ACC 413 Test 2
a. impact and likelihood
After business risks have been identified they should assessed in terms of their inherent: a. impact and likelihood b. likelihood and probability c. significance and severity d. significance and control effectiveness
b. single employee
An adequate system of internal controls is most likely to detect an irregularity perpetrated by a: a. group of employees in collusion b. single employee c. group fo mangers in collusion d. single manager
a. the individual who initiates wire transfers does not reconcile the bank statement
Appropriate internal control for a multinational corporations branch office that has a department responsible for the transfer of money requires that: a. the individual who initiates wire transfers does not reconcile the bank statement b. the branch manager must receive all wire transfers c. foreign currency rates must be computed separately by two different employees d. corporate management approves the hiring of employees in this department
d. CAE
Determining that engagement objectives have been met is ultimately the responsibility of the: a. internal auditor b. audit committee c. internal audit supervisor d. CAE
c. oval
Which flowcharting symbol indicates the start of end of a process? a. arrow b. diamond c. oval d. rectangle
b. diamond
Which of the following symbols in a process map will most likely contain a question? a. rectangle b. diamond c. arrow d. oval
d. review the controls over payroll processing in both the company and the third party service provider
A company has recently outsourced its payroll process to a third party service provider. An audit team was scheduled to audit payroll controls in the annual audit plan prepared prior to the outsourcing. What action should the audit tam take considering the outsourcing decision? a. cancel the engagement because the processing is being performed outside the organization b. review only the controls over payments to the third party provider based on the contract c. review only the companies controls over data sent to and received from the third party service provider d. review the controls over payroll processing in both the company and the third party service provider
b. internal risk factor
A major upgrade to an important information system would most likely represent a high: a. external risk factor b. internal risk factor c. other risk factor d. likelihood of future systems problems
b. single employee
An effective system of internal controls is most likely to detect a fraud perpetrated by a: a. group of employees in collusion b. single employee c. group of managers in collusion d. single manager
c. determine whether the treasurer is getting higher or lower rates of return on investments than treasurers in comparable organizations
An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement? a. determine whether policies exist that describe the risks the treasurer may take and the types of instruments in which the treasurer may invest b. determine the extent of management oversight over investments in sophisticated c. determine whether the treasurer is getting higher or lower rates of return on investments than treasurers in comparable organizations d. determine the nature of monitoring activated related to the investment portfolio
b. unauthorized access from outsiders
An internal firewall is designed to provide protection against: a. computer viruses b. unauthorized access from outsiders c. lightening strikes and power surges d. arson
d. designing IT application based controls
An organizations IT governance committee has several important responsibilities. which of the following is not normally such a responsibility? a. aligning investments in IT with business strategies b. overseeing changes to IT systems c. monitoring IT security procedures d. designing IT application based controls
b. I and V only
COSO's internal control framework consists of internal control components and 17 principles for acheiving effective internal control. Which of the following is/are principles?
c. it reduces either likelihood or impact or both
How does a control manage a specific risk? a. it reduces the likelihood of the event giving rise to the risk b. it reduces the impact of the event giving risk tot he risk c. it reduces either likelihood or impact or both d. it prevents the occurrence of the event
a. there is an appropriate balance between risk and control
If a risk appears in the bottom right of quadrant II in the above risk control map, it means that: a. there is an appropriate balance between risk and control b. the controls may be excessive relative to the risk c. the controls may be inadequate relative to the risk d. there is not enough information to make a judgement
a. there is an appropriate balance between risk and control
If a risk appears in the middle of quadrant IV in the above risk control map, it means that: a. there is an appropriate balance between risk and control b. the controls may be excessive relative to the risk c. the controls may be inadequate relative to the risk d. there is not enough information to make a judgment
b. a secondary link
In a risk by process matrix a process that helps to manage a risk indirectly would be shown to have : a. a key link b. a secondary link c. an indirect link d. no link at all
d. product quality
In assessing organizational risk in a manufacturing organization, which of the following would have the greatest long-range impact on the organizations? a. advertising budget b. production scheduling c. inventory policy d. product quality
b. obtain the understanding necessary to test the process
Internal auditors often prepare process maps and reference portions of these maps to narrative descriptions of certain activities. This is an appropriate procedure to: a. determine the ability of the activities to produce reliable information b. obtain the understanding necessary to test the process c. document that the process meets internal audit standards d. determine whether the process meets established management objective
c. inherent limitations of internal control preclude a system of internal control from providing absolute assurance that objectives will be achieved.
