Professional Documents
Culture Documents
Flashcards Becker U5 P1
Flashcards Becker U5 P1
Answer
E.1. Governance, Risk, and Compliance: Part 1
1. Commitment to ethics and integrity
Question 2. Board independence and oversight
What are the five principles associated with the control environment component of the 3. Organizational structure
Committee of Sponsoring Organizations' (COSO) Internal Control Integrated Framework? 4. Commitment to competence
5. Accountability
FC-00290 CSO: 1E1a LOS: 1E1c #1 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1
To promote efficiency and effectiveness of operations
Question To ensure reliable financial reporting
What are the objectives of internal control? To encourage compliance with applicable laws and regulations
FC-00128 CSO: 1E1a LOS: 1E1b #2 © Becker Professional Education. All rights reserved.
U5 Page 1 of 43
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1
1. Management override of internal controls.
Question 2. Human error, which may include errors in the design or use of automated controls.
What are some inherent limitations of internal control? 3. Deliberate circumvention of controls by collusion of two or more people.
FC-00129 CSO: 1E1a LOS: 1E1a #3 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 Some examples of factors that would tend to increase inherent risk include:
FC-01419 CSO: 1E1c LOS: 1E1n #4 © Becker Professional Education. All rights reserved.
U5 Page 2 of 43
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 Inherent The susceptibility of a relevant assertion to a material misstatement
Risk: assuming that there are no related controls.
Question The risk that a material misstatement that could occur in a relevant
What are the two components of the risk of material misstatement? Control Risk: assertion will not be prevented or detected (and corrected) on a timely
basis by the entity's internal control.
FC-00116 CSO: 1E1c LOS: 1E1n #5 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 AR = RMM × DR
Where:
Question RMM = Risk of material
State the audit risk model, including the relationship of detection risk to substantive misstatement
tests. DR = Detection risk
There is an inverse relationship between RMM and DR. As the acceptable level of
detection risk increases, the assurance required from substantive tests decreases. As
the acceptable level of detection risk decreases, the assurance required from
substantive testing must increase.
FC-00115 CSO: 1E1c LOS: 1E1n #6 © Becker Professional Education. All rights reserved.
U5 Page 3 of 43
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 The following duties should be segregated:
Question Authorization (human resources, supervisory staff, timekeeping, and cost accounting)
What functions should be segregated related to payroll and personnel? Record keeping (payroll department)
Custody of assets (treasurer)
ARC
FC-00175 CSO: 1E1b LOS: 1E1i #7 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 The three framework objectives within COSO are:
Question Operating objectives pertain to the effectiveness and efficiency of the entity’s
Name and describe the three objectives within the COSO framework. operations.
Reporting objectives pertain to the reliability, timeliness, and transparency of an
entity’s reporting.
Compliance objectives are necessary to ensure the entity is adhering to all laws
and regulations.
FC-01302 CSO: 1E1a LOS: 1E1b #8 © Becker Professional Education. All rights reserved.
U5 Page 4 of 43
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 The COSO cube shows a graphical three-dimensional depiction of the relationship
between an entity’s three objectives, its five integrated control components, and the
Question entity’s organizational structure.
What is the purpose of the COSO cube?
FC-01303 CSO: 1E1a LOS: 1E1a #9 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 In order to have an effective internal control environment for an entity, the five
components and 17 related principles must be both present and functioning.
Question
What is necessary for the five components of the COSO framework to create an effective Additionally, the five components must operate together as an integrated system, to
internal control environment for an entity? reduce the risk to an acceptable level that the entity will not achieve its objectives.
FC-01304 CSO: 1E1a LOS: 1E1b #10 © Becker Professional Education. All rights reserved.
U5 Page 5 of 43
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 The following inherent limitations may still exist with an effective internal control
system:
Question
Identify some inherent limitations that may exist even with an effective internal control Breakdowns in internal control due to error or human failure
system. Issues pertaining to the suitability of the entity’s objectives
External events beyond the control of the entity
Faulty or biased judgment in decision-making
Management override of controls
Circumvention of controls through collusion
FC-01306 CSO: 1E1b LOS: 1E1g #11 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 If a major deficiency is identified related to the presence and functioning of a
component or relevant principle, or with respect to the components operating together
Question in an integrated manner, the entity may not conclude that it has an effective internal
What constitutes ineffective internal control under the COSO framework? control system in place under the COSO framework.
