Accounting Information Systems 1st Edition Test Bank – Vernon Richardson - Rod Smith - Chengyee Chang

Accounting Information Systems 1st Edition Test Bank – Vernon Richardson – Rod Smith – Chengyee Chang

$29.99

Title : Accounting Information Systems

Author : Vernon Richardson – Vernon Richardson – Rod Smith

Edition : 1st Edition

Type : Test Bank

Product Description

Accounting Information Systems 1st Edition Test Bank – Vernon Richardson – Rod Smith – Chengyee Chang

Accounting Information Systems 1st Edition Test Bank – Vernon Richardson – Rod Smith – Chengyee Chang

Sample:

Chapter 10

Accounting Information Systems and Internal Controls
True / False Questions

1. The Sarbanes-Oxley Act of 2002 (SOX) 2002 requires the management of all companies and their auditors to assess and report on the design and effectiveness of internal control over financial reporting annually.

True    False

 

2. According to the Sarbanes-Oxley Act of 2002, it is the responsibility of the Board of Directors to establish and maintain the effectiveness of internal control.

True    False

 

3. In a computerized environment, internal controls can be categorized as general controls and application controls.

True    False

 

4. Internal controls guarantee the accuracy and reliability of accounting records.

True    False

 

5. Segregation of duties reduces the risk of errors and irregularities in accounting records.

True    False

 

6. The chief executive officer is ultimately responsible for enterprise risk management.

True    False

 

7. The risk of a company’s internal auditing processes failing to catch the misstated dollar amount of revenue on the company’s income statement is classified as inherent risk.

True    False

 

8. Processing controls are IT general controls.

True    False

 

9. COBIT (Control Objectives for Information and related Technology) is a generally accepted framework for IT governance in the U.S.

True    False

 

10. The main objective of the ISO 27000 series is to provide a model for establishing, implementing, operating, monitoring, maintaining, and improving information security.

True    False

 

11. Given the requirement of the Sarbanes-Oxley Act of 2002 (SOX), the Public Company Accounting Oversight Board (PCAOB) established the Securities and Exchange Commission (SEC) to provide independent oversight of public accounting firms.

True    False

 

12. Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (AS 5) encourages auditors to start from the basic/bottom of financial records to identify the key controls.

True    False

 

13. Corporate governance is a set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders.

True    False

 

14. Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

True    False

 

15. A firm must establish control policies, procedures, and practices that ensure the firm’s business objectives are achieved and its risk mitigation strategies are carried out.

True    False

 
Multiple Choice Questions

16. According to COSO, which of the following components of the enterprise risk management addresses an entity’s integrity and ethical values?

A. Information and communication

 

B. Internal environment.

 

C. Risk assessment.

 

D. Control activities.

 

17. Which of the following items is one of the eight components of COSO’s enterprise risk management framework?

A. Operations.

 

B. Reporting.

 

C. Monitoring.

 

D. Compliance.

 

18. In a large pubic corporation, evaluating internal control procedures should be responsibility of:

A. Accounting management staff who report to the CFO.

 

B. Internal audit staff who report to the board of directors.

 

C. Operations management staff who report to the chief operation officer.

 

D. Security management staff who report to the chief facilities officer.

 

19. Which of the following represents an inherent limitation of internal controls?

A. Bank reconciliations are not performed on a timely basis.

 

B. The CEO can request a check with no purchase order.

 

C. Customer credit check not performed.

 

D. Shipping documents are not matched to sales invoices.

 

20. Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?

A. Disclosing lack of segregation of duties to external auditors during the annual review.

 

B. Replacing personnel every three or four years.

 

C. Requiring accountants to pass a yearly background check.

 

D. Allowing for greater management oversight of incompatible activities.

 

21. Review of the audit log is an example of which of the following types of security control?

A. Governance.

 

B. Detective.

 

C. Preventive.

 

D. Corrective.

 

22. Which of the following is not a component of internal control as defined by COSO?

A. Control environment.

 

B. Control activities.

 

C. Inherent risk

 

D. Monitoring.

 

23. Which of the following is considered an application input control?

A. Run control total.

 

B. Edit check.

 

C. Reporting distribution log.

 

D. Exception report.

 

24. Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?

