AIS: Exam 2 Study Guide

Sales Order

Records the items and quantities ordered by a customer

Bill of Lading

Shipping document transferring responsibility for goods to carrier

Packing Slip

Lists contents of shipment

Remittance Advice

Payment notification accompanying a customer payment

Credit Memo

Authorizes reducing the balance owed by a customer

Purchase Order

Authorizes ordering goods from a supplier

Supplier Invoice

Bill sent by supplier requesting payment

Debit Memo

Reduces the balance owed to a supplier

Receiving Report

Documents goods received from a supplier

Voucher System

Each approved invoice is posted to a supplier record and stored in an open invoice file

Nonvoucher System

Each approved invoice is posted individually to supplier records in the AP file and then stored in the open invoice file

Evaluated Receipt Settlement (ERS)

Eliminates supplier invoices entirely; payment triggered by matching PO to receiving report - reduces threat of errors in supplier invoices

Components of COSO

• Control Environment

• Risk Assessment

• Control Activities

• Information and Communication

• Monitoring

Control Environment

The foundation; tone at the top

Risk Assessment

Identifying and analyzing risks to achieve objectives

Control Activities

Policies and procedures to address risks

Information and Communication

Systems that support control

Monitoring

Ongoing evaluation of control effectiveness

Which of the following is not a Control Environment Factor under COSO?

Analyzing past financial performance and reporting

Which of the following is not an Information & Communication Principle under COSO?

Comparing actual inventory quantities with recorded amounts before transmitting to external parties

Which of the following is not a type of internal control?

Effective

Preventative Control

Aims to stop errors/fraud before they occur

Detective Control

Aims to identify errors/fraud after they occur

Corrective Control

Aims to remediate identified problems

Which of the following is not an example of a preventative control?

Bank reconciliation

Which of the following is not an example of a detective control?

Correcting data entry errors

Which of the following is not an example of a corrective control?

Separating cash recording from cash custody

Which of the following is not a function that must be separated for effective segregation of duties?

Establishment of AIS systems

Which of the following is not an aspect of the Fraud Triangle?

Capability

Pressure (Incentive)

Financial need or personal pressures

Opportunity

Weak internal controls that create the opening to commit fraud

Rationalization

The perpetrator’s mental justification

Most fraud perpetrators are…

white collar criminals

Most first-time, unprosecuted perpetrators of fraud do not commit fraud again.

True

Which of the following is not a legal element of fraud?

Financial motive to gain

Intentional Acts

Deliberate misuse of assets or information

Unintentional Acts

Accidental errors

Natural/Political Disasters

Environmental threats

Software Errors/Equipment Malfunctions

Technology failures

Which of the following is not an intentional act?

Mistake in data entry

Which of the following is not an unintentional act?

Lapping of accounts receivable

Which of the following is not a natural or political disaster?

Hardware failures

Which of the following is not a software error or equipment malfunction?

Computer fraud

Which of the following is not a mitigating control for kickbacks?

Restrict ability to cancel sales

Which of the following is not a mitigating control for the theft of cash?

Competitive bidding

Which of the following is not a mitigating control for the theft of inventory?

Restriction of access to supplier master file

An example of a mitigating control for billing errors is:

Restrict access to pricing master data

An example of a mitigating control for accepting unordered items is:

Require approved PO before accepting any delivery

An example of a mitigating control for errors in supplier invoices is:

Evaluated Receipt Settlement (ERS)

Phishing

E-mails/websites that trick recipients into disclosing confidential information

Carding

Buying and reselling stolen credit card information online

Typosquatting

Registering misspelled domain names to capture misdirected traffic

Pharming

Redirecting the traffic from a legitimate site to a fake site

Zero-Day Attack

Exploiting a vulnerability between its discover and the release of a patch

Hacking

Unauthorized access to systems to steal, destroy, or publish data

Botnet Attack

Network of hijacked computers to launch attacks

Dictionary Attack

Automated password-cracking using common words

SQL Injection

Inserting malicious code of database queries

Cross-Site Scripting

Injecting malicious scripts into trusted websites

Spyware

Malware that monitors system activity; causes slow performance, crashes, and connectivity issues

Logic Bomb

Malware that triggers upon a specific condition

Ransomware

Malware that encrypts files and demands payment

Steganography

Hiding data within other data or files

Denial of Service (DoS)

Overwhelming a system to prevent legitimate access

The core principle of ERM is:

Uncertainty results in risk, defined as the possibility that something will negatively
affect an organization’s ability to create value. Organizations are formed to create value for stakeholders – not for the government

Which of the following is not one of management’s responsibilities under ERM?

Certify the financial statements

Which of the following is not one of the key provisions of SOX?

The audit committee of the board of directors has no responsibility for the external auditors

Economic Order Quantity (EOQ)

Formula that minimizes total ordering and holding costs

Reorder Point

Inventory level that triggers a new order to avoid stockouts

Materials Requirements Planning (MRP)

Reduces inventory by improving forecasting accuracy to better schedule purchases to satisfy production needs

Just in Time (JIT)

Minimizes inventory to receiving goods only as needed for production

When a customer places an order, the organization should:

all of the above

Which of the following controls reduce theft in cash collections?

All of the above

Which of the following controls applies to master data risk?

All of the above

Key Master Data Files

• Customer

• Supplier

• Pricing

• Inventory

Customer Master File

Credit limits, payment terms

Supplier Master File

Vendor information, payment details

Pricing Master File

Restrict access to prevent billing errors

Inventory Master File

Quantities, locations, costs