BEC1 Acct 440
10. A company that routinely performs background checks on its employees to ensure that there is no criminal history is applying the ideas from which principle of effective internal control over financial reporting? a. Human resources. b. Financial reporting competencies. c. Management's philosophy and operating style. d. Integrity and ethical values.
a
11. What organization was created by Sarbane-Oxley to oversee the audits of public firms. A. the Public Company Accounting Oversight Board B. The Committee of Sponsoring Organizations C. The American Institute of Certified Public Accountants D. The U.S. Securities & Exchange Commission
a
11. Which of the following bodies has developed a framework for enterprise risk management? A. The Committee of Sponsoring Organizations (COSO). B. The American Institute of Certified Public Accountants (AICPA). C. The Public Company Accounting Oversight Board (PCAOB). D. The Institute of Risk Management Professionals (IRMP).
a
12. Which of the following is the best definition of a compensating control? A. A control that accomplishes the same objective as another control. B. A condition within an internal control system requiring attention. C. The targets against which the effectiveness of internal control are evaluated. D. Metrics that reflect critical success factors.
a
13. Public company CEOs and CFOs must certify that: A. They are responsible for establishing and maintaining their firm's internal financial controls. B. They have hired an excellent auditing firm and have delegated to that firm ultimate responsibility for the accuracy of financial statements. C. They have taken lie detector tests regarding the accuracy of the financial statements. D. They are subject to firm codes of ethics policing the accuracy of financial statements.
a
15. Existing control activities, one of the components of internal control, include: a. Select and develop technology controls b. Obtain and use information c. Specify objectives d. Commitment to competence
a
16. Which of the following stipulations was included in the Dodd-Frank Act of 2010? A. Members of the Board serving on the compensation committee must be independent. B. The compensation committee must include at least one shareholder. C. Incentive based compensation for managers could not exceed 50% of total compensation. D. Compensation committee members could not also serve as members on the audit committee.
a
19. A manufacturing firm identified that it would have a difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following responses to risk? a. risk reduction b. prospect theory c. risk sharing d. risk acceptance
a
19. Management of Johnson Company is considering implementing technology to improve the monitoring component of internal control. Which of the following best describes how technology may be effective at improving monitoring? A. Technology can identify conditions and circumstances that indicate that controls have failed or risks are present. B. Technology can assure that items are processed accurately. C. Technology can provide information more quickly. D. Technology can control access to terminals and data.
a
22. Management of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of the following areas. a. Change control b. Management override c. Data integrity d. Computer Operations
a
23. Which of the following is not a component of an entity's internal control? a. control risk b. control activities c. monitoring d. control environment
a
27. According to the Sarbanes-Oxley Act of 2002, which of the following statements is correct regarding an issuer's audit committee financial expert? a. If an issuer does not have an audit committee financial expert, the issuer must disclose the reason why the role is not filled. b. The audit committee financial expert must be the issuer's audit committee chairperson to enhance internal control. c. The issuer must fill the role with an individual who has experience in the issuer's industry. d. The issuer's current outside CPA firm's audit partner must be the audit committee financial expert.
a
28. To address problems related to inadequate board oversight, the Sarbanes-Oxley Act requires public companies to have an: a. Audit committee b. Independent Board of Directors c. Internal auditor d. External auditor
a
3. The Enterprise Risk Management-Integrated Framework of the committee of sponsoring organizations (COSO) is best defined as a: a. Process effected by an entity's board of directors, management, and other personnel. b. Serial process in which one component affects only the next component. c. Process that replaces the COSO internal Control framework. d. Process that takes a control-based approach to an organization.
a
30. The primary role of the Board of Directors is to: a. Safeguard company assets b. Enter into contracts c. Appoint the external auditor d. Sign off on the financial statements
a
35. Which of the following components of internal control include the processes, structures and standards that provide the foundation for an entity? a. Control environment b. Risk assessment c. Information and communication d. Existing control activities
a
4. Each of the following is a limitation of enterprise risk management (ERM), except: a. ERM can provide absolute assurance with respect to objective categories. b. ERM is as effective as the people responsible for its functioning. c. ERM deals with risk, which relates to the future and is inherently uncertain. d. ERM operates at different levels with respect to different objectives.
a
4. Which of the following statements presents an example of an application control for a computerized system? A. Limiting entry of sales transactions to only valid credit customers. B. Requiring administrative approval for any applications or programs downloaded on company hardware. C. Limiting access to data storage and backup server rooms to only certain employees. D. Restricting access to the computer center by use of biometric devices.