A. Segregation of duties.

 

B. Ensure proper authorization of transactions.

 

C. Adequately safeguard assets.

 

D. Independently verify the transactions.

 

25. Which of the following statement is correct regarding internal control?

A. A well-designed internal control environment ensures the achievement of an entity’s control objectives.

 

B. An inherent limitation to internal control is the fact that controls can be circumvented by management override.

 

C. A well-designed and operated internal control environment should detect collusion perpetrated by two people.

 

D. Internal control in a necessary business function and should be designed and operated to detect errors and fraud.

 

26. Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:

A. Authorized.

 

B. Implemented.

 

C. Tested.

 

D. Monitored.

 

27. A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following response to the risk?

A. Risk reduction.

 

B. Prospect theory.

 

C. Risk sharing.

 

D. Risk acceptance.

 

28. Each of the following types of controls is considered to be an entity-level control, except those:

A. Relating to the control environment.

 

B. Pertaining to the company’s risk assessment process.

 

C. Regarding the company’s annual stockholder meeting.

 

D. Addressing policies over significant risk management practices

 

29. Controls in the information technology area are classified into preventive, detective, and corrective categories. Which of the following is preventive control?

A. Contingency planning.

 

B. Hash total.

 

C. Echo check.

 

D. Access control software.

 

30. All of the following are examples of internal control procedures except

A. Using pre-numbered documents

 

B. Reconciling the bank statement

 

C. Customer satisfaction surveys

 

D. Insistence that employees take vacations

 

31. The Public Company Accounting Oversight Board (PCAOB) is not responsible for standards related to:

A. Accounting practice.

 

B. Attestation.

 

C. Auditing.

 

D. Quality control over attestation and/or assurance.

 

32. Which of the following most likely would not be considered as an inherent limitation of the effectiveness of a firm’s internal control?

A. Incompatible duties.

 

B. Management override.

 

C. Mistakes in judgment.

 

D. Collusion among employees.

 

33. According to COSO which of the following is not a component of internal control?

A. Control risk.

 

B. Control activities.

 

C. Monitoring.

 

D. Control environment.

 

34. When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that

A. Internal control may be ineffective due to mistakes in judgment and personal carelessness.

 

B. Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.

 

C. Establishing and maintaining internal control is an important responsibility of management.

 

D. The cost of an entity’s internal control should not exceed the benefits expected to be derived.

 

35. Proper segregation of duties calls for separation of the following functions:

A. Authorization, execution, and payment.

 

B. Authorization, recording, and custody.

 

C. Custody, execution, and reporting.

 

D. Authorization, payment, and recording.

 

36. An entity’s ongoing monitoring activities often include

A. Periodic audits by the audit committee.

 

B. Reviewing the purchasing function.

 

C. The audit of the annual financial statements.

 

D. Control risk assessment in conjunction with quarterly reviews.

 

37. The overall attitude and awareness of a firm’s top management and board of directors concerning the importance of internal control is often reflected in its

A. Computer-based controls.

 

B. System of segregation of duties.

 

C. Control environment.

 

D. Safeguards over access to assets.

 

38. Management philosophy and operating style would have a relatively less significant influence on a firm’s control environment when

A. The internal auditor reports directly to the controller.

 

B. Management is dominated by one individual.

 

C. Accurate management job descriptions delineate specific duties.

 

D. The audit committee does not have regular meetings.

 

39. Control risk should be assessed in terms of

A. Specific controls.

 

B. Types of potential fraud.

 

C. Financial statement assertions.

 

D. Control environment factors.

 