FC-01307 CSO: 1E1a LOS: 1E1a #12 © Becker Professional Education. All rights reserved.
U5 Page 6 of 43
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 Inherent risk is the risk to an entity in the absence of any direct or focused actions by
management to alter its severity.
Question
Within the context of enterprise risk management, what is the meaning of inherent risk?
FC-00301 CSO: 1E1c LOS: 1E1n #13 © Becker Professional Education. All rights reserved.
U5
Answer
E.1. Governance, Risk, and Compliance: Part 1 D Diversifiable Risk
U Unsystematic Risk (Nonmarket/firm specific)
Question
Distinguish between diversifiable and nondiversifiable risk. N Nondiversifiable Risk
S Systematic Risk (Market)
FC-00516 CSO: 1B1b LOS: 1B1e #14 © Becker Professional Education. All rights reserved.
U5 Page 7 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Nonissuers:
System Controls and Security Measures
Statements on Auditing Standards (SASs), issued by the AICPA Auditing Standards Board
Question
Which standards provide the most authoritative U.S. auditing guidance for nonissuers Issuers:
and issuers, and who issues those standards? Auditing Standards (ASs), issued by the Public Company Accounting Oversight Board
(PCAOB)
FC-00003 CSO: 1E1e LOS: 1E1s #15 © Becker Professional Education. All rights reserved.
FC-00001 CSO: 1E1e LOS: 1E1w #16 © Becker Professional Education. All rights reserved.
U5 Page 8 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
S Professional Skepticism
System Controls and Security Measures
E Ethical Requirements
Question J Professional Judgment
What are the five general GAAS requirements related to the conduct of an audit? Sufficient and Appropriate Audit E
E
vidence
C Compliance with GAAS
FC-00005 CSO: 1E1e LOS: 1E1w #17 © Becker Professional Education. All rights reserved.
FC-00002 CSO: 1E1e LOS: 1E1w #18 © Becker Professional Education. All rights reserved.
U5 Page 9 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
A modification to the auditor's report is necessary when:
System Controls and Security Measures
Question the auditor determines that the financial statements as a whole are materially
When should an auditor's opinion be modified? misstated (GAAP issue); or
the auditor is unable to obtain sufficient appropriate audit evidence to conclude
that the financial statements as a whole are free from material misstatement
(GAAS issue).
FC-00014 CSO: 1E1e LOS: 1E1w #19 © Becker Professional Education. All rights reserved.
FC-00015 CSO: 1E1e LOS: 1E1w #20 © Becker Professional Education. All rights reserved.
U5 Page 10 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
When audit evidence indicates that there is material misstatement of the financial
System Controls and Security Measures
statements.
Question
When would an auditor use professional judgment to determine whether to issue a A qualified opinion is issued when the auditor concludes that misstatements,
qualified opinion or an adverse opinion? individually or in the aggregate, are material but not pervasive to the financial
statements.
FC-00023 CSO: 1E1e LOS: 1E1w #21 © Becker Professional Education. All rights reserved.
FC-00025 CSO: 1E1e LOS: 1E1w #22 © Becker Professional Education. All rights reserved.
U5 Page 11 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00028 CSO: 1E1e LOS: 1E1w #23 © Becker Professional Education. All rights reserved.
System Controls and Security Measures 1. The applicable financial reporting framework is referred to in the management's
Question responsibility paragraph and opinion paragraph.
Where in the standard unmodified opinion (nonissuer) does the auditor refer to (1) the 2. GAAS is referred to in the auditor's responsibility paragraph.
applicable financial reporting framework (i.e., GAAP or IFRS) and (2) generally accepted
auditing standards?
FC-01421 CSO: 1E1e LOS: 1E1w #24 © Becker Professional Education. All rights reserved.
U5 Page 12 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures Reporting requirements for an other-matter paragraph include:
Question Placing the paragraph immediately after the opinion paragraph and after any
What are the reporting requirements for an other-matter paragraph (nonissuer)? emphasis-of-matter paragraph.
Using the heading "other-matter" or another appropriate heading.
FC-01424 CSO: 1E1e LOS: 1E1w #25 © Becker Professional Education. All rights reserved.
System Controls and Security Measures Pervasive inability to obtain sufficient appropriate audit evidence.
Question Lack of independence (always results in disclaimer).
