What is one reason why AIS threats are increasing?
Many companies do not realize that data security is crucial to their survival.
Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework?
A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)
At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect?
Some customers presented tickets purchased on a previous day when there wasn’t a ticket taker at the theater entrance (so the tickets didn’t get torn.)
At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect?
The box office cashier accidentally gives too much change to a customer.
Which of the following is an example of a preventive control?
approving customer credit prior to approving a sales order
Independent checks on performance include all the following except
data input validation checks.
A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem?
Yes, the computer operator could alter the payroll program to increase her salary.
One of the objectives of the segregation of duties is to
make sure that different people handle different parts of the same transaction.
Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework?
Integrity and ethical values
Which of the following statements is true?
Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties.
Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for
hiring and firing the external auditors.
Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice President of Finance and CEO. This situation
increases the risk associated with an audit.
Which of the following is a control related to design and use of documents and records?
Sequentially pre-numbering sales invoices
Which of the following duties could be performed by the same individual without violating segregation of duties controls?
Approving accounting software change requests and testing production scheduling software changes
With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?
Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal
Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?
Analyzing past financial performance and reporting
Which of the following suggests a weakness in a company’s internal environment?
Formal employee performance evaluations are prepared every three years.
Which of the following statements about internal environment is false?
Management’s attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions.
Which of the following is not a reason for the increase in security problems for AIS?
Increasing efficiency resulting from more automation
One reason why many organizations do not adequately protect their systems is because
productivity and cost cutting cause management to forgo implementing and maintaining internal controls.
Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken?
All of the above are proper measures for the accountant to take.
The process that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as
Safeguarding assets is one of the control objectives of internal control. Which of the following is not one of the other control objectives?
ensuring that no fraud has occurred
Internal control is often referred to as a(n) ________, because it permeates an organization’s operating activities and is an integral part of management activities.
Which of the following is accomplished by corrective controls?
All of the above are accomplished by corrective controls
Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions is an example of a ________ control.
What is not a corrective control procedure?
Deter problems before they arise.
________ controls are designed to make sure an organization’s control environment is stable and well managed.
________ controls prevent, detect and correct transaction errors and fraud.
The primary purpose of the Foreign Corrupt Practices Act of 1977 was
to prevent the bribery of foreign officials by American companies
Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.
The Sarbanes-Oxley Act of 2002
Which of the following is not one of the important aspects of the Sarbanes-Oxley Act?
New rules for information systems development
A(n) ________ helps employees act ethically by setting limits beyond which an employee must not pass.
A(n) ________ measures company progress by comparing actual performance to planned performance.
diagnostic control system
A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.
interactive control system
This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes.
ISACA’s control objectives for information and related technology
This control framework’s intent includes helping the organization to provide reasonable assurance that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to the organization’s reputation.
COSO’s enterprise risk management framework
The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them?
compliance with federal, state, or local laws
Which of the following is not one of the eight interrelated risk and control components of COSO Enterprise Risk Management Framework?
The COSO Enterprise Risk Management Integrated Framework stresses that
risk management activities are an inherent part of all business operations and should be considered during strategy setting.
Which of the following would be considered a “red flag” for problems with management operating style if the question were answered “yes”?
All of the above statements would raise “red flags” if answered “yes.”
Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported?
Information and communication
The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary to achieve corporate goals. Objectives specifically identified include all of the following except
implementation of newest technologies.
The audit committee of the board of directors
provides a check and balance on management.
The audit committee is responsible for
All of the above are responsibilities.
The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the
Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?
Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter
employee fraud or embezzlement.
The SEC and FASB are best described as external influences that directly affect an organization’s
Which attribute below is not an aspect of the COSO ERM Framework internal environment?
Restricting access to assets
The amount of risk a company is willing to accept in order to achieve its goals and objectives is
The risk that remains after management implements internal controls is
The risk that exists before management takes any steps to control the likelihood or impact of a risk is
When undertaking risk assessment, the expected loss is calculated like this
Impact times likelihood
Generally in a risk assessment process, the first step is to
identify the threats that the company currently faces.
Store policy that allows retail clerks to process sales returns for $300 or less, with a receipt dated within the past 60 days, is an example of
Corporate policy that requires a purchasing agent and purchasing department manager to sign off on asset purchases over $1,500 is an example of
A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a
strategic master plan.
A ________ is created to guide and oversee systems development and acquisition.
A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates.
project development plan
Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Folding Squid Technologies
hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
The Sarbanes-Oxley Act (SOX) applies to
all publicly held companies
Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his company’s budgeting practices. It seems that, as a result of “budget handcuffs” that require managers to explain material deviations from budgeted expenditures, his ability to creatively manage his department’s activities have been curtailed. The level of control that the company is using in this case is a
diagnostic control system.
Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his work environment. It seems that, as a result of “feminazi” interference, the suggestive banter that had been prevalent in the workplace during his youth was no longer acceptable. He even had to sit through a sexual harassment workshop! The level of control that the company is using in this case is a
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the impact of this risk without insurance?
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss without insurance?
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss with insurance?
River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance?
Due to data errors occurring from time to time in processing the Albert Company’s payroll, the company’s management is considering the addition of a data validation control procedure that is projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is estimated to be $11,000. The cost of implementing the data validation control procedure is expected to be $700. Which of the following statements is true?
The data validation control procedure should be implemented because its net estimated benefit is $510.
The organization chart for Geerts Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness?
Assigning the programming and operating of the computer system to an independent control group which reports to the controller
Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. They are transitioning from a ________ to a ________ control framework.
FranticHouse Partners, L.L.C., does home remodeling and repair. All employees are bonded, so the firm’s risk exposure to employee fraud is
FranticHouse Partners, L.L.C., does home remodeling and repair. The firm does not accept jobs that require the installation of slate or copper roofing because these materials often require costly post-installation services. The firm’s risk exposure to costly post-installation services is
According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except
reporting potential risks to auditors.
Need essay sample on "ACC 324 Ch. 7"? We will write a custom essay sample specifically for you for only $ 13.90/page