AIS Exam 2 | 2023 Questions and answers 2023

AIS Exam 2 | 2023 Questions and answers 2023 Preventive, Detective, Corrective - Internal Controls -Internal environment -Objective setting -Event identification -Risk assessment -Risk response -Control activities -Information and communication -Monitoring - COSO-ERM Threat or Event - Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization Exposure or Impact - The potential dollar loss should a particular threat become a reality Likelihood - The probability that the threat will happen Preventive Controls - Deter problems from occurring Uses segregation of duties with cash handling Detective Controls - Discover problems that are not prevented -Log Analysis -Intrusion Detection Systems -Penetration Testing -Continuous Monitoring Corrective Controls - -Identify and correct problems -Recovers from those problems +Computer Incident Response Team +Chief Information Security Officer +Patch Management -Data Matching -File Labels -Recalculation of batch totals -Cross-footing -Zero-balance tests -Write-protection mechanisms -Concurrent update controls - Processing controls for computer processing Limit Check - Tests numerical amount against a fixed value Forms Design - Source documents and other forms should be designed to minimize the chances for errors and omissions Inherent Risk - Susceptibility to significant control problems in the absence of internal controls Write-Protection Mechanisms - Protect against overwriting or erasing of data files stored on magnetic media Compatibility Test - Test that matches the user's authentication credentials against the access control matrix to determine whether they should be allowed Data Matching - Two or more items of data must be matched before an action can take place Closed-Loop Verification - Input validation method that uses data entered into the system to retrieve and display other related information so that the data entry person can verify the accuracy of the input data Objectives of a Disaster Recovery Plan - -Resume normal operations as soon as possible -Train employees for emergency operations -Minimize the extent of the disruption, damage, or loss Sequence Check - Determines if a batch of input data is in the proper numerical or alphabetical order -Field Check -Sign Check -Limit Check -Range Check -Size Check -Completeness Check -Validity Check -Reasonableness Check - Source Data Entry Controls Cancellation and storage of source document - Source documents that have been entered into the system should be canceled so they cannot be fraudulent reentered Visual Scanning - -Checklists -Second Reviewer Recalculation of Batch Totals - Batch totals should be recomputed as each transaction record is processed and the total of the batch should then be compared to the values in the trailer record File Labels - Need to be checked to ensure that the correct and most current files are being updated -External Labels - Readable by humans -Internal Labels - Readable by machine Authorization - Restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform Validity Check - Compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists Collusion - Cooperation between two or more people in an effort to prevent internal controls Completeness Check - Verifies that all data required has been entered Size Check - Test that ensures the input data will fit into the assigned field Range Check - Test that determines if data item falls within predetermined upper and lower limits Sign Check - Determines the appropriate arithmetic sign Field Check - Tests whether characters in a field are the correct type Cross-Footing - A processing control which verifies accuracy by comparing two alternative ways of calculating the same total Zero-Balance - Verifies that the balance of a control account equals zero after all entries to it have been made Concurrent Update Controls - Prevent error of two or more users updating the same record at the sa