0325 - Chapter 6&7 (307)
Attacks on computer networks may take many forms. Which of the following uses the computers of innocent parties infected with Trojan horse programs? a. A distributed denial-of-service attack. b. A password-cracking attack. c. A brute-force attack. d. A man-in-the-middle attack.
a
In an audit of financial statements, an auditor's primary consideration regarding an internal control is whether the control a. Affects management's financial statement assertions. b. Provides adequate safeguards over access to assets. c. Relates to operational objectives. d Reflects management's philosophy and operating style.
a
Innovations in IT increase the importance of risk management because a. Information system security is continually subject to new threats. b. The objective of complete security is becoming more attainable. c. Closed private systems have proliferated. d. Privacy is a concern for only a very few users.
a
The Sarbanes-Oxley Act of 2002 established which of the following bodies to regulate the accounting profession? a. PCAOB. b. AICPA. c. SEC. d. COSO.
a
The Sarbanes-Oxley Act of 2002 limits the nonaudit services that an audit firm can provide to public company audit clients. Which of the following is most likely to be a service that an auditor may provide to a public client? a. Tax compliance services. b. Legal services. c. Internal audit outsourcing. d. Bookkeeping services.
a
The Sarbanes-Oxley Act of 2002 requires management of publicly-traded corporations to do all of the following except a. Provide a statement that the board approves the choice of accounting methods and policies. b. Establish and document internal control procedures and to include in their annual reports a report on the company's internal control over financial reporting. c. Provide a report to include a statement of management's responsibility for internal control and of management's assessment of the effectiveness of internal control as of the end of the company's most recent fiscal year. d. Provide an identification of the framework used to evaluate the effectiveness of internal control (such as the COSO report), and a statement that the external auditor has issued an attestation report on management's assessment.
a
The ultimate purpose of understanding internal control is to contribute to the auditor's evaluation of the risk that a. Material misstatements may exist in the financial statements. b. Specified controls requiring segregation of duties may be circumvented by collusion. c. Entity policies may be overridden by senior management. d. Tests of controls may fail to identify controls relevant to assertions.
a
Under the Sarbanes-Oxley Act of 2002, a. At least one member of the audit committee must be a financial expert. b. The audit committee must rotate at least one seat on an annual basis. c. All members of the audit committee must be financial experts. d. The chairman of the board of directors must be a financial expert.
a
Which of the following factors would most likely be considered an inherent limitation to an entity's internal control? a. Human judgment in the decision making process. b. The ineffectiveness of the board of directors. c. The complexity of the information processing system. d. The lack of management incentives to improve the control environment.
a
Which of the following statements is true concerning the COBIT 5 framework? a. Information and organizational structures are among the enablers identified in COBIT 5. b. Governance and management are synonyms for the activities of upper management. c. Minimization of risk and resource use are among the major goals of COBIT 5. d. Information technology controls are most effectively designed and executed in isolation from other business processes.
a
Which of the following statements is true regarding internal control objectives of information systems? a. A secure system may have inherent risks due to management's analysis of trade-offs identified by cost-benefit studies. b. Primary responsibility of viable internal control rests with the internal audit division. c. Control objectives primarily emphasize output distribution issues. d. An entity's corporate culture is irrelevant to the objectives.
a
Who is required to make special certification statements regarding the establishment of internal control systems on Form 10-K? a. Both the principal executive officer and the principal financial officer. b. Neither the principal financial officer nor the principal executive officer. c. The principal executive officer, but not the principal financial officer. d. The principal financial officer, but not the principal executive officer.
a
According to the Sarbanes-Oxley Act of 2002, a chief executive officer or chief financial officer who misrepresents the company's finances may be penalized by being a. Imprisoned but not fined. b. Fined and imprisoned. c. Removed from the corporate office and fined. d. Fined but not imprisoned.
b
Internal control cannot be designed to provide reasonable assurance that a. The recorded accountability for assets is compared with the existing assets at reasonable intervals. b. Fraud will be eliminated. c. Access to assets is permitted only in accordance with management's authorization. d. Transactions are executed in accordance with management's authorization.
b
When Congress passed the Sarbanes-Oxley Act of 2002, it imposed greater regulation on public companies and their auditors and required increased accountability. Which of the following is not a provision of the act? a. Certain executives must certify the fair presentation of the financial statements. b. One of the company's officers may serve on the audit committee. c. The act created the Public Company Accounting Oversight Board (PCAOB). d. Management must establish and document internal control procedures.
b
Which of the following is a key difference in controls when changing from a manual system to a computer system? a. Internal control objectives differ. b. Methodologies for implementing controls change. c. Internal control principles change. d. Control objectives are more difficult to achieve.
b
Which of the following is an inherent limitation of internal control? Employee peer review. Collusion. Segregation of duties. Judgmental sampling.
