Chapter 10 review problems
A B
Which of the following statements are true? (Check all that apply.) A.The objective of an internal control system is to provide reasonable assurance that events do not take place. B.Some events pose a greater risk because they are more likely to occur. C.Detective controls are superior to preventive controls; neither is as good as a corrective control. D.The benefits of an internal control procedure are usually easier to measure than the costs. E.The likelihood and impact of a risk must be considered separately.
A B D
Internal controls are the processes implemented to provide reasonable assurance that the following control objectives are achieved. (Check all that apply.) A.Safeguard assets B.Provide accurate and reliable information C.Ensure that all employees are happy so that fraud and errors are minimized D.Comply with applicable laws and regulations E.Prevent fraud and errors regardless of its impact on operational efficiency
D
People who discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges are called: A.Chief operating officer B.Chief security officer C.Computer compliance officer D.Computer forensics specialist
A C D
According to internal control frameworks, which of the following principles apply to the information and communication process? (Check all that apply.) A.Internally communicate the information necessary to support the other components of internal control B.Make sure to compare actual inventory quantities with recorded amounts before transmitting them to external parties C.Obtain or generate relevant, high-quality information to support internal control D.Communicate relevant internal control matters to external parties
A B C D
According to the text, management can respond to risk in which of the following ways? (Check all that apply.) A.Avoid it by not engaging in the activity that produces the risk B.Accept its likelihood and impact C.Share it or transfer it to someone else D.Reduce its likelihood and impact E.Examine its likelihood and impact
A C E
According to the text, which of the following are key methods of monitoring internal control system performance? (Check all that apply.) A.Track purchased software and mobile devices B.Observe employees implementing the controls C.Use responsibility accounting systems D.Schedule periodic government inspections E.Implement effective supervision
A C D
COBIT consolidates control standards from many different sources into a single framework that allows which of the following? (Check all that apply.) A.Users to be assured that adequate IT security and controls exist B.Governmental agencies to be assured that all information produced by the IT system is free from any errors or fraud C.Management to benchmark security and control practices of IT environments D.Auditors to substantiate their internal control opinions and to advise on IT security and control matters
A B E
COSO's Internal Control Model has five components and 17 principles. Which of the following is(are) principle(s) of the control environment component? (Check all that apply.) A.Holding individuals accountable for their internal control responsibilities in pursuit of objectives B.A commitment to attract, develop, and retain competent individuals in alignment with objectives C.Considering the potential of fraud D.Selecting, developing, and performing ongoing or separate evaluations of the components of internal control E. Commitment to integrity and ethics
A
Controls that prevent, detect, and correct transaction errors and fraud in application programs are called: A.Application controls B.Preventive controls C.General controls D.Detective controls
A C E
Effective segregation of accounting duties is achieved when which of the following functions are separated? (Check all that apply.) A.Custody of cash and other assets B.Managing information systems C.Recording transactions and preparing documents and reports D.Supervision of accounting duties and processes E.Authorization of transactions and decisions
A C D
The COBIT framework describes best practices for the effective governance and management of IT. It is based on five key principles of IT governance and management. Which of the following are among the five key principles? (Check all that apply.) A.Enabling a holistic approach B.Integrating governance and management C.Meeting stakeholders' needs D.Covering the enterprise end-to-end E.Coordinating multiple different frameworks
C
The lever of control that describes how a company creates value and helps employees understand management's vision is called a A.boundary system. B.interactive control system. C.belief system. D.diagnostic control system.
A B D E (may not be correct; revel, amirite?!)
To achieve proper segregation of systems duties, which of the following system functions should be separated from the other system functions? (Check all that apply.) A.Authorization B.Users C.Internal auditing D.Data entry E.Management
A
What is the name of the law Congress passed to prevent companies from bribing foreign officials? A.FCPA B.COBIT Act C.Sarbanes Oxley Act D.COSO ERM Act E.COSO Internal Control Act
D
What is the name of the law that Congress passed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud? A.COSO Internal Control Act B.COBIT Act C.Foreign Corrupt Practices Act D.Sarbanes Oxley Act E.COSO ERM Act
B C D
Which of the following are Human Resources standards that attract, develop, and retain competent employees? (Check all that apply.) A.Give dismissed employees weeks to find a new job before they have to leave B.Train new employees on their responsibilities, expected levels of performance and behavior, and the company's policies and procedures C.Rotate employee duties periodically, and require all employees to take an annual vacation D.Hire employees based on educational background, experience, achievements, integrity, and meeting written job requirements E.Evaluate, compensate, and promote employees based more on subjective criteria than performance
A D E
Which of the following are among the five components of COSO Internal Controls? (Check all that apply.) A.Information and communication B.Objective setting C.Event identification D.Control activities E.Risk assessment
B D
Which of the following are basic principles upon which the ERM is built? (Check all that apply.) A.Each employee must decide for himself how much uncertainty he will accept as he creates value .B.Uncertainty results in the possibility that something can positively affect the company's ability to create value. C.Companies are formed to create value for management and the government. D.Uncertainty results in the possibility that something can negatively affect the company's ability to create value. E.The ERM framework can manage uncertainty, but not the ability to create value.
