Fraud, Ethics, And Internal Control Test Bank Answers Ch.3

ACCOUNTING INFORMATION SYSTEMS/3e

TURNER / WEICKGENANNT/COPELAND

Test Bank: CHAPTER 3: Fraud, Ethics, and Internal Control

NOTE: New questions are identified by the letter A as part of the question number; adjusted questions are identified by the letter X as part of the question number.

End of Chapter Questions:

1. The careful and responsible oversight and use of the assets entrusted to management is called:
2. Control environment
3. Stewardship
4. Preventive control
5. Security
6. Which of the following is not a condition in the fraud triangle?
7. Rationalization
8. Incentive
9. Conversion
10. Opportunity
11. There are many possible indirect benefits to management when management fraud occurs. Which of the following in not an indirect benefit of management fraud?
12. Delayed exercise of stock options.
13. Delayed cash flow problems.
14. Enhanced promotion opportunities.
15. Increased incentive-based compensation.
16. Which of the following is not an example of employee fraud?
17. Skimming
18. Larceny
19. Kickbacks
20. Earnings management
21. Which of the following is not a common form of employee fraud?
22. Inventory theft
23. Expense account fraud
24. Payroll fraud
25. Refund fraud
26. Segregation of duties is a fundamental concept in an effective system of internal controls. Nevertheless, the effectiveness of this control can be compromised through which situation?
27. A lack of employee training
28. Collusion among employees
29. Irregular employee reviews
30. The absence of an internal audit function
31. The most difficult type of misstatement to discover is fraud that is concealed by:
32. Over-recording the transactions
33. Nonrecorded transactions
34. Recording the transactions in subsidiary records
35. Related parties
36. The review of amounts charged to the company from a seller that it purchased from is called a:
37. Vendor audit
38. Seller review
39. Collusion
40. Customer review
41. Which of the following is generally an external computer fraud, rather than an internal computer fraud?
42. Spoofing
43. Input manipulation
44. Program manipulation
45. Output manipulation
46. Which control activity is intended to serve as a method to confirm the accuracy or completeness of data in the accounting system?
47. Authorization
48. Segregation of duties
49. Security of assets
50. Independent checks and reconciliations
51. COSO describes five components of internal control. Which of the following terms is best described as “policies and procedures that help ensure management directives are carried out and management objectives are achieved”?
52. Risk assessment
53. Information and communication
54. Control activities
55. Control environment
56. Proper segregation of functional responsibilities calls for separation of the functions of:
57. Authorization, execution, and payment
58. Authorization, recording, and custody
59. Custody, execution, and reporting
60. Authorization, payment, and recording
61. AICPA Trust Principles identify five categories of risks and controls. Which category is best described by the statement, “Information process could be inaccurate, incomplete, or not properly authorized”?
62. Security
63. Availability
64. Processing integrity
65. Confidentiality
66. A company’s cash custody function should be separated from the related cash recordkeeping function in order to:
67. Physically safeguard the cash
68. Establish accountability for the cash
69. Prevent the payment of cash disbursements from cash receipts
70. Minimize opportunities for misappropriations of cash

