Deck 7: Control and Accounting Information Systems

A)preventive control.
B)detective control.
C)corrective control.
D)authorization control.

A)Reconciling the bank statement to the cash control account.
B)Approving customer credit prior to approving a sales order.
C)Maintaining frequent backup records to prevent loss of data.
D)Counting inventory on hand and comparing counts to the perpetual inventory records.

A)detective controls and preventive controls.
B)general controls and application controls.
C)process controls and general controls.
D)system controls and application controls.

A)Reconciling the bank statement to the cash control account.
B)Approving customer credit prior to approving a sales order.
C)Maintaining frequent backup records to prevent loss of data.
D)Ensuring that the employee who records cash received from customers does not also have access to the cash itself.

A)Preventive control
B)Detective control
C)Corrective control
D)Authorization control

A)Preventive control
B)Detective control
C)Corrective control
D)Authorization control

A)boundary system
B)diagnostic control system
C)interactive control system
D)belief system

A)hiring and firing the external auditors.
B)performing tests of the company's internal control structure.
C)certifying the accuracy of the company's financial reporting process.
D)overseeing day-to-day operations of the internal audit department.

A)corrective; detective
B)detective; corrective
C)preventive; corrective
D)detective; preventive

A)Take a proactive approach to eliminate threats.
B)Detect threats that do occur.
C)Correct and recover from threats that do occur.
D)All of the above are proper measures for the accountant to take.

A)general
B)application
C)detective
D)preventive

A)event
B)activity
C)process
D)system

A)Reconciling the bank statement to the cash control account.
B)Approving customer credit prior to approving a sales order.
C)Maintaining frequent backup records to prevent loss of data.
D)Counting inventory on hand and comparing counts to the perpetual inventory records.

A)Many companies have invested significant resources to protect their assets.
B)Many companies do not realize that data security is crucial to their survival.
C)Many companies believe that protecting information is a vital strategic requirement.
D)Computer control problems are often overestimated and overly emphasized by management.

A)to require corporations to maintain a good system of internal control.
B)to prevent the bribery of foreign officials by American companies.
C)to require the reporting of any material fraud by a business.
D)All of the above are required by the act.

A)general
B)application
C)detective
D)preventive

A)Foreign Corrupt Practices Act of 1977
B)The Securities Exchange Act of 1934
C)The Sarbanes-Oxley Act of 2002
D)The Securities Exchange Act of 1933

A)New roles for audit committees
B)New rules for auditors and management
C)New rules for internal control requirements
D)New rules for information systems development

A)COBIT.
B)ISACA framework.
C)COSO Integrated Control.
D)Sarbanes-Oxley control framework.

A)Congress required COSO to modernize.
B)U.S. stock exchanges required more disclosure.
C)As an effort to more effectively address technological advancements.
D)As an effort to comply with the Information System Audit and Control Association requirements.

A)boundary system.
B)diagnostic control system.
C)interactive control system.
D)belief system.

A)all companies with gross annual revenues exceeding $500 million.
B)publicly traded companies with gross annual revenues exceeding $500 million.
C)all private and public companies incorporated in the United States.
D)all publicly traded companies.

A)It more efficiently deals with control implementation and documentation issues.
B)It more effectively deals with control implementation and documentation issues.
C)It provides users with more precise guidance.
D)It adds many new examples to clarify the framework concepts.

A)risk management activities are an inherent part of all business operations and should be considered during strategy setting.
B)effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities.
C)risk management is the sole responsibility of top management.
D)risk management policies, if enforced, guarantee achievement of corporate objectives.

A)asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process.
B)did not mention to auditors that the company had experienced material weaknesses in the company's internal control systems during the past year.
C)selected the company's CEO to chair the audit committee.
D)hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.

A)5
B)8
C)17
D)21

A)boundary system
B)diagnostic control system
C)interactive control system
D)belief system

A)best practices and effective governance and management of private companies.
B)best practices and effective governance and management of public companies.
C)best practices and effective governance and management of information technology.
D)best practices and effective governance and management of organizational assets.

A)boundary system.
B)diagnostic control system.
C)interactive control system.
D)belief system.

A)COSO-Integrated Framework; COBIT
B)COBIT; COSO-Integrated Framework
C)COBIT; COSO-ERM
D)COSO-Integrated Framework; COSO-ERM
E)COSO-ERM; COBIT

A)meeting stakeholder needs
B)covering the enterprise end-to-end
C)enabling a holistic approach
D)improving organization efficiency

A)Monitoring.
B)Ethical culture.
C)Risk assessment.
D)Control environment.

A)boundary system
B)diagnostic control system
C)interactive control system
D)belief system

A)boundary system
B)diagnostic control system
C)interactive control system
D)belief system

A)Integrity and ethical values.
B)Risk management philosophy.
C)Restrict access to assets.
D)Methods of assigning authority and responsibility.

A)Control environment.
B)Risk assessment.
C)Control activities.
D)Information and communication.

A)the CEO.
B)the CFO.
C)the board of directors.
D)all of the above

A)Analyzing past financial performance and reporting.
B)Providing sufficient resources to knowledgeable employees to carry out duties.
C)Disciplining employees for violations of expected behavior.
D)Setting realistic targets for long-term performance.

A)to improve the organization's risk management process.
B)to improve the organization's financial reporting process.
C)to improve the organization's manufacturing process.
D)to improve the organization's internal audit process.

A)Control environment.
B)Risk assessment.
C)Control activities.
D)Information and communication.

A)the CEO.
B)the CFO.
C)the board of directors.
D)all of the above

A)Organizational structure.
B)Methods of assigning authority and responsibility.
C)Management philosophy and operating style.
D)Commitment to competence.

A)IC is controls-based, while the ERM is risk-based.
B)IC is risk-based, while ERM is controls-based.
C)IC is required, while ERM is optional.
D)IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounting principles.

A)Integrity and ethical values.
B)Risk management philosophy.
C)Restrict access to assets.
D)Methods of assigning authority and responsibility.

A)Control environment.
B)Risk assessment.
C)Control activities.
D)Information and communication.

A)is usually chaired by the CFO.
B)conducts testing of controls on behalf of the external auditors.
C)provides a check and balance on management.
D)does all of the above.

A)Control environment.
B)Risk assessment.
C)Control activities.
D)Information and communication.

A)unintentional errors.
B)employee fraud or embezzlement.
C)fraud by outsiders.
D)disgruntled employees.

A)internal audit.
B)external audit.
C)management.
D)the board of directors.

A)Organizational structure.
B)Methods of assigning authority and responsibility.
C)Management philosophy and operating style.
D)Commitment to competence.

A)hiring practices.
B)philosophy and operating style.
C)internal environment.
D)methods of assigning authority.

A)Companies are formed to create value for society.
B)Management must decide how much uncertainty it will accept to create value.
C)Uncertainty results in risk.
D)Uncertainty results in opportunity.

A)control activities.
B)organizational structure.
C)budget framework.
D)internal environment.

A)Inherent risk
B)Residual risk
C)Risk appetite
D)Risk assessment

A)compliance objectives
B)operations objectives
C)reporting objectives
D)strategic objectives

A)inherent risk.
B)residual risk.
C)risk appetite.
D)risk assessment.

A)compliance objectives
B)operations objectives
C)reporting objectives
D)strategic objectives

A)Inherent risk
B)Residual risk
C)Risk appetite
D)Risk assessment

A)Enforcing a written code of conduct.
B)Holding employees accountable for achieving objectives.
C)Restricting access to assets.
D)Avoiding unrealistic expectations.

A)compliance objectives
B)operations objectives
C)reporting objectives
D)strategic objectives

A)Acceptance
B)Avoidance
C)Monitoring
D)Sharing

A)An event identified by management will occur.
B)An event identified by management may or may not occur.
C)An event identified by management may not trigger other events.
D)It is easy to determine which events are most likely to occur.

A)Using data mining.
B)Browsing news articles.
C)Hiring a business process consultant.
D)None of the above.

A)Hiring a forensic specialist.
B)Requiring employees to take mandatory vacations.
C)Installing security cameras to monitor employees activities.
D)Implementing a fraud hotline.

A)compliance objectives
B)operations objectives
C)reporting objectives
D)strategic objectives

A)Impact times expected loss.
B)Impact times likelihood.
C)Inherent risk times likelihood.
D)Residual risk times likelihood.

A)violates the Sarbanes-Oxley Act.
B)violates the Securities and Exchange Act.
C)increases the risk associated with an audit.
D)All of the above.