What situations may result in a disclaimer of opinion in an audit report? Going concern uncertainty (note: If adequate disclosure of going concern exists,
the auditor may choose between an unqualified opinion with an explanatory
paragraph or a disclaimer of opinion).
FC-01427 CSO: 1E1e LOS: 1E1w #26 © Becker Professional Education. All rights reserved.
U5 Page 13 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-01545 CSO: 1E1e LOS: 1E1w #27 © Becker Professional Education. All rights reserved.
FC-01301 CSO: 1E1d LOS: 1E1e #28 © Becker Professional Education. All rights reserved.
U5 Page 14 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00289 CSO: 1E1e LOS: 1E1u #29 © Becker Professional Education. All rights reserved.
FC-00291 CSO: 1E1e LOS: 1E1u #30 © Becker Professional Education. All rights reserved.
U5 Page 15 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Auditors have a responsibility to exercise due professional care and to observe the
System Controls and Security Measures
standards of fieldwork. They should bring any disagreements with the conduct of the
Question audit to the attention of the auditor-in-charge (generally a partner).
What are the responsibilities of auditors when there are disagreements among
members of the audit team? The auditor also has the right to document the disagreement, and, if necessary, to
disassociate from the opinion.
FC-00106 CSO: 1E1e LOS: 1E1w #31 © Becker Professional Education. All rights reserved.
(CRIME)
FC-00130 CSO: 1E1e LOS: 1E1u #32 © Becker Professional Education. All rights reserved.
U5 Page 16 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
The control environment sets the tone of an organization, influencing the control
System Controls and Security Measures
consciousness of its employees, and providing the foundation for the other components
Question of internal control.
Why is the control environment particularly important to internal control?
FC-00131 CSO: 1E1e LOS: 1E1u #33 © Becker Professional Education. All rights reserved.
System Controls and Security Measures Communication and enforcement of integrity and ethical values
Question Management's commitment to competence
What factors are included in the control environment? Participation of those charged with governance
Management's philosophy and operating style
Organizational structure
Assignment of authority, responsibility, and accountability
Human resource policies and practices
FC-00132 CSO: 1E1e LOS: 1E1u #34 © Becker Professional Education. All rights reserved.
U5 Page 17 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Risk assessment is an entity's identification and analysis of risks to the achievement of
System Controls and Security Measures
its objectives with respect to financial reporting. Risk assessment involves identification,
Question analysis, and management of business risks relevant to the preparation of financial
Describe the risk assessment component of internal control. statements.
FC-00133 CSO: 1E1e LOS: 1E1u #35 © Becker Professional Education. All rights reserved.
System Controls and Security Measures Identify and record all valid transactions.
Question Process and account for system overrides or bypasses to controls.
What functions are served by an entity's information system with respect to financial Describe transactions in a timely manner and in sufficient detail to allow proper
reporting? classification.
Measure and record the proper monetary value of transactions.
Determine and ensure proper recording of transactions and events in the
appropriate time period.
Present transactions and related disclosures properly in the financial statements.
FC-00134 CSO: 1E1e LOS: 1E1u #36 © Becker Professional Education. All rights reserved.
U5 Page 18 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures The methods used to communicate roles, responsibilities, and significant matters
Question related to financial reporting.
What functions should an auditor understand about an entity's communication system Communications between management and those charged with governance, and
with respect to financial reporting? between management and external parties.
FC-00135 CSO: 1E1e LOS: 1E1u #37 © Becker Professional Education. All rights reserved.
FC-00136 CSO: 1E1e LOS: 1E1u #38 © Becker Professional Education. All rights reserved.
U5 Page 19 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00137 CSO: 1E1e LOS: 1E1u #39 © Becker Professional Education. All rights reserved.
FC-00138 CSO: 1E1e LOS: 1E1i #40 © Becker Professional Education. All rights reserved.
U5 Page 20 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures An auditor obtains an understanding of internal control to evaluate the design of
controls and determine whether they have been implemented; to assess the risk of
Question material misstatement; and to design the nature, extent, and timing of further audit
Why does an auditor obtain an understanding of the client's internal control? procedures.
FC-00139 CSO: 1E1e LOS: 1E1w #41 © Becker Professional Education. All rights reserved.
FC-00220 CSO: 1E1d LOS: 1E1f #42 © Becker Professional Education. All rights reserved.
