AIS CHAPTER 3

1. _ are derived from societal mores and deep-rooted 1. Ethical standards

personal beliefs about issues of right and wrong 2. Ethics
that are not universally agreed upon. 3. Equity
2. _pertains to the principles of conduct that Rights
individuals use in making choices and guiding their Honesty
behavior in situations that involve the concepts of Exercise of corporate power
right and wrong. 4. Ethical responsibility
3. 4 areas of ethical issues in business. 5. Proportionality
4. Seeking a balance between these consequences is 6. Computer ethics
the managers’ _. 7. Privacy
5. _is the benefit from a decision must outweigh the Security
risks. Ownership of property
6. _is the analysis of the nature and social impact of Equity in access
computer technology and the corresponding Environmental issues
formulation and justification of policies for ethical Artificial intelligence
use of such technology. Unemployment and displacement
7. 8 issues of concern for students of AIS. Misuse of computer
8. _is an attempt to avoid such undesirable 8. Computer security
events as a loss of confidentiality or data 9. Situational pressures
Opportunities
integrity.
ethics
9. Factors that contribute to fraud/fraud triangle.
10. Lack of auditor independence
10. Enron, worldcom,adelphia underlying problems.
Lack of director independence
11. 3 ways to disclose its code of ethics.
Questionable executive compensation
12. _states that the organization should provide full,
schemes
fair, accurate, timely, and understandable
Inappropriate accounting practices.
disclosures in the documents, reports, and
11. Included as an exhibit to annual report.
financial statements that it submits to the SEC.
Posting to its website.
13. _codes of ethics should require employees to
Agreeing to provide copies of the code.
follow applicable governmental laws, rules, and
12. Full and fair disclosure
regulations.
13. Legal compliance
14. _is to seamlessly blend the auditor’s consideration
14. SAS 99
of fraud into all phases of the audit process.
15. Fraud
15. _denotes a false representation of a material fact.
16. False representation
16. Five conditions of fraudulent act.
Intent
17. Two level of frauds.
Material fact
18. _is generally designed to directly convert cash or
Justifiable reliance
other assets to the employee’s personal benefit.
Injury or loss
19. Three steps of employee fraud.
17. Employee fraud
20. _often escapes detection until the organization has
Management fraud
suffered irreparable damage.
18. Employee fraud
19. Stealing something of value
Converting the asset to a usable form
Concealing the crime
20. Management fraud
21. Three broad categories of fraud schemes. 21. fraudulent statements
22. _are associated with management fraud and corruption
includes misstating the financial asset misappropriation
statements to make the copy appear 22. Fraudulent statements
better than it is. 23. Asset misappropriation
23. _Most common type of fraud and often 24. Lapping
occurs as employee fraud (ex. Lapping and 25. Transaction fraud
transaction fraud)._ 26. Computer fraud schemes
27. Data collection fraud
24. _using customer’s check from one
Data processing fraud
account to cover theft from a different
Database management fraud
account.
Information generation fraud
25. _deleting, altering, or adding false 28. Data collection fraud
transactions to steal assets. 29. Operations fraud
26. _includes theft, misuse, or Program frauds
misappropriation of assets by altering 30. Operation frauds
computer-readable records and files. 31. Program frauds
27. 4 computer fraud schemes. 32. Database management fraud
28. _This aspect of the system is the most 33. Scavenging
vulnerable because it is relatively easy to 34. Safeguard assets
change data as it is being entered into the Ensure accuracy and reliability
system. Promote efficiency of the firm’s operations
29. 2 types of data processing fraud. Measure compliance
35. Management responsibility
30. _misuse of company computer resources,
Reasonable assurance
such as using the computer for personal
Methods of data processing
business.
36. Destruction
31. _altering programs to allow illegal access Theft
to and/or manipulation of data files. Corruption
32. _Altering, deleting, corrupting, destroying, Disruption
or stealing an organization’s data. 37. SAS 78/COSO
33. _searching through the trash cans on the 38. Control environment
computer center for discarded output (the Risk assessment
output should be shredded, but frequently Information and communication
is not). Monitoring
34. Internal Control Objectives According to Control activities
AICPA SAS. 39. General controls
35. Modifying Assumptions to the Internal Application controls
Control Objectives.
36. 4 Exposures of Weak Internal Controls
(Risk).
37. Describes the relationship between the
firm’s internal control structure, auditor’s
assessment of risk, and the planning of
audit procedures.
38. Five Internal Control Components: SAS 78
/ COSO
39. Two Types of IT Controls.
40. _pertain to the entity wide computer 40. General controls
environment. 41. Transaction Authorization
41. Six Types of Physical Controls. Segregation of Duties
42. _used to ensure that employees are carrying Supervision
out only authorized transactions. Accounting Records
43. _a compensation for lack of segregation; Access Control
some may be built into computer systems. Independent Verification
44. _help to safeguard assets by restricting 42. Transaction authorization
physical access to them. 43. Supervision
45. _reviewing batch totals or reconciling 44. Access control
subsidiary accounts with control accounts. 45. Independent verification
46. _The rules are often embedded within 46. Transaction authorization
computer programs. 47. Supervision
47. _The ability to assess competent employees 48. Access control
becomes more challenging due to the greater 49. Independent verification
technical knowledge required.
48. _Data consolidation exposes the organization
to computer fraud and excessive losses from
disaster.
49. _When tasks are performed by the computer
rather than manually, the need for an
independent check is not necessary.