AIS Ch. 7
All other things being equal, which of the following is *true*? a. Detective controls are superior to preventive controls. b. Corrective controls are superior to preventive controls. c. Preventive controls are equivalent to detective controls. d. Preventive controls are superior to detective controls.
D. Preventive controls are superior to detective controls. [Correct. With respect to con- trols, it is always of utmost importance to prevent errors from occurring]
Which of the following statements is *true*? a. COSO's enterprise risk management framework is narrow in scope and is limited to financial controls. b. COSO's internal control integrated framework has been widely accepted as the authority on internal controls. c. The Foreign Corrupt Practices Act had no impact on internal accounting control systems. d. It is easier to add controls to an already designed system than to include them during the initial design stag
A. COSO's internal control integrated framework has been widely accepted as the authority on internal controls. [Correct. The internal control integrated framework is the accepted authority on internal controls and is incorporated into policies, rules, and regulations that are used to control business activities.]
Which of the following is the correct order of the risk assessment steps discussed in this chapter? a. Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits. b. Identify controls, estimate risk and exposure, identify threats, and estimate costs and benefits. c. Estimate risk and exposure, identify controls, identify threats, and estimate costs and benefits. d. Estimate costs and benefits, identify threats, identify controls, and estimate risk and exposure.
A. Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits.
Which of the following statements about the control environment is *false*? a. Management's attitudes toward internal control and ethical behavior have little impact on employee beliefs or actions. b. An overly complex or unclear organizational structure may be indicative of problems that are more serious. c. A written policy and procedures manual is an important tool for assigning authority and responsibility. d. Supervision is especially important in organizations that cannot afford elaborate responsibility reporting or are too small to have an adequate separation of duties.
A. Management's attitudes toward internal control and ethical behavior have little impact on employee beliefs or actions. [Correct. This statement is false. Management's attitude toward internal control is critical to the organization's effectiveness and success. They set the "tone at the top" that other employees follow.]
In the ERM model, COSO specified four types of objectives that management must meet to achieve company goals. Which of the following is NOT one of those types? a. responsibility objectives b. strategic objectives c. compliance objectives d. reporting objectives e. operations objectives
A. responsibility objectives [Correct. Responsibility objectives are NOT one of the objec- tives in COSO's ERM model.]
Your current system is deemed to be 90% reliable. A major threat has been identified with an impact of $3,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost $100,000 and reduce the likelihood to 6%. Implementation of control B would cost $140,000 and reduce the likelihood to 4%. Implementation of both controls would cost $220,000 and reduce the likelihood to 2%. Given the data, and based solely on an economic analysis of costs and benefits, what should you do? a. Implement control A only. b. Implement control B only. c. Implement both controls A and B. d. Implement neither control.
B. Implement control B only. [Correct. Control procedure B provides a net benefit of $40,000. Procedure A and the combination of A and B provide a benefit of only $20,000.]
To achieve effective segregation of duties, certain functions must be separated. Which of the following is the correct listing of the accounting-related functions that *must be segregated*? a. control, recording, and monitoring b. authorization, recording, and custody c. control, custody, and authorization d. monitoring, recording, and planning
B. authorization, recording, and custody
COSO identified five interrelated components of internal control. Which of the following is NOT one of those five? a. risk assessment b. internal control policies c. monitoring d. information and communication
B. internal control policies [Correct. Internal control policies are NOT one of COSO's five components of internal control. However, control environment and control activities are two of the five internal control framework components.]
Which of the following is a control procedure relating to both the design and the use of documents and records? a. locking blank checks in a drawer b. reconciling the bank account c. sequentially prenumbering sales invoices d. comparing actual physical quantities with recorded amounts
C. sequentially prenumbering sales invoices [Correct. Designing documents so that they are sequentially prenumbered and then using them in order is a control procedure relating to both the design and the use of documents.]
Which of the following is NOT an independent check? a. bank reconciliation b. periodic comparison of subsidiary ledger totals to control accounts c. trial balance d. re-adding the total of a batch of invoices and comparing it with your first total
D. re-adding the total of a batch of invoices and comparing it with your first total [Correct. One person performing the same procedure twice using the same documents, such as re-adding invoice batch totals, is not an independent check because it does not involve a second person, a second set of documents or records, or a second process.]
COSO ERM Framework
Internal Environment Objective setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring
COSO Internal Control Framework
Monitoring Information & communication Control activities Risk assessment Control environment