TEST BANK – CHAPTER 3 – MULTIPLE CHOICE

1. The chance for fraud or ethical lapses will not be reduced if management:
2. Emphasizes ethical behavior
3. Models ethical behavior
4. Hires ethical employees
5. Is unethical
6. The Phar-Mor fraud began when management:
7. Forgot to change the budgeted figures that had been incorrectly computed.
8. Attempted to make the actual net income match the budgeted amounts.
9. Overstated their expenses to cover amounts embezzled from the company.
10. Understated the revenue in order to reduce the tax payable to the IRS.
11. Each of the following companies was involved in fraudulent financial reporting during 2001 and 2002, except:
12. Adelphia Communications Corp.
13. Microsoft Corporation
14. Enron Corp.
15. Xerox Corporation
16. In addition to ethical practices, management has an obligation to maintain a set of processes and procedures to assure accurate financial reporting and protection of company assets. This obligation arises because:
17. Many groups have expectations of management.
18. Management has a stewardship obligation to investors.
19. Management has an obligation to provide accurate reports to non-investors.
20. All of the above are reasons for the obligation.
21. The careful and responsible oversight and use of the assets entrusted to management is referred to as:
22. Ethics
23. Internal Control
24. Stewardship
25. Confidentiality
26. A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives related to the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations is:
27. COSO’s definition of internal control
28. AICPA’s definition of stewardship
29. ACFE’s definition of confidentiality
30. IMA’s definition of competency
31. If an organization’s IT systems are not properly controlled, they may become exposed to the risks of:
32. Unauthorized access
33. Erroneous processing
34. Service interruption
35. All of the above
36. A set of documented guidelines for moral and ethical behavior within an organization is termed a(n):
37. Accounting Information System
38. Code of Ethics
39. Internal Control
40. Sarbannes-Oxley
41. Which individual or group has the responsibility to establish, enforce, and exemplify the principles of ethical conduct within an organization?
42. Board of Directors
43. Securities and Exchange Commission
44. Management
45. Audit Committee
46. The theft, concealment, and conversion of personal gain of another’s money, physical assets, or information is termed:
47. Defalcation
48. Skimming
49. Larceny
50. Fraud
51. An example of concealment would include:
52. Changing the payee on a check improperly paid by the organization.
53. Selling a piece of inventory that has been stolen
54. Stealing money from an organization before the related sale and cash receipt has been recorded.
55. All of the above are examples of concealment.
56. Changing the accounting records to hide the existence of a fraud is termed:
57. Theft
58. Conversion
59. Collusion
60. Concealment
61. The definition of fraud includes the theft of:
62. Assets
63. Money
64. Information
65. All of the above
66. The theft of any item of value is referred to as:
67. Fraudulent financial reporting
68. Misappropriation of assets
69. Misstatement of financial records
70. Earnings management
71. Financial pressures, market pressures, job-related failures, and addictive behaviors are all examples of which condition of the Fraud Triangle?
72. Opportunity
73. Conversion
74. Incentive
75. Rationalization
76. Circumstances that provide access to the assets or records that are the objects of the fraudulent activity describes which condition of the Fraud Triangle?
77. Rationalization
78. Incentive
79. Concealment
80. Opportunity
81. Fraudsters typically try to justify their behavior by telling themselves that they intend to repay the amount stolen or that they believe the organization owes them the amount stolen. This justification is referred to as:
82. Opportunity
83. Rationalization
84. Incentive
85. Concealment
86. According to the authors of this textbook, which of the following is not one of general categories of people who commit fraud?
87. Employees
88. Government Agencies
89. Customers
90. Management
91. Which of the following types of fraud is the most common, according to the Association of Certified Fraud Examiners?
92. Corruption Schemes
93. Asset Misappropriation
94. Earnings Management
95. Financial Statement Misstatement
96. Which of the following is the most common method of detecting occupational fraud?
97. Financial Statement Audit
98. Management Review
99. Internal Audit
100. Tip from an employee, customer, or vendor
101. The falsification of accounting reports is referred to as:
102. Defalcation
103. Internal Theft
104. Misappropriation of Assets
105. Earnings Management
106. Management fraud may involve:
107. Overstating expenses
108. Understating assets
109. Overstating revenues
110. Overstating liabilities
111. Internal controls can be effective in preventing or detecting all of the following types of fraud except:
112. Customer Fraud
113. Management Fraud
114. Vendor Fraud
115. Employee Fraud
116. Management misstatement of financial statements often occurs in order to receive indirect benefits such as:
117. Decreased income taxes
118. Delayed cash flows
119. Increased stock prices
120. Increased dividends
121. Management circumvention of systems or internal controls that are in place is termed:
122. Management override
123. Management collusion
124. Management stewardship
125. Management manipulations
126. The theft of assets by a non-management employee is termed:
127. Inventory theft
128. Employee fraud
129. Expense account fraud
130. Skimming
131. A situation where the organization’s cash is stolen before it is entered in the accounting records is termed:
132. Kickback
133. Larceny
134. Collusion
135. Skimming
136. A kickback is an example of which type of fraud?
137. Cash Receipts Fraud
138. Accounts Payable Fraud
139. Accounts Receivable Fraud
140. Expense Account Fraud
141. An example of Cash receipts fraud would include:
142. an employee steals checks collected from customers.
143. an employee overstates hours worked on a timecard.
144. management understates accounts payable amounts .
145. an employee steals checks before being paid to vendors.
146. A situation where the organization’s cash is stolen after it is entered in the accounting records is termed:
147. Kickback
148. Larceny
149. Collusion
150. Skimming
151. A cash payment made by a vendor to an organization’s employee in exchange for a sale to the organization by the vendor is termed:
152. Bribery
153. Collusion
154. Kickback
155. Payment Fraud
156. When two or more people work together to commit a fraud, it is called:
157. Collusion
158. Larceny
159. Skimming
160. Override
161. Jamie Stark, a sales employee, stole merchandise from her employer, and Frank Adams, the accounting clerk, covered it up by altering the inventory records. This is an example of:
162. Inventory theft
163. Financial journal fraud
164. Skimming
165. Collusion
