Acct Ch 7 – Flashcards
Unlock all answers in this set
Unlock answersquestion
1) What is one reason why AIS threats are increasing?
answer
B) Many companies do not realize that data security is crucial to their survival.
question
2) Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework?
answer
A) Monitoring
question
3) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)
answer
A) preventive control.
question
4) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect?
answer
A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
question
5) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect?
answer
C) The box office cashier accidentally gives too much change to a customer.
question
6) Which of the following is an example of a preventive control?
answer
A) approving customer credit prior to approving a sales order
question
7) Independent checks on performance include all the following except
answer
A) data input validation checks.
question
8) A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem?
answer
A) Yes, the computer operator could alter the payroll program to increase her salary.
question
9) One of the objectives of the segregation of duties is to
answer
A) make sure that different people handle different parts of the same transaction.
question
10) Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework?
answer
A) Integrity and ethical values
question
11) Which of the following statements is true?
answer
A) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
question
12) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties.
answer
A) Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
question
13) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for
answer
A) hiring and firing the external auditors.
question
14) Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice President of Finance and CEO. This situation
answer
A) increases the risk associated with an audit.
question
15) Which of the following is a control related to design and use of documents and records?
answer
A) Sequentially prenumbering sales invoices
question
16) Which of the following duties could be performed by the same individual without violating segregation of duties controls?
answer
A) Approving accounting software change requests and testing production scheduling software changes
question
17) With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?
answer
D) Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal
question
18) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?
answer
A) Analyzing past financial performance and reporting
question
19) Which of the following suggests a weakness in a company's internal environment?
answer
D) Formal employee performance evaluations are prepared every three years.
question
20) Which of the following statements about internal environment is false?
answer
A) Management's attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions.
question
21) Which of the following is not a reason for the increase in security problems for AIS?
answer
C) Increasing efficiency resulting from more automation
question
22) One reason why many organizations do not adequately protect their systems is because
answer
B) productivity and cost cutting cause management to forgo implementing and maintaining internal controls.
question
23) Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken?
answer
D) All of the above are proper measures for the accountant to take.
question
24) The process that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as
answer
B) internal control.
question
25) Safeguarding assets is one of the control objectives of internal control. Which of the following is not one of the other control objectives?
answer
C) ensuring that no fraud has occurred
question
26) Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities.
answer
C) process
question
27) Which of the following is accomplished by corrective controls?
answer
D) All of the above are accomplished by corrective controls.
question
28) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions is an example of a ________ control.
answer
B) detective; corrective
question
29) What is not a corrective control procedure?
answer
B) Deter problems before they arise.
question
30) ________ controls are designed to make sure an organization's control environment is stable and well managed.
answer
C) General
question
31) ________ controls prevent, detect and correct transaction errors and fraud.
answer
A) Application
question
32) The primary purpose of the Foreign Corrupt Practices Act of 1977 was
answer
B) to prevent the bribery of foreign officials by American companies.
question
33) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.
answer
C) The Sarbanes-Oxley Act of 2002
question
34) Which of the following is not one of the important aspects of the Sarbanes-Oxley Act?
answer
D) New rules for information systems development
question
35) A(n) ________ helps employees act ethically by setting limits beyond which an employee must not pass.
answer
A) boundary system
question
36) A(n) ________ measures company progress by comparing actual performance to planned performance.
answer
B) diagnostic control system
question
37) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.
answer
C) interactive control system
question
38) This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes.
answer
A) ISACA's control objectives for information and related technology
question
39) This control framework's intent includes helping the organization to provide reasonable assurance that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to the organization's reputation.
answer
C) COSO's enterprise risk management framework
question
40) The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them?
answer
C) compliance with federal, state, or local laws
question
41) Which of the following is not one of the eight interrelated risk and control components of COSO Enterprise Risk Management Framework?
answer
D) Event assessment
question
42) The COSO Enterprise Risk Management Integrated Framework stresses that
answer
A) risk management activities are an inherent part of all business operations and should be considered during strategy setting.
question
43) Which of the following would be considered a "red flag" for problems with management operating style if the question were answered "yes"?
answer
D) All of the above statements would raise "red flags" if answered "yes."
question
44) Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported?
answer
A) Information and communication
question
45) The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary to achieve corporate goals. Objectives specifically identified include all of the following except
answer
A) implementation of newest technologies.
question
46) The audit committee of the board of directors
answer
C) provides a check and balance on management.
question
47) The audit committee is responsible for
answer
D) All of the above are responsibilities.
question
48) The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the
answer
B) organizational structure
question
49) Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?
answer
A) Organizational structure
question
50) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter
answer
B) employee fraud or embezzlement.
question
1) The SEC and FASB are best described as external influences that directly affect an organization's
answer
C) internal environment.