a
5. According to COSO, which of the following components of internal control addresses an entity's integrity and ethical values? a. Internal environment b. Control activities c. Risk assessment d. Information and communication
a
7. An entity reviews its ERM practices. Which question is the organization least likely to investigate as a part of this review? A. What is the relationship between our strategy and objectives? B. How did the entity perform? C. Are we taking sufficient risks to attain desired performance? D. Were risk estimates accurate?
a
8. The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) in the professional standards includes the reliability of financial reporting, compliance with applicable laws and A. Effectiveness and efficiency of operations. B. Effectiveness of prevention of fraudulent occurrences. C. Incorporation of ethical business practice standards. D. Safeguarding of entity assets.
a
_________1. According to the 17 COSO control principles, risk reduction primarily relates to which fundamental component of internal control: A. Control activities. B. Control environment. C. Risk assessment. D. Monitoring.
a
1. Data from ______________ is typically structured, while data from ________ is typically unstructured. A. board meeting minutes; a governmental water scarcity report that is used by a beverage company B. staffing increases or decreases due to restructuring; email about decision making and performance. C. emerging interest in a new product from a competitor; an entity's risk tolerance D. marketing reports from website tracking services; government‐produced geopolitical reports and studies
b
12. Which of the following is one of the three committees that the Board of Directors of NYSE and other U. S. exchange listed companies are required to establish? A. the Executive Oversight Committee B. the Nominating Committee C. the Bylaws and Corporate Governance Committee D. the Shareholder and Investor Relations Committee
b
13. The Sarbanes-Oxley Act of 2002 seeks to improve investor confidence by providing greater transparency for all of the following issues, except: A. The Act requires both the CEO and CFO to certify in writing that their company's financial statements and disclosures fairly represent the results of operations. B. The Act requires the CEO to provide an explanation of the means and methods by which the company intends to balance risk against growth C. The Act places restrictions on audit firms, such as prohibiting public accounting firms from providing a variety of non-audit services to an audit client. D. The Act places the power to hire, compensate, and terminate public accounting firms in the hands of the audit committee.
b
13. Which of the following is not an objective within the COSO framework? a. Operations Objectives b. Management Objectives c. Reporting Objectives d. Compliance Objectives
b
15. CFO Mar has been complicit in her public company's accounting fraud. She consults a lawyer as it becomes time for filing her firm's 10‐K with the SEC. She is a little uncomfortable about what she might have to do. The lawyer will likely tell her that she will have to certify (and be potentially criminally liable for lying about) all of the following matters except: A. That she has reviewed the 10‐K. B. That her CPA license is active. C. That she, along with the CEO, is responsible for establishing and maintaining her company's internal controls. D. That she has recently evaluated the effectiveness of the firm's internal controls.
b
19. Layton Company has implemented an enterprise risk management system and has responded to a particular risk by purchasing insurance. Such a response is characterized by COSO's Enterprise Risk Management Framework as: A. Avoidance. B. Sharing. C. Acceptance. D. Reduction.
b
20. In a large public corporation, evaluating internal control procedures should be the responsibility of a. Accounting management staff who report to the CFO b. Internal audit staff who report to the board of directors c. Operations management staff who report to the Chief operations officer d. Security management staff who report to the chief facilities officer
b
21. Which of the following is an important threat to accountability in an organization's ERM practices? A. Excessive communication B. Hypocrisy (i.e., when management says one thing and does another) C. Escalation D. Deviations
b
25. According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring-for-change continuum? a. control baseline b. change identification c. change management d. control revalidation/update
b
34. The Sarbanes-Oxley Act of 2002 expanded financial statement disclosures. Which of the following is not an enhanced financial disclosure? a. Use of special purpose entities b. Internal control procedures c. All material- off balance sheet transactions d. All materials correcting adjustments identified by the auditor
b
37. According to COSO, each of the following is an example of an appropriate ongoing monitoring activity, except: a. Follow-up customer and vendor complaints regarding amounts due and owed b. Approval of high- dollar transactions by supervisors c. Periodic analysis of variances between expectations and actual results d. Comparisons of information from various sources within the company
b
9. According to COSO, an effective approach to monitoring internal control involves each of the following steps, except a. establishing a foundation for monitoring b. increasing the reliability of financial reporting and compliance with applicable laws and regulations c. Designing and executing monitoring procedures that are prioritized based on risks to achieve organizing objectives d. Assessing and reporting the results, including following up on corrective action where necessary
b
_________ 2. According to COSO, an effective approach to monitoring internal control involves each of the following steps, except: A. Establishing a foundation for monitoring. B. Increasing the reliability of financial reporting and compliance with applicable laws and regulations. C. Designing and executing monitoring procedures that are prioritized based on risks to achieve organizational objectives. D. Assessing and reporting the results, including following up on corrective action where necessary.
