What is corporate governance?

Corporate governance includes all of the means by which

businesses are directed and controlled, including the rules,
regulations, processes, customs, policies, procedures,
institutions, and laws that affect the way the business is
administered.
Corporate governance spells out the rules and procedures
to be followed in making decisions for the corporation.

© 2020 HOCK international

 Who is responsible
for corporate governance?

Corporate governance is the joint responsibility of the board

of directors and management.

© 2020 HOCK international

 What is the COSO definition
of internal control?

“Internal control is a process, effected by an entity’s board

of directors, management, and other personnel, designed
to provide reasonable assurance regarding the
achievement of objectives relating to operations, reporting,
and compliance.”

© 2020 HOCK international

 Internal control provides
reasonable assurance about
achievement of objectives
in what three areas?
1) Operations
2) Reporting
3) Compliance

© 2020 HOCK international

 Who is responsible for
internal controls?
The board of directors oversees the IC system.
The CEO is responsible for the IC system and the “tone at
the top.”
Senior managers delegate responsibility for
establishment of internal control policies and procedures.
Financial officers and their staffs are central to the
exercise of control.
Internal auditors play a monitoring role.
Virtually all employees are involved in internal control.

© 2020 HOCK international

 What are the five
components of internal control?

1) Control environment
2) Risk assessment
3) Control activities
4) Information and communication
5) Monitoring activities

© 2020 HOCK international

 What are seven
transaction control objectives?

1) Authorization
2) Completeness
3) Accuracy
4) Validity
5) Physical safeguards and security
6) Error handling
7) Segregation of duties

© 2020 HOCK international

 What four duties
should be segregated?

1) Authorizing a transaction.
2) Recordkeeping (recording the transaction, preparing
source documents, and maintaining journals).
3) Keeping physical custody of the related asset. For
example, receiving checks in the mail.
4) The periodic reconciliation of the physical assets to
the recorded amounts for those assets.

© 2020 HOCK international

 What are the two provisions of the
Foreign Corrupt Practices Act?

1) Anti-bribery provision
2) Internal control provision

© 2020 HOCK international

 Sarbanes-Oxley applies to
what kind of companies?

Sarbanes-Oxley applies to all publicly-held companies in

the U.S., all of their divisions, and all of their wholly-owned
subsidiaries.

© 2020 HOCK international

 What two reports does the
external auditor provide for
a publicly traded company?

1) An opinion on whether the financial statements

present fairly, in all material respects, the financial
position, results of operations, and cash flows of the
company, in conformity with generally accepted
accounting principles.
2) An opinion on how effectively the company’s
management has maintained effective internal
control over financial reporting.

© 2020 HOCK international

 What are the four categories of
external auditor opinions?

1) Unqualified
2) Qualified
3) Adverse
4) Disclaimer

© 2020 HOCK international

 What are the two classifications of
controls in a computer system?

1) General controls
2) Application controls

© 2020 HOCK international

 What are the three categories of
application controls?

1) Input controls
2) Processing controls
3) Output controls

© 2020 HOCK international

 What are the eight stages of the
program development process?

1) Statement of objectives
2) Investigation and feasibility study
3) Systems analysis
4) Conceptual design
5) Physical design
6) Development and testing
7) Systems implementation and conversion
8) Operations and maintenance
© 2020 HOCK international
 What are three classifications of
controls based on their timing?

1) Preventive controls
2) Detective controls
3) Corrective controls

© 2020 HOCK international

 What are three ways of
testing a computer system?

1) Test data
2) Integrated test facility
3) Parallel simulation

© 2020 HOCK international

 What is a computer virus,
a Trojan horse, and a worm?

A computer virus is a program that alters the way that a

computer operates. Viruses can damage programs, delete
files, or reformat the hard disk.
A Trojan horse is different from a virus in that Trojan
horses do not replicate themselves, whereas viruses do.
A worm is a program that replicates itself from system to
system without the use of any host file.

© 2020 HOCK international

 What are the most serious
types of computer crimes?

• Intrusions of the Public Switched Network (the telephone

company)
• Major computer network intrusions
• Network integrity violations
• Privacy violations
• Industrial espionage
• Pirated computer software

© 2020 HOCK international

 What are some defenses
against cybercrime?

• Firewalls
• Proxy servers
• Antisniffers
• Switched networks

© 2020 HOCK international

 What are the two methods of
software encryption?

1) Secret key
2) Public key/private key

© 2020 HOCK international

 What is included in a
disaster recovery plan?

1) Which employees will participate in disaster recovery

and what their responsibilities will be.
2) What hardware, software, and facilities will be used.
3) The priority of applications that should be processed.

© 2020 HOCK international

 What is a hot site, cold site,
and warm site?

A hot site is a backup facility that has a computer system

similar to the one used regularly and it must be fully
operational and immediately available.
A cold site is a facility where all of the needed equipment
can be installed, though the equipment and the necessary
telecommunications are not immediately available.
A warm site has the computer equipment and necessary
data and communications links installed, but does not have
live data.
© 2020 HOCK international