Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.
-The Sarbanes-Oxley Act of 2002
-The Securities Exchange Act o
The Sarbanes-Oxley Act of 2002
A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.
-boundary system
-diagnostic control system
-interactive control system
-internal control system
interactive control system
Which of the following is not one of the five principles of COBIT5?
-improving organization efficiency
-enabling a holistic approach
-covering the enterprise end-to-end
-meeting stakeholder needs
improving organization efficiency
The amount of risk a company is willing to accept in order to achieve its goals and objectives is
-risk appetite.
-residual risk.
-risk assessment.
-inherent risk.
risk appetite.
According to the ERM, these help the company address all applicable laws and regulations.
-operations objectives
-reporting objectives
-compliance objectives
-strategic objectives
compliance objectives
Identify the most correct statement with regards to an event.
-It is easy to determine which events are most likely to occur.
-An event identified by management will occur.
-An event identified by management may or may not occur.
-An event identified by m
An event identified by management may or may not occur.
The first step of the risk assessment process is generally to
-identify the threats that the company currently faces.
-estimate the exposure from negative events.
-identify controls to reduce all risk to zero.
-estimate the risk probability of negative ev
identify the threats that the company currently faces.
________ is the risk that exists before management takes any steps to mitigate it.
-Risk appetite
-Risk assessment
-Residual risk
-Inherent risk
Inherent risk
One of the key objectives of segregating duties is to
-make sure that different people handle different transactions.
-achieve an optimal division of labor for efficient operations.
-make sure that different people handle different parts of the same trans
make sure that different people handle different parts of the same transaction.
COSO requires that any internal deficiencies identified through monitoring be reported to whom?
-the external auditor
-the board of directors
-appropriate federal, state, or local authorities
-the audit committee
the board of directors
Which of the following was not an important change introduced by the Sarbanes-Oxley Act of 2002?
-new rules for auditors and management
-new roles for audit committees
-new rules for information systems development
-the creation of the Public Company Acco
new rules for information systems development
Identify the preventive control below.
-counting inventory on hand and comparing counts to the perpetual inventory records
-maintaining frequent backup records to prevent loss of data
-approving customer credit prior to approving a sales order
-reconcilin
approving customer credit prior to approving a sales order
The largest differences between the COSO Integrated Control (IC) framework and the COSO Enterprise Risk Management (ERM) framework is
-IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounti
IC is controls-based, while the ERM is risk-based.
Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter
-fraud by outsiders.
-disgruntled employees.
-unintentional errors.
-employee fraud or embezzlement.
employee fraud or embezzlement.
According to the ERM, high level goals that are aligned with and support the company's mission are
-strategic objectives.
-compliance objectives.
-reporting objectives.
-operations objectives.
strategic objectives.
Which of the following is not a commonly used technique used to identify potential events?
-performing internal analysis
-monitoring leading events
-conducting interviews
-None of these
None of these
Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000
$650
Whitewater Rapids provides canoes to tourists eager to ride Whitewater River's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000
$650,000
Petty cash is disbursed by the Manuela Luisina in the Cashier's Office. Manuela also maintains records of disbursements, places requests to the Finance Department to replace expended funds, and periodically reconciles the petty cash balance. This represen
ineffective
Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported?
-information and communication
-objective setting
-in
information and communication
The primary purpose of the Foreign Corrupt Practices Act of 1977 was
-to require the reporting of any material fraud by a business.
-All of these are required by the act.
-to prevent the bribery of foreign officials by American companies.
-to require corp
to prevent the bribery of foreign officials by American companies.
Which type of control prevents, detects, and corrects transaction errors and fraud?
-application
-detective
-general
-preventive
application
Nolwenn Limited has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives,
COSO-Integrated Framework; COSO-ERM
The audit committee of the board of directors
-conducts testing of controls on behalf of the external auditors.
-provides a check and balance on management.
-is usually chaired by the CFO.
-does all of these.
provides a check and balance on management.
According to the ERM, ________ deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.
-compliance objectives
-strategic objectives
-reporting objectives
-operations objectives
operations objectives
Upon getting into your new car, you suddenly became worried that you might become injured in an auto accident. In response, you decided to drive 5 miles under the speed limit. You chose to ________ the risk of being injured in an auto accident.
-reduce
-a
reduce
According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except
-reporting potential risks to auditors.
-evaluating the impact of potential events on achievement of objectives.
-e
reporting potential risks to auditors.
Which of the following is a control related to design and use of documents and records?
-comparing physical inventory counts with perpetual inventory records
-reconciling the bank statement to the general ledger
-locking blank checks in a drawer or safe
-
sequentially renumbering sales invoices
Which of the following is not a key method of monitoring performance?
-performing internal control evaluation
-employing a chief risk officer
-implementing effective supervision
-monitoring system activities
employing a chief risk officer
The Sarbanes-Oxley Act (SOX) applies to
-all publicly traded companies.
-all companies with gross annual revenues exceeding $500 million.
-all private and public companies incorporated in the United States.
-publicly traded companies with gross annual rev
all publicly traded companies.
Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her company's budgeting practices. It seems that as a result of controls put in place by the company, h
diagnostic control system.
Which internal control framework is widely accepted as the authority on internal controls?
-COBIT
-COSO Integrated Control
-Sarbanes-Oxley Control Framework
-COSO Enterprise Risk Management
COSO Integrated Control
The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the
-control activities.
-budget framework.
-internal environment.
-organizational structure.
organizational structure.
________ objectives help ensure the accuracy, completeness and reliability of internal and external company reports, Applying the ERM framework.
-Compliance objectives
-Reporting objectives
-Operations objectives
-Strategic objectives
Reporting objectives
Best Friends, Incorporated is a publicly traded company where three BFF's (best friends forever) serve as its key officers. This situation
-increases the risk associated with an audit.
-is a violation of the Sarbanes-Oxley Act.
-violates the Securities an
increases the risk associated with an audit.
Upon getting into your new car, you suddenly became worried that you might become injured in an auto accident. You decided to buckle your seat belt in response. You chose to ________ the risk of being injured in an auto accident.
-accept
-avoid
-reduce
-s
reduce
The organization chart for Renata Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness?
-providing for review and distribution of
assigning the programming and operating of the computer system to an independent control group which reports to the controller
Which type of audit assesses employee compliance with management policies and procedures?
-internal audit
-network security audit
-external audit
-All of these
internal audit
Which type of control is associated with making sure an organization's control environment is stable?
-preventive
-application
-detective
-general
general
Which of the following measures can protect a company from AIS threats?
-Correct and recover from threats that do occur.
-All of these are proper measures for the accountant to take.
-Take a proactive approach to eliminate threats.
-Detect threats that do
All of these are proper measures for the accountant to take.
The COBIT5 framework primarily relates to
-best practices and effective governance and management of private companies.
-best practices and effective governance and management of organizational assets.
-best practices and effective governance and manageme
best practices and effective governance and management of organizational assets.
Which attribute below is not an aspect of the COSO ERM Framework internal environment?
-enforcing a written code of conduct
-avoiding unrealistic expectations
-restricting access to assets
-holding employees accountable for achieving objectives
restricting access to assets
Upon getting into your new car, you suddenly became worried that you might become injured in an auto accident. In response, you decided to ride your bike instead. You chose to ________ the risk of being injured in an auto accident.
-accept
-avoid
-share
-
avoid
________ remains after management implements internal control(s).
-Residual risk
-Risk assessment
-Risk appetite
-Inherent risk
Residual risk
Which of the following is an independent check on performance?
-The Purchasing Agent physically reviews the contents of shipments and compares them with the purchase orders he has placed.
-Production teams perform quality evaluations of the products that
The General Manager compares budgeted amounts with expenditure records from all departments.
To ensure compliance with copyrights and to protect itself from software piracy lawsuits, companies should ________.
-periodically conduct software audits
-update the operating system frequently
-buy software from legitimate suppliers
-adopt cloud operati
periodically conduct software audits
Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her work environment. Recently, every employee of the firm was required to attend a sexual harassment w
boundary system.
Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control.
-detective; preventive
-corrective; detective
-preventive; corrective
-detective; corrective
detective; corrective
The COSO ERM contains all five of the same COSO-Integrated Framework components.
-True
-False
True
Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?
-providing sufficient resources to knowledgeable employees to carry out duties
-setting realistic targets for long-term performance
analyzing past financial performance and reporting
Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000
$600
As a result of an internal risk assessment, Allstate Insurance decided it was not profitable to provide hurricane insurance in the state of Florida. Allstate apparently chose to ________ the risk of paying hurricane claims in Florida.
-reduce
-share
-acce
avoid
With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?
-updating the general ledger and working in the inventory warehouse
-updating the inventory subsidiary ledger
entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal
Which type of audits can detect fraud and errors?
-network security audits
-external audits
-internal audits
-All of these
All of these
A(n) ________ measures company progress by comparing actual performance to planned performance.
-boundary system
-internal control system
-diagnostic control system
-interactive control system
diagnostic control system
Why are threats to accounting information systems increasing?
-Computer control problems are often overestimated and overly emphasized by management.
-LANs and client/server systems are easier to control than centralized, mainframe systems.
-Many companie
Many companies do not realize that data security is crucial to their survival.
The COSO Enterprise Risk Management Integrated Framework stresses that
-risk management policies, if enforced, guarantee achievement of corporate objectives.
-risk management activities are an inherent part of all business operations and should be conside
risk management activities are an inherent part of all business operations and should be considered during strategy setting.
Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?
-commitment to competence
-methods of assigning authority and responsibility
-management philoso
organizational structure
________ is not a risk responses identified in the COSO Enterprise Risk Management Framework.
-Avoidance
-Monitoring
-Acceptance
-Sharing
Monitoring
Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000
$50
A store policy that allows retail clerks to process sales returns for $500 or less, with a receipt dated within the past 30 days, is an example of
-special authorization.
-general authorization.
-specific authorization.
-generic authorization.
general authorization.