166. The theft of proprietary company information, by digging through the trash of the intended target company is called what?
167. Information Manipulation
168. Proprietary Reconnaissance
169. Industrial Information theft
170. Industrial Espionage
171. When a customer improperly obtains cash or property from a company, or avoids liability through deception, it is termed:
172. Check fraud
173. Customer fraud
174. Credit card fraud
175. Refund fraud
176. Examples of customer fraud include all of the following except:
177. Credit Card Fraud
178. Check Fraud
179. Cash Fraud
180. Refund Fraud
181. Which of the following would be considered a vendor fraud?
182. The submission of duplicate or incorrect invoices.
183. A customer tries to return stolen goods to collect a cash refund.
184. The use of stolen or fraudulent credit cards.
185. Inflating hours worked.
186. The theft of proprietary company information is called:
187. Vendor fraud
188. Customer fraud
189. Espionage
190. Management fraud
191. Which of the following is a characteristic of computer fraud?
192. A computer is used in some cases to conduct a fraud more quickly and efficiently.
193. Computer fraud can be conducted by employees within the organization.
194. Computer fraud can be conducted by users outside an organization.
195. All of the above are characteristics
196. A fraudster uses this to alter a program to slice a small amount from several accounts, crediting those small amounts to the perpetrator’s benefit.
197. Trap door alteration
198. Salami technique
199. Trojan horse program
200. Input manipulation
201. A small, unauthorized program within a larger legitimate program, used to manipulate the computer system to conduct a fraud is referred to as a(n):
202. Trap door alteration
203. Salami technique
204. Trojan horse program
205. Input manipulation
206. When a person alters a system’s checks or reports to commit fraud it is referred to as:
207. Input manipulation
208. Output manipulation
209. Program manipulation
210. Collusion
211. This type of external computer fraud is intended to overwhelm an intended target computer system with so much bogus network traffic so that the system is unable to respond to valid traffic.
212. DoS Attack
213. Hacking
214. Spoofing
215. Phishing
216. When a person, using a computer system, pretends to be someone else, it is termed:
217. DoS Attack
218. Hacking
219. Spoofing
220. Phishing
221. Which of the following is NOT one of the three critical actions that a company can undertake to assist with fraud prevention and fraud detection?
222. Maintain and enforce a cost of ethics.
223. Maintain an accounting information system
224. Maintain a system of accounting internal controls
225. Maintain a system of information technology controls
226. The Sarbanes-Oxley act was passed in 2002 as a Congress’s response to the many situations of fraudulent financial reporting discovered during 2001. The intention of the Act was:
227. Police the accounting firms responsible for auditing the corporations.
228. Punish the companies that had been involved in the cases of fraudulent financial reporting.
229. Establish accounting standards that all companies are to follow.
230. Reform accounting, financial reporting, and auditing functions of companies that are publicly traded.
231. The types of concepts commonly found in a code of ethics would not include:
232. Obeying applicable laws and regulations that govern business.
233. Avoiding all conflicts of interest.
234. Operating at a profit in all reporting periods.
235. Creating and maintaining a safe work environment.
236. The objectives of an internal control system include all of the following except:
237. Maintain ongoing education
238. Safeguard assets
239. Maintain accuracy and integrity of accounting data
240. Ensure compliance with management directives
241. The authors presented their “picture” of internal control as a series of umbrellas which represent different types of controls. Which of the following is not one of those types of controls?
242. Prevention
243. Investigation
244. Detection
245. Correction
246. This type of control is designed to avoid errors, fraud, or events not authorized by management.
247. Prevention
248. Judicial
249. Detection
250. Correction
251. This type of control is included in the internal control system because it is not always possible to prevent all frauds. They help employees to discover or uncover errors, fraud, or unauthorized events.
252. Investigation
253. Judicial
254. Detection
255. Correction
256. Establishing and maintaining a culture where ethical conduct is recognized, valued, and exemplified by all employees can be accomplished by doing all of the following except:
257. Obeying applicable laws and regulations that govern business
258. Protecting the Environment
259. Avoiding some conflicts of interest
260. Conducting business in a manner that is honest, fair and trustworthy
261. The accounting profession has accepted this report as the standard definition and description of internal control.
262. Sarbanes-Oxley Report
263. FCPA Report
264. ERI Report
265. COSO Report
266. The COSO report is also known as:
267. Fraud Triangle
268. Internal Control Integrated Framework
269. Code of Ethical Behavior
270. Report to the Nation
271. All of the following are reasons why it is not possible to eliminate all fraud risks, except
272. Human Error
273. Human Behavior
274. Opportunity
275. May not be cost effective
276. According to the COSO report, there are five different interrelated components of internal control. Which of the following is not one of those five components?
277. Code of Ethics
278. Control Environment
279. Information and Communication
280. Monitoring
281. Which of the following statements related to the COSO report is ?
282. The COSO report provided the standard definition of internal control accepted be the accounting industry.
283. The COSO report is commonly known as the Internal Control Integrated Framework.
284. The COSO report has not been updated since it was issued in 1992.
285. The COSO report was the result of a comprehensive study of interest control.
286. The component of internal control, identified in the COSO report, that sets the tone of an organization and includes the consciousness of its employees is:
287. Risk Assessment
288. Control Activities
289. Control Environment
290. Information and Communication
291. The control environment component of internal control was identified to have a number of different factors. Which of the following is NOT one of those factors?
292. Management’s oversight responsibility, including its philosophy and operating style
293. The identification of sources of risk
294. The integrity and ethical values of the entity’s people
295. The attention and direction provided by the board of directors
296. One of the components of internal control identified by COSO required that management must be considering threats and the potential for risks, and stand ready to respond should these events occur. This component is referred to as:
297. Control Environment
298. Control Activities
299. Risk Assessment
