ch 9
Which of the following is false regarding the principle of internal control that addresses external communications? An organization's culture and values are proprietary and, therefore, should not be shared with customers and suppliers. Communication to external parties allows them to understand events, activities, and other circumstances that may affect how they should interact with an entity. Information resulting from external assessments about the enterprise's activities that relate to internal control should be evaluated by management. An enterprise should establish and implement policies and procedures that facilitate external communication.
An organization's culture and values are proprietary and, therefore, should not be shared with customers and suppliers.
Approval Recordkeeping Custody Granting credit Processing cash receipts Billing customers
Approval Granting credit Recordkeeping Billing customers Custody Processing cash receipts
Approval Recordkeeping Custody Maintain detailed accounts payable records Purchase orders Processing cash payments
Approval Purchase orders Recordkeeping Maintain detailed accounts payable records Custody Processing cash payments
Approval Recordkeeping Custody Shipping goods Maintaining detailed accounts receivable records Receiving sales order
Approval Receiving sales order Recordkeeping Maintaining detailed accounts receivable records Custody Shipping goods
Approval Recordkeeping Custody Vendor payments Maintain inventory records Receiving goods
Approval Vendor payments Recordkeeping Maintain inventory records Custody Receiving goods
A supervisor in a manufacturing department who is responsible for approving employee time cards in that department and distributing the payroll checks decides to fire an employee and neglects to report the termination to the payroll department. The following week a payroll check comes for the terminated employee, and so the supervisor decides to endorse it in the employee's name and deposits it in his account. What two functional responsibilities should be segregated? Approval and Recordkeeping No segregation of duties needed Approval and Custody Custody and Recordkeeping
Approval and Custody
The main difference between COSO and COSO-ERM is: COSO focuses on enterprise risk only. COSO focuses on internal control risk only. None of these statements are true. COSO focuses on internal control risk and enterprise risk.
COSO focuses on internal control risk only.
Which of the following happens when two employees work together to defeat the system? Fatigue Misunderstanding or not following directions Collusion Management override
Collusion
An accounts receivable clerk cashed a check from customer A that was a payment toward accounts receivable. The clerk was able to endorse and deposit the check made out to the company in his own account by opening an anonymous savings account in the Bahamas. The clerk later covered customer A's remittance by posting a check received from customer B to customer A's account. Which accounting functions should be segregated? No segregation required Approval and Custody Approval and Recordkeeping Custody and Recordkeeping
Custody and Recordkeeping
A clear understanding of internal controls helps ensure all of the following except: reliability of information. Increase costs. safeguard assets. compliance with laws.
Increase costs.
Embezzlement is a fraud known as
Misappropriation of assets
Conducting ongoing and separate evaluations is best associated with which of the following elements of internal control? The control environment Monitoring activities Risk assessment Control activities
Monitoring activities
Which of the following is not a factor within the control environment? Management's style and philosophy. Personnel policies, which reflect a commitment to competence. Methods of assigning authority and responsibility. None of the above.
None of the above.
Opportunity Pressure Collusion Exposure x Probability of occurrence Element of the fraud triangle that is the availability to commit the fraud Element of the fraud triangle that is the reasoning to commit the fraud Element of the fraud triangle that is the motive to commit the fraud Risk that is faced prior to taking action Fraud triangle When two employees worked together to defeat the system to commit fraud Requires all three elements, pressure, opportunity, and rationalization, to commit fraud Different individuals should be responsible for each of the three major activities of a transaction: approval, recordkeeping, and custody. Risk that remains management takes action to respond to the risks threats and implements counteractions
Opportunity Element of the fraud triangle that is the availability to commit the fraud Pressure Element of the fraud triangle that is the motive to commit the fraud Collusion When two employees worked together to defeat the system to commit fraud
Rationalization Fraud triangle Segregation of accounting duties Exposure x Probability of occurrence Element of the fraud triangle that is the availability to commit the fraud Element of the fraud triangle that is the reasoning to commit the fraud Element of the fraud triangle that is the motive to commit the fraud Risk that is faced prior to taking action Fraud triangle When two employees worked together to defeat the system to commit fraud Requires all three elements, pressure, opportunity, and rationalization, to commit fraud Different individuals should be responsible for each of the three major activities of a transaction: approval, recordkeeping, and custody. Risk that remains management takes action to respond to the risks threats and implements counteractions
Rationalization Element of the fraud triangle that is the reasoning to commit the fraud Fraud triangle Requires all three elements, pressure, opportunity, and rationalization, to commit fraud Segregation of accounting duties Different individuals should be responsible for each of the three major activities of a transaction: approval, recordkeeping, and custody.