U5 Page 21 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures 1. Select and develop control activities.
Question 2. Select and develop technology controls.
What are the three principles associated with the (existing) control activities component 3. Deploy through policies and procedures.
of the Committee of Sponsoring Organizations' (COSO) Internal Control Integrated
Framework?
FC-00292 CSO: 1E1e LOS: 1E1u #43 © Becker Professional Education. All rights reserved.
FC-00293 CSO: 1E1e LOS: 1E1u #44 © Becker Professional Education. All rights reserved.
U5 Page 22 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
The five components of the COSO framework are useful for identifying and evaluating
System Controls and Security Measures
the effectiveness of an entity’s internal control.
Question
Differentiate the COSO framework from the Audit framework. In contrast, the Audit framework focuses on how a given control prevents or detects
and corrects material misstatements in an entity’s financial reporting.
FC-01305 CSO: 1E1e LOS: 1E1w #45 © Becker Professional Education. All rights reserved.
FC-00294 CSO: 1E1e LOS: 1E1u #46 © Becker Professional Education. All rights reserved.
U5 Page 23 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00272 CSO: 1E1e LOS: 1E1p #47 © Becker Professional Education. All rights reserved.
FC-00273 CSO: 1E1e LOS: 1E1p #48 © Becker Professional Education. All rights reserved.
U5 Page 24 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures 1. Each member of the audit committee shall be a member of the board of directors
Question of the issuer but shall be otherwise independent.
The Sarbanes-Oxley Act defines the criteria for the independence of audit committee 2. Audit committee members may not accept any consulting, advisory, or other
members for issuers as including the following characteristics: compensation or fees from the issuer other than pursuant to their roles on the
board.
3. Audit committee members may not be an affiliated person (a person who can
influence financial decisions) of the issuer or any subsidiary of the issuer.
FC-00274 CSO: 1E1e LOS: 1E1p #49 © Becker Professional Education. All rights reserved.
System Controls and Security Measures 1. Receipt, retention, and treatment of complaints received by issuers regarding:
Question a. Accounting
The Sarbanes-Oxley Act requires that an issuer's audit committee establish a complaint b. Internal controls
procedure that includes: c. Auditing
2. Confidential or anonymous submissions by employees of issuers regarding
questionable accounting or auditing matters.
FC-00275 CSO: 1E1e LOS: 1E1p #50 © Becker Professional Education. All rights reserved.
U5 Page 25 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures The CEO and CFO must certify the following for annual and quarterly reports:
FC-00276 CSO: 1E1e LOS: 1E1p #51 © Becker Professional Education. All rights reserved.
System Controls and Security Measures The CEO and CFO must certify the following for annual and quarterly reports:
Question 1. The officers are responsible for establishing and maintaining internal controls.
The Sarbanes-Oxley Act assigns the following corporate responsibilities regarding 2. Internal control is designed to ensure that material information is provided to
internal controls that must accompany financial reports: internal and external users.
3. Internal controls have been evaluated within 90 days prior to the report.
4. The officers' conclusions regarding internal control effectiveness as of the
evaluation date.
FC-00277 CSO: 1E1e LOS: 1E1p #52 © Becker Professional Education. All rights reserved.
U5 Page 26 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures The CEO and CFO must certify the following for annual and quarterly reports to the
auditors and the audit committee:
Question
The Sarbanes-Oxley Act assigns the following corporate responsibilities regarding the 1. All significant deficiencies in the design or operation of internal controls.
required disclosures to the auditors and audit committee by officers: 2. Any fraud, whether or not material, that involves management.
FC-00278 CSO: 1E1e LOS: 1E1p #53 © Becker Professional Education. All rights reserved.
FC-00279 CSO: 1E1e LOS: 1E1p #54 © Becker Professional Education. All rights reserved.
U5 Page 27 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures 1. Refund to the issuer of any bonus or other incentive- based or equity-based
Question compensation during the 12-month period following the first public issuance of the
The Sarbanes-Oxley Act imposes certain financial penalties on officers who are financial document.
responsible for material misstatements resulting from their misconduct. Penalties 2. Refund any profits realized from the sale of securities of the issuer during the 12-
include: month period following the first public issuance of the financial document.
FC-00280 CSO: 1E1e LOS: 1E1p #55 © Becker Professional Education. All rights reserved.
