12 . Review of the audit ( also called transaction ) log is an example of which of the following types of security control ? 13 . Which of the following statements presents an example of a general control for a computerized system ? 14 . Controls in the information technology area are classified into the categories of preventive , detective , and corrective . Which of the following is a preventive control ?
15 . A company ' s new time clock process requires hourly employees to select an identification number and then choose the clock-in or clock-out button . A video camera captures an image of the employee using the system . Which of the following exposures can the new system be expected to change the least ?
16 . Which of the following is an example of a detective control ?
17 . In the COSO " cube " model , each of the following is a control objective except
18 . In the COSO " cube " model , this component of internal control enables an organization ' s people to identify , process , and exchange the information needed to manage and control operations .
19 . This component of internal control concerns the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management ' s objectives . 20 . This fundamental component of internal control is the core or foundation of any system of internal control . 21 . This component of internal control concerns testing the system and its data . 22 . According to COSO , which of the following is a compliance objective ? 23 . This is the process of identifying , analyzing , and managing the risks involved in achieving the organization ' s objectives . 24 . In the COSO ( 2011 ) " cube " model , each of the following are components of internal control except
25 . According to the 17 COSO control principles , risk reduction primarily relates to which fundamental component of internal control :