b
12. According to COSO, which of the following is a compliance objective? a. To maintain material price variances within published guidelines. b. To maintain accounting principles that conform to GAAP. c. To maintain a safe level of carbon dioxide emissions during production. d. To maintain adequate staffing to keep overtime expense within budget.
c
14. Internal controls are likely to fail for any of the following reasons except: a. They are not designed and implemented properly at the outset. b. They are designed and implemented properly as static controls, but the environment in which they operate changes. c. They are designed and implemented properly, and their design changes as processes change. d. They are designed and implemented properly, but their operation changes in some way.
c
15. An investment firm determines that investments in bitcoin are highly risky. For its portfolio, it sets a minimum investment of 3% and a maximum investment of 8% in bitcoin. This is an example of setting: A. risk target (minimum) and risk roof (maximum). B. risk roof (minimum) and risk target (maximum). C. risk floor (minimum) and risk ceiling (maximum). D. risk ceiling (minimum) and risk floor (maximum).
c
16. Corbin Corporation is evaluating the sample sizes associated with periodic tests of the existence of a fleet of taxis. Cash receipts associated with fares deposited daily are periodically reconciled to both the fares charged and the taxi's odometer readings. With respect to the monitoring controls over cash vs. vehicles, Corbin will likely: a. Review cash and fixed assets on a periodic basis, not on a daily basis. b. Review fixed assets on an ongoing basis and cash on a less frequent periodic basis. c. Review cash on an ongoing basis and fixed assets on a less frequent periodic basis. d. Review cash and fixed assets on an ongoing basis.
c
17. Susan Yao is a member of the Board of Directors of a U.S. public company listed on the New York Stock Exchange. Which of the following situations would not prevent Susan from being independent? A. Susan was CEO last year, but resigned to serve on the Board; B. Susan is the CEO for another company in another industry altogether; C. Susan is a major stockholder in the company, owning 10% of the voting shares; D. Susan is a financial expert, who also was lead auditor last year for the company's external audit firm. She resigned to serve on the Board.
c
18. Which of the following items is one of the eight components of COSO's enterprise risk management (ERM) framework? a. operations b. reporting c. monitoring d. compliance
c
21. Which of the following is necessary to be an audit committee financial expert according to the criteria specified in the Sarbanes-Oxley Act of 2002? a. A limited understanding of Generally Accepted Auditing Standards (GAAS) b. Education and experiences as a certified financial planner c. Experience with internal accounting controls d. Experience in the preparation of tax returns
c
24. The IT department at Piggy Parts BBQ has recently learned of phishing attempts that rely on social engineering to break into its financial systems. Information about these attempts should be communicated to: A. Internal auditors. B. Other personnel. C. All personnel. D. Support functions.
c
26. Smith is an officer of Company ABC. As an officer, how does the business judgment rule apply to Smith? a. Since Smith is not a director, the rule does not apply b. If Smith makes, in bad faith, a mistake in judgment, he will not be liable for damages caused. c. If Smith makes, in good faith, a mistake in judgment, he will not be liable for damages caused. d. If Smith makes, in a good faith, a mistake in judgment, he will be liable for damages caused.
c
3. Key risk indicators are: A. Indicators of internal control quality. B. Substantively equivalent to KPIs. C. Predictive and usually quantitative. D. Used primarily by risk‐aware, risk‐averse entities.
c
31. According to COSO, the four categories of entity objectives in the enterprise risk management framework include each of the following expect: a. Effective and efficient use of the entity's resources b. Compliance with applicable laws and regulations c. Implementation of internal controls d. Reliability of reporting
c
33. In order for the enterprise risk management framework to be effective, each component must be: a. Functioning b. Present c. Both a & b d. None of the above
c
36. According to COSO, the proper tone at the top helps a company to do each of the following, except: a. Create a compliance- supporting culture that is committed to enterprise risk management. b. Navigate gray areas where no specific compliance rules or guidelines exist c. Adhere to fiscal budgets and goals as outlined by the internal audit committee and board of directors d. Promote a willingness to seek assistance and report problems before it is too late for corrective action
c
5. This component of internal control concerns testing the system and its data. A. Control activities. B. Control environment. C. Monitoring. D. Risk assessment.
c
7. Which of the following is not an advantage of establishing an enterprise risk management system within an organization? A. Identify potential events that may affect the organization's wellbeing B. Provides integrated responses to multiple risks. C. Eliminates all risks. D. Helps assure achievement of organizational objectives.
c
8. A milk company decides to buy insurance to cover potential losses from spoilage. They are responding to risk by: a. Avoidance b. Reduction c. Sharing d. Acceptance
c
9. Milo Corp. maintains daily backups of its accounting system in a fireproof vault in the file library. Weekly, monthly, and annual backups are stored in a secure, fireproof vault at an off‐site location. Maintenance of the backup files is an example of: A. a detective control. B. a feedback control. C. a corrective control. D. a preventive control.
