Study Sheet for Final Exam on Internal Accounting Control

Study Sheet for Final Exam on Internal Accounting Control
These are terms that appear on the final exam – I’m sure you can add to this list. Remember
how to study—name of control, how it works, and an example using the data in the question.
Ch 7 Romney Steinbart AIS textbook 12th ed. (Ch 6 in 11th ed.)
Of the 300+ slides in the chapter powerpoint we covered the following:
Slides 1-10, 18, 19, 21--25, for SOX 27—39, 44 for frameworks, COSO 52--66, then COSO
ERM cube 67—148, 175—195 risk, 280-315 monitoring.
Internal Controls from Lecture notes part A and B—and Ch 14 of Dunn textbook
preventive, detective, corrective control classification
file labeling--external file label, internal file label, header and trailer label or record
grandparent-parent-child backup—offsite backup—cold site, warm site, hot site—checkpoints—
disk shadowing, disk mirroring, transaction logs, file library
File reconstruction
Application and systems documentation
General control vs. application control
Edit checks: Field length, hash total, check digit, completeness check, limit test, table look up
procedure, range test, valid code check, field check, sequence check, closed loop verification,
reasonableness test, referential integrity check, master file reference test, size test, default test
Access controls--password, access control matrix, biometrics—what makes a strong password
vs. a weak password—read only access, write access, call back
Terminal logs, lockout
Hardware controls—such as echo check, graceful degradation, uninterruptable power supply,
firmware, validity test
Telecommunication controls—such as call back, encryption, parity bit
Batch totals—such as financial numeric total, hash total, record count, transaction type, batch
balancing, crossfooting balance test
Organizational controls—what access should programmers have to data, software and
hardware-- what access should operators have to data, software and hardware
Application programmers, Systems programmers, Systems analyst, data control clerk, data
control log
Application control objectives
5 main control areas for case question
Error reporting
Be able to analyze a record layout
Systems development life cycle
Internal control environment
Accounting vs. administrative control
General vs. application control
Internal control structure
Batch balancing
Upstream resubmission
Input controls, Processing controls, Output controls
Data capture control
Data library control procedures
Controls for environments of Batch Processing vs. Online Realtime Processing
The most critical separation of functions within the information systems area is between ??????
How to use IT to achieve separation of duties