Reasonable assurance as it pertains to internal control means that: a. the objectives of internal control vary depending on the method of data processing used. b. a well designed system of internal controls will prevent or detect all errors and fraud c. inherent limitations of internal control preclude a system of internal control from providing absolute assurance that objectives will be achieved. d. management cannot override controls and employees cannot circumvent controls through collusion
c. preventative
Requiring a user ID and password would be an example of what type of control? a. detective b. corrective c. preventative d. reactive
c. require supervisory approval of employees time cards
The control that would most likely ensure that payroll checks are written only for authorized amounts is to: a. conduct periodic floor verification of employees on the payroll b. require the return of undelivered checks to the cashier c. require supervisory approval of employees time cards d. periodically witness the distribution of payroll checks
a. availability risk
The possibility of someone maliciously shutting down an information system is most directly an element of: a. availability risk b. access risk c. confidentiality risk d. deployment risk
a. restrict access to data
The purpose of logical security control is to : a. restrict access to data b. limit access to hardware c. record processing results d. ensure complete and accurate processing of data
a. preventive control
The requirement that purchases be made from suppliers on an approved vendor list is an example of a: a. preventive control b. detective control c. compensating control d. monitoring control
c. organizations identification and analysis of the risks that threaten the achievement of its objectives
The risk assessment component of internal control involves the: a. independent outside auditors assessment of residual risk b. internal audit functions assessment of control deficiencies c. organizations identification and analysis of the risks that threaten the achievement of its objectives d. organizations monitoring of financial information for potential material misstatements
c. operating system software
The software that manages the interconnectivity of the system hardware devices is the: a. application software b. utility software c. operating system software d. database management system software
b. the set of connected activities linked with each other for the purpose of achieving an objective or goal.
What is a business process? a. how management plans to achieve the organizations objectives b. the set of connected activities linked with each other for the purpose of achieving an objective or goal. c. a group of interacting interrelated or interdependent elements forming a complex whole d. a finite endeavor undertaken to create a unique product or service that brings about beneficial change or added value.
c. risk that is not managed
What is residual risk? a. impact of risk b. risk that under control c. risk that is not managed d. underlying risk in the environment
b. provide assurance on the management of the risk
When assessing the risk associated with an activity an internal auditor should: a. determine how the risk should best be managed b. provide assurance on the management of the risk c. update the risk management process based on risk exposures d. design controls to mitigate the identified risks
d. easy to control access to
Which is NOT a benefit of user developed application: a. quick to develop and use b. readily available and at a low cost c. more configurable and flexible d. easy to control access to
c. I, II and IV
Which of the following are business processes? I. strategic planning II. Review and write off of delinquent loans III. Safeguarding of assets IV. remittance of payroll taxes to the respective tax authorities a. I and III b. II and IV c. I, II and IV d. I, II, III, and IV
C. To provide reasonable assurance that the processes will enable the organizations objectives and goals to be met efficiently and economically
Which of the following best describes an internal auditors purpose in reviewing the organizations existing governance, risk management, and control processes? a. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives. b. To ensure that weaknesses in the internal control system are corrected. c. To provide reasonable assurance that the process will enable the organization's objectives and goals to be met efficiently and economically. d. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated.
a. reconciliation of bank accounts by someone who does not handle cash or record cash transactions
Which of the following best exemplifies a control activity referred to as independent verification? a. reconciliation of bank accounts by someone who does not handle cash or record cash transactions b. identification badges and security codes used to restrict entry to the production facility c. accounting records and documents that provide a trail of sales and cash receipt transactions d. separating the physical custody of inventory from inventory accounting
b. computerized placement of a purchase order from a customer to its supplier
Which of the following best illustrates the use of EDI? a. purchasing merchandise from a company internet site b. computerized placement of a purchase order from a customer to its supplier c. transfer of data from a desktop computer to a database server d. withdrawing cash from an ATM
c. a risk in the upper left corner of quadrant III
Which of the following circumstances would concern the internal auditor the most? a. a risk in the lower left corner of quadrant I b. a risk in the lower right corner of quadrant II c. a risk in the upper left corner of quadrant III d. a risk in the upper right corner fo quadrant IV
b. use of older technology
Which of the following is not one of the top to technology risk facing organizations? a. cybersecutiy b. use of older technology c. IT governance d. Mobile computing
d. managements controls to ensure the outsourcing provider meets contractual performance requirements should be tested by the internal audit function.
Which of the following is true regarding business process outsourcing? a. outsourcing a core, high risk business process reduces the overall operational risk. b. outsourced processes should not be included in the internal audit universe. c. the independent outside auditor is required to review all significant outsourced business processes. d. managements controls to ensure the outsourcing provider meets contractual performance requirements should be tested by the internal audit function.
c. the organizations management
Who has primary responsibility for the monitoring component of internal control? a. the organizations independent outside auditor b. the organizations internal audit function c. the organizations management d. the organizations board of directors