40. An auditor assesses control risk because it

A. is relevant to the auditor’s understanding of the control environment.

 

B. provides assurance that the auditor’s materiality levels are appropriate.

 

C. indicates to the auditor where inherent risk may be the greatest.

 

D. affects the level of detection risk that the auditor may accept.

 

41. The framework could be used by management in its internal control assessment under requirements of SOX is the:

A. COSO internal framework.

 

B. COSO enterprise risk management framework.

 

C. COBIT framework.

 

D. All of the above are correct.

 

42. The internal control provisions of SOX apply to which companies in the United States?

A. All companies.

 

B. SEC registrants.

 

C. All issuer (public) companies and nonissuer (nonpublic) companies with more than $100,000,000 of net worth.

 

D. All nonissuer companies.

 

43. Reconciliation of cash accounts may be referred to as what type of control?

A. Detective.

 

B. Preventive.

 

C. Adjustive.

 

D. Non-routine.

 

44. Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should

A. Add the checks to the daily cash summary.

 

B. Verify that each check is supported by a pre-numbered sales invoice.

 

C. Prepare a summary listing of checks received.

 

D. Record the checks in the cash receipts journal.

 

45. Tracing shipping documents to pre-numbered sales invoices provides evidence that

A. No duplicate shipments or billings occurred.

 

B. Shipments to customers were properly invoiced.

 

C. All goods ordered by customers were shipped.

 

D. All pre-numbered sales invoices were accounted for.

 

46. Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?

A. Hash total.

 

B. Parity check.

 

C. Encryption.

 

D. Check digit.

 

47. A customer intended to order 100 units of a product A, but incorrectly ordered nonexistent product B. Which of the following controls most likely would detect this error?

A. Validity check

 

B. Record count

 

C. Hash total

 

D. Parity check

 

48. Which of the following is an example of a validity check?

A. The computer ensures that a numerical amount in a record does not exceed some predetermined amount.

 

B. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out.

 

C. The computer flags any transmission for which the control field value did not match that of an existing file record.

 

D. After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent.

 

49. Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?

A. Check digit.

 

B. Validity check.

 

C. Echo check.

 

D. Limit check.

 
Essay Questions

50. Put the listed steps in the corresponding parentheses in the risk assessment and response approach diagram below.

(A) Avoid, share or accept risk
(B) Reduce risk by implementing controls
(C) Is it cost beneficial to protect the firm from the risk?
(D) Estimate the likelihood of each risk occurring
(E) Identify control to mitigate the risk
(F) Estimate the costs and benefits from instituting controls
(G) Identify the risks
(H) Estimate the impact or potential loss, from each risk

 

 

 

 

51. What is the impact of the Sarbanes-Oxley Act of 2002 (SOX) on public companies and public accounting firms?

 

 

 

 

52. Describe the three categories of objectives and five essential components of the COSO 2.0 framework.

 

 

 

 

53. What are the three main functions of COSO ERM?

 

 

 

 

54. What are the definitions of “governance” and “management” in the COBIT 5.0 framework?

 

 

 

 

55. Discuss the ethical values created in Starbucks. How do they help to form the firm’s control environment?

 

 

 

 

56. The information system of Company ABC is deemed to be 90% reliable. A major threat has been identified with an exposure of $5,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost of $140,000 and reduce the risk to 4%. Implementation of control B would cost $100,000 and reduce the risk to 6%. Implementation of both controls would cost $220,000 and reduce the risk to 2%. Given the data and based solely on an economic analysis of costs and benefits, which control procedure should you choose?

 

 

 

 

57. Which internal control(s) would you recommend to prevent the following situations from occurring?

a. While entering the details about a large credit sale, a clerk mistakenly typed in a nonexistent account number. Consequently, the company never received the payment from this customer.
b. A customer filled in a wrong account number on the remittance advice. Consequently, a clerk entered the same number into the system, and the payment was credited to another customer’s account.
c. After processing a large sales transaction, the inventory records showed negative quantities on hand for several items.

