1
BSAC 117 COMPUTER AUDIT
PRELIM QUIZ 1 AND 2
DUE DATE: September 9, 2020 (Wednesday) at 9:00 PM
Where to Submit: Google Classroom
SURNAME: Medina
QUESTIONS
1. What are internal controls?
Explain briefly the importance of
internal controls in safeguarding IT
assets and records
2. Differentiate preventive controls
from detective controls
3. Give at least three (3)
components of internal controls
and describe each briefly
4. Explain at least three (3)
limitations of internal controls
ANSWER SHEET
FIRST NAME: Leoreyn Faye M.I. Y
PRELIM QUIZ 1
ANSWERS
Internal control is a process resulted by plan management and
employees, and those charged with governance, and designed to
provide reasonable assurance regarding the achievement of
objectives in the reliability of financial reporting. Effective internal
control reduces the risk of asset loss, and helps ensure that plan
information is complete and accurate, financial statements are
reliable, and the plan’s operations are conducted in accordance
with the provisions of applicable laws and regulations.
A detective control is a type of internal control that seeks to
uncover problems in a company's processes once they have
occurred while Preventive controls stand in contrast to detective
controls, as they are controls enacted to prevent any errors from
occurring
1. Control environment - This is the attitude of management and
their employees regarding the need for internal controls.
2. Monitoring - This is the set of processes used by management to
examine and assess whether its internal controls are functioning
properly.
3. Control activities - This is the use of accounting systems,
information technology, and other resources to ensure that
appropriate controls are put in place and operating properly.
1. Management override - Someone on the management team
who has the authority to do so could override any aspect of a
control system for his personal advantage.
2. Collusion - Two or more people who are intended by a system of
control to keep watch over each other could instead collude to
 2

circumvent the system.

3. Missing segregation of duties - A control system might have

been designed with an insufficient segregation of duties, so that
one person can interfere with its proper operation.

5. Define computer ethics
6. When is an act fraudulent?
(Hint: You may give the conditions
of fraud.) (3 points)
Computer ethics are a set of moral standards that govern the use
of computers. It is society’s views about the use of computers,
both hardware and software.
An act is fraudulent when there is intentional deception to secure
unfair or unlawful gain, or to deprive a victim of a legal right.

Examples: Debit and Credit Card Fraud, Bank Account Takeover

Fraud and Stolen Tax Refund Fraud

7. Give at least three (3) examples
of risks or threats to a company’s
IT resources. Explain each briefly.
(6 points)
1. Viruses - computer code that can copy itself and spread from
one computer to another, often disrupting computer operations
2. spam, scams and phishing - unsolicited email that seeks to fool
people into revealing personal details or buying fraudulent goods

3. staff dishonesty - theft of data or sensitive information, such as

customer details.

PRELIM QUIZ 2

COMPUTER

FRAUD DESCRIPTION

1 Malware Malware, or malicious software, is any program or file that is harmful to a

computer user. These malicious programs can perform a variety of different
functions such as stealing, encrypting or deleting sensitive data, altering or
hijacking core computing functions and monitoring users' computer activity
without their permission.
2 Cyber-harassment Cyber harassment refers to online harassment. Cyber harassment or bullying is
the use of email, instant messaging, and derogatory websites to bully or
otherwise harass an individual or group through personal attacks.

3 Hacking Hacking is an attempt to exploit a computer system or a private network inside a

 3

computer. I is the unauthorized access to or control over computer network

security systems for some illicit purpose.

4 Denial-of-service Denial-of-Service (DoS) attack is an attack meant to shut down a machine or

attack network, making it inaccessible to its intended users. DoS attacks accomplish this
by flooding the target with traffic, or sending it information that triggers a crash.
In both instances, the DoS attack deprives legitimate users of the service or
resource they expected.
5 Salami Fraud Salami fraud is a technique by which cyber-criminals steal money or resources a
bit at a time so that there’s no noticeable difference in overall size. The
perpetrator gets away with these little pieces from a large number of resources
and thus accumulates a considerable amount over a period of time.

6 Logic Bombs Logic bomb is a sinister piece of code that is secretly inserted into a computer
network, operating system, or a software application. Like any other malicious
code, its primary goal is to wreak havoc on your system like steal or corrupt your
data, crash or overtake your device, or completely wipe your hard drive.
7 Trojan Horse Trojan horse or Trojan is a type of malware that is often disguised as legitimate
software. Trojans can be employed by cyber-thieves and hackers trying to gain
access to users' systems.

8 Phishing Scam Phishing is a type of social engineering attack often used to steal user data,
including login credentials and credit card numbers. It occurs when an attacker,
masquerading as a trusted entity, dupes a victim into opening an email, instant
message, or text message.
9 Web Jacking Web jacking derives its name from “hijacking”. Here, the hacker takes control of
a web site fraudulently. He may change the content of the original site or even
redirect the user to another fake similar looking page controlled by him.

10 Cyber stalking Cyberstalking is stalking that takes place using electronic devices or the internet.
It is the technological harassment directed towards a specific individual.