Deck 7: Control and Accounting Information Systems

A) boundary system.
B) diagnostic control system.
C) interactive control system.
D) belief system.

A) general
B) application
C) detective
D) preventive

A) all companies with gross annual revenues exceeding $500 million.
B) publicly traded companies with gross annual revenues exceeding $500 million.
C) all private and public companies incorporated in the United States.
D) all publicly traded companies.

A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system

A) corrective; detective
B) detective; corrective
C) preventive; corrective
D) detective; preventive

A) Foreign Corrupt Practices Act of 1977
B) The Securities Exchange Act of 1934
C) The Sarbanes-Oxley Act of 2002
D) The Control Provision of 1998

A) to require corporations to maintain a good system of internal control.
B) to prevent the bribery of foreign officials by American companies.
C) to require the reporting of any material fraud by a business.
D) All of the above are required by the act.

A) Take a proactive approach to eliminate threats.
B) Detect threats that do occur.
C) Correct and recover from threats that do occur.
D) All of the above are proper measures for the accountant to take.

A) new roles for audit committees
B) new rules for auditors and management
C) new rules for information systems development
D) the creation of the Public Company Accounting Oversight Board

A) event
B) activity
C) process
D) system

A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system

A) monitoring
B) control environment
C) risk assessment
D) compliance with federal, state, or local laws

A) boundary system.
B) diagnostic control system.
C) interactive control system.
D) belief system.

A) Many companies do not realize that data security is crucial to their survival.
B) LANs and client/server systems are easier to control than centralized, mainframe systems.
C) Many companies believe that protecting information is a strategic requirement.
D) Computer control problems are often overestimated and overly emphasized by management.

A) preventive control.
B) detective control.
C) corrective control.
D) authorization control.

A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process.
B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
C) selected the company's Chief Financial Officer to chair the audit committee.
D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year.

A) general
B) application
C) detective
D) preventive

A) reconciling the bank statement to the cash control account
B) approving customer credit prior to approving a sales order
C) maintaining frequent backup records to prevent loss of data
D) counting inventory on hand and comparing counts to the perpetual inventory records

A) It more efficiently deals with control implementation and documentation issues.
B) It more effectively deals with control implementation and documentation issues.
C) It provides users with more precise guidance.
D) It adds many new examples to clarify the framework concepts.

A) analyzing past financial performance and reporting
B) providing sufficient resources to knowledgeable employees to carry out duties
C) disciplining employees for violations of expected behavior
D) setting realistic targets for long-term performance

A) 5
B) 8
C) 17
D) 21

A) best practices and effective governance and management of private companies.
B) best practices and effective governance and management of public companies.
C) best practices and effective governance and management of information technology.
D) best practices and effective governance and management of organizational assets.

A) COBIT
B) COSO Integrated Control
C) COSO Enterprise Risk Management
D) Sarbanes-Oxley Control Framework

A) control activities.
B) organizational structure.
C) budget framework.
D) internal environment.

A) the CEO.
B) the CFO.
C) the board of directors.
D) all of the above

A) risk management activities are an inherent part of all business operations and should be considered during strategy setting.
B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities.
C) risk management is the sole responsibility of top management.
D) risk management policies, if enforced, guarantee achievement of corporate objectives.

A) Congress required COSO to modernize.
B) U.S. stock exchanges required more disclosure.
C) to more effectively address technological advancements
D) to comply with International accounting standards

A) COSO-Integrated Framework; COBIT
B) COBIT; COSO-Integrated Framework
C) COBIT; COSO-ERM
D) COSO-Integrated Framework; COSO-ERM
E) COSO-ERM; COBIT

A) IC is controls-based, while the ERM is risk-based.
B) IC is risk-based, while ERM is controls-based.
C) IC is required, while ERM is optional.
D) IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounting principles.

A) Companies are formed to create value for society.
B) Management must decide how much uncertainty it will accept to create value.
C) Uncertainty results in risk.
D) Uncertainty results in opportunity.

A) organizational structure
B) methods of assigning authority and responsibility
C) management philosophy and operating style
D) commitment to competence

A) to improve the audit process
B) to improve the risk management process
C) to improve the financial reporting process
D) to improve the manufacturing process

A) integrity and ethical values
B) risk management philosophy
C) restrict access to assets
D) methods of assigning authority and responsibility

A) is usually chaired by the CFO.
B) conducts testing of controls on behalf of the external auditors.
C) provides a check and balance on management.
D) does all of the above.