 

 

 

 

Chapter 10 Accounting Information Systems and Internal Controls Answer Key

True / False Questions

1. The Sarbanes-Oxley Act of 2002 (SOX) 2002 requires the management of all companies and their auditors to assess and report on the design and effectiveness of internal control over financial reporting annually.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Reporting
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

2. According to the Sarbanes-Oxley Act of 2002, it is the responsibility of the Board of Directors to establish and maintain the effectiveness of internal control.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

3. In a computerized environment, internal controls can be categorized as general controls and application controls.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Control and Governance Frameworks
 

 

4. Internal controls guarantee the accuracy and reliability of accounting records.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

5. Segregation of duties reduces the risk of errors and irregularities in accounting records.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

6. The chief executive officer is ultimately responsible for enterprise risk management.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

7. The risk of a company’s internal auditing processes failing to catch the misstated dollar amount of revenue on the company’s income statement is classified as inherent risk.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

8. Processing controls are IT general controls.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

9. COBIT (Control Objectives for Information and related Technology) is a generally accepted framework for IT governance in the U.S.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-03 Describe the overall COBIT framework and its implications for IT governance.
Source: Original
Topic: Control and Governance Frameworks
 

 

10. The main objective of the ISO 27000 series is to provide a model for establishing, implementing, operating, monitoring, maintaining, and improving information security.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-04 Describe other governance frameworks related to information systems management and security.
Source: Original
Topic: Control and Governance Frameworks
 

 

11. Given the requirement of the Sarbanes-Oxley Act of 2002 (SOX), the Public Company Accounting Oversight Board (PCAOB) established the Securities and Exchange Commission (SEC) to provide independent oversight of public accounting firms.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

12. Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (AS 5) encourages auditors to start from the basic/bottom of financial records to identify the key controls.

FALSE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

13. Corporate governance is a set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

14. Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

15. A firm must establish control policies, procedures, and practices that ensure the firm’s business objectives are achieved and its risk mitigation strategies are carried out.

TRUE

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

Multiple Choice Questions

16. According to COSO, which of the following components of the enterprise risk management addresses an entity’s integrity and ethical values?

A. Information and communication

 

B. Internal environment.

 

C. Risk assessment.

 

D. Control activities.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2009 examination, adapted
Topic: Control and Governance Frameworks
 

 

17. Which of the following items is one of the eight components of COSO’s enterprise risk management framework?

A. Operations.

 

B. Reporting.

 

C. Monitoring.

 

D. Compliance.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2012 examination, adapted
Topic: Control and Governance Frameworks
 

 

18. In a large pubic corporation, evaluating internal control procedures should be responsibility of:

A. Accounting management staff who report to the CFO.

 

B. Internal audit staff who report to the board of directors.

 

C. Operations management staff who report to the chief operation officer.

 

D. Security management staff who report to the chief facilities officer.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Reporting
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: CPA 2012 examination, adapted
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

19. Which of the following represents an inherent limitation of internal controls?

A. Bank reconciliations are not performed on a timely basis.

 

B. The CEO can request a check with no purchase order.

 

C. Customer credit check not performed.

 

D. Shipping documents are not matched to sales invoices.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2009 examination, adapted
Topic: Control and Governance Frameworks
 

 

20. Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?

A. Disclosing lack of segregation of duties to external auditors during the annual review.

 

B. Replacing personnel every three or four years.

 

C. Requiring accountants to pass a yearly background check.

 

D. Allowing for greater management oversight of incompatible activities.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2012 examination, adapted
Topic: Control and Governance Frameworks
 

 

21. Review of the audit log is an example of which of the following types of security control?

A. Governance.

 

B. Detective.

 

C. Preventive.

 

D. Corrective.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2012 examination, adapted
Topic: Control and Governance Frameworks
 

 

22. Which of the following is not a component of internal control as defined by COSO?

A. Control environment.

 

B. Control activities.

 

C. Inherent risk

 

D. Monitoring.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2011 examination, adapted
Topic: Control and Governance Frameworks
 

 

23. Which of the following is considered an application input control?

A. Run control total.

 

B. Edit check.

 

C. Reporting distribution log.

 

D. Exception report.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2010 examination, adapted
Topic: Control and Governance Frameworks
 

 

24. Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?