A neural network is a software program that has
-the capability to extract information from an individual's brain.
-the ability to read text.
-the capability to inject information into an individual's brain.
-the ability to learn.
the ability to learn.
According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for
-performing tests of the company's internal control structure.
-certifying the accuracy of the company's financial reporting process.
-h
hiring and firing the external auditors.
Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities.
-process
-activity
-system
-event
process
Identify the statement below that is not true of the 2013 COSO Internal Control updated framework.
-It adds many new examples to clarify the framework concepts.
-It more effectively deals with control implementation and documentation issues.
-It provides
It more efficiently deals with control implementation and documentation issues.
The SEC and FASB are best described as external influences that directly affect an organization's
-internal environment.
-methods of assigning authority.
-philosophy and operating style.
-hiring practices.
internal environment.
How is expected loss calculated when performing risk assessment?
-impact times likelihood
-impact times expected loss
-inherent risk times likelihood
-residual risk times likelihood
impact times likelihood
Identify the statement below which is true.
-Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
-Requiring two signatures on checks over $20,000 is an example of segregation
Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
Which of the following factors is not a reason forensic investigators are increasingly used in accounting?
-pressure from boards of directors
-the Sarbanes-Oxley Act
-new accounting rules
-audit fee increases
audit fee increases
A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)
-preventive control.
-corrective control.
-detective control.
-authorization control.
preventive control.
Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Oanez Dinnerware
-selected the company's Chief Financial Officer to chair the audit committee.
-asked their auditors to make recommendations for the redesign of t
hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
Why did COSO develop the Enterprise Risk Management framework?
-to improve the risk management process
-to improve the manufacturing process
-to improve the financial reporting process
-to improve the audit process
to improve the risk management process
Rauol is a receptionist for The South American Paper Company, which has strict corporate policies on appropriate use of corporate resources. The first week of March, Rauol saw Jim (the branch manager) putting printer paper and toner into his briefcase on
integrity and ethical values
Which of the following duties could be performed by the same individual without violating segregation of duties controls?
-programming new code for accounting software and testing accounting software upgrades
-approving software changes and implementing t
approving accounting software change requests and testing production scheduling software changes
Which of the following is not an example of something monitored by a responsibility accounting system?
-budgets
-vendor analysis
-quality standards
-quotas
vendor analysis
How many principles are there in the 2013 updated COSO - Internal Control Framework?
-17
-8
-21
-5
17
Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties.
-Mike issues credit cards to him and Maxine, and when the credit card balances are just under $1,000, M
Mike issues credit cards to him and Maxine, and when the credit card balances are just under $1,000, Maxine writes off the accounts as bad debt. Mike then issues new cards.
Which of the following is not a principle related to information and communicating in the updated COSO Integrated Control framework?
-Obtain or generate relevant, high-quality information to support internal control.
-Surround internal control processes w
Surround internal control processes with information technology that enables discrepancies to be identified.
Why was the original 1992 COSO - Integrated Control framework updated in 2013?
-U.S. stock exchanges required more disclosure.
-Congress required COSO to modernize.
-to comply with International accounting standards
-to more effectively address technologi
to more effectively address technological advancements
A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates.
-steering committee
-project development plan
-strategic master plan
-performance evaluation
project development plan
Applying the COBIT5 framework, governance is the responsibility of
-management.
-external audit.
-internal audit.
-the board of directors.
the board of directors.
A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a
-data processing schedule.
-project development plan.
-strategic master plan.
-performance evaluation.
strategic master plan.
Which of the following is not a basic principle of the COSO ERM framework?
-Companies are formed to create value for society.
-Uncertainty results in opportunity.
-Uncertainty results in risk.
-Management must decide how much uncertainty it will accept to
Companies are formed to create value for society.
A ________ is created to guide and oversee systems development and acquisition.
-project development plan
-strategic master plan
-performance evaluation
-steering committee
steering committee
Which of the below is not a component of the COSO ERM?
-risk assessment
-compliance with federal, state, or local laws
-control environment
-monitoring
compliance with federal, state, or local laws
At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tick
The box office cashier accidentally gives too much change to a customer.
Applying the COBIT5 framework, monitoring is the responsibility of
-the CEO.
-the CFO.
-the board of directors.
-All of these
All of these
An accounting policy that requires a purchasing manager to sign off on all purchases over $5,000 is an example of
-special authorization.
-specific authorization.
-general authorization.
-generic authorization.
specific authorization.
At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance
Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
Hiring decisions at Maarja's Razors are made by Maimu Maarja, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Kasheena, who prepares paycheck req
effective
Independent checks on performance include all the following except
-preparing a trial balance report.
-reconciling hash totals.
-supervisor review of journal entries and supporting documentation.
-data input validation checks.
data input validation checks.
The Director of Information Technology for the city of Tampa, Florida formed a company to sell computer supplies and software. All purchases made on behalf of the City were made from her company. She was later charged with fraud for overcharging the City,
recording; authorization
Hiring decisions at Maarja's Razors are made by Maimu Maarja, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Kasheena, who prepares paycheck req
effective