c
1. The Sarbanes-Oxley Act of 2002 seeks to improve investor confidence by providing greater transparency for all of the following issues, except: a. Adequacy of internal controls. b. Compliance of senior officers with a code of ethics. c. Competency of audit committees. d. Means and methods for balancing risk and growth
d
10. A public company audit committee's "financial expert" must have all of the following except: A. An understanding of GAAP and financial statements. B. Experience in preparing or auditing financial statements of comparable companies and application of such principles in connection with accounting for estimates, accruals, and reserves. C. Experience with internal auditing controls. D. Holding either an active CPA or a CMA designation
d
11. According to the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, which of the following components of internal control addresses an entity's reporting deficiencies? a. Event identification b. Internal environment c. Control activities d. Monitoring
d
14. Jeffrey Smiggles of Rajon Rondo Sportswear has developed a software application that helps monitor key production risks at company factories. In order to reduce costs, his approach to monitoring risks is likely to be: A. Monitor all risks using indirect information. B. Monitor all risks using direct information. C. Monitor more important risks using indirect information and less important risks using direct information. D. Monitor more important risks using direct information and less important risks using indirect information
d
17. According to NYSE guidelines for the Board of Directors of listed companies, which of the following conditions would compromise independence? a. The director received greater than $120,000 during the calendar year serving as a consultant for another company not affiliated with the company for which he serves as a director. b. The director is a former executive of a company that is a supplier to the company for which she serves as a director. c. The director serves as a member of both the compensation committee to determine managerial pay and the nominating committee to hire and fire managers. d. A director serving on the audit committee as a financial expert was a former employee of the firm engaged to conduct the audit.
d
18. Overland Stage and Transport uses a fraud risk assessment heat map that charts the significance (on the vertical axis) and the likelihood (on the horizontal axis) of frauds as a part of its fraud risk management program. The company's use of a fraud risk heat map best relates to which of the following activities? A. Establishing a fraud risk management program B. Selecting, developing, and deploying fraud controls C. Selecting, developing, and deploying evaluation and monitoring processes D. Performing a comprehensive fraud risk assessment
d
2. A company that retains a CPA with the appropriate knowledge, skills and abilities to prepare timely and effective financial reporting is applying the ideas from which principle of effective internal control over financial reporting? a. Management philosophy and operating style b. Accountability c. Integrity and ethical values d. Financial reporting competencies
d
20. Which of the following items is one of the five components of the enterprise risk management framework? A. Compliance. B. Operations. C. Industry D. Governance and Culture
d
22. Dennis Rodman's Shoes and Shinola recently implemented a whistleblower hotline to facilitate the reporting of events and concerns related to potential violations of its code of conduct. This initiative most likely occurs as a part of which component in the ERM framework? A. Governance and Culture B. Performance C. Strategy and Objective‐Setting D. Information, Communication, and Reporting
d
23. The Wasabi Electronics employee survey related to fraud risk includes this question: "Employees who report suspected improprieties are protected from reprisal." This question best relates to which of the following fraud management principles and processes? A. Establishing a fraud risk management program B. Selecting, developing, and deploying fraud controls C. Selecting, developing, and deploying evaluation and monitoring processes D. Establishing a communication program to obtain information about potential frauds
d
24. Management of Warren Company has decided to respond to a particular risk by hedging the risk with futures contracts. This is an example of risk A. Avoidance. B. Acceptance. C. Reduction. D. Sharing.
d
24. Within the COSO Internal Control - Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively? a. Control environment b. Risk assessment c. Information and communication d. Monitoring
d
25. According to the COSO framework, evaluators who monitor controls within an organization should have which of the following sets of characteristics? A. Respect and judgment. B. Authority and responsibility. C. Judgment and objectivity. D. Competence and objectivity.
d
29. A company officer who is not a director is authorized to perform which of the following duties? a. Terminate the company's external audit firm b. Remove a director for failure to exercise reasonable supervision c. Declare dividends to shareholders d. Enter into a contract with a vendor of computers for the company
d
6. Jiffy Grill has an ERP system. It has assigned responsibility for determining who has what access rights within the ERP system. This assignment mostly likely was to: A. Internal auditors. B. External Parties. C. Management D. Support functions
d
6. Which of the following is not a principle of the control environment? a. Board independence b. Commitment to competence c. Accountability d. Communication of deficiencies
d
7. Control activities are most closely related to: a. Residual risk b. Risk assessment c. Inherent risk d. Risk response
d
7. Whom among the following is required to issue a report assessing internal Control over Financial Reporting (ICFR)? A. the company's internal auditors B. the company's external audit firm C. the Audit Committee of the company's Board of Directors D. the company's management
d