FC-00281 CSO: 1E1e LOS: 1E1p #56 © Becker Professional Education. All rights reserved.
U5 Page 28 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures 1. All adjusting entries identified by the public accounting firm reporting on the
Question financial statements.
The Sarbanes-Oxley Act requires certain disclosures in periodic reports. Those 2. The financial statements disclose all material off-balance sheet transactions
disclosures include: including operating leases, contingent obligations, and relationships with
unconsolidated subsidiaries.
3. Pro forma financial statements shall include all relevant information and shall not
include misleading or untrue information.
FC-00282 CSO: 1E1e LOS: 1E1p #57 © Becker Professional Education. All rights reserved.
FC-00283 CSO: 1E1e LOS: 1E1p #58 © Becker Professional Education. All rights reserved.
U5 Page 29 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures Reporting by persons with ownership of 10 percent or more. Statements are filed at the
time of registration, when a person achieves 10 percent ownership, and when there has
Question been a change in ownership.
The Sarbanes-Oxley Act includes provisions for disclosure of transactions involving
management and principal stockholders. Those provisions include:
FC-00284 CSO: 1E1e LOS: 1E1p #59 © Becker Professional Education. All rights reserved.
System Controls and Security Measures 1. Management's assertion that it is responsible for adequate internal control
Question structure.
The Sarbanes-Oxley Act includes provisions for management assessment of internal 2. Management's conclusions regarding its assessment of the effectiveness of the
controls. Those provisions include a report showing: internal control structure and procedures for financial reporting.
3. The auditor's attestation regarding management's assessment of internal control.
FC-00285 CSO: 1E1e LOS: 1E1p #60 © Becker Professional Education. All rights reserved.
U5 Page 30 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
The issuer must disclose the existence of a financial expert on the committee or the
System Controls and Security Measures
reasons why the committee does not have a member who is a financial expert.
Question
The Sarbanes-Oxley Act includes provisions for audit committee disclosures. Those
disclosures include:
FC-00286 CSO: 1E1e LOS: 1E1p #61 © Becker Professional Education. All rights reserved.
System Controls and Security Measures A financial expert qualifies through education, past experience as a public accountant,
or past experience as a finance officer for an issuer. Knowledge of the financial expert
Question should include:
For purposes of service on the audit committee, what qualifies an individual for
classification as a financial expert? 1. Understanding of GAAP.
2. Experience in the preparation or auditing of financial statements for comparable
issuers.
3. Application of GAAP.
4. Experience with internal controls.
5. Understanding of audit committee functions.
FC-00287 CSO: 1E1e LOS: 1E1p #62 © Becker Professional Education. All rights reserved.
U5 Page 31 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures Criminal penalties for altering documents
Question Statute of limitations for securities fraud
Title VIII of the Sarbanes-Oxley Act considers what topics? Whistle-blower protection
Criminal penalties for securities fraud
FC-00288 CSO: 1E1e LOS: 1E1p #63 © Becker Professional Education. All rights reserved.
FC-01297 CSO: 1E1e LOS: 1E1p #64 © Becker Professional Education. All rights reserved.
U5 Page 32 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Each certified financial report must include a written statement:
System Controls and Security Measures
Question 1. That the periodic report complies with the Securities Exchange Act of 1934.
An issuer periodic report containing financial statements filed with the SEC must include 2. That information in the report fairly presents, in all material respects, the financial
the following written certifications: condition and operating results of the issuer.
3. Which must be signed by the CEO and CFO of the issuer, who bear responsibility
for these statements.
FC-01298 CSO: 1E1e LOS: 1E1p #65 © Becker Professional Education. All rights reserved.
FC-01299 CSO: 1E1e LOS: 1E1p #66 © Becker Professional Education. All rights reserved.
U5 Page 33 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Document tampering will result in fines and/or a prison term of not more than 20 years.
System Controls and Security Measures
Question Retaliation against informants providing information to the SEC will result in fines and
Under Title XI, Corporate Fraud Accountability, what are the penalties for tampering with /or a prison term of not more than 10 years.
a document used in an official proceeding or retaliating against an informant providing
information to the SEC?
FC-01300 CSO: 1E1e LOS: 1E1p #67 © Becker Professional Education. All rights reserved.
FC-00416 CSO: 1E2a LOS: 1E2a #68 © Becker Professional Education. All rights reserved.
