Organizational governance is a process by which organizations select objectives, establish processes to achieve objectives, and monitor performance.

Fraud is the possibility that an event or action will cause an organization to fail to meet its objectives (or goals).

Management is responsible for establishing and maintaining an adequate system of internal control

Expected gross risk is a function of the initial expected gross risk, reduced risk exposure due to controls, and cost of controls.

Risks are those events that could have a negative impact on organization objectives.

Opportunities are events that could have a positive impact on organization objectives.

Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.

The control environment reflects the organization’s general awareness and commitment to the importance of control throughout the organization.

Establishing a viable internal control system is the responsibility of management.

Monitoring is a process that assesses the quality of internal control performance over time.

A fraud is a deliberate act or untruth intended to obtain unfair or unlawful gain.

A computer crime technique called worm involves the systematic theft of very small amounts from a number of bank or other financial accounts.

A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

A logic bomb is a computer abuse technique in which unauthorized code is inserted in a program, which, when activated, may cause a disaster such as shutting down a system or destroying data.

Salami slicing is program code that can attach itself to other programs (i.e., "infect" those programs), that can reproduce itself, and that operates to alter the programs or to destroy data.

Ethical behavior and management integrity are products of the corporate culture.

The control matrix is a computer virus that takes control of the computer’s operating system for malicious purposes.

The control goal called efficiency of operations strives to assure that a given operations system is fulfilling the purpose(s) for which it was intended.

The control goal of input accuracy is concerned with the correctness of the transaction data that are entered into a system.

A sale to a customer is entered into the system properly, but the event does not accurately update the customer's outstanding balance. This type of processing error would be classified as a user error.

A corrective control plan is designed to discover problems that have occurred.

A process by which organizations select objectives, establish processes to achieve objectives, and monitor performance is

A manager of a manufacturing plant alters production reports to provide the corporate office with an inflated perception of the plant's cost effectiveness in an effort to keep the inefficient plant from being closed. This action would be classified as a(n):

The ERM framework addresses four categories of management objectives. Which category addresses the effective and efficient use of resources?

Events that could have a negative impact on organizational objectives:

Events that could have a positive impact on organizational objectives:

Who is legally responsible for establishing and maintaining an adequate system of internal control?

____ are the policies and procedures that help ensure that management directives are carried out.

According to the 2008 Report to the Nation on Occupational Fraud and Abuse, frauds are more likely to be detected by:

A deliberate act or untruth intended to obtain unfair or unlawful gain is a(n)

A computer abuse technique where unauthorized instructions are inserted into a program to systemati-
      cally steal very small amounts, usually by rounding to the nearest cent in financial transactions

A measure of success in meeting a set of established goals is called system:

The information system control goal which relates to preventing fictitious events from being recorded is termed:

A business event which is not properly authorized is an example of:

Failing to record a customer's order for the purchase of inventory violates the information system control goal of:

Assuring that the accounts receivable master data reflects all cash collections recorded in the cash receipts event data addresses the control goal of:

Which of the following is a control goal for the information system for the applicable master data?

A programming error causes the sale of an inventory item to be added to the quantity on hand attribute in the inventory master data. Which control goal was not achieved?

Controls that stop problems from occurring are called:

A control that involves reprocessing transactions that are rejected during initial processing is an example of:

The programmed verification of a customer number is a ____ control.

____________________ is the possibility that an event will occur.

______________________________ includes crime in which the computer is the target of the crime or the means used to commit the crime.

A computer crime technique called ____________________ involves the systematic theft of very small amounts usually by rounding to the nearest cent in financial transactions such as the calculation
            of interest on savings accounts.

A computer abuse technique called a(n) _________________________ involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

A(n) _________________________ is a computer abuse technique in which unauthorized code is inserted in a program, which, when activated, could cause a disaster such as shutting down a system or destroying data.

The control goal that is concerned with the correctness of the transaction data that are entered into a system is called ensure _________________________.

A(n) ___________________________________ is designed to discover problems that have occurred.

A(n) ___________________________________ is designed to rectify problems that have occurred.