A. Segregation of duties.

 

B. Ensure proper authorization of transactions.

 

C. Adequately safeguard assets.

 

D. Independently verify the transactions.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2012 examination, adapted
Topic: Control and Governance Frameworks
 

 

25. Which of the following statement is correct regarding internal control?

A. A well-designed internal control environment ensures the achievement of an entity’s control objectives.

 

B. An inherent limitation to internal control is the fact that controls can be circumvented by management override.

 

C. A well-designed and operated internal control environment should detect collusion perpetrated by two people.

 

D. Internal control in a necessary business function and should be designed and operated to detect errors and fraud.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2011 examination, adapted
Topic: Control and Governance Frameworks
 

 

26. Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:

A. Authorized.

 

B. Implemented.

 

C. Tested.

 

D. Monitored.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2012 examination, adapted
Topic: Control and Governance Frameworks
 

 

27. A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following response to the risk?

A. Risk reduction.

 

B. Prospect theory.

 

C. Risk sharing.

 

D. Risk acceptance.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2012 examination, adapted
Topic: Control and Governance Frameworks
 

 

28. Each of the following types of controls is considered to be an entity-level control, except those:

A. Relating to the control environment.

 

B. Pertaining to the company’s risk assessment process.

 

C. Regarding the company’s annual stockholder meeting.

 

D. Addressing policies over significant risk management practices

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2011 examination, adapted
Topic: Control and Governance Frameworks
 

 

29. Controls in the information technology area are classified into preventive, detective, and corrective categories. Which of the following is preventive control?

A. Contingency planning.

 

B. Hash total.

 

C. Echo check.

 

D. Access control software.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: CPA 2009 examination, adapted
Topic: Control and Governance Frameworks
 

 

30. All of the following are examples of internal control procedures except

A. Using pre-numbered documents

 

B. Reconciling the bank statement

 

C. Customer satisfaction surveys

 

D. Insistence that employees take vacations

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

31. The Public Company Accounting Oversight Board (PCAOB) is not responsible for standards related to:

A. Accounting practice.

 

B. Attestation.

 

C. Auditing.

 

D. Quality control over attestation and/or assurance.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

32. Which of the following most likely would not be considered as an inherent limitation of the effectiveness of a firm’s internal control?

A. Incompatible duties.

 

B. Management override.

 

C. Mistakes in judgment.

 

D. Collusion among employees.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

33. According to COSO which of the following is not a component of internal control?

A. Control risk.

 

B. Control activities.

 

C. Monitoring.

 

D. Control environment.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

34. When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that

A. Internal control may be ineffective due to mistakes in judgment and personal carelessness.

 

B. Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.

 

C. Establishing and maintaining internal control is an important responsibility of management.

 

D. The cost of an entity’s internal control should not exceed the benefits expected to be derived.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Risk Analysis
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

35. Proper segregation of duties calls for separation of the following functions:

A. Authorization, execution, and payment.

 

B. Authorization, recording, and custody.

 

C. Custody, execution, and reporting.

 

D. Authorization, payment, and recording.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

36. An entity’s ongoing monitoring activities often include

A. Periodic audits by the audit committee.

 

B. Reviewing the purchasing function.

 

C. The audit of the annual financial statements.

 

D. Control risk assessment in conjunction with quarterly reviews.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

37. The overall attitude and awareness of a firm’s top management and board of directors concerning the importance of internal control is often reflected in its

A. Computer-based controls.

 

B. System of segregation of duties.

 