300. Communication
301. The process of risk assessment would include all of the following actions, except:
302. Identify sources of risk, both internal and external
303. Determine the impacts of identified risks
304. Develop and execute an action plan to reduce the impact and probability of identified risks
305. Report the risks to the audit committee
306. The COSO report identified a component of internal control as the policies and procedures that help ensure that management directives are carried out and that management directives are achieved The component is:
307. Control activities
308. Risk assessment
309. Monitoring
310. Information and communication
311. The range of actions that make up the component of internal control referred to as control activities includes each of the following, except:
312. Segregation of duties
313. Risk assessment
314. Independent checks and reconciliations
315. Authorization of transactions
316. The approval or endorsement from a responsible person or department of an organization that has been sanctioned by top management is the process of:
317. Securing assets
318. Segregating duties
319. Authorizing transactions
320. Adequate recording
321. Which of the following statements is related to the authorization of transactions?
322. Every transaction that occurs must be properly authorized in some manner.
323. General authorization is the set of guidelines that allows transactions to be completed as long as they fall within established parameters.
324. It is not possible, nor is it important, to try to ensure that an organization engage only in transactions that are authorized.
325. Specific authorization that explicit approval is needed for that single transaction to be completed.
326. The category of control activities referred to as segregation of duties requires that certain activities should be the responsibility of different person or department. The three duties that are to be separated are:
327. Authorizing, recording, and paying
328. Recording, custody, and disposition
329. Authorizing, paying, and custody
330. Authorizing, recording, and custody
331. If an accounting supervisor were allowed to hire employees, approve the hours worked, prepare the paychecks, and deliver the paychecks, which of the categories of control activities would be violated?
332. Adequate records
333. Segregation of duties
334. Authorization of transactions
335. Independent checks
336. A good system of internal control includes many types of documentation. Which of the following types of documentation is not part of the adequate records and documents category of internal control?
337. Schedules and analyses of financial information
338. Supporting document for all significant transactions
339. Accounting cycle reports
340. All of the following are types of documentation
341. The existence of verifiable information about the accuracy of accounting records is called a(n):
342. Audit trail
343. Internal control
344. Risk assessment
345. Supporting documentation
346. When discussing the security of assets and documents, there are many actions that can be taken. Which of the following would not be related to this category of internal control?
347. Securing the assets and records so that they are not misused or stolen.
348. Limiting access to certain assets to the extent that is practical.
349. Identifying sources of risk and estimating the possibility of that risk.
350. Enacting physical safeguards, such as security cameras, to protect some assets.
351. Independent checks on the performance of others is one of the categories of internal control. These independent checks would include all of the following, except:
352. Reviewing batch totals
353. Reconciliation
354. Comparison of physical assets with records
355. Use of appropriate ID to enter restricted areas
356. This activity serves as a method to confirm the accuracy and completeness of data in the accounting system:
357. Compensating control
358. Independent checks
359. Audit trail
360. Supporting documentation
361. Which of the following was NOT listed as a procedure to accomplish independent checks?
362. Recalculation of amounts
363. Analysis of reports
364. Review of auditing procedures
365. Reconciliation
366. Which of the following objectives were not identified as necessary to be provided by an effective accounting system?
367. Prepare the appropriate documents
368. Identify all relevant financial events
369. Capture the important data
370. Proper recording and processing of the data
371. The ongoing review and evaluation of a system of internal control is referred to as:
372. Risk assessment
373. Monitoring
374. Segregating
375. Communication
376. This level of assurance means that controls achieve a sensible balance of reducing risk when compared with the cost of the control.
377. Absolute assurance
378. Probable assurance
379. Reasonable assurance
380. Convincing assurance
381. Factors that limit the effectiveness of internal controls include all of the following except:
382. Flawed judgment applied in decision making
383. Human error
384. Controls can be circumvented or ignored
385. All of the above are factors that limit the effectiveness of internal controls
386. In order to have the segregation of duties recommended by COSO, it would be necessary for a small organization to hire two additional individuals. At this time, there is not enough work for the one office employee to stay busy. The reason for not hiring the additional people would have to do with:
387. Human error
388. Cost versus benefit
389. Collusion
390. Authorization
391. In response to the need for internal controls above and beyond what was described by COSO, the Information Systems Audit and Control Association developed an extensive framework of IT controls entitled:
392. Trust Principles
393. Control Objectives for Information Technology (COBIT)
394. Control Instrument for Certified Accountants (CICA)
395. American Internal Control Practice Association (AICPA)
396. The Trust Services Principles document divided the risks and controls in IT into five categories. Which of the following is not one of those categories?
397. Certification
398. Security
399. Processing Integrity
400. Confidentiality
401. The main risk related to this category of Trust Services Principles is unauthorized access.
402. Online privacy
403. Confidentiality
404. Processing integrity
405. Security
406. The risk related to this category of Trust Services Principles could be inaccurate, incomplete, or improperly authorized information.
407. Online privacy
408. Confidentiality
409. Processing integrity
410. Security
411. The risk related to this category of Trust Services Principles is that personal information about customers may be used inappropriately or accessed by those either inside or outside the company.
412. Confidentiality
413. Online privacy
414. Security
415. Availability
416. The risk related to this category of Trust Principles is system or subsystem failure due to hardware or software problems.
417. Availability
418. Security
419. Integrity
420. Confidentiality