A C
Which of the following are important independent checks on performance? (Check all that apply.) A.Analytical reviews that examine relationships between different sets of data B.An independent review where a person double checks the work she performed C.Reconciliation of independently maintained records. D.Single-entry accounting
A B D
Which of the following are important systems development controls? (Check all that apply.) A.A steering committee that oversees systems development B.A data processing schedule that shows when each task should be performed C.A project development plan that shows the prioritization of all projects that must be completed D.A post-implementation review to determine whether anticipated benefits were achieved E.Performance measurements used to evaluate all company employees
A B D
Which of the following are part of an internal environment? (Check all that apply.) A.Management's philosophy, operating style, and risk appetite B.Internal control oversight by the board of directors C.Effective management to auditor communication D.Commitment to integrity, ethical values, and competence E.Principles of value creation
B C
Which of the following are true statements? (Check all that apply.) A.Virtually all calls to fraud hotlines are worthy of investigation. B.Fraudsters follow distinct patterns and leave clues behind that can be discovered by fraud detection software. C.Some whistle-blowers have been ostracized, persecuted, or suffered damage to their careers. D.People witnessing fraudulent behavior are eager and willing to report fraud perpetrators. E.Neural networks and other programs with learning capabilities are still not able to accurately identify fraud.
C E
Which of the following are ways that companies endorse integrity? (Check all that apply.) A.Implementing aggressive sales practices and handsomely rewarding those who achieve them and not giving bonuses to those who underachieve B.Consistently rewarding achievements and giving verbal labels to both high and low producers C.Making a commitment to competence, and hiring employees with the necessary knowledge, experience, training, and skills D.Actively making employees aware that favorable outcomes and reports are more important than almost anything else E.Developing a written code of conduct that explicitly describes honest and dishonest behaviors
B
Which of the following is in the correct sequence for assessing and responding to risk? A.Identify the impact of a threat, estimate cost and benefits of controls, estimate likelihood of risk, identify controls B.Identify threats, estimate likelihood of risk, identify controls, estimate cost and benefits of controls C.Estimate cost and benefits of controls, estimate likelihood of risk, identify threats, identify controls D.Identify controls, estimate cost and benefits of controls, identify threats, estimate likelihood of risk
A B E
Which of the following is part of an internal environment? (Check all that apply.) A.Organizational structure B.Human resource standards that attract, develop, and retain competent individuals C.Monitoring the achievement of management objectives D.Commitment to risk assessment and response E.Methods of assigning authority and responsibility
A C E
Which of the following statements are true? (Check all that apply.) A.Accounting systems generally consist of several subsystems, each designed to process a particular type of transaction. B.Customer relationship management (CRM) software includes budgets, schedules, and standard costs; reports comparing actual and planned performance; and procedures for investigating and correcting significant variances. C.Supervision is especially important in organizations without responsibility reporting or an adequate segregation of duties. D.Most mobile devices do not need to be tracked and monitored as their loss represents minimal exposure. E.All system transactions and activities should be recorded in a log that indicates who accessed what data and when.
A B E
Which of the following statements are true? (Check all that apply.) A.Control activities are policies and procedures that provide reasonable assurance that risk responses are carried out. B.Throughput and response time are useful system performance measurements. C.Controls are more effective when placed in a system after it is up and running. D.Systems analysts have the ultimate responsibility for selecting and implementing appropriate controls over technology. E.Employees who process transactions should verify the presence of appropriate authorizations.
B C D
Which of the following statements are true? (Check all that apply.) A.Residual risk is the susceptibility of a set of accounts or transactions to significantly control problems in the absence of internal control. B.Management must specify objectives clearly enough for risks to be identified and assessed. C.Management must identify and analyze risks to determine how they should be managed. D.Management must take an entity-wide view of risk. E.Inherent risk is the risk that remains after management implements internal controls, or some other response, to risk.
C D
Which of the following statements is true with respect to a company's control environment? (Check all that apply.) A.One of the greatest control strengths is the dishonesty of employees; one of the greatest control weaknesses is the honesty of employees. B.An overly complex or unclear organizational structure is not an indication of possible serious problems in an organization. C.Management should assign authority and responsibility for goals and objectives to departments and individuals and hold them accountable for achieving them. D.An involved board of directors represents shareholders and provides an independent review of management that acts as a check and balance on their actions.
A B
Which of the following statements is true? (Check all that apply.) A.Cost-effective controls should be implemented to reduce risk. B.In evaluating internal controls, management must consider factors other than those in the expected cost/benefit calculation. C.The benefits of implementing controls are generally easier to quantify accurately than are the costs of implementing controls. D.Risk should never be accepted, even if it is within the company's risk tolerance range.
Audit trail
a way to trace data from the point of origin to the output, or vice versa
CCO
an employee responsible for complying with all laws and regulatory rulings
CSO
an employee who monitors the system and provides info about improper system uses and their consequences
Forensic investigator
specialist in fraud prevention, detection, and auditing
computer forensics specialists
specialists who discover, extract, safeguard, and document computer evidence
neural networks
systems that imitate the brain's learning process by using a network of interconnected processors