Page 44 - CITP Review
P. 44

Knowledge checks



            Use the following information to complete the following knowledge check questions.




            Case

            ABC Company has 340 employees, is a provider of information storage equipment, and maintains its
            fixed assets in the form of computer and network equipment. The company also maintains a significant
            amount of PII related to its customers, including names, addresses, credit card information, and other.
            The company also maintains a significant online presence and conducts business online via its website.

            There are a significant number of fixed asset acquisitions, retirements, and disposals, with transactions
            recorded by a staff accountant. The accountant records the transactions in a spreadsheet designed as a
            property ledger, posts the related entries to the general ledger, and monthly reconciles the two ledgers.
            The controller spot-checks the entries and reviews the monthly reconciliations. The controller also
            includes a budget-to-actual analysis of capital expenditures and summary of fixed asset changes in
            monthly reports provided to senior operating managers who are positioned to question information at
            odds with the knowledge of business activities.




            Knowledge check questions


            1.  Based on the information provided in the ABC case, what situation has the highest IT risk?
                   a.  Its fixed assets are IT.
                   b.  Compensating controls are manual.
                   c.  Transactions are recorded in a spreadsheet.
                   d.  There is no SoD for the property ledger.

            2.  Based on the lack of SoD by the staff accountant, how would you assess the IT risk associated with
               this case?
                   a.  The high IT risk in this case is not adequately mitigated by any activities described.
                   b.  The high IT risk in this case is adequately mitigated by the IT controls described as deployed.
                   c.  The high IT risk in this case is adequately mitigated by the reconciliation of the two ledgers.
                   d.  The high IT risk in this case is adequately mitigated by the controller’s activities.

            3.  Which may ABC Company’s management assertion not do?

                   a.  Apply to a specific point in time
                   b.  Apply to a specific period of time.
                   c.  Include management’s assertion that the description is in accordance with the description
                       criteria.
                   d.  Include management’s opinion that the description is presented in accordance with the
                       description criteria.



            © 2019 Association of International Certified Professional Accountants. All rights reserved.    1-36
   39   40   41   42   43   44   45   46   47   48   49