C. Control environment.

 

D. Safeguards over access to assets.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

38. Management philosophy and operating style would have a relatively less significant influence on a firm’s control environment when

A. The internal auditor reports directly to the controller.

 

B. Management is dominated by one individual.

 

C. Accurate management job descriptions delineate specific duties.

 

D. The audit committee does not have regular meetings.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

39. Control risk should be assessed in terms of

A. Specific controls.

 

B. Types of potential fraud.

 

C. Financial statement assertions.

 

D. Control environment factors.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

40. An auditor assesses control risk because it

A. is relevant to the auditor’s understanding of the control environment.

 

B. provides assurance that the auditor’s materiality levels are appropriate.

 

C. indicates to the auditor where inherent risk may be the greatest.

 

D. affects the level of detection risk that the auditor may accept.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

41. The framework could be used by management in its internal control assessment under requirements of SOX is the:

A. COSO internal framework.

 

B. COSO enterprise risk management framework.

 

C. COBIT framework.

 

D. All of the above are correct.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

42. The internal control provisions of SOX apply to which companies in the United States?

A. All companies.

 

B. SEC registrants.

 

C. All issuer (public) companies and nonissuer (nonpublic) companies with more than $100,000,000 of net worth.

 

D. All nonissuer companies.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

43. Reconciliation of cash accounts may be referred to as what type of control?

A. Detective.

 

B. Preventive.

 

C. Adjustive.

 

D. Non-routine.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

44. Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should

A. Add the checks to the daily cash summary.

 

B. Verify that each check is supported by a pre-numbered sales invoice.

 

C. Prepare a summary listing of checks received.

 

D. Record the checks in the cash receipts journal.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

45. Tracing shipping documents to pre-numbered sales invoices provides evidence that

A. No duplicate shipments or billings occurred.

 

B. Shipments to customers were properly invoiced.

 

C. All goods ordered by customers were shipped.

 

D. All pre-numbered sales invoices were accounted for.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

46. Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?

A. Hash total.

 

B. Parity check.

 

C. Encryption.

 

D. Check digit.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

47. A customer intended to order 100 units of a product A, but incorrectly ordered nonexistent product B. Which of the following controls most likely would detect this error?

A. Validity check

 

B. Record count

 

C. Hash total

 

D. Parity check

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

48. Which of the following is an example of a validity check?

A. The computer ensures that a numerical amount in a record does not exceed some predetermined amount.

 

B. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out.

 

C. The computer flags any transmission for which the control field value did not match that of an existing file record.

 

D. After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

49. Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?

A. Check digit.

 

B. Validity check.

 

C. Echo check.

 

D. Limit check.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

Essay Questions

50. Put the listed steps in the corresponding parentheses in the risk assessment and response approach diagram below.

(A) Avoid, share or accept risk
(B) Reduce risk by implementing controls
(C) Is it cost beneficial to protect the firm from the risk?
(D) Estimate the likelihood of each risk occurring
(E) Identify control to mitigate the risk
(F) Estimate the costs and benefits from instituting controls
(G) Identify the risks
(H) Estimate the impact or potential loss, from each risk

G D H E F C A (No) B (yes)

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

51. What is the impact of the Sarbanes-Oxley Act of 2002 (SOX) on public companies and public accounting firms?

SOX requires public companies registered with the SEC and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting.

SOX also established the Public Company Accounting Oversight Board (PCAOB) to provide independent oversight of public accounting firms. The PCAOB issues auditing standards and oversees quality controls of public accounting firms.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: 10-01 Explain essential control concepts and why a code of ethics and internal controls are important.
Source: Original
Topic: Ethics, Sarbanes-Oxley Act 2002 and Corporate Governance
 

 

52. Describe the three categories of objectives and five essential components of the COSO 2.0 framework.

Objectives:

1) Operations Objectives – effectiveness and efficiency of a firm’s operations on financial performance goals and safeguarding assets.
2) Reporting Objectives – reliability of reporting, including internal and external financial and non-financial reporting.
3) Compliance Objectives – adherence to applicable laws and regulations.

