Internal Control Frameworks
Who hires and oversees external and internal auditors?
The Audit Committee
Who developed COBIT framework?
Information Systems Audit and Control Association (ISACA)
What is the difference between disaster recovery plans and business recovery plans?
Business recovery plan deals how to restore business processes after disaster, disaster recovery plans deal with how to restore a data center
Pressure to meet or exceed earnings expectations would be what kind of pressure?
Financial Statement Pressure
Are more of the controls for incomplete or inaccurate data stored in a database preventative or detective?
Detective
Name all 5 parts of the face of the cube
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring Activities
What are some things employees can be trained on for security awareness training?
Appropriate computer use
Reporting procedures if a device is compromised
Identify common viruses
What type of backup would be faster to recover information ASAP
Differential
Lack of controls or lack of segregation of duties can lead to which side of the fraud triangle?
Opportunity
What is a relational database model?
Data is stored in separate tables but tables are structured so they link together
Name rules for the independence of Audit Committees
Cannot be employed at the company
Cannot own company's stock
Must be independent from the company basically
What is PCI and why is it important?
Payment Card Industry, if customer's data is leaked, it can lead to reputational risks or lawsuit
Who has recording and custody duties in IT Organizations? (Programmer, Operations, and Security)
Programming department has recording and Operations has custody
Concealing theft of cash through delays in posting collections is lapping or kiting?
Lapping
What is an insert anomaly?
Unable to add a new record to a database table if trying to use a foreign key to save a transaction but its the primary key is not defined
What is inherent risk in risk assessment?
What are some of the risks of cloud computing?
If working remote, files can be intercepted if protected by a weaker software.
Which utilizes hot sites and is more expensive, RAID or Real time mirroring?
Real time mirroring
An manager continues to fake timecards from an employee who no longer works at the company and collects the paychecks. What kind of fraud is it?
Computer Fraud
What is this saying
SELECT Inventory.ITEM#, Sales-Inventory.Quantity
FROM Inventory, Sales-Inventory JOIN ON Inventory.Item# = Sales-Inventory.Item#
GROUP BY Inventory.Item#, Sales-Inventory.Quantity;
Link Inventory Items to Quantity Sold by linking Item# from both tables
Infrastructure and Privacy are examples of what risk on the top of the cube?
Reporting
Of the segregation of duties between IT department and Accounting department, who should have authorization, custody, and recording?
IT department should have custody and recording, Accounting department should have authorization.
Transactions not saved completely or accurately by AIS are a COBIT or COSO problem?
What are the 5 standards SAS99 for what auditors should do in terms of fruad?
Understand Fraud
Discuss risks
Obtain evidence
Evaluate results of other audits
Document findings
What would the SQL code look like if you are trying to Count the number of Items in an Inventory table?
SELECT Count(Inventory.Item#)
AS CountOfItem#
FROM Inventory