1. What is internal control?
    System to provide reasonable assurance that objectives are met; Making sure everything is as it is supposed to be.
  2. What are the 3 functions of control?
    - Preventative (deter problems)

    - Detective (discover problems)

    - Corrective (correct problems).
  3. What are some objectives internal control checks for?
    - safeguard assets

    - maintain records appropriatly

    - reports are fair and accurate

    - provide accurate and reliable info

    - prepare financial reports in accordance with established criteria

    - improve and promote operational efficiency

    - encourage adherence to policies

    - comply with laws and regulations.
  4. What are the 2 control categories?
    - General (overall system and process; entire organization)

    - Application (transactions are processed correctly; app works as it should).
  5. What are some objectives of the Sarbanes-Oxley Act of 2002 (SOX)?
    - prevent financial statement fraud

    - inrease transparency of financial reports

    - protect investors

    - stregthen internal controls

    - establish responsibility for executives.
  6. What does PCAOB stand for and what is it?
    Public Company Accounting Oversight Board

    = organization that oversees auditors.
  7. What are some of the rules SOX changed/introduced?
    - new auditing rules (partner rotation; separation of audit and non-audit services)

    - new rules for audit committees (independent, but part of BOD; one must be financial expert; oversee external auditors)

    - new rule for management (responsibility for fairness and review of financial statements; resp. for sharing material IC weaknesses and fraud w/ auditors)

    - new IC requirements (establishing and maintaining adequate IC system).
  8. What are the IC frameworks discussed in chapter 7?
    • COBIT
    • = Control Objectives for Information and Related Technology
    • - business objectives, IT resources + processes

    • COSO
    • = Committee of Sponsoring Organizations
    • - (non IT IC) control environment + activities, assess risks, info and communication, monitoring.
  9. Briefly describe the enterprise risk management model.
    set objectives (what org. needs to do)

    => ID event (that enables reaching objectives)

    => assess risk (that can threaten event).
  10. What are the 5 choices when it comes to risk control?
    - Accept

    - Diversify

    - Share

    - Transfer

    - Avoid.
Card Set
Accounting Information Systems ch7