TEST BANK – CHAPTER 3 – TRUE /

1. When management does not act ethically, fraud is more likely to occur.
2. In the Phar-Mor fraud case, management did not write or adopt a code of ethics.

Phar-Mor did write and adopt a code of ethics, but most officers of the organization were not aware that it existed.

1. Maintaining high ethics can help prevent fraud but will not help to detect fraud.

Maintaining high ethics can help to detect fraud.

1. Due to management’s responsibility to monitor operations by examining reports that summarize the results of operations, it is necessary that the system provide timely and accurate information.
2. In order to fulfill the obligations of stewardship and reporting, management has to create a code of ethics.

Management must create AND enforce a code of ethics.

1. In most cases, a fraud will include altering accounting records to conceal the fact that a theft has occurred.
2. According to the 2010 Report to the Nation by the Association of Certified Fraud Examiners, the estimate of global losses due to fraud would total approximately $650 billion.

The amount is $2.9 Trillion

1. The most common method for detecting occupational fraud is a tip – from an employee, a customer, vendor, or anonymous source.
2. Small businesses, those having fewer than 100 employees, are less vulnerable to fraud and abuse than are larger businesses.

Small business is more vulnerable to fraud.

1. According to the ACFE 2010 Report to the Nation, fraudulent financial statements account for less than 5% of the cases, and were the least costly form of fraud.

Fraudulent financial statements were the most costly form of fraud.

1. Defalcation and internal theft are names that refer to the misstatement of financial records.

They are names that refer to the misappropriation of assets.

1. The three conditions that make up the fraud triangle are theft, concealment, and conversion.

The three conditions are incentive (pressure), opportunity, and rationalization.

1. A good set of internal controls may not be as effective in reducing the chance of management fraud as it would be in reducing the chance of fraud committed by an employee.
2. The most effective measure to prevent management fraud is to establish a professional internal audit staff that periodically checks up on management and reports directly to the audit committee of the board of directors.
3. Collusion between employees is one of the easiest frauds to detect and prevent.

Collusion is one of the most difficult frauds to detect and prevent.

