Internal Control Frameworks
IT Controls
IT Controls pt 2
Fraud
Databases
100

Who hires and oversees external and internal auditors?

The Audit Committee

100

Who developed COBIT framework?

Information Systems Audit and Control Association (ISACA)

100

What is the difference between disaster recovery plans and business recovery plans?

Business recovery plan deals how to restore business processes after disaster, disaster recovery plans deal with how to restore a data center

100

Pressure to meet or exceed earnings expectations would be what kind of pressure?

Financial Statement Pressure

100

Are more of the controls for incomplete or inaccurate data stored in a database preventative or detective?

Detective

200

Name all 5 parts of the face of the cube

1. Control Environment

2. Risk Assessment

3. Control Activities

4. Information and Communication

5. Monitoring Activities

200

What are some things employees can be trained on for security awareness training?

Appropriate computer use

Reporting procedures if a device is compromised

Identify common viruses

200

What type of backup would be faster to recover information ASAP

Differential

200

Lack of controls or lack of segregation of duties can lead to which side of the fraud triangle?

Opportunity

200

What is a relational database model?

Data is stored in separate tables but tables are structured so they link together

300

Name rules for the independence of Audit Committees

Cannot be employed at the company

Cannot own company's stock

Must be independent from the company basically

300

What is PCI and why is it important?

Payment Card Industry, if customer's data is leaked, it can lead to reputational risks or lawsuit

300

Who has recording and custody duties in IT Organizations? (Programmer, Operations, and Security)

Programming department has recording and Operations has custody

300

Concealing theft of cash through delays in posting collections is lapping or kiting?

Lapping

300

What is an insert anomaly?

Unable to add a new record to a database table if trying to use a foreign key to save a transaction but its the primary key is not defined

400

What is inherent risk in risk assessment?

Cost potential if the risk is not controlled
400

What are some of the risks of cloud computing?

If working remote, files can be intercepted if protected by a weaker software.

400

Which utilizes hot sites and is more expensive, RAID or Real time mirroring?

Real time mirroring

400

An manager continues to fake timecards from an employee who no longer works at the company and collects the paychecks. What kind of fraud is it?

Computer Fraud

400

What is this saying

SELECT Inventory.ITEM#, Sales-Inventory.Quantity

FROM Inventory, Sales-Inventory JOIN ON Inventory.Item# = Sales-Inventory.Item#

GROUP BY Inventory.Item#, Sales-Inventory.Quantity;

Link Inventory Items to Quantity Sold by linking Item# from both tables

500

Infrastructure and Privacy are examples of what risk on the top of the cube?

Reporting

500

Of the segregation of duties between IT department and Accounting department, who should have authorization, custody, and recording?

IT department should have custody and recording, Accounting department should have authorization.

500

Transactions not saved completely or accurately by AIS are a COBIT or COSO problem?

COSO, since it deals with a specific business process
500

What are the 5 standards SAS99 for what auditors should do in terms of fruad?

Understand Fraud

Discuss risks

Obtain evidence

Evaluate results of other audits

Document findings

500

What would the SQL code look like if you are trying to Count the number of Items in an Inventory table?

SELECT Count(Inventory.Item#) 

AS CountOfItem#

FROM Inventory