Chapter 7 - AIS
A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n) A) preventive control. B) detective control. C) corrective control. D) authorization control.
A
According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for A) hiring and firing the external auditors. B) performing tests of the company's internal control structure. C) certifying the accuracy of the company's financial reporting process. D) overseeing day-to-day operations of the internal audit department.
A
________ is the risk that exists before management takes any steps to mitigate it. A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment
A
Duplicate checking of calculations and preparing bank reconciliations and monthly trial balances are examples of what type of control? A) Preventive control B) Detective control C) Corrective control D) Authorization control
B
Identify the detective control below. A) Approving customer credit prior to approving a sales order. B) Reconciling the bank statement to the cash control account. C) Maintaining frequent backup records to prevent loss of data. D) Ensuring that the employee who records cash received from customers does not also have access to the cash itself.
B
The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the A) control activities. B) organizational structure. C) budget framework. D) internal environment.
B
Which of the following is not a component of the COSO Enterprise Risk Management Integrated Framework (ERM)? A) Monitoring. B) Ethical culture. C) Risk assessment. D) Control environment.
B
________ remains after management implements internal control(s). A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment
B
The Sarbanes-Oxley Act (SOX) applies to A) all companies with gross annual revenues exceeding $500 million. B) publicly traded companies with gross annual revenues exceeding $500 million. C) all private and public companies incorporated in the United States. D) all publicly traded companies.
D
The second step of the risk assessment process is generally to A) identify controls to reduce all risk to zero. B) estimate the exposure from negative events. C) identify the threats that the company currently faces. D) estimate the risk probability of negative events occurring.
D
Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Lasalle Investment group A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process. B) did not mention to auditors that the company had experienced material weaknesses in the company's internal control systems during the past year. C) selected the company's CEO to chair the audit committee. D) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
D
Which of the following was not an important change introduced by the Sarbanes-Oxley Act of 2002? A) New roles for audit committees B) New rules for auditors and management C) New rules for internal control requirements D) New rules for information systems development
D
Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities. A) event B) activity C) process D) system
C
Maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing are examples of what type of control? A) Preventive control B) Detective control C) Corrective control D) Authorization control
C
The amount of risk a company is willing to accept in order to achieve its goals and objectives is A) inherent risk. B) residual risk. C) risk appetite. D) risk assessment.
C
The audit committee of the board of directors A) is usually chaired by the CFO. B) conducts testing of controls on behalf of the external auditors. C) provides a check and balance on management. D) does all of the above.
C