b
Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal control? a. Collusion among employees. b. Incompatible duties. c. Management override. d. Faulty judgment.
b
Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence? a. Corrective. b. Application. c. Detective. d. Preventive.
b
An auditor uses the knowledge provided by the understanding of internal control and the assessed risks of material misstatement primarily to a. Determine whether the opportunities to allow any person to both perpetrate and conceal fraud are minimized. b. Determine whether procedures and records concerning the safeguarding of assets are reliable. c. Determine the nature, timing, and extent of substantive procedures for financial statement assertions. d. Modify the initial assessments of inherent risk and judgments about materiality levels for planning purposes.
c
An issuer's CEO and CFO certified the company's annual filing for Year 1 pursuant to the Sarbanes-Oxley Act of 2002. However, only the CEO certified the issuer's first quarterly filing for Year 2. The issuer has a. Complied with SOX because only the CEO is required to certify quarterly filings. b. Complied with SOX because the CEO and CFO are only required to certify annual filings. c. Violated SOX because the CFO did not certify the quarterly filing. d. Violated SOX because the issuer's Chief Audit Executive did not certify the annual filing.
c
Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change, Transactions must be processed in batches. The potential for payroll-related fraud is diminished. Part of the audit trail is altered. A generalized computer audit program must be used.
c
The CEO is selected by and reports to a. The shareholders. b. Executive management. c. The board of directors. d. The audit committee.
c
Which of the following best describes an inherent limitation that should be recognized by an auditor when considering the potential effectiveness of internal control? a. The benefits expected to be derived from effective internal control usually do not exceed the costs of such control. b. The competence and integrity of client personnel provide an environment conducive to control and provides assurance that effective control will be achieved. c. Controls, whether manual or automated, whose effectiveness depends on segregation of duties can be circumvented by collusion. d. Procedures designed to assure the execution and recording of transactions in accordance with proper authorizations are effective against fraud perpetrated by management.
c
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system? Ensure proper authorization of transactions. Segregation of duties. Independently verify the transactions. Adequately safeguard assets.
c
Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run? a. Web crawler. b. Killer application. c. Trojan horse. d. Hoax virus.
c
Which of the following is an inherent limitation in internal control? a. Incompatible duties. b. Lack of an audit committee. c. Faulty human judgment. d Lack of segregation of duties.
c
Which of the following is least likely to influence corporate governance? a. Board of directors. b. Code of ethics. c. Number of authorized shares of stock. d. Bylaws.
c
Which of the following is the best policy for the protection of a company's vital information resources from computer viruses? a. Physical protection devices in use for hardware, software, and library facilities. b. Stringent corporate hiring policies for staff working with computerized functions. c Prudent management procedures instituted in conjunction with technological safeguards. d. Existence of a software program for virus prevention.
c
Which of the following items is an example of an inherent limitation in an internal control system? Segregation of employee duties. Ineffective board of directors. Human error in decision making. Understaffed internal audit functions.
c
Which of the following organizations was established by the Sarbanes-Oxley Act of 2002 to control the auditing profession? a. Committee of Sponsoring Organizations (COSO). b. IT Governance Institute (ITGI). c. Public Company Accounting Oversight Board (PCAOB). d. Information Systems Audit and Control Foundation (ISACF).
c
Which of the following situations represents a limitation, rather than a failure, of internal control? a. A jewelry store employee steals a small necklace from a display cabinet. b. A movie theater cashier sells reduced-price tickets to full-paying customers and pockets the difference. c. A purchasing employee and an outside vendor participate in a kickback scheme. d. A bank teller embezzles several hundred dollars from the cash drawer.
c
Which of the following statements is correct regarding information technology (IT) governance? a. IT governance requires that the Control Objectives for Information and related Technology (COBIT) framework be adopted and implemented. b. IT governance is an appropriate issue for organizations at the level of the board of directors only. c. A primary goal of IT governance is to balance risk versus return over IT and its processes. d. IT goals should be independent of strategic goals.
c
Who is responsible for designing, implementing, and maintaining internal control over financial reporting? a. Internal auditor. b. Board of directors. c. Management. d. Independent auditor.
c
A company's web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of a. Piggybacking. b. An eavesdropping attack. c. Spoofing. d. A denial of service attack.
d
A purpose of corporate governance includes which of the following? a. Satisfying the desires of stakeholders. b. Helping the corporation effectively and efficiently accomplish its objectives. c. Directing the actions of the corporation. d. All of the answers are correct.
d
An auditor is concerned about management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor's concern? a. Matching purchase orders to accounts payable. b. Tracing sales orders to the revenue account. c. Reviewing minutes of board meetings. d. Verifying that approved spending limits are not exceeded.
