Ensure compliance with the model.

Identify management functions.

Identify emerging issues.

Set goals for implementation.

Government pressure on organizations to increase or maintain employment.

Production orientation of management.

Lack of credible market leader in the industry.

Company diversification.

The distorted unit cost of a service is 50 percent lower than the true cost, while the true cost is 50 percent higher than the competition's cost.

The organization is losing $1,000,000 annually because it incorrectly outsourced an operation based on information from its current system.

The cost of rework, hidden by the current system, is 50 percent of the total cost of all services.

50 percent of total organizational cost has been allocated on a volume basis.

The total liabilities and total stockholder equity both increased.

The total liabilities and total stockholder equity both decreased.

The total liabilities decreased, and the total stockholder equity increased.

The total liabilities increased, and the total stockholder equity decreased.

To improve the chain of command.

To strengthen corporate headquarters.

To focus better on a single market.

To increase lateral communication.

Access to read application logs is restricted to authorized users.

Account balance information is encrypted in the database.

The web server used to host the application is located in a physically secure area.

Sensitive data, such as account numbers, are submitted using encrypted communications.

The framework categorizes an organization's objectives to distinct, non overlapping objectives.

Control environment is one of the framework's eight components.

The framework facilitates effective risk management, even if objectives have not been established.

The framework integrates with, but is not dependent upon, the corresponding internal control

framework.

Capital investment and not marketing

Marketing and not capital investment.

Efficiency and not input economy.

Effectiveness and not efficiency.

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

The Committee of Sponsoring Organizations of the Treadway Commission.

The Board of Environmental, Health, and Safety Auditor Certifications.

The International Organization of Supreme Audit Institutions.

The International Standards Organization.

Identifying the processes at the activity level.

Analyzing the organization's strategic plan where the business processes are defined.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

Borrowers may not sign all required mortgage loan documentation.

Fees paid by the borrower at the time of the loan may not be deposited in a timely manner.

The bank's loan documentation may not meet the government's disclosure requirements.

Loan officers may override the lending criteria established by senior management.

Submit batches of test transactions through the current system and verify with expected results.

Use a test program to simulate the normal data entering process.

Select a sample of records from the database and ensure it matches supporting documentation.

Evaluate compliance with the organization's change management process.

A time-sensitive just-in-time purchase environment.

A large volume of custom purchases.

A variable volume sensitive to material cost.

A currently inefficient purchasing process.

Develop and test the organization's disaster recovery plan.

Install and test fire detection and suppression equipment.

Restrict access to tangible IT resources.

Ensure that at least one developer has access to both systems and operations.

Consult on project design and implementation of the CSR program.

Serve as an advisor on internal controls related to CSR.

Identify and prioritize the CSR issues that are important to the organization.

Evaluate the effectiveness of the organization's CSR efforts.

Increase shareholder value.

Maximize market share.

Improve operational efficiency.

Mitigate losses.

Decreasing gross profit margins over time.

Foregone contribution margin on lost sales.

Defective units shipped to customers.

Excessive time to convert raw materials into finished goods.

Electronic funds transfer.

Knowledge-based systems.

Biometrics.

Standardized graphical user interface.

The board has overall responsibility for the internal control processes associated with the CSR program.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with the CSR program.

The internal audit activity is responsible for ensuring that CSR principles are integrated into the

organization's policies and procedures.

Every employee has a responsibility for ensuring the success of the organization's CSR objectives.

Formulate contingency plans.

Conduct a risk analysis.

Create a crisis management team.

Practice the response to a crisis.

Priority over common stock with regard to dilution of shares.

Priority over common stock with regard to earnings.

Priority over common stock with regard to dividend payment.

Priority over common stock with regard to assets.

Fixed cost.

Variable cost.

Total maintenance cost.

Patient days.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Joint ventures.

Licensing.

Exporting.

Overseas production.

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

Times interest earned, return on assets, and inventory turnover.

Accounts receivable turnover, inventory turnover in days, and the current ratio.

Accounts receivable turnover, return on assets, and the current ratio.

Inventory turnover in days, the current ratio, and return on equity.

1 and 2 only

2 and 3 only

3 and 4 only

1, 2, and 3 only

Decentralized organizations are more focused on organizational goals.

Decentralized organizations streamline organizational structure.

Decentralized organizations tend to be less expensive to operate.

Decentralized organizations tend to be more responsive to market changes.

Giving assurance that risks are evaluated correctly.

Developing the risk management strategy for the board's approval.

Facilitating the identification and evaluation of risks.

Coaching management in responding to risk.

Encourage compliance with policies and procedures.

Safeguard the resources of the organization.

Ensure the accuracy, reliability, and timeliness of information.

Provide reasonable assurance on the achievement of objectives.

