BCS 2 MIDTERM

avatar
Created by
gandeza lozano

Cards (350)

  • Stewardship
    The careful and responsible oversight and use of the assets entrusted to management
  • To efficiently and effectively manage an organization, management and the board of directors must have access to accurate and timely feedback regarding the results of operations.
  • Internal control
    A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations
  • Code of ethics
    A set of documented guidelines for moral and ethical behavior within the organization
  • Management that emphasizes and models ethical behavior is more likely to encourage ethical behavior in employees.
  • Fraud
    The theft, concealment, and conversion to personal gain of another's money, physical assets, or information
  • Misappropriation of assets
    Theft of any item of value, sometimes referred to as a defalcation or internal theft
  • Misstatement of financial records
    Falsification of accounting reports, often referred to as earnings management or fraudulent financial reporting
  • Fraud triangle
    The three conditions that must exist for fraud to be perpetrated: incentive to commit the fraud, opportunity to commit the fraud, and rationalization of the fraudulent action
  • Categories of people who can perpetrate fraud in an organization
    • Management
    • Employees
    • Customers
    • Vendors
  • Management fraud
    Fraudulent financial reporting conducted by one or more top‐level managers within the company
  • Internal controls for IT systems
    Controls that help ensure the confidentiality, integrity, and availability of IT systems and the data they process
  • Computer systems are critical to ongoing operations for most organizations
  • Reasons why managers commit fraud
    • Increased stock price
    • Improved financial statements to enhance the potential for a merger or IPO, or prevent negative consequences
    • Enhanced chances of promotion or avoidance of firing or demotion
    • Increased incentive‐based compensation
    • Delayed cash flow problems or bankruptcy
  • Accounting information systems collect, process, store, and report accounting information
  • Management fraud typically involves manipulation of the financial statements so that the manager can benefit, is conducted or encouraged by top managers, involves complex transactions or business structures, and involves management's circumvention of internal controls.
  • It is important to consider possible threats to the IT system and implement controls to prevent those threats from becoming reality
  • The most effective measure to prevent or detect management fraud is to establish a professional internal audit staff that periodically checks up on management activities and reports to the audit committee of the board of directors.
  • General controls
    Controls that apply overall to the IT accounting system, not restricted to any particular accounting application
  • Application controls
    Controls used specifically in accounting applications to control inputs, processing, and outputs
  • Categories of general controls
    • Authentication of users and limiting unauthorized access
    • Hacking and other network break-ins
    • Organizational structure
    • Physical environment and physical security of the system
    • Business continuity
  • Authentication of users
    Process or procedure in an IT system to ensure the person accessing the system is a valid and authorized user
  • Management override
    The circumvention or overriding of the systems or internal controls that are in place
  • Password requirements
    • At least 8 characters, contain at least one non-alphanumeric character, case-sensitive, changed every 90 days
  • Two-factor authentication
    Authentication based on something the user has (token/smart card) and something the user knows (password)
  • Management fraud
    • Conducted by top-level managers
    • Involves manipulation of the financial statements so that the manager can benefit
  • Biometric devices
    Devices that use unique physical characteristics of the user to identify and authenticate them
  • Many management frauds include complex transactions or entities, such as Enron's use of SPEs
  • Nonrepudiation
    Ensures a user cannot deny any particular action they took on the IT system
  • Managers operate above the level of internal controls - internal controls can be overridden or circumvented by managers
  • User profile
    Determines each user's access levels to hardware, software, and data according to their job responsibilities
  • Internal audit staff
    Periodically checks up on management activities and reports to the audit committee of the board of directors
  • Authority table
    Contains a list of valid, authorized users and the access level granted to each one
  • Employee fraud
    • Conducted by non-management employees
    • Involves stealing cash or assets for personal gain
  • Configuration tables
    Contain the appropriate set-up and security settings for hardware, software, and application programs
  • Types of employee fraud
    • Inventory theft
    • Cash receipts theft
    • Accounts payable fraud
    • Payroll fraud
    • Expense account fraud
  • Firewall
    Hardware, software, or combination of both that is designed to block unauthorized access to a network
  • Skimming
    The organization's cash is stolen before it is entered into the accounting records
  • Authorization and access controls cannot be completely effective, so additional controls are needed
  • Larceny
    The company's cash is stolen after it has been recorded in the accounting records