AIS CHP 7 Questions

Which of the following is part of an internal environment? (Check all that apply.) a)Human resource standards that attract, develop, and retain competent individuals b)Commitment to risk assessment and response c)Monitoring the achievement of management objectives d)Organizational structure e)Methods of assigning authority and responsibility

d)Organizational structure e)Methods of assigning authority and responsibility a)Human resource standards that attract, develop, and retain competent individuals

Which of the following statements are true? (Check all that apply.) i)Systems analysts have the ultimate responsibility for selecting and implementing appropriate controls over technology. ii)Controls are more effective when placed in a system after it is up and running. iii)Throughput and response time are useful system performance measurements. iv)Control activities are policies and procedures that provide reasonable assurance that risk responses are carried out. v)Employees who process transactions should verify the presence of appropriate authorizations.

iii)Throughput and response time are useful system performance measurements. iv)Control activities are policies and procedures that provide reasonable assurance that risk responses are carried out. v)Employees who process transactions should verify the presence of appropriate authorizations.

The amount of risk a company is willing to accept in order to achieve its goals and objectives is called a)risk acceptance. b)risk management. c) risk appetite. d)risk tolerance.

c) risk appetite.

COSO Internal Controls has five components. COSO ERM has the same five components, with an additional three components added. Which of the following are among the three added components? (Check all that apply.) a)Control activities b)Risk assessment c)Risk response d)Objective setting e)Event identification f)Information and communication

c)Risk response d)Objective setting e)Event identification

The COBIT 5 framework describes best practices for the effective governance and management of IT. It is based on five key principles of IT governance and management. Which of the following are among the five key principles? (Check all that apply.) a)Meeting stakeholders' needs b)Coordinating multiple different frameworks c)Covering the enterprise end-to-end d)Integrating governance and management e)Enabling a holistic approach

e)Enabling a holistic approach c)Covering the enterprise end-to-end a)Meeting stakeholders' needs

What is the name of the law Congress passed to prevent companies from bribing foreign officials? a)COSO ERM Act b)COBIT Act c)Sarbanes Oxley Act d)COSO Internal Control Act e)FCPA

e)FCPA

Considering the potential of fraud belongs to which component of COSO's Internal Control Model? a)Information and communication. b)Risk assessment. c)Control environment. d)Control activities.

b)Risk assessment.

According to the text, management can respond to risk in which of the following ways? (Check all that apply.) a)Accept its likelihood and impact b)Avoid it by not engaging in the activity that produces the risk c)Share it or transfer it to someone else d)Reduce its likelihood and impact e)Prepare for its occurrence f)Examine its likelihood and impact

a)Accept its likelihood and impact b)Avoid it by not engaging in the activity that produces the risk c)Share it or transfer it to someone else d)Reduce its likelihood and impact

Which of the following are important independent checks on performance? (Check all that apply.) a)Analytical reviews that examine relationships between different sets of data b)Reconciliation of independently maintained records. c)An independent review where a person double checks the work she performed d)Single-entry accounting

a)Analytical reviews that examine relationships between different sets of data b)Reconciliation of independently maintained records.

Which of the following is not a SOX requirement? a)Auditors must maintain an audit trail that documents all client-auditor communications. b)Audit committee members must be on the company's board of directors and be independent of the company. c)Auditors mist report specific information to the company's audit committee. d)The CEO must certify that financial statements were reviewed by management and are not misleading.

a)Auditors must maintain an audit trail that documents all client-auditor communications.

What does COSO call an incident, whether positive or negative, that affects the implementation of an organization's strategy or the achievement of its objectives. a)Event b)Exploit c)Risk appetite d)Exposure e)Risk

a)Event

Which of the following is not a key method of monitoring internal control system performance? a)Hire private investigators to investigate employee behavior. b)Implement a fraud hotline. c)Perform internal control evaluations. d)Employ a computer security officer.

a)Hire private investigators to investigate employee behavior.

According to internal control frameworks, which of the following principles apply to the information and communication process? (Check all that apply.) a)Internally communicate the information needed to support all internal control components b)Audit internal control systems to make sure they function properly c)Communicate relevant internal control matters to external parties d)Monitor all management decisions to ensure they were properly made e)Obtain or generate the information needed to support internal control

a)Internally communicate the information needed to support all internal control components c)Communicate relevant internal control matters to external parties e)Obtain or generate the information needed to support internal control

Which of the following statements are true? (Check all that apply.) a)Management must specify objectives clearly enough for risks to be identified and assessed. b)Management must take an entity-wide view of risk. c)Inherent risk is the risk that remains after management implements internal controls, or some other response, to risk. d)Management must identify and analyze risks to determine how they should be managed. e)Residual risk is the susceptibility of a set of accounts or transactions to significantly control problems in the absence of internal control.

a)Management must specify objectives clearly enough for risks to be identified and assessed. b)Management must take an entity-wide view of risk. d)Management must identify and analyze risks to determine how they should be managed.

Which of the following are part of an internal environment? (Check all that apply.) a)Management's philosophy, operating style, and risk appetite b)Commitment to integrity, ethical values, and competence c)Principles of value creation d)Effective management to auditor communication e)Internal control oversight by the board of directors

a)Management's philosophy, operating style, and risk appetite b)Commitment to integrity, ethical values, and competence e)Internal control oversight by the board of directors

Which objective deals with a company's effectiveness and efficiency and the allocation of resources? a)Operations objectives. b)Compliance objectives. c)Reporting objectives. d)Strategic objectives.

a)Operations objectives.

Hiring qualified personnel, segregating employee duties, and controlling physical access to assets and information are examples of what kind of internal controls? a)Preventive controls. b)Corrective controls. c) General controls. d)Detective controls.

a)Preventive controls.

