Exam 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

Fraud is the possibility that an event or action will cause an organization to fail to meet its objectives (or goals).

Which of the following statements regarding internal controls systems is false?

The section of Sarbanes Oxley that provides for fines and imprisonment of up to 20 years to individuals who corruptly alter, destroy, mutilate, or conceal documents with the intent to impair the document's integrity or availability for use in an official proceeding, or to otherwise obstruct, influence or impede any official proceeding is ____________________________________________.

The CFO of Exeter Corporation is very uncomfortable with its current risk exposure related to the possibility of business disruptions.Specifically, Exeter is heavily involved with e-business and its internal information systems are tightly interlinked with its key customers' systems.The CFO has estimated that every hour of system downtime will cost the company about $5,000 in sales.The CFO and CIO have further estimated that if the system were to fail, the average downtime would be about 2 hours per incident.The have anticipated (assume with 100% annual probability) that Exeter will likely experience 10 downtime incidents in a given year due to internal computer system problems, and another 10 incidents per year due to external problems; specifically system failures with the Internet service provider (ISP).Currently, Exeter pays an annualized cost of $25,000 for redundant computer and communication systems, and another $25,000 for Internet service provider (ISP) support just to keep total expected number of incidents to 20 per year.Required: a.Given the information provided thus far, how much ($) is the company's current expected gross risk? b.A further preventative control would be to purchase and maintain more redundant computers and communication lines where possible, at an annualized cost of $30,000, which would reduce the expected number of downtimes per year to 5 per year due to internal computer system problems.What would the dollar amount of Exeter's current residual expected risk at this point?

The control goal of ensure input ____________________ requires that all valid objects or events are captured and entered into the computer.

A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

Salami slicing is program code that can attach itself to other programs (i.e., "infect" those programs), that can reproduce itself, and that operates to alter the programs or to destroy data.

A computer abuse technique called a(n) _________________________ involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

Assuring that cash collections recorded in the cash receipts event data are credited to the right customer in the accounts receivable master data addresses the control goal of:

Ethical behavior and management integrity are products of the corporate culture.

A corrective control plan is designed to discover problems that have occurred.

The control goal of input accuracy is concerned with the correctness of the transaction data that are entered into a system.

Failing to record a customer's order for the purchase of inventory violates the information system control goal of:

____________________ is the possibility that an event will occur.

SAS No.99 emphasizes auditors should brainstorm fraud risks, increase professional skepticism, use unpredictable audit test patterns, and detect management override of internal controls

The section of Sarbanes Oxley that sets forth criminal penalties applicable to CEOs and CFOs of up to $5 million and up to 20 years imprisonment if they knowingly or willfully certify false or misleading periodic reports is _______________________________________________________.

These are applied to all IT service activities.

The control environment reflects the organization's general awareness and commitment to the importance of control throughout the organization.

The section of Sarbanes Oxley that establishes an independent board to oversee public company audits is _________________________________________________________________.

Listed below are 13 specific fraud examples taken from some well-known fraud cases: MiniScribe, ZZZZ Best Carpet Cleaning, Lesley Fay, and Equity Funding.Required: For each fraud example, enter a letter corresponding to which information control goal was initially violated--Validity, Completeness, or Accuracy.Some examples might involve more than one violation.NOTE: When we say initially, we mean what control goal failure led to this example, not what is the present condition.For example, master data might contain information that is inaccurate, but it might have been an inaccurate input that initially caused the data to be inaccurate.Fraud Examples: