CIA Part 1 - Control Types

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/31

flashcard set

Earn XP

Description and Tags

Flashcards coming from Gleim material for Control information to be covered under part 1 of the CIA exam.

Last updated 3:13 AM on 7/15/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

32 Terms

1
New cards

Controls

Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved.

2
New cards

Control Processes

Policies, procedures, and activities designed and operated to manage risks to be within the level of an organization’s risk tolerance.

3
New cards

Control environment

Attitude and actions of the board / management regarding importance of controls in the org.

Provides discipline and structure for achieving primary objectives of internal control system

4
New cards

Integrity and ethical values; Org structure; Mgmt philosophy; Assigning authority and responsibility; HR policy and practices; Competency

6 elements of control environment

5
New cards

Risk and Control Matrix (RACM)

Tool that facilitates the performance of internal auditing.

Links business objectives, risks, control processes, and key info to support IA processes.

Evaluation of Design Adequacy and Operating Effectiveness.

Mapping can be One to One, One to Many, or Many to Many - just depends!

6
New cards

Control Process

Establishing operational standards →

Measuring performance against the standards →

Analyze exceptions →

Take corrective action →

Reappraise standards overtime → repeat!

7
New cards

Faulty human judgment; Mgmt override; Collusion; if Cost>Benefits

Limitations of Internal Controls

8
New cards

Audit Trail

Record of accounting measurements, trade details, or other financial data can be traced back to their source.

Verification and tracking of transactions.

9
New cards

Segregation of Duties

Fraud mitigation tool. Distributing tasks and responsibilities among multiple individuals so no one has sole control over a transaction’s lifecycle

10
New cards

Batch Processing

Transactions accumulated and submitted to computer as big group.

User cannot influence the process once the job has begun.

Efficient for payroll due to high volume.

11
New cards

Online, Real-Time Processing

System where transactions are available at all times. Database is instantly updated when a transaction is entered.

12
New cards

Primary Internal Control

Crucial measure / procedure that organizations implement to manage risks and maintain integrity of financial reporting and operations

  • Preventive Controls

  • Detective Controls

  • Corrective Controls

  • Directive Controls

13
New cards

Preventive Controls

[Primary Control] Deter potential problems before they occur. Stopping errors, fraud, other risks from happening.

Ex. physical locks; database validity checks; etc.

14
New cards

Detective Controls

[Primary Control] alert the proper people after unwanted event.

Active controls as they require human intervention.

Effective when alert occurs before harm occurs.

Ex. Burglar alarm; duplicate invoice rejection & notification; etc.

15
New cards

Corrective Controls

[Primary Control] Fix negative effect of unwanted event.

Ex. Justification of cost variances over a threshold; etc.

16
New cards

Directive Controls

[Primary Control] Cause or encourage the occurrence of desirable event

Ex. Policy and procedures; Employee training; Job descriptions

17
New cards

Secondary Internal Controls

Supplementary measure to enhance effectiveness of primary controls.

Establishment of direct procedures and processes to provide additional layers of protection and assurance.

Ex. Supervision, Independent reviews / spot checks, UAM

18
New cards

Compensating Controls

[Secondary Control] Likely to be established when Segregation of Duties is not maintained / ineffective primary controls.

Do not, by themselves, reduce risk to acceptable level.

Ex. Increased Supervision

19
New cards

Complementary Controls

[Secondary Control] Work with other controls to reduce risk to acceptable level. Focus on their synergy.

Ex. obtaining deposit slips validated by bank in Cash Receipts process.

20
New cards

Entity-Level Controls

Attempt to achieve organizational objectives and address entity-wide risks.

  • Governance Controls - est by BOD. Org policies & procedures over culture and expectations

  • Management Oversight Controls - implemented at business unit level.

21
New cards

Process-Level Controls

Designed to achieve process objectives and address process risk.

Ex. physical inventory counts; performance assessments; etc.

22
New cards

Transaction-Level Controls

Designed to achieve transaction objectives and address risks specific to transactions.

23
New cards

IT General Controls (ITGC)

Wide range of policies and procedures that help maintain integrity, security, and availability of org’s IT systems and data.

  • Network operations & Data Centers

  • System software acquisition, changes, maintenance

  • Access Security (UAM)

  • Application acquisition, dev, maintenance

Ex. passwords, SDLC controls, change management, backup & recovery processes

24
New cards

Application Controls

[ITGC] Specific measures in place within software to ensure accuracy, integrity, and security of data processed.

Prevent errors and unauthorized access.

  • input controls

  • processing controls

  • output controls

25
New cards

Batch Input Controls

[Application Control] Identify errors or inconsistencies in groups of transactions prior to processing.

  • Financial Totals - sum; actual vs expected

  • Record Counts - counts; actual vs expected

  • Hash totals - sum of nonmeaningful numbers (vendor or invoice nums); actual vs expected

26
New cards

Online (Real Time) Input Controls

[Application Control] Measures to ensure security and integrity of individual transactions while being processed.

  • Preformatting of data entry

  • Field / Format Checks - i.e. no letters in a zip code

  • Validity Checks - compare entry to table of acceptable values

  • Limit and range checks (reasonableness) - over threshold?

  • Check digits - allows algorithmic check of identification number

  • Sequence Checks - check based on logical sorting of files {i.e. sorted based on a key field}

  • Zero Balance Checks - reject where sum of debits and credits <> 0

27
New cards

Processing Controls

[Application Control] Ensure that data is complete and accurate during updating

  • Concurrency Controls - manage situation where 2+ users attempt to access/update file or database simultaneously

28
New cards

Output Controls

[Application Control] Ensure that processing results are complete, accurate, and properly distributed.

Ex. User Review {Quality Assurance}

29
New cards

Integrity Controls

[Application Control] Monitor data being processed and in storage to ensure it remains consistent and correct.

Ex. circular reference error in Excel

30
New cards

Feedback Controls

[Time-Based Control] Report information about completed activities. Allows for improvement in the future by learning from mistakes.

Ex. Quality Control; Variance Analysis

31
New cards

Concurrent Controls

[Time-Based Control] Adjusting ongoing processes. Real time monitoring to prevent deviations beyond a threshold.

Ex. close supervision of production line workers

32
New cards

Feedforward Controls

[Time-Based Control] Anticipating and preventing problems. Require long term perspective.

Ex. Policies and procedures.