Syllabus C: Business functions, regulation and technology

A regional hospital network suffers a severe ransomware attack, encrypting patient records and demanding cryptocurrency for the decryption key. Which of the following represents the most effective *corrective* control the hospital should have in place?

A global shipping company implements a Blockchain system to track cargo. They utilize 'Smart Contracts' within this system. What is the primary function of a Smart Contract in this context?

A fintech startup uses Big Data to assess credit risk. Their algorithm analyzes not just financial history, but also social media activity, smartphone geolocation data, and browsing habits. Which of the '4 Vs' of Big Data does this diverse range of data sources primarily represent?

An accounts clerk at a charity steals a cash donation from Donor A. To cover this up, the clerk uses the next cash donation from Donor B to credit Donor A's account. This process continues, constantly using new receipts to cover previous thefts. What specific type of fraud is this?

An external auditor is reviewing a highly automated e-commerce warehouse. Because the volume of daily transactions is in the millions, the auditor decides to test the effectiveness of the software's authorization protocols rather than checking individual sales invoices. What type of audit testing is this?

The primary objective of an internal audit is to express an opinion on whether the financial statements give a true and fair view.

A cyber-attack involves sending fraudulent emails to thousands of random addresses, hoping a few people will click a malicious link. What is this called?

Routine maintenance costs for factory machinery should be classified as capital expenditure.

SCENARIO: 'FinBank' is adopting new technologies to combat financial crime. They are implementing a decentralized, immutable ledger to track cross-border payments. They are also using software to analyze millions of unstructured social media posts to detect sentiment. To access the server room, staff now need a fingerprint scan. Finally, they are training staff to spot criminals trying to hide the illicit origins of drug money. Identify the correct terms for: 1. The immutable ledger technology. 2. The technology analyzing millions of unstructured posts. 3. The control type for the fingerprint scan. 4. The specific crime of hiding illicit money origins. Which option represents the correct combination?

[Section A] A multinational pharmaceutical company is implementing blockchain technology to track the provenance of active ingredients across its global supply chain. Which of the following represents the PRIMARY control advantage of using blockchain in this specific context?

[Section A] A fintech startup experiences a cyber-security incident. An employee receives an email appearing to be from the CEO, urgently requesting the transfer of funds to a new vendor. The employee complies, only to discover later that the email address was slightly misspelled and belonged to a malicious actor. What specific type of cyber-attack has occurred?

[Section A] A global retail chain analyzes petabytes of data daily. This data includes structured sales transactions from their POS systems, unstructured social media comments, and real-time video feeds from in-store cameras. In the context of Big Data, the inclusion of text, video, and numerical data primarily illustrates which of the '3 Vs'?

[Section A] In a company's payroll department, the employee who calculates the monthly wages is also the only person authorized to approve the final bank transfers to employees' accounts. Which fundamental internal control principle is being violated here?

[Section A] A retail bank implements an Artificial Intelligence (AI) system to evaluate loan applications. The system uses historical data to identify patterns and automatically adjusts its own decision-making algorithms over time without explicit human reprogramming. Which specific subset of AI does this describe?

[Section A] In the money laundering process, what is the term used for the initial introduction of illegal cash into the legitimate financial system?

[Section A] True or False: In Cloud Computing, 'Software as a Service' (SaaS) means the company purchases physical software CDs and installs them on their own local servers.

[Section A] Who is the primary audience or beneficiary of an Internal Audit report?

[Section B - MTQ] SCENARIO: 'GlobalLogistics Inc.' is upgrading its IT infrastructure. They are migrating their data to a public Cloud, implementing Blockchain for customs documentation, using Big Data analytics to optimize delivery routes, and establishing new internal controls to prevent cyber-attacks. Select the FOUR correct statements regarding these technological and control implementations.

Section A CargoChain, an international freight forwarding company, has implemented a blockchain system to manage its bills of lading. The system uses 'smart contracts' that automatically release payment to the shipping vessel the moment GPS data confirms the ship has docked at the destination port. What is the primary advantage of using a smart contract in this scenario?