Five components of internal control:

1) Control Environment — include the management’s philosophy and operating style, integrity and ethical values of employees, organizational structure, the role of the audit committee, proper board oversight for the development and performance of internal control, and personnel policies and practices.
2) Risk Assessment — Risk assessment involves a dynamic process for identifying and analyzing a firm’s risks from external and internal environments.
3) Control Activities — A firm must establish control policies, procedures, and practices that ensure the firm’s objectives are achieved and risk mitigation strategies are carried out.
4) Information and Communication — Relevant information should be identified, captured, and communicated in a form and timeframe that enables employees to carry out their duties.
5) Monitoring Activities — The design and effectiveness of internal controls should be monitored by management and other parties outside the process in an ongoing basis.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

53. What are the three main functions of COSO ERM?

Identifies potential events that may affect the firm
Manages risk to be within the firm’s risk appetite
Provides reasonable assurance regarding the achievement of the firm’s objectives.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

54. What are the definitions of “governance” and “management” in the COBIT 5.0 framework?

COBIT 5.0 defines “governance” as ensuring that firm objectives are achieved by evaluating stakeholder needs; setting direction through decision making; and monitoring performance, compliance and progress. In most firms, the board of directors is responsible for governance. Per COBIT 5, “management” includes planning, building, running and monitoring activities in alignment with the direction in achieving the firm objectives.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Reporting
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-03 Describe the overall COBIT framework and its implications for IT governance.
Source: Original
Topic: Control and Governance Frameworks
 

 

55. Discuss the ethical values created in Starbucks. How do they help to form the firm’s control environment?

Students’ answers may vary.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

56. The information system of Company ABC is deemed to be 90% reliable. A major threat has been identified with an exposure of $5,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost of $140,000 and reduce the risk to 4%. Implementation of control B would cost $100,000 and reduce the risk to 6%. Implementation of both controls would cost $220,000 and reduce the risk to 2%. Given the data and based solely on an economic analysis of costs and benefits, which control procedure should you choose?

Estimate value of control A: 5,000,000*(10% – 4%) = $300,000 (problem states that Control A reduces the risk TO 4%)
Estimate value of control B: 5,000,000*(10% – 6%) = $200,000 (problem states that Control A reduced the risk TO 6%)
Estimate value of control A&B: 5,000,000*(10% – 2%) = $400,000
Benefits exceed cost of A: 300,000 – 140,000 = 160,000
Benefits exceed cost of B: 200,000 – 100,000 = 100,000
Benefits exceed cost of A&B: 400,000 – 220,000 = 180,000
Choose Control C.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

57. Which internal control(s) would you recommend to prevent the following situations from occurring?

a. While entering the details about a large credit sale, a clerk mistakenly typed in a nonexistent account number. Consequently, the company never received the payment from this customer.
b. A customer filled in a wrong account number on the remittance advice. Consequently, a clerk entered the same number into the system, and the payment was credited to another customer’s account.
c. After processing a large sales transaction, the inventory records showed negative quantities on hand for several items.

a. Use Validity check for actual customer records.
b. Use Closed-loop verification when entering customers’ account numbers.
c. Use sign check on quantity on hand.

 

AACSB: Reflective Thinking
AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: 10-02 Explain the objectives and components of the COSO internal control framework and the COSO enterprise risk management framework.
Source: Original
Topic: Control and Governance Frameworks
 

 

Accounting Information Systems 1st Edition Test Bank – Vernon Richardson – Rod Smith – Chengyee Chang

Reviews

There are no reviews yet.

Be the first to review “Accounting Information Systems 1st Edition Test Bank – Vernon Richardson – Rod Smith – Chengyee Chang”

Your email address will not be published. Required fields are marked *