d
An auditor is evaluating a client's internal controls. Which of the following situations would be the most difficult internal control issue for an auditor to detect? a. The technology department writes a program that does not properly implement the control due to a lack of understanding. b. The accounting staff neglects the control due to increased transactions to be processed. c. Someone erroneously disables edit checks in a software program designed to identify control exceptions. d. Two employees, who work in different departments, are circumventing an internal control.
d
An auditor would most likely be concerned with controls that provide reasonable assurance about the a. Efficiency of management's decision-making process. b. Appropriate prices the entity should charge for its products. c. Decision to make expenditures for certain advertising activities. d. Entity's ability to initiate, authorize, record, process, and report financial data.
d
As a result of technological developments facing businesses and CPAs, a. Better controls have resulted in a reduction in threats. b. Internet use has spread, and e-business control over user interaction has been simplified. c. Computer programmers and operators have eliminated the need for accountants. d. System boundaries are becoming less distinct.
d
Internal control can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achieving those objectives is affected by which limitation inherent to internal control? a. Management monitors internal control. b. The auditor's primary responsibility is the detection of fraud. c. The board of directors is active and independent. d. The cost of internal control should not exceed its benefits.
d
Internal controls are designed to provide reasonable assurance that a. Management's planning, organizing, and directing processes are properly evaluated. b. The internal auditing department's guidance and oversight of management's performance is accomplished economically and efficiently. c. Management's plans have not been circumvented by worker collusion. d. Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties.
d
Section 302 of the Sarbanes-Oxley Act of 2002 requires the CEO and CFO, in every annual or quarterly filing with the SEC, to certify all of the following except a. That to the best of their knowledge, the financial statements are free of material misstatements. b. That they have evaluated the effectiveness of the system of internal control. c. That they have taken responsibility for the system of internal control. d. That they have taken every practical step to correct significant control deficiencies identified in the previous audit.
d
Spoofing is one type of malicious online activity. Spoofing is a. Trying large numbers of letter and number combinations to access a network. b. Accessing packets flowing through a network. c. Eavesdropping on information sent by a user to the host computer of a website. d. Identity misrepresentation in cyberspace.
d
The Sarbanes-Oxley Act of 2002 has strengthened auditor independence by requiring that management a. Report the nature of disagreements with former auditors. b. Hire a different CPA firm from the one that performs the audit to perform the company's tax work. c. Engage auditors to report in accordance with the Foreign Corrupt Practices Act. d. Select auditors through audit committees.
d
The Sarbanes-Oxley Act of 2002 requires issuers to have an a. Independent board of directors. b. Annual financial audit. c. Annual SOX compliance audit. d. Audit committee.
d
The board of directors performs all of the following duties except a. Adding or repealing bylaws. b. Selection and removal of officers. c. Initiation of fundamental changes. d. Managing day-to-day operations.
d
Under the Sarbanes-Oxley Act of 2002, who is responsible for establishing procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, and auditing matters? a. The internal auditors. b. Senior management. c. The board of directors. d. The audit committee.
d
Which of the following is most likely a disadvantage for an entity that keeps data files prepared by personal computers rather than manually prepared files? a. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. b. It is usually more difficult to compare recorded accountability with physical count of assets. c. Random error associated with processing similar transactions in different ways is usually greater. d. It is usually easier for unauthorized persons to access and alter the files.
d
Which of the following is most likely a violation of the rules of the Public Company Accounting Oversight Board (PCAOB)? a. An issuer uses the same independent auditor in 2 consecutive years. b. An issuer offers its common shares and preferred shares on different stock exchanges. c. An issuer's management is not independent of its board of directors. d. An issuer's independent auditor also performs consulting work for the issuer on the design and operation of its internal controls.
d
Which of the following represents an example of an inherent limitation of internal controls? a. Customer credit checks are not performed. b. Shipping documents are not matched to sales invoices. c. Bank reconciliations are not performed on a timely basis. d. The CEO can override a control and request a check with no purchase order.
d
Which of the following statements about internal control is correct? a. The establishment and maintenance of internal control are important responsibilities of the internal auditor. b. Internal control should provide reasonable assurance that collusion among employees cannot occur. c. Exceptionally effective internal control is enough for the auditor to eliminate substantive procedures on a significant account balance. d. The cost-benefit relationship is a primary criterion that should be considered in designing internal control.
d
Which of the following statements is correct regarding internal control? a. Internal control is a necessary business function and should be designed and operated to detect all fraud and error. b. A well-designed and operated internal control environment should detect collusion. c. A well-designed internal control environment ensures the achievement of an entity's control objectives. d. An inherent limitation of internal control is that controls can be circumvented by management override.
d
Which of the following statements is inconsistent with the key principles of the COBIT 5 framework? a. The needs of stakeholders are the focus of all organizational activities. b. Information technology controls are considered to be intertwined with those of the organization's everyday operations. c. COBIT 5 can be applied even when other IT-related standards have been adopted. d. Enterprise governance and management are treated as the same activity.
d