A) meeting stakeholder needs
B) covering the enterprise end-to-end
C) enabling a holistic approach
D) improving organization efficiency

A) internal audit.
B) external audit.
C) management.
D) the board of directors.

A) hiring practices.
B) philosophy and operating style.
C) internal environment.
D) methods of assigning authority.

A) Compliance objectives
B) Operations objectives
C) Reporting objectives
D) Strategic objectives

A) compliance objectives
B) operations objectives
C) reporting objectives
D) strategic objectives

A) inherent risk.
B) residual risk.
C) risk appetite.
D) risk assessment.

A) enforcing a written code of conduct
B) holding employees accountable for achieving objectives
C) restricting access to assets
D) avoiding unrealistic expectations

A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment

A) identify controls to reduce all risk to zero.
B) estimate the exposure from negative events.
C) identify the threats that the company currently faces.
D) estimate the risk probability of negative events occurring.

A) compliance objectives.
B) operations objectives.
C) reporting objectives.
D) strategic objectives.

A) is a violation of the Sarbanes-Oxley Act.
B) violates the Securities and Exchange Act.
C) increases the risk associated with an audit.
D) must be changed before your audit firm could accept the audit engagement.

A) impact times expected loss
B) impact times likelihood
C) inherent risk times likelihood
D) residual risk times likelihood

A) performing internal analysis
B) monitoring leading events
C) conducting interviews
D) none of the above

A) Acceptance
B) Avoidance
C) Monitoring
D) Sharing

A) unintentional errors.
B) employee fraud or embezzlement.
C) fraud by outsiders.
D) disgruntled employees.

A) compliance objectives
B) operations objectives
C) reporting objectives
D) strategic objectives

A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment

A) An event identified by management will occur.
B) An event identified by management may or may not occur.
C) An event identified by management may not trigger other events.
D) It is easy to determine which events are most likely to occur.

A) approving accounting software change requests and testing production scheduling software changes
B) programming new code for accounting software and testing accounting software upgrades
C) approving software changes and implementing the upgraded software
D) managing accounts payable function and revising code for accounting software to more efficiently process discount due dates on vendor invoices

A) reduce
B) share
C) avoid
D) accept

A) $50
B) $650
C) $50,000
D) $650,000

A) $50
B) $650
C) $50,000
D) $650,000

A) updating the inventory subsidiary ledgers and recording purchases in the purchases journal
B) approving a sales return on a customer's account and depositing customers' checks in the bank
C) updating the general ledger and working in the inventory warehouse
D) entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal

A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.

A) $50
B) $500
C) $600
D) $650

A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.

A) reduce
B) share
C) avoid
D) accept

A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.

A) $50
B) $650
C) $50,000
D) $650,000

A) reporting potential risks to auditors.
B) identifying events that could impact the enterprise.
C) evaluating the impact of potential events on achievement of objectives.
D) establishing objectives for the enterprise.

A) A mail room employee steals a check received from a customer and destroys the documentation.
B) The accounts receivable clerk does not record sales invoices for friends or family, so they can receive free goods.
C) An employee puts inventory behind the dumpster while unloading a vendor's delivery truck, then picks up the inventory later in the day and puts it in her car.
D) Mike issues credit cards to him and Maxine, and when the credit card balances are just under $1,000, Maxine writes off the accounts as bad debt. Mike then issues new cards.

A) locking blank checks in a drawer or safe
B) sequentially prenumbering sales invoices
C) reconciling the bank statement to the general ledger
D) comparing physical inventory counts with perpetual inventory records

A) data input validation checks.
B) reconciling hash totals.
C) preparing a trial balance report.
D) supervisor review of journal entries and supporting documentation.

A) reduce
B) share
C) avoid
D) accept

A) ensure that no collusion will occur.
B) achieve an optimal division of labor for efficient operations.
C) make sure that different people handle different transactions.
D) make sure that different people handle different parts of the same transaction.

A) Requiring two signatures on checks over $20,000 is an example of segregation of duties.
B) Although forensic specialists utilize computers, only people can accurately identify fraud.
C) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
D) Re-adding the total of a batch of invoices and comparing the total with the first total you calculated is an example of an independent check.

A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.

A) reduce
B) share
C) avoid
D) accept