Deck 7: Internal Controls I

A)Respect the rights of shareholders
B)Keep disclosure of business information to a minimum
C)Safeguard integrity in financial reporting
D)Structure the board to add value

A)what type of processing is required
B)the location of the processing
C)the upgradability of the processing
D)the integration of processing

A)full time employees of the company
B)a mixture of executive and independent directors
C)CEO plus external directors who are not involved in the business
D)accountants,auditors and executive director

A)Matching IT to strategy
B)Adding value
C)Managing resources
D)Reducing costs

A)shareholders
B)board of directors
C)employees
D)Government

A)(i)(ii)(iii)
B)(i)(ii)only
C)(ii)(iii)only
D)(i)(iii)only

A)monitored and assessed
B)assessed and minimised
C)identified and monitored
D)assessed and controlled

A)a company,its customers,and its suppliers
B)a company's management,its board,its employees,and its suppliers
C)a company's management,its board,its shareholders,and other stakeholders
D)a company and various government agencies

A)(i)only
B)(i)(iii)(iv)only
C)(i)(ii)(iii)only
D)(i)(ii)(iii)(iv)

A)the board reviews poor decisions and punishes the person responsible
B)the board delegates decision making to employees but retains ultimate responsibility
C)decisions are made by the person who needs to act on the decision irrespective of their position in the organisation
D)board members are only accountable for decisions made by the board.

A)IT governance
B)IT principles
C)IT objectives
D)IT control

A)Recognise and minimise risk.
B)Safeguard integrity in financial reporting.
C)Make timely and balanced disclosure.
D)Remunerate fairly and responsibly.

A)(ii)only
B)(iii)only
C)(i)(iii)only
D)(i)(ii)(iii)

A)(i)only
B)(i)(ii)only
C)(i)(iii)only
D)(i)(ii)(iii)

A)poor returns on investment for minority shareholders
B)bad publicity from environmental groups
C)company failure and potential damage to economy
D)managers who are influenced by self-interest rather than the longevity of the company

A)All board members should be paid the same amount of remuneration.
B)All employees of an organisation should be paid fairly.
C)The organisation should be able to demonstrate a clear link between company performance and executive remuneration.
D)The organisation should be able to demonstrate a clear link between employee performance and employee remuneration.

A)Lay solid foundations for management and oversight.
B)Structure the board to add value.
C)Promote ethical and responsible decision making.
D)Respect the rights of customers.

A)IT structure
B)IT architecture
C)IT infrastructure
D)IT foundation

A)Ensuring the organisation has appropriate management strategies and techniques in place for dealing with IT related risks.
B)Ensuring that the IT being used or adopted within an organisation is consistent with the organisation's goals and meets expectations.
C)Ensuring the organisation's IT resource are used responsibly.
D)Using IT to make the most of future business opportunities and benefits.

A)Internal auditors
B)External auditors
C)Top management
D)Shareholder committees

A)effectiveness and efficiency of operations
B)reliability of financial reporting
C)compliance with applicable laws and regulations
D)systems and procedures that help to manage risk and achieve objectives

A)Completeness and accuracy
B)Occurrence and cut-off
C)Classification
D)Timeliness

A)(i)only
B)(ii)only
C)(i)(ii)only
D)(i)(ii)(iii)

A)completeness,accuracy,classification,and valuation and allocation
B)valuation and allocation,rights and obligations,completeness,and existence
C)rights and obligations,completeness,accuracy,classification
D)classification,value and allocation,existence,and rights and obligations

A)(i)(ii)(iii)only
B)(i)(ii)(iv)only
C)(i)(iii)only
D)(i)(ii)(iii)(iv)

A)COBIT stage Acquiring
B)COBIT stage Delivering
C)COSO stage Control Environment
D)COSO stage Monitoring

A)accurate capture of data
B)the right information to the right person at the right time
C)ensuring information flows up and down the organisation
D)control of accountability

A)Effective and efficient operations
B)Reliable financial reporting
C)Compliance with laws and regulations
D)Safe workplace

A)(i)only
B)(ii)(iv)only
C)(ii)(iii)(iv)
D)(i)(ii)(iii)(iv)

A)The attitude,emphasis and awareness of an organisation's management towards internal control and its operation within the organisation.
B)The attitude,emphasis and awareness of the government towards internal control and operations within organisations.
C)The attitude,emphasis and awareness of the legislative entities towards internal control and operations within organisations.
D)The attitude,emphasis and awareness of the society towards internal control and operations within organisations.

A)(i)(ii)(iii)
B)(ii)(iii)(iv)
C)(iii)(iv)
D)(i)(ii)(iii)(iv)

A)reports by the external auditor
B)reports by the internal auditor
C)the need to comply with applicable laws and regulations
D)the actions of the board

A)the process of scanning the organisation for risks that could inhibit the attainment of the organisation's goals.
B)the process of scanning the organisation and its environment for risks that could inhibit the attainment of the organisation's goals.
C)the process of scanning the organisation for risks that could inhibit the attainment of the organisation's goals and devising appropriate corrections.
D)the process of scanning the organisation and its environment for risks that could inhibit the attainment of the organisation's goals and devising appropriate corrections.

A)Plan and organise
B)Deliver and support
C)Monitor and evaluate
D)Recycle and disposal

A)Enterprise Resource Management
B)Enterprise Risk Management
C)Enterprise Resource Model
D)Enterprise Risk Model

A)occurrence
B)completeness
C)accuracy
D)cut-off

A)strategies for acquiring and implementing IT solutions
B)evaluating how the system operates within the organisation
C)reviewing how well IT systems match the needs of the organisation
D)deciding which communication standards will be used.

A)is locally recognised framework for Australia and New Zealand
B)targets large organisations
C)is a framework for corporate governance
D)is a framework for IT governance

A)Ensure ICT performs well,with performance including the satisfaction of business needs,responding to changing business needs and being a reliable support for organisational activities whenever required.
B)Ensure ICT conforms with any external obligations as well as any internal policies that may exist in the organisation.
C)Put in place well understood responsibilities for ICT throughout the organisation and the greater society.
D)Ensure ICT use respects human factors,particularly the meeting of the needs of the different system stakeholders.

A)strategic
B)reporting
C)planning
D)compliance

A)Examining financial and operating information.
B)Reviewing the economy,effectiveness and efficiency of the organisation's operations.
C)Reviewing the adequacy of compliance with external laws and regulations.
D)Reviewing the fit between IT and business strategy.

A)risk of network disruption
B)risk of key suppliers moving to other organisations
C)risk of new competitors taking market position
D)risk of unauthorised access to online systems

A)Organisational structure.
B)Distribution of responsibility.
C)Recruitment policies
D)IT policies

A)transactions that occurred have been carried out efficiently and effectively
B)assets and liabilities in the financial statements exist and transactions reported actually occurred
C)assets listed are owned by the organisation and liabilities owed are repaid
D)amounts on the financial statements have been calculated in accordance with company policies

A)operations,performance,reporting,and compliance
B)strategic,reporting,compliance,and operations
C)environmentally friendly,reporting,profitable and compliance
D)socially responsible,profitable,compliance,and environmentally friendly

A)The communication and policing of ethical behaviour in the organisation.
B)Commitment to competence.
C)Risk assessment.
D)Management philosophy and operating style.

A)Internal environment
B)External environment
C)Event identification
D)Information and communication

A)Risk assessment
B)Risk response
C)Control activities
D)Resource management

A)Cloud computing offers advantages for new and emerging businesses,since it is easily scalable and can grow with the organisation.
B)The task of keeping the applications and technology up to date is left to the cloud service subscriber.
C)Cloud computing offers a risk-management technique,since in the event of disaster the IT services are based in a different location and still accessible.
D)Security and maintenance can be managed by the cloud provider.