question
52) Which attribute below is not an aspect of the COSO ERM Framework internal environment? A) Enforcing a written code of conduct
answer
C) Restricting access to assets
question
53) The amount of risk a company is willing to accept in order to achieve its goals and objectives is
answer
C) Risk appetite
question
54) The risk that remains after management implements internal controls is
answer
B) Residual risk
question
55) The risk that exists before management takes any steps to control the likelihood or impact of a risk is
answer
A) Inherent risk
question
56) When undertaking risk assessment, the expected loss is calculated like this.
answer
B) Impact times likelihood
question
57) Generally in a risk assessment process, the first step is to
answer
A) identify the threats that the company currently faces.
question
58) Store policy that allows retail clerks to process sales returns for $300 or less, with a receipt dated within the past 60 days, is an example of
answer
A) general authorization.
question
59) Corporate policy that requires a purchasing agent and purchasing department manager to sign off on asset purchases over $1,500 is an example of
answer
B) specific authorization.
question
60) A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a
answer
D) strategic master plan.
question
61) A ________ is created to guide and oversee systems development and acquisition.
answer
C) steering committee
question
62) A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates.
answer
B) project development plan
question
63) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Folding Squid Technologies
answer
B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
question
64) The Sarbanes-Oxley Act (SOX) applies to
answer
D) all publicly held companies.
question
65) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his company's budgeting practices. It seems that, as a result of "budget handcuffs" that require managers to explain material deviations from budgeted expenditures, his ability to creatively manage his department's activities have been curtailed. The level of control that the company is using in this case is a
answer
D) diagnostic control system.
question
66) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his work environment. It seems that, as a result of "feminazi" interference, the suggestive banter that had been prevalent in the workplace during his youth was no longer acceptable. He even had to sit through a sexual harassment workshop! The level of control that the company is using in this case is a
answer
A) boundary system.
question
67) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the impact of this risk without insurance?
answer
B) $650,000
question
68) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss without insurance?
answer
C) $650
question
69) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss with insurance?
answer
D) $50
question
70) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance?
answer
C) $600
question
71) Due to data errors occurring from time to time in processing the Albert Company's payroll, the company's management is considering the addition of a data validation control procedure that is projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is estimated to be $11,000. The cost of implementing the data validation control procedure is expected to be $700. Which of the following statements is true?
answer
A) The data validation control procedure should be implemented because its net estimated benefit is $510.
question
72) The organization chart for Geerts Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness?
answer
A) Assigning the programming and operating of the computer system to an independent control group which reports to the controller
question
73) Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. They are transitioning from a ________ to a ________ control framework.
answer
D) COSO-Integrated Framework; COSO-ERM
question
74) FranticHouse Partners, L.L.C., does home remodeling and repair. All employees are bonded, so the firm's risk exposure to employee fraud is
answer
B) shared.
question
75) FranticHouse Partners, L.L.C., does home remodeling and repair. The firm does not accept jobs that require the installation of slate or copper roofing because these materials often require costly post-installation services. The firm's risk exposure to costly post-installation services is =
answer
C) avoided.
question
76) According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except
answer
A) reporting potential risks to auditors.
question
77) Ferdinand Waldo Demara was known as the great imposter. He had an astounding ability to convince people that he was who he truly was not. He worked as a naval officer, physician, college teacher, prison warden, and other jobs without any of the prerequisite qualifications. By not diligently checking references, the organizations fooled by Demara (including the Canadian Navy) apparently chose to ________ the risk of fraud.
answer
D) accept
question
78) Which of the following is an independent check on performance?
answer
C) The General Manager compares budgeted amounts with expenditure records from all departments.
question
79) Petty cash is disbursed by the Fred Haynes in the Cashier's Office. He also maintains records of disbursements, places requests to the Finance Department to replace expended funds, and periodically reconciles the petty cash balance. This represents a(an) ________ segregation of duties.
answer
C) ineffective
question
80) Hiring decisions at Frazier's Razors are made by Sheila Frazier, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Sheila, who prepares paycheck requisitions. Paychecks are then distributed through the company's mail room. This represents a(an) ________ segregation of duties.
answer
A) effective
question
81) Change management refers to
answer
D) controls designed to ensure that updates in information technology do not have negative consequences.
question
82) The Director of Information Technology for the city of Bumpkiss, Minnesota, formed a company to sell computer supplies and software. All purchases made on behalf of the City were made from his company. He was later charged with fraud for overcharging the City, but was not convicted. The control issue in this case arose because the Director had both ________ and ________ duties.
answer
C) recording; authorization
question
83) According to the ERM, these help the company address all applicable laws and regulations.
answer
A) Compliance objectives
question
84) According to the ERM, high level goals that are aligned with and support the company's mission are
answer
D) strategic objectives.
question
85) According to the ERM, these deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.
answer
B) Operations objectives
question
86) According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports.
answer
C) Reporting objectives
question
87) Which of the following is not a risk reduction element of a disaster recovery plan?
answer
D) Adequate casualty insurance
question
88) Describe the differences between general and specific authorization.
