Study Sheet for Final Exam on Internal Accounting Control These are terms that appear on the final exam – I’m sure you can add to this list. Remember how to study—name of control, how it works, and an example using the data in the question. Begin: Ch 7 Romney Steinbart AIS textbook 12th ed. (Ch 6 in 11th ed.) Of the 300+ slides in the chapter powerpoint we covered the following: Slides 1-10, 18, 19, 21--25, for SOX 27—39, 44 for frameworks, COSO 52--66, then COSO ERM cube 67—148, 175—195 risk, 280-315 monitoring. Internal Controls from Lecture notes part A and B—and Ch 14 of Dunn textbook preventive, detective, corrective control classification file labeling--external file label, internal file label, header and trailer label or record grandparent-parent-child backup—offsite backup—cold site, warm site, hot site—checkpoints— disk shadowing, disk mirroring, transaction logs, file library File reconstruction Application and systems documentation General control vs. application control Edit checks: Field length, hash total, check digit, completeness check, limit test, table look up procedure, range test, valid code check, field check, sequence check, closed loop verification, reasonableness test, referential integrity check, master file reference test, size test, default test Access controls--password, access control matrix, biometrics—what makes a strong password vs. a weak password—read only access, write access, call back Terminal logs, lockout Hardware controls—such as echo check, graceful degradation, uninterruptable power supply, firmware, validity test Telecommunication controls—such as call back, encryption, parity bit Batch totals—such as financial numeric total, hash total, record count, transaction type, batch balancing, crossfooting balance test Organizational controls—what access should programmers have to data, software and hardware-- what access should operators have to data, software and hardware Application programmers, Systems programmers, Systems analyst, data control clerk, data control log Application control objectives 5 main control areas for case question Error reporting Be able to analyze a record layout Systems development life cycle Internal control environment Accounting vs. administrative control General vs. application control Internal control structure Batch balancing Upstream resubmission Input controls, Processing controls, Output controls Data capture control Data library control procedures Controls for environments of Batch Processing vs. Online Realtime Processing The most critical separation of functions within the information systems area is between ?????? How to use IT to achieve separation of duties