Section A CityHealth, a public hospital network, suffers a cyber-attack where malicious software encrypts all patient records. The attackers demand a payment of $500,000 in cryptocurrency to provide the decryption key. What specific type of cyber-security threat has CityHealth experienced?

Section A PayStream is a fully automated fintech company. To prevent internal fraud, the system is configured so that the employee who sets up a new vendor account in the database cannot be the same employee who authorizes payments to that vendor. Which fundamental internal control principle is PayStream applying?

Section A CropData, an agricultural technology firm, collects terabytes of unstructured data daily from satellite imagery, soil sensors, and global weather patterns. They use machine learning algorithms to analyze this massive dataset to forecast crop yields months in advance. Which of the 'Vs' of Big Data is most directly addressed by using machine learning to make sense of this unstructured data?

Section A An internal auditor at ShopSphere, an e-commerce platform, selects a sample of sales invoices from the accounting ledger and works backward to locate the original customer order and shipping dispatch notes. What is the primary purpose of this specific audit procedure?

Section A In the money laundering process, what is the term for the stage where illicit funds are moved around through a series of complex financial transactions to obscure their origin?

Section A A company subscribes to a cloud-based accounting software where they simply log in via a web browser to use the application, without managing any underlying servers or code. Which cloud computing model is this?

Section A An accounts receivable clerk steals a cash payment from Customer A. To hide the theft, the clerk applies a later payment from Customer B to Customer A's account. This process is repeated continuously. What is the specific term for this type of fraud?

Section B (Syllabus C) Scenario: 'MetroTrust Bank' is a mid-sized regional bank. To combat rising financial crime, they are migrating their core banking systems to a public Cloud infrastructure (IaaS) and implementing an Artificial Intelligence (AI) system to monitor transactions for money laundering. The AI flags suspicious patterns, which are then reviewed by human compliance officers. The internal audit team is concerned about data privacy and the 'black box' nature of the AI. Based on the scenario and your knowledge of technology and regulation (Syllabus C), select the FOUR correct statements.

PowerGrid, a public utility company, recently suffered a cyber-attack where malicious software encrypted their critical operational data. The attackers demanded payment in cryptocurrency to provide the decryption key. Which of the following controls would be the MOST effective in allowing PowerGrid to recover from this specific type of attack without paying the attackers?

FinServe, a cross-border financial institution, is training its staff on anti-money laundering (AML) regulations. A trainer describes a scenario where illicit cash is moved through a series of complex international wire transfers between shell companies to obscure the audit trail and distance the funds from their illegal source. Which stage of the money laundering process does this describe?

AutoBuild, a heavy manufacturing company, has both an internal audit department and an external audit firm. The Board of Directors is reviewing the annual audit plan. Which of the following statements correctly distinguishes the primary objective of the external auditor from that of the internal auditor?

DataStream is a tech startup that analyzes social media trends in real-time to provide marketing insights. Their systems process millions of tweets, posts, and video uploads every minute, requiring instantaneous processing to remain relevant. In the context of the 'Vs' of Big Data, which characteristic is most prominently highlighted by DataStream's need for instantaneous processing of millions of inputs per minute?

HealthPlus, a healthcare service firm, is implementing a new system to track the supply chain of sensitive pharmaceuticals. They have chosen to use Blockchain technology because they need a system where, once a transaction is recorded, it cannot be altered or deleted by any single party. Which core characteristic of Blockchain technology provides this specific benefit?

Which cloud computing model involves a third-party provider hosting applications and making them available to customers over the internet?

True or False: In auditing, substantive testing is primarily used to check whether a company's internal controls are operating effectively.

True or False: Phishing is a type of social engineering attack where attackers deceive users into revealing sensitive information.

Scenario: FinTech Solutions requires two signatures for all large payments. They recently detected an attempt to purchase high-value assets using illicit funds to integrate them into the economy. They use distributed ledger technology for transactions and recently suffered an attack that overwhelmed their servers with traffic. Identify the correct classifications for the following four tasks: Task 1: Type of control for the two signatures Task 2: Money laundering stage identified Task 3: Technology used for transactions Task 4: Type of cyber-attack suffered Which of the following combinations is correct?