Effective segregation of accounting duties is achieved when which of the following functions are separated? (Check all that apply.) a)Recording transactions and preparing documents and reports b)Authorization of transactions and decisions c)Managing information systems d)Custody of cash and other assets e)Supervision of accounting duties and processes

a)Recording transactions and preparing documents and reports b)Authorization of transactions and decisions d)Custody of cash and other assets

The company objective that helps management improve decision making and monitor company activities and performance is called: a)Reporting objective b)Operations objective c)Compliance objective d)Strategic objective

a)Reporting objective

Which of the following are ways that companies endorse integrity? (Check all that apply.) a)Requiring employees to report dishonest or illegal acts, and disciplining employees who knowingly fail to report them b)Developing a written code of conduct that explicitly describes honest and dishonest behaviors c)Making a commitment to competence, and hiring employees with the necessary knowledge, experience, training, and skills d)Actively making employees aware that favorable outcomes and reports are more important than almost anything else e)Consistently rewarding achievements and giving verbal labels to both high and low producers f)Implementing aggressive sales practices and handsomely rewarding those who achieve them and not giving bonuses to those who underachieve

a)Requiring employees to report dishonest or illegal acts, and disciplining employees who knowingly fail to report them b)Developing a written code of conduct that explicitly describes honest and dishonest behaviors c)Making a commitment to competence, and hiring employees with the necessary knowledge, experience, training, and skills

To achieve proper segregation of systems duties, which of the following system functions should be separated from the other system functions? (Check all that apply.) a)Security management b)Systems analysis c)Programming d)Accounting e)Users f)Change management g)Internal auditing h)Data control

a)Security management b)Systems analysis c)Programming e)Users f)Change management h)Data control

A potential adverse occurrence is called a threat or an event. With respect to threats, which of these statements is false? a)The timing of when a threat will occur is called the timeframe or timeline. b)None of these statements about threats are false. c)The potential dollar loss from a threat is called the exposure or impact. d)The probability a threat will occur is called the likelihood or risk.

a)The timing of when a threat will occur is called the timeframe or timeline.

Which of the following are basic principles upon which the ERM is built? (Check all that apply.) a)Uncertainty results in the possibility that something can positively affect the company's ability to create value. b)Companies are formed to create value for management and the government. c)The ERM framework can manage uncertainty, but not the ability to create value. d)Each employee must decide for himself how much uncertainty he will accept as he creates value. e)Uncertainty results in the possibility that something can negatively affect the company's ability to create value.

a)Uncertainty results in the possibility that something can positively affect the company's ability to create value. e)Uncertainty results in the possibility that something can negatively affect the company's ability to create value.

the examination of the relationships between different sets of data is called a)analytical reviews. b)reconciliation of independently maintained records. c) top-level reviews. d)comparison of actual quantities with recorded amounts.

a)analytical reviews.

Which of the following are important systems development controls? (Check all that apply.) a)A project development plan that shows the prioritization of all projects that must be completed b)A data processing schedule that shows when each task should be performed c)Performance measurements used to evaluate all company employees d)A change-management plan that outlines all personnel retention in corporate reorganization plans e)A post-implementation review to determine whether anticipated benefits were achieved f)A steering committee that oversees systems development

b)A data processing schedule that shows when each task should be performed e)A post-implementation review to determine whether anticipated benefits were achieved f)A steering committee that oversees systems development

7.10 Which of the following does not help safeguard assets, documents, and data? a)Restrict access to data and documents. b)Measure the throughput and utilization of data and physical assets. c)Create and enforce appropriate policies and procedures. d)Periodically reconcile recorded asset quantities with a count of those assets. e)Store data and documents in fireproof storage areas or secure offsite locations.

b)Measure the throughput and utilization of data and physical assets.

Which of the following statements are true? (Check all that apply.) a)The benefits of an internal control procedure are usually easier to measure than the costs. b)The objective of an internal control system is to provide reasonable assurance that events do not take place. c)Some events pose a greater risk because they are more likely to occur. d)The likelihood and impact of a risk must be considered separately. e)Detective controls are superior to preventive controls; neither is as good as a corrective control.

b)The objective of an internal control system is to provide reasonable assurance that events do not take place. c)Some events pose a greater risk because they are more likely to occur

Which of the following are Human Resources standards that attract, develop, and retain competent employees? (Check all that apply.) a)Evaluate, compensate, and promote employees based more on subjective criteria than performance. b)Train new employees on their responsibilities, expected levels of performance and behavior, and the company's policies and procedures. c)Hire employees based on educational background, experience, achievements, integrity, and meeting written job requirements. d)Rotate employee duties periodically, and require all employees to take an annual vacation. e)Give dismissed employees weeks to find a new job before they have to leave.

b)Train new employees on their responsibilities, expected levels of performance and behavior, and the company's policies and procedures. c)Hire employees based on educational background, experience, achievements, integrity, and meeting written job requirements. d)Rotate employee duties periodically, and require all employees to take an annual vacation.

According to the text, which of the following are key methods of monitoring internal control system performance? (Check all that apply.) a)Observe employees implementing the controls b)Use responsibility accounting systems c)Implement effective supervision d)Install fraud detection software e)Schedule periodic government inspections f)Track purchased software and mobile devices

b)Use responsibility accounting systems c)Implement effective supervision d)Install fraud detection software f)Track purchased software and mobile devices

A(n) ________ helps employees understand management's vision. It communicates company core values and inspires employees to live by those values. a)boundary system b)belief system c) interactive control system d) diagnostic control system

b)belief system

What is the name of the law that Congress passed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud? a)COSO ERM Act b)Foreign Corrupt Practices Act c)Sarbanes Oxley Act d)COSO Internal Control Act e)COBIT Act

c)Sarbanes Oxley Act