ACCT: 316 Chapter 7
Which of the following measures can protect a company from AIS threats?
- Take a proactive approach to eliminate threats. - Detect threats that do occur. - Correct and recover from threats that do occur.
Applying the COBIT5 framework, monitoring is the responsibility of ________.
- the CEO. - the CFO. - the board of directors.
Applying the COBIT5 framework, planning is the responsibility of ________.
- the CEO. - the CFO. - the board of directors.
The principle of holding individuals accountable for their internal control responsibilities in pursuit of objectives belongs to which of the COSO's Internal Control Model's component?
Control environment.
Maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing are examples of what type of control?
Corrective control
The largest differences between the COSO Integrated Control (IC) framework and the COSO Enterprise Risk Management (ERM) framework is _________.
IC is controls-based, while the ERM is risk-based.
Identify the corrective control below.
Maintaining frequent backup records to prevent loss of data.
Why are threats to accounting information systems increasing?
Many companies do not realize that data security is crucial to their survival.
Which of the following is a control related to design and use of documents and records?
Sequentially prenumbering sales invoices.
The Sarbanes-Oxley Act (SOX) applies to __________.
all publicly traded companies.
Which type of control prevents, detects, and corrects transaction errors and fraud?
application
A(n) ________ helps employees understand management's vision. It communicates company core values and inspires employees to live by those values.
belief system
The COBIT5 framework primarily relates to ____________.
best practices and effective governance and management of organizational assets.
A(n) ________ helps employees act ethically.
boundary system
According to the ERM model, ________ help the company address all applicable laws and regulations.
compliance objectives
According to the ERM model, ________ help to deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.
operations objectives
The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the ____________.
organizational structure.
A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n) ____________.
preventive control.
Hiring qualified personnel is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control.
preventive; corrective
Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities.
process
A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates.
project development plan
The audit committee of the board of directors _________
provides a check and balance on management.
According to the ERM model, ________ help to ensure the accuracy, completeness and reliability of internal and external company reports.
reporting objectives
According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except __________.
reporting potential risks to auditors.
The amount of risk a company is willing to accept in order to achieve its goals and objectives is________.
risk appetite.
A ________ is created to guide and oversee systems development and acquisition.
steering committee
A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a __________.
strategic master plan.
Identify the statement below that is not true of the 2013 COSO Internal Control updated framework.
It more efficiently deals with control implementation and documentation issues.
The principle of identifying and assessing changes that could significantly impact the system of internal control belongs to which of the COSO's Internal Control Model's component?
Risk assessment.
Which of the following is a commonly used technique to identify potential events?
Using data mining
The second step of the risk assessment process is generally to ________.
estimate the risk probability of negative events occurring
Which type of control is associated with making sure an organization's control environment is stable?
general
A store policy that allows retail clerks to process sales returns for $1,000 or less, with a receipt dated within the past 30 days, is an example of________.
general authorization.
Internal controls are often segregated into _________.
general controls and application controls.
According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for ________.
hiring and firing the external auditors.
The first step of the risk assessment process is generally to _________.
identify the threats that the company currently faces
The primary purpose of the Foreign Corrupt Practices Act of 1977 was _______.
to prevent the bribery of foreign officials by American companies.
How many principles are there in the 2013 updated COSO - Internal Control Framework?
17
Identify the most correct statement with regards to an event.
An event identified by management may or may not occur.
Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?
Analyzing past financial performance and reporting.
Which of the following duties could be performed by the same individual without violating segregation of duties controls?
Approving accounting software change requests and testing production scheduling software changes.
Identify the preventive control below.
Approving customer credit prior to approving a sales order.
Why was the original 1992 COSO - Integrated Control framework updated in 2013?
As an effort to more effectively address technological advancements.
Effective segregation of accounting duties is achieved when which of the following functions are separated?
Authorization, recording, and custody.
The principle of selecting and developing controls that might help mitigate risks to an acceptable level belongs to which of the COSO's Internal Control Model's component?
Control activities.
Which internal control framework is widely accepted as the authority on internal controls?
COSO Integrated Control.
Which of the following is not a basic principle of the COSO ERM framework?
Companies are formed to create value for society.
Duplicate checking of calculations and preparing bank reconciliations and monthly trial balances are examples of what type of control?
Detective control
With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?
Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal.
Which of the following is not a component of the COSO Enterprise Risk Management Integrated Framework (ERM)?
Ethical culture.
How is expected loss calculated when performing risk assessment?
Impact times likelihood.
The principle of obtaining or generating relevant, high-quality information to support internal control belongs to which of the COSO's Internal Control Model's component?
Information and communication.
_______ is the risk that exists before management takes any steps to mitigate it.
Inherent risk
One of the key objectives of segregating duties is to ___________.
make sure that different people handle different parts of the same transaction.
Helping employees understand entity goals and objectives and then holding them accountable for achieving them are all related to which aspect of internal environment?
Methods of assigning authority and responsibility.
________ is not a risk response identified in the COSO Enterprise Risk Management Framework
Monitoring
Which of the following was not an important change introduced by the Sarbanes-Oxley Act of 2002?
New rules for information systems development
Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?
Organizational structure.
Identify the detective control below.
Reconciling the bank statement to the cash control account.
Which of the following is the most effective way in uncovering fraud schemes that require ongoing perpetrator's attention?
Requiring employees to take mandatory vacations.
________ remains after management implements internal control(s).
Residual risk
Which attribute below is not an aspect of the COSO ERM Framework internal environment?
Restricting access to assets.
Preventive controls are usually superior to detective controls
TRUE
Using the COSO definition of an event, an event represents uncertainty.
TRUE
Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.
The Sarbanes-Oxley Act of 2002
The COSO ERM contains all five of the same COSO-Integrated Framework components. True or False?
True
Independent checks on performance include all the following except ________.
data input validation checks
Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control.
detective; corrective
A(n) ________ measures company progress by comparing actual performance to planned performance.
diagnostic control system
Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter________.
employee fraud or embezzlement.
Which of the following is not one of the five principles of COBIT5?
improving organization efficiency
Best Friends, Incorporated is a publicly traded company where three BFF's (best friends forever) serve as its key officers. This situation _______.
increases the risk associated with an audit.
A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.
interactive control system
The SEC, PCAOB, and FASB are best described as external influences that directly affect an organization's ________.
internal environment.
Applying the COBIT5 framework, governance is the responsibility of ________.
the board of directors.
The purpose of the COSO Enterprise Risk Management framework is __________.
to improve the organization's risk management process.