ACC 324 Ch. 7 – Flashcards

Unlock all answers in this set

Unlock answers
question
What is one reason why AIS threats are increasing?
answer
Many companies do not realize that data security is crucial to their survival.
question
Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework?
answer
Monitoring
question
A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)
answer
preventive control.
question
At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect?
answer
Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
question
At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect?
answer
The box office cashier accidentally gives too much change to a customer.
question
Which of the following is an example of a preventive control?
answer
approving customer credit prior to approving a sales order
question
Independent checks on performance include all the following except
answer
data input validation checks.
question
A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem?
answer
Yes, the computer operator could alter the payroll program to increase her salary.
question
One of the objectives of the segregation of duties is to
answer
make sure that different people handle different parts of the same transaction.
question
Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework?
answer
Integrity and ethical values
question
Which of the following statements is true?
answer
Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
question
Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties.
answer
Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
question
According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for
answer
hiring and firing the external auditors.
question
Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice President of Finance and CEO. This situation
answer
increases the risk associated with an audit.
question
Which of the following is a control related to design and use of documents and records?
answer
Sequentially pre-numbering sales invoices
question
Which of the following duties could be performed by the same individual without violating segregation of duties controls?
answer
Approving accounting software change requests and testing production scheduling software changes
question
With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?
answer
Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal
question
Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?
answer
Analyzing past financial performance and reporting
question
Which of the following suggests a weakness in a company's internal environment?
answer
Formal employee performance evaluations are prepared every three years.
question
Which of the following statements about internal environment is false?
answer
Management's attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions.
question
Which of the following is not a reason for the increase in security problems for AIS?
answer
Increasing efficiency resulting from more automation
question
One reason why many organizations do not adequately protect their systems is because
answer
productivity and cost cutting cause management to forgo implementing and maintaining internal controls.
question
Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken?
answer
All of the above are proper measures for the accountant to take.
question
The process that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as
answer
internal control.
question
Safeguarding assets is one of the control objectives of internal control. Which of the following is not one of the other control objectives?
answer
ensuring that no fraud has occurred
question
Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities.
answer
process
question
Which of the following is accomplished by corrective controls?
answer
All of the above are accomplished by corrective controls
question
Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions is an example of a ________ control.
answer
detective; corrective
question
What is not a corrective control procedure?
answer
Deter problems before they arise.
question
________ controls are designed to make sure an organization's control environment is stable and well managed.
answer
General
question
________ controls prevent, detect and correct transaction errors and fraud.
answer
Application
question
The primary purpose of the Foreign Corrupt Practices Act of 1977 was
answer
to prevent the bribery of foreign officials by American companies
question
Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.
answer
The Sarbanes-Oxley Act of 2002
question
Which of the following is not one of the important aspects of the Sarbanes-Oxley Act?
answer
New rules for information systems development
question
A(n) ________ helps employees act ethically by setting limits beyond which an employee must not pass.
answer
boundary system
question
A(n) ________ measures company progress by comparing actual performance to planned performance.
answer
diagnostic control system
question
A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.
answer
interactive control system
question
This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes.
answer
ISACA's control objectives for information and related technology
question
This control framework's intent includes helping the organization to provide reasonable assurance that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to the organization's reputation.
answer
COSO's enterprise risk management framework
question
The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them?
answer
compliance with federal, state, or local laws
question
Which of the following is not one of the eight interrelated risk and control components of COSO Enterprise Risk Management Framework?
answer
Event assessment
question
The COSO Enterprise Risk Management Integrated Framework stresses that
answer
risk management activities are an inherent part of all business operations and should be considered during strategy setting.
question
Which of the following would be considered a "red flag" for problems with management operating style if the question were answered "yes"?
answer
All of the above statements would raise "red flags" if answered "yes."
question
Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported?
answer
Information and communication
question
The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary to achieve corporate goals. Objectives specifically identified include all of the following except
answer
implementation of newest technologies.
question
The audit committee of the board of directors
answer
provides a check and balance on management.
question
The audit committee is responsible for
answer
All of the above are responsibilities.
question
The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the
answer
organizational structure
question
Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?
answer
Organizational structure
question
Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter
answer
employee fraud or embezzlement.
question
The SEC and FASB are best described as external influences that directly affect an organization's
answer
internal environment.
question
Which attribute below is not an aspect of the COSO ERM Framework internal environment?
answer
Restricting access to assets
question
The amount of risk a company is willing to accept in order to achieve its goals and objectives is
answer
Risk appetite
question
The risk that remains after management implements internal controls is
answer
Residual risk
question
The risk that exists before management takes any steps to control the likelihood or impact of a risk is
answer
Inherent risk
question
When undertaking risk assessment, the expected loss is calculated like this
answer
Impact times likelihood
question
Generally in a risk assessment process, the first step is to
answer
identify the threats that the company currently faces.
question
Store policy that allows retail clerks to process sales returns for $300 or less, with a receipt dated within the past 60 days, is an example of
answer
general authorization
question
Corporate policy that requires a purchasing agent and purchasing department manager to sign off on asset purchases over $1,500 is an example of
answer
specific authorization.
question
A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a
answer
strategic master plan.
question
A ________ is created to guide and oversee systems development and acquisition.
answer
steering committee
question
A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates.
answer
project development plan
question
Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Folding Squid Technologies
answer
hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
question
The Sarbanes-Oxley Act (SOX) applies to
answer
all publicly held companies
question
Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his company's budgeting practices. It seems that, as a result of "budget handcuffs" that require managers to explain material deviations from budgeted expenditures, his ability to creatively manage his department's activities have been curtailed. The level of control that the company is using in this case is a
answer
diagnostic control system.
question
Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his work environment. It seems that, as a result of "feminazi" interference, the suggestive banter that had been prevalent in the workplace during his youth was no longer acceptable. He even had to sit through a sexual harassment workshop! The level of control that the company is using in this case is a
answer
boundary system.
question
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the impact of this risk without insurance?
answer
$650,000
question
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss without insurance?
answer
$650
question
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss with insurance?
answer
$50
question
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance?
answer
$600
question
Due to data errors occurring from time to time in processing the Albert Company's payroll, the company's management is considering the addition of a data validation control procedure that is projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is estimated to be $11,000. The cost of implementing the data validation control procedure is expected to be $700. Which of the following statements is true?
answer
The data validation control procedure should be implemented because its net estimated benefit is $510.
question
The organization chart for Geerts Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness?
answer
Assigning the programming and operating of the computer system to an independent control group which reports to the controller
question
Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. They are transitioning from a ________ to a ________ control framework.
answer
COSO-ERM; COBIT
question
FranticHouse Partners, L.L.C., does home remodeling and repair. All employees are bonded, so the firm's risk exposure to employee fraud is
answer
shared.
question
FranticHouse Partners, L.L.C., does home remodeling and repair. The firm does not accept jobs that require the installation of slate or copper roofing because these materials often require costly post-installation services. The firm's risk exposure to costly post-installation services is
answer
avoided.
question
According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except
answer
reporting potential risks to auditors.
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New