answer
Answer: Authorizations are often documented by signing, initializing, or entering an authorization code on a transaction document or record. Management may deem that certain transactions are of a routine nature and as such may authorize employees to handle such transactions without special approval. This is known as general authorization. Other transactions may be of such consequence that management grants specific authorization for them to occur. Usually management must approve of such transactions and oversee them to completion, requiring an additional signature required on checks exceeding a given dollar amount. Management should have written policies on both specific and general authorization for all type of transactions.
question
89) Explain how a company could be the victim of fraud, even if ideal segregation of duties is enforced.
answer
Answer: When a system effectively incorporates a separation of duties, it should be difficult for any one employee to defeat the system and commit fraud. Fraud is possible when two or more employees agree to defeat the system for their own dishonest ends. This problem is known as collusion. When two or more employees act together to defeat the internal controls of the system, they may likely succeed. It is more difficult to detect such activity because the employees may have planned to "cover their tracks." This is why independent review of transaction activity by third parties is important to monitor that internal controls are in place and working as designed.
question
90) Classify each of the following controls as preventive, detective, or corrective. Periodic bank reconciliation Separation of cash and accounting records Maintaining backup copies of master and transaction files Pre-numbering of sales invoices Chart of accounts Retina scan before entering a sensitive R & D facility Resubmission of error transactions for subsequent processing Internal auditor rechecking the debits and credits on the payment voucher Depositing all cash receipts intact Hiring qualified accounting personnel
answer
Answer: Detective. Preventive. Corrective. Preventive. Preventive. Preventive. Corrective. Detective. Preventive. Preventive
question
91) Discuss four reasons why AIS threats are increasing.
answer
Answer: 1. Client/server systems have proliferated and have enabled large numbers of employees to have access to the information. 2. LANs and client/server systems distribute data to various users and are more difficult to control than centralized systems. 3. EDI and e-commerce have enabled customers and suppliers to access each other's systems and data, making confidentiality a major concern. 4. Organizations are not aggressively protecting their data for various reasons. 5. Computer control problems are often underestimated and downplayed. 6. Control implications of networked systems are not properly reasoned out. 7. Top management does not grasp the effect of security of data and information on survival and profitability of the company. 8. Internal controls become a casualty in cost cutting and productivity measures undertaken by the management.
question
92) Explain why the Foreign Corrupt Practices Act was important to accountants.
answer
Answer: The act is important to accountants because it incorporates the language of the AICPA pronouncement on internal controls. The Act mandates that corporations should keep records that accurately and fairly reflect their transactions and assets in reasonable detail. The internal control system of these organizations should be able to provide reasonable assurance that: a) transactions are properly authorized and recorded; b) assets are safeguarded and protected from unauthorized access; and c) recorded asset values are periodically compared with actual assets and any differences are corrected. The act requires corporations to maintain good systems of internal accounting control.
question
93) Discuss the internal environment and identify the elements that comprise the internal environment.
answer
Answer: The internal environment embraces individuals and the environment in which they operate in an organization. Individual employees are "the engine" that drive the organization and form the foundation upon which everything in the organization rests. Elements of the internal environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and operating style of management; 3) organizational structure; 4) the audit committee of the board of directors; 5) methods of assigning authority and responsibility; 6) human resources policies and practices; and 7) various external influences. Each of these elements influences the internal control structure of the organization. Likewise, these elements should be examined and analyzed in detail when implementing or evaluating a system of internal controls.
question
94) Explain why management's philosophy and operating style are considered to be the most important element of the internal environment.
answer
Answer: Management truly sets the tone for the control environment of a business. If top management takes good control seriously and makes this known to everyone in the organization, then employees down the line will tend to do likewise. Management's attitude toward risk taking and the assessment of risk before acting are indications. Willingness to manipulate performance measures or to encourage employees to do likewise is another indication of attitude. Finally, pressure on subordinates to achieve certain results regardless of the methods used can be a very persuasive indicator of problems. Management concerned about control will assess risk and act prudently, manipulation of performance measures will not be tolerated, and ethical behavior will be instilled in and required of employees.
question
95) What are some of the ways to assign authority and responsibility within an organization?
answer
Answer: It is incumbent on management to identify specific business objectives and assign such objectives to certain departments and individuals. Management must also hold such departments and individuals responsible and accountable for achieving the assigned business objectives. Ways in which management may assign authority and responsibility is through formal job descriptions, employee training, budgets, operating plans, and scheduling. A formal code of conduct also sets the stage for responsible behavior on the part of employees by defining ethical behavior, acceptable business practices, regulatory requirements, and conflicts of interest. Another useful and important tool is a written policy and procedures manual.
question
96) Discuss the weaknesses in COSO's internal control framework that led to the development of the COSO Enterprise Risk Management framework.
answer
Answer: COSO's internal control framework 1. had too narrow a focus. 2. examined controls without first addressing purposes and risks of business processes 3. existing internal control systems often have controls that protect against items that are no longer risks or are no longer important. 4. focusing on controls first has an inherent bias toward past problems and concerns.