1. Collusion can make it much easier to commit and conceal a fraud or theft, even when proper internal controls are in place.
2. Customer fraud is a common problem for companies that sell merchandise online.
3. Collusion can occur only when two employees who work for the same firm conspire to circumvent the internal controls to commit fraud or theft.

Collusion can also occur when two employees who work for different firms conspire to circumvent internal controls.

1. A vendor audit occurs when a vendor examines the books and records of a customer.

Vendor audits involve the examination of vendor records in support of amounts charged to the company.

1. Industrial espionage can occur with or without the use of a computer.
2. It is necessary to use a computer to accomplish software piracy.
3. A hacker is someone who has gained unauthorized access to the computer and must be someone outside the organization.

A hacker could be someone inside the organization.

1. If an organization has the policy of allowing employees to work from home via telecommunications, they could be opening themselves up to an opportunity for a hacker to break-in to their network.
2. E-mail spoofing is more of an irritation to an organization that a fraud threat.
3. In order for a code of ethics to reduce opportunities for managers and employees to commit fraud, it is necessary that management emphasizes this code. Punishment related to violations of the code are not necessary.

The punishment of violators is necessary.

1. It is not always possible to avoid all mistakes and frauds because there will always be human error, human nature, and it is not always cost-effective to close all the holes.
2. The risk assessment is the foundation for all other components of internal control and provides the discipline and structure of all other components.

The description above applies to the control environment

1. Companies that reward management with incentives to achieve a growth in earnings is running the risk that management will also have more motivation and pressure to falsify the financial statements to show the higher amounts.
2. The tone at the top of the organization tends to flow through the entire organization and affects behavior at all levels.
3. A poor control environment can be overcome if the remaining components of internal control are strong.

If the control environment is week, it is likely to be the cause of errors and irregularities occurring in an organization, regardless of the strength of the other components.

1. The difference between a general authorization and a specific authorization is that with a general authorization, a transaction is allowed if it falls within specified parameters, whereas with a specific authorization, explicit authorization is needed for that singe transaction to be completed.
2. When safeguarding assets, there is no trade-off between access and efficiency.

There is a trade-off. The more limited the access, the less efficient is operations.

1. Independent checks can serve as a preventive control in that they uncover problems in the data or the processing.

The description has to do with detective controls, not preventive.

1. Feedback needed by management to assess, manage, and control the efficiency and effectiveness of the operations of an organization relates to both financial and operational information.
2. A sophisticated accounting system will provide the necessary accurate and effective feedback needed by management to assess, manage and control the operations of an organization.

Sophisticated is not the proper “adjective” – effective should be used.

1. Auditing, a monitoring activity, takes place only on a periodic basis.

Auditing takes place on both a continuing basis and on a periodic basis.

1. It is not possible to have an internal control system that will provide absolute assurance.
2. Computer systems increase the efficiency and effectiveness of an organization but also increase their vulnerability.
3. The risks related to computerized systems are adequately covered by the COS internal control report.

The extra risks require that internal controls related to the computer system go beyond those stated in COSO.

1. The acronym COBIT stands for Control Objectives for Information Technology, an extensive framework of information technology controls developed by Information Systems Audit and Control Association.
2. The AICPA and the Canadian Institute of Chartered Accountants worked together to develop IT guidelines, commonly referred to as COBIT.

The guidelines created were referred to as Trust Service Principles

1. The risk related to confidentiality category of Trust Principles is that confidential information about the company or its business partners may be subject to unauthorized access during its transmission or storage in the IT system.

1. SO 2 Accounting Related Fraud

In order for a fraud to be perpetrated, three conditions must exist. List and define the three conditions.

1. SO 3 Management Fraud

Explain the term management fraud and outline specific examples of management fraud and the

1. SO 5 Customer fraud

Explain and outline specific examples of customer fraud

Customer fraud occurs when a customer improperly obtains cash or property from a company, or avoids a liability through deception. Credit card fraud and check fraud involve the customer’s use of stolen or fraudulent credit cards and checks. Refund fraud occurs when a customer tries to return stolen goods to collect a cash refund.

1. SO 6 Vendor Fraud

Explain and outline specific examples of vendor fraud

1. SO 7 Computer Fraud

Explain and outline specific examples of computer fraud

1. SO 11 Risk and controls in IT Systems

Risk and controls in IT are divided into five categories in the Trust Services Principles. Match the risk below with corresponding definition of that risk:

1. SO 11 Risk and controls in IT Systems

Risk and controls in IT are divided into five categories in the Trust Services Principles. Match the risk below with corresponding definition of that risk: