Deck 7: Control and Accounting Information Systems

A) The audit committee regularly meets with the external auditors.
B) The Board of Directors is primarily independent directors.
C) The company has an up-to-date organizational chart.
D) Formal employee performance evaluations are prepared every three years.

A) Management's attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions.
B) Supervision is especially important in organizations that cannot afford elaborate responsibility reporting or are too small to have adequate segregation of duties.
C) An overly complex or unclear organizational structure may be indicative of more serious problems.
D) A written policy and procedures manual is an important tool for assigning authority and responsibility.

A) Analyzing past financial performance and reporting
B) Providing sufficient resources to knowledgeable employees to carry out duties
C) Disciplining employees for violations of expected behavior
D) Setting realistic targets for long-term performance

A) approving customer credit prior to approving a sales order
B) reconciling the bank statement to the cash control account
C) counting inventory on hand and comparing counts to the perpetual inventory records
D) maintaining frequent backup records to prevent loss of data

A) LANs and client/server systems are easier to control than centralized, mainframe systems.
B) Many companies do not realize that data security is crucial to their survival.
C) Computer control problems are often overestimated and overly emphasized by management.
D) Many companies believe that protecting information is a strategic requirement.

A) Yes, the computer operator could alter the payroll program to increase her salary.
B) Yes, this is a potential problem unless the computer operator is supervised by the payroll manager.
C) No, ideal segregation of duties is not usually possible, and operators are often the best at programming changes and updates.
D) No, as long as the computer operator separately accounts for hours worked in programming and in operations.

A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.

A) Monitoring
B) Avoidance
C) Acceptance
D) Sharing

A) Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
B) An employee puts inventory behind the dumpster while unloading a vendor's delivery truck, then picks up the inventory later in the day and puts it in her car.
C) A mail room employee steals a check received from a customer and destroys the documentation.
D) The accounts receivable clerk does not record sales invoices for friends or family, so they can receive free goods.

A) preventive control.
B) detective control.
C) corrective control.
D) authorization control.

A) Integrity and ethical values
B) Risk management philosophy
C) Restrict access to assets
D) Methods of assigning authority and responsibility

A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.

A) Sequentially prenumbering sales invoices
B) Comparing physical inventory counts with perpetual inventory records
C) Reconciling the bank statement to the general ledger
D) Locking blank checks in a drawer or safe

A) make sure that different people handle different parts of the same transaction.
B) ensure that no collusion will occur.
C) make sure that different people handle different transactions.
D) achieve an optimal division of labor for efficient operations.

A) hiring and firing the external auditors.
B) performing tests of the company's internal control structure.
C) certifying the accuracy of the company's financial reporting process.
D) overseeing day-to-day operations of the internal audit department.

A) data input validation checks.
B) reconciling hash totals.
C) preparing a trial balance report.
D) supervisor review of journal entries and supporting documentation.

A) Updating the inventory subsidiary ledgers and recording purchases in the purchases journal
B) Approving a sales return on a customer's account and depositing customers' checks in the bank
C) Updating the general ledger and working in the inventory warehouse
D) Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal

A) Approving accounting software change requests and testing production scheduling software changes
B) Programming new code for accounting software and testing accounting software upgrades
C) Approving software changes and implementing the upgraded software
D) Managing accounts payable function and revising code for accounting software to more efficiently process discount due dates on vendor invoices

A) increases the risk associated with an audit.
B) must be changed before your audit firm could accept the audit engagement.
C) is a violation of the Sarbanes-Oxley Act.
D) violates the Securities and Exchange Act.

A) ISACA's control objectives for information and related technology
B) COSO's internal control framework
C) COSO's enterprise risk management framework
D) none of the above

A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system

A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system

A) control environment
B) risk assessment
C) compliance with federal, state, or local laws
D) monitoring

A) Application
B) Detective
C) General
D) Preventive

A) Foreign Corrupt Practices Act of 1977
B) The Securities Exchange Act of 1934
C) The Sarbanes-Oxley Act of 2002
D) The Control Provision of 1998

A) ISACA's control objectives for information and related technology
B) COSO's internal control framework
C) COSO's enterprise risk management framework
D) none of the above

A) The creation of the Public Company Accounting Oversight Board
B) New rules for auditors and management
C) New roles for audit committees
D) New rules for information systems development

A) Confidentiality issues caused by interlinked inter-company networks
B) Difficult to control distributed computing networks
C) Increasing efficiency resulting from more automation
D) Increasing numbers of information systems and users

A) a phenomenon.
B) internal control.
C) an AIS threat.
D) a preventive control.

A) Take a proactive approach to eliminate threats.
B) Detect threats that do occur.
C) Correct and recover from threats that do occur.
D) All of the above are proper measures for the accountant to take.

A) Identify the cause of the problem.
B) Correct the resulting errors.
C) Modify the system to prevent future occurrences of the problem.
D) All of the above are accomplished by corrective controls.

A) providing accurate and reliable information
B) promoting operational efficiency
C) ensuring that no fraud has occurred
D) encouraging adherence to management policies

A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system

A) event
B) activity
C) process
D) system

A) corrective; detective
B) detective; corrective
C) preventive; corrective
D) detective; preventive

A) Application
B) Detective
C) General
D) Preventive

A) to require corporations to maintain a good system of internal control.
B) to prevent the bribery of foreign officials by American companies.
C) to require the reporting of any material fraud by a business.
D) All of the above are required by the act.

A) Identify the cause of a problem.
B) Deter problems before they arise.
C) Correct resulting errors or difficulties.
D) Modify the system so that future problems are minimized or eliminated.

A) control problems may be overestimated by many companies.
B) productivity and cost cutting cause management to forgo implementing and maintaining internal controls.
C) control technology has not yet been developed.
D) all of the above

A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment

A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.

A) Does management take undue business risks to achieve its objectives?
B) Does management attempt to manipulate performance measures such as net income?
C) Does management pressure employees to achieve results regardless of the methods?
D) All of the above statements would raise "red flags" if answered "yes."

A) risk management activities are an inherent part of all business operations and should be considered during strategy setting.
B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities.
C) risk management is the sole responsibility of top management.
D) risk management policies, if enforced, guarantee achievement of corporate objectives.

A) Impact times expected loss
B) Impact times likelihood
C) Inherent risk times likelihood
D) Residual risk times likelihood

A) unintentional errors.
B) employee fraud or embezzlement.
C) fraud by outsiders.
D) disgruntled employees.

A) Enforcing a written code of conduct
B) Holding employees accountable for achieving objectives
C) Restricting access to assets
D) Avoiding unrealistic expectations

A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.

A) Information and communication
B) Internal environment
C) Event identification
D) Objective setting

A) Internal environment
B) Monitoring
C) Risk response
D) Event assessment

A) identify the threats that the company currently faces.
B) estimate the risk probability of negative events occurring.
C) estimate the exposure from negative events.
D) identify controls to reduce all risk to zero.

A) performance evaluation.
B) project development plan.
C) data processing schedule.
D) strategic master plan.

A) hiring practices.
B) philosophy and operating style.
C) internal environment.
D) methods of assigning authority.

A) overseeing the internal control structure.
B) overseeing the financial reporting process.
C) working with the internal and external auditors.
D) All of the above are responsibilities.

A) Organizational structure
B) Methods of assigning authority and responsibility
C) Management philosophy and operating style
D) Commitment to competence

A) implementation of newest technologies.
B) compliance with laws and regulations.
C) effective and efficient operations.
D) reliable reporting.

A) control activities
B) organizational structure
C) budget framework
D) internal environment

A) is usually chaired by the CFO.
B) conducts testing of controls on behalf of the external auditors.
C) provides a check and balance on management.
D) does all of the above.

A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment

A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment

A) reporting potential risks to auditors.
B) identifying events that could impact the enterprise.
C) evaluating the impact of potential events on achievement of objectives.
D) establishing objectives for the enterprise.

A) reduce
B) share
C) avoid
D) accept

A) Assigning the programming and operating of the computer system to an independent control group which reports to the controller
B) Providing for maintenance of input data controls by an independent control group which reports to the controller
C) Periodically rotating assignment of application processing among machine operators, who all report to the information processing manager
D) Providing for review and distribution of system-generated reports by an independent control group which reports to the controller

A) $50,000
B) $650,000
C) $650
D) $50

A) The data validation control procedure should be implemented because its net estimated benefit is $510.
B) The data validation control procedure should be implemented because its cost of $700 is less than the payroll reprocessing cost of $1,430.
C) The data validation control procedure should not be implemented because its cost of $700 exceeds the expected benefit by $480.
D) The data validation control procedure should not be implemented because its net estimated benefit is a negative $1,210.

A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process.
B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
C) selected the company's Chief Financial Officer to chair the audit committee.
D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year.

A) effective
B) partial
C) ineffective
D) limited

A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan

A) effective
B) ideal
C) ineffective
D) limited

A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan

A) The Purchasing Agent physically reviews the contents of shipments and compares them with the purchase orders he has placed.
B) Production teams perform quality evaluations of the products that they produce.
C) The General Manager compares budgeted amounts with expenditure records from all departments.
D) Petty cash is disbursed by Fred Haynes. He also maintains records of disbursements, places requests to finance to replace expended funds, and periodically reconciles the petty cash balance.

A) reduced.
B) shared.
C) avoided.
D) accepted.

A) boundary system.
B) belief system.
C) interactive control system.
D) diagnostic control system.

A) $500
B) $650
C) $600
D) $50

A) $50,000
B) $650,000
C) $650
D) $50

A) COSO-Integrated Framework; COBIT
B) COBIT; COSO-Integrated Framework
C) COBIT; COSO-ERM
D) COSO-Integrated Framework; COSO-ERM
E) COSO-ERM; COBIT

A) $50,000
B) $650,000
C) $650
D) $50

A) all companies with gross annual revenues exceeding $500 million.
B) publicly held companies with gross annual revenues exceeding $500 million.
C) all private and publicly held companies incorporated in the United States.
D) all publicly held companies.

A) reduced.
B) shared.
C) avoided.
D) accepted.

A) boundary system.
B) belief system.
C) interactive control system.
D) diagnostic control system.