1 only

4 only

2 and 4

3 and 4

Avoidance.

Reduction.

Elimination.

Sharing.

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

A list of trustworthy good traffic and a list of unauthorized blocked traffic.

Monitoring for vulnerabilities based on industry intelligence

Comprehensive service level agreements with vendors.

Firewall and other network penmeter protection tools.

It is particularly helpful to management when the organization is facing rapid change

It is a more successful approach when adopted by mechanistic organizations

It is more successful when goal-setting is performed not only by management, but by an team members, including lower-level staff.

It is particularly successful in environments that are prone to having poor employer-employee relations

Version control

Privacy

Portability

Secure authentication

Access control via biometric authentication.

Access control via passcode authentication.

Access control via swipe pattern authentication.

Access control via security question authentication.

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports.

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing the financial information of the company.

They require significant computer resources.

They are susceptible to supply-chain disruptions.

They require complicated materials-supply contracts.

They prevent manufacturers from scaling up or down to meet changing demands.

System software that acts as an interface between a user and a computer.

A standardized set of guidelines that facilitates communication between computers on different

networks.

System software that translates hypertext markup language to allow users to view a remote webpage.

A network of servers used to control a variety of mission-critical operations.

The business continuity management charter.

The business continuity risk assessment plan

The business impact analysis plan

The business case for business continuity planning

An extranet

A local area network.

An intranet

The internet

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

Assign a team of personnel who have different specialties to each audit and empower team members to participate fully in key decisions.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit key decisions to the senior person.

All financial budgets

All operating budgets

Only the cash budget and budgeted balance sheet

Only the sales and production budgets

Debit indicates the right side of an account and credit the left side.

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease.

First-in first-out method (FIFO)

Last-in first-out method (LIFO)

Specific identification method

Average-cost method

To ensure that data input into business applications is valid, complete, and accurate.

To prevent or detect errors in data processed using business applications.

To ensure that business applications are protected from unauthorized logical access.

To ensure the validity, accuracy, and completeness of outputs from business applications.

Input controls

Output controls

Processing controls

Integrity controls

Servers optimize data processing by sharing it with other computers on the information system

Servers manage the interconnectivity of system hardware devices in the information system.

Servers manage the data stored in databases residing on the information system.

Servers enforce access controls between networks transmitting data on the information system

Zone that separates an organization's servers from outside forces.

Area in which messages are scrutinized to determine if they are authorized.

Area where communication and transactions occur between trusted parties.

Zone where data is encrypted, users are authenticated, and user traffic is filtered.

Intranet.

Extranet.

Digital subscriber line.

Broadband.

Cost X is a variable cost.

Cost X is a fixed cost.

Cost X is a semi-fixed cost.

Cost X and the value of Output Produced are unrelated.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

$100

$200

$300

$500

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, and 4 only

Verify whether the organization uses the most recent database software version

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded

Verify whether access to database version information is appropriately restricted

Accounts receivable in the short term

Bonds to be held to maturity.

Notes receivable in the short term

Bonds to be held for sale in the short term.

A slower response to external change.

Less controlled decision making.

More burden on higher-level managers.

Less use of employees' true skills and abilities.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager

A combination of product and functional departments allows management lo utilize personnel from various functions

Authority responsibility and accountability of the units involved may vary based on the project's life, or the organization's culture

It is best suited for firms with scattered locations or for multi-lira. large-scale firms

Require complex passwords to be established and changed quarterly

Require swipe cards to control entry into secure data centers

Monitor access to the data center with closed circuit camera surveillance.

Maintain current role definitions to ensure appropriate segregation of duties

Change management controls

Physical and environmental controls.

System software controls

Organization and management controls

Diagnostic analytics

Descriptive analytics

Prescriptive analytics

Predictive analytics

individual workstation computer controls are not as important as companywide server controls.

Particular attention should be paid to housing workstations away from environmental hazards.

Cybersecurity issues can be controlled at an enterprise level making workstation level controls

redundant

With security risks near an all-time high workstations should not be connected to the company network

Normalize the data

Obtain the data

identify the risks

Analyze the data

Whether customers are asked to renew their consent for their data processing at least quarterly.

Whether private data is processed in accordance with the purpose for which the consent was obtained.

Whether the organization has established explicit and entitywide policies on data transfer to third parties.

Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

Non-disclosure agreements between the firm and its employees

Logs of user activity within the information system

Two-factor authentication for access into the information system

Limited access to information based on employee duties

Predictive analytics

Prescriptive analytics

Descriptive analytics

Diagnostic analytics

The structure is dispersed geographically.

The hierarchy levels are more numerous.

The span of control is wide.

The lower-level managers are encouraged to exercise creativity when solving problems.