After a study by internal auditors, the accounting system for collecting revenues at your retail store is determined to be 90% reliable. A major threat like the one that occurred at Target Stores has been identified that could cost the company $5,000,000. To minimize this potential loss, the internal auditors have recommended adding two possible control procedures. The first control would cost approximately $210,000 to implement and reduce the likelihood of loss to about 5%. The second control would cost about $380,000 and reduce the likelihood to 3%. Based on the costs and benefits, which of the following would you recommend to management? Recommend neither of the two controls. Recommend the first control only. Recommend both controls. Recommend the second control only.
Recommend the first control only.
Residual risk Expected loss Inherent risk Exposure x Probability of occurrence Element of the fraud triangle that is the availability to commit the fraud Element of the fraud triangle that is the reasoning to commit the fraud Element of the fraud triangle that is the motive to commit the fraud Risk that is faced prior to taking action Fraud triangle When two employees worked together to defeat the system to commit fraud Requires all three elements, pressure, opportunity, and rationalization, to commit fraud Different individuals should be responsible for each of the three major activities of a transaction: approval, recordkeeping, and custody. Risk that remains management takes action to respond to the risks threats and implements counteractions
Residual risk Risk that remains management takes action to respond to the risks threats and implements counteractions Expected loss Exposure x Probability of occurrence Inherent risk Risk that is faced prior to taking action
Considering the potential for fraud is best associated with which of the following elements of internal control? Risk assessment The control environment Control activities Monitoring activities
Risk assessment
All of the following are steps in an action plan to adequately document internal controls, except: assess if adequate document exists. evaluate activity-level control documentation. coordinate with internal accountants. evaluate entity-level control documentation.
coordinate with internal accountants.
Financial statement fraud may entail representing assets _____ value and representing expenses at _____ value than they actually are. lower higher
higher lower
Organizations can respond to a specific risk by doing all of the following, except: avoid the risk. share the risk. accept the risk. manage the risk.
manage the risk.
When employees realize that management takes budget _____ seriously, the employees will usually take more care in what they do. analysis totals variances
variances
Understanding internal control is critical because it helps ensure all of the following except: quality of information. security over the assets. compliance with regulation. All of the above.
All of the above.
Which of the following statements about the COSO Integrated Framework of Internal Control is true? As a result of the COSO framework and efforts of the SEC, fraud has begun to decrease. To improve internal control, COSO decided to adopt a new rules-based approach. The Committee of Sponsoring Organizations issued their first recommended framework for internal control in 1992. The environment in which controls operate has changed due to technology, globalization, and wealth inequality.
The Committee of Sponsoring Organizations issued their first recommended framework for internal control in 1992.
Which of the following is not a control environment principle? Management has appropriate lines of authority. Management commitment to attract and retain competent employees. The board has oversight of internal control performance. The board develops internal control activities.
The board develops internal control activities.
Which of the following is not one of the principles pertaining to risk assessment of the COSO internal control framework? The organization considers the potential for fraud in assessing risks to the achievement of objectives. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective actions, including senior management and the board of directors, as appropriate. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. The organization identifies and assesses changes that could significantly impact the system of internal control.
The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective actions, including senior management and the board of directors, as appropriate.
Which of the following is not one of the principles pertaining to the control environment of the COSO Internal control framework? The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective actions, including senior management and the board of directors, as appropriate. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective actions, including senior management and the board of directors, as appropriate.
Which of the following is not one of the four key concepts relating to the risk assessment principles contained in COSO? The organization identifies risks to the achievement of its objectives related to financial reporting and analyzes those risks as a basis for determining how the risks should be managed. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to its objectives. The enterprise considers the potential for fraud in assessing risks to the achievement of objectives. The organization identifies and assesses changes that could significantly affect the performance of its internal controls.
The organization identifies risks to the achievement of its objectives related to financial reporting and analyzes those risks as a basis for determining how the risks should be managed.
Which of the following is not one of the components of COSO? The organization considers the potential for fraud in assessing risks to the achievement of objectives. The organization selects and develops general control activities over technology to provide the information it needs to support the functioning of other components of internal control. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective actions, including senior management and the board of directors. The organization demonstrates a commitment to integrity and ethical values.
The organization selects and develops general control activities over technology to provide the information it needs to support the functioning of other components of internal control.
Each of the following is one of the key concepts relating to the information and communication principles contained in the COSO framework, except: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. The organization obtains or generates and uses relevant, quality information to support the functioning of the other components of internal control. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control. The organization selects, develops, and performs ongoing evaluations to ascertain whether the components of internal control are present and functioning.
The organization selects, develops, and performs ongoing evaluations to ascertain whether the components of internal control are present and functioning.