section of Sarbanes Oxley that requires a company's CEO and CFO to certify quarterly and annual reports is:

Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.

Information-processing policies and procedures that assist in accomplishing control goals are known as ______________________________.

The ERM framework addresses four categories of management objectives.Which category of objectives concerns laws and regulations?

The ___________________________________ is the foundation for all other components of internal control, providing discipline and structure.