U5 Page 34 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00417 CSO: 1E2a LOS: 1E2c #69 © Becker Professional Education. All rights reserved.
FC-00426 CSO: 1E2a LOS: 1E2a #70 © Becker Professional Education. All rights reserved.
U5 Page 35 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Safeguarding of files and records is important because inadequate protection may
System Controls and Security Measures
result in loss or damage that might drive an organization out of business; hardware can
Question always be replaced, but data often cannot be.
Why is it important to safeguard files and records?
FC-00428 CSO: 1E2d LOS: 1E2l #71 © Becker Professional Education. All rights reserved.
FC-00429 CSO: 1E2d LOS: 1E2i #72 © Becker Professional Education. All rights reserved.
U5 Page 36 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures 1. Password Length: The longer the better. Passwords should be greater than seven
Question characters. Many organizations' standard is eight characters.
What characteristics should a password management policy address? 2. Password Complexity: Complex passwords feature three of the following four
characteristics: uppercase characters, lowercase characters, numeric characters,
and ASCII characters (e.g., ! @ # $ % ^ & * or ?).
3. Password Age: The National Security Agency (NSA) recommends that passwords
should be changed every 90 days. Administrative passwords should be changed
more frequently.
4. Password Reuse: The NSA recommends that password reuse of the previous 24
passwords be restricted. The goal is to prevent users from alternating between
their favorite two or three passwords.
FC-00430 CSO: 1E2b LOS: 1E2e #73 © Becker Professional Education. All rights reserved.
FC-00431 CSO: 1E2a LOS: 1E2c #74 © Becker Professional Education. All rights reserved.
U5 Page 37 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
Information security policies state how an organization plans to protect its tangible and
System Controls and Security Measures
intangible information assets.
Question
What defines an information security policy?
FC-00433 CSO: 1E2a LOS: 1E2b #75 © Becker Professional Education. All rights reserved.
System Controls and Security Measures Access controls limit access to documentation, data files, programs, and computer
hardware to authorized personnel. Examples include locks, passwords, user
Question identification codes, assignment of security levels, callbacks on dial-up systems, the
What are access controls? setting of file attributes, and the use of firewalls.
FC-00445 CSO: 1E2a LOS: 1E2d #76 © Becker Professional Education. All rights reserved.
U5 Page 38 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
A firewall is a system, often both hardware and software, of user identification and
System Controls and Security Measures
authentication that prevents unauthorized users from gaining access to network
Question resources.
What is a firewall?
FC-00446 CSO: 1E2c LOS: 1E2j #77 © Becker Professional Education. All rights reserved.
FC-00447 CSO: 1E2e LOS: 1E2n #78 © Becker Professional Education. All rights reserved.
U5 Page 39 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00448 CSO: 1E2d LOS: 1E2l #79 © Becker Professional Education. All rights reserved.
FC-00449 CSO: 1E2e LOS: 1E2n #80 © Becker Professional Education. All rights reserved.
U5 Page 40 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-00450 CSO: 1E2e LOS: 1E2n #81 © Becker Professional Education. All rights reserved.
System Controls and Security Measures The disadvantage is the cost and effort required to implement the plan.
Question
What is the disadvantage of a disaster recovery and business continuity plan?
FC-00451 CSO: 1E2e LOS: 1E2n #82 © Becker Professional Education. All rights reserved.
U5 Page 41 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
FC-01513 CSO: 1E2a LOS: 1E2c #83 © Becker Professional Education. All rights reserved.
FC-01515 CSO: 1E2a LOS: 1E2b #84 © Becker Professional Education. All rights reserved.
U5 Page 42 of 43
U5 E.1. Governance, Risk, and Compliance: Part 2, and E.2. Answer
System Controls and Security Measures 1. IT benefit/value enablement risk is related to missed opportunities to use
Question technology to improve business processes.
What are the three categories of IT risk? 2. IT program and project delivery risk is related to the contribution of IT to new or
improved business solutions.
3. IT operations and service delivery risk is related to all aspects of the performance
of IT systems and services.
FC-01516 CSO: 1E2a LOS: 1E2b #85 © Becker Professional Education. All rights reserved.
FC-01517 CSO: 1E2a LOS: 1E2b #86 © Becker Professional Education. All rights reserved.
Page 43 of 43