Accounting Information Systems : The Crossroads of Accounting and IT 2nd Edition Test Bank – Donna Kay – Ali Ovlia

Accounting Information Systems : The Crossroads of Accounting and IT 2nd Edition Test Bank – Donna Kay – Ali Ovlia

$29.99

Title : Accounting Information Systems : The Crossroads of Accounting and IT

Author : Donna Kay – Ali Ovlia

Edition : 2nd Edition

Type : Test Bank

Product Description

Accounting Information Systems : The Crossroads of Accounting and IT 2nd Edition Test Bank – Donna Kay – Ali Ovlia

Accounting Information Systems : The Crossroads of Accounting and IT 2nd Edition Test Bank – Donna Kay – Ali Ovlia

Accounting Information Systems, 2e (Kay/Ovlia)

Sample 

Chapter 10   Fraud and Internal Control

 

Objective 1

 

1) Motive and opportunity without means still results in fraud.

Answer:  FALSE

Diff: 1

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

2) Corruption involves theft of assets for personal gain.

Answer:  FALSE

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

3) Fraudulent financial reporting includes misstating financial statements to meet earnings targets.

Answer:  TRUE

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

4) Not even the strongest system of controls can eliminate all risk of organizations being defrauded by employees who are sufficiently motivated to find loopholes.

Answer:  TRUE

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

5) ________ includes illegal acts such as bribery, kickbacks, money laundering, and rigging bids.

Answer:  Corruption

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

6) ________ focuses on managing when revenues and expenses are recorded in order to favorably reflect a company’s financial performance in a legal manner.

Answer:  Earnings management

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

7) ________ should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.

Answer:  Fraud Risk Assessment

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

 

8) ________ techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.

Answer:  Detection

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

9) What percentage of occupational fraud is committed by the accounting department?

  1. A) 10%
  2. B) 29%
  3. C) 12%
  4. D) 21%

Answer:  B

Diff: 3

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

10) What percentage of occupational fraud is committed by upper management?

  1. A) 19%
  2. B) 33%
  3. C) 29%
  4. D) 12%

Answer:  A

Diff: 3

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

11) How long does the typical fraud last before being detected?

  1. A) Six months
  2. B) One year
  3. C) Two years
  4. D) Three years

Answer:  C

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

12) What percentage of fraud cases were inadequate internal controls cited as a primary contributing factor?

  1. A) 48%
  2. B) 29%
  3. C) 35%
  4. D) 42%

Answer:  C

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

 

13) Earnings management focuses on managing when revenues and expenses are recorded in order to favorably reflect a company’s financial performance in a(n) ________.

  1. A) illegal manner
  2. B) legal manner
  3. C) questionable manner
  4. D) vague manner

Answer:  B

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

14) List the three fraud and abuse categories. Provide examples.

Answer:

  1. Corruption, such as bribery
  2. Misappropriation of assets, including theft of cash, fraudulent disbursements, or stealing merchandise
  3. Fraudulent financial reporting, such as misstating financial statements in order to meet earnings targets (acfe.com, 2009)

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

15) What three things must a perpetrator have to commit fraud? Include a brief description of each.

Answer:  The perpetrator must have motive — reason for committing the fraud, such as financial difficulties.

 

The perpetrator must have opportunity — access to the asset or financial statements in order to carry out the fraud.

 

The perpetrator must have the means to carry out the fraud — knowledge or skills that permit the perpetrator to commit the crime.

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

 

 

16) List and describe the principles for establishing an environment to effectively manage fraud risk.

Answer:

Principle 1: Fraud Risk Governance. As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.

 

Principle 2: Fraud Risk Assessment. Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.

 

Principle 3: Fraud Prevention. Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.

 

Principle 4: Fraud Detection. Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.

 

Principle 5: Fraud Investigation and Corrective Action. A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely (Managing the Business Risk of Fraud: A Practical Guide, 2009 Ibid).

Diff: 2

Objective:  Q10.1 Fraud: What will I tell my MOM?

Objective 2

 

1) The accounting profession is self-regulated.

Answer:  FALSE

Diff: 2

Objective:  Q10.2 What is SOX?

 

2) The SOX legislation basically requires management of privately held companies must assess and report on the effectiveness of internal controls for financial reporting using a recognized framework.

Answer:  FALSE

Diff: 2

Objective:  Q10.2 What is SOX?

 

3) SOX emphasizes a strong system of internal control as a way of avoiding Enron-sized accounting frauds.

Answer:  TRUE

Diff: 2

Objective:  Q10.2 What is SOX?

 

 

4) SOX section 302 requires each annual report of a publicly traded company to contain an internal control report stating the management’s responsibility to establish and maintain an adequate system of internal control for financial reporting.

Answer:  FALSE

Diff: 2

Objective:  Q10.2 What is SOX?

 

5) SOX section 404 requires requires each annual report of a publicly traded company to contain an internal control report to contain a assessment of the effectiveness of the company’s internal control structure and procedures.

Answer:  TRUE

Diff: 2

Objective:  Q10.2 What is SOX?

 

6) SOX section 906 requires corporate management to certify reports filed with the SEC.

Answer:  TRUE

Diff: 2

Objective:  Q10.2 What is SOX?

 

7) The Sarbanes-Oxley Act of 2002, which would become known as SOX, created the ________ to oversee and regulate public companies and their auditors.

Answer:  Public Company Accounting Oversight Board (PCAOB)

Diff: 2

Objective:  Q10.2 What is SOX?

 

8) A(n) ________ over financial reporting requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively.

Answer:  audit of internal control

Diff: 2

Objective:  Q10.2 What is SOX?

9) In a(n) ________, the auditor performs tests of controls and substantive procedures.

Answer:  audit of financial statements

Diff: 2

Objective:  Q10.2 What is SOX?

 

10) A(n) ________, as required by Auditing Standard No. 5, integrates an audit of internal control with an audit of financial statements.

Answer:  integrated audit

Diff: 2

Objective:  Q10.2 What is SOX?

 

11) When investigating fraud, ________ enables auditors to extract, analyze, and interpret evidence to detect unusual patterns and irregularities.

Answer:  XBRL

Diff: 2

Objective:  Q10.2 What is SOX?

 

12) A(n) ________ in internal control over financial reporting is defined as a deficiency as such that there is a reasonable possibility that a material misstatement of financial statements will not be prevented or detected in a timely basis.

Answer:  material weakness

Diff: 2

Objective:  Q10.2 What is SOX?

 

13) Which organization was created by the Sarbanes-Oxley Act of 2002?

  1. A) Public Company Accounting Oversight Board (PCAOB)
  2. B) Institute of Management Accountants (IMA)
  3. C) Security and Exchange Commission (SEC)
  4. D) Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Answer:  A

Diff: 2

Objective:  Q10.2 What is SOX?

 

14) Which SOX section requires the chief executive officer and the chief financial officer to disclose to the auditors and the audit committee of the board of directors all significant deficiencies in internal controls, which could adversely affect the ability to record, process, summarize, and report financial data and any material weaknesses in internal controls?

  1. A) Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
  2. B) Section 404. Management Assessment of Internal Controls
  3. C) Section 906. Corporate Responsibility for Financial Reports
  4. D) Section 302. Corporate Responsibility for Financial Reports

Answer:  D

Diff: 2

Objective:  Q10.2 What is SOX?

15) Which SOX section requires the public accounting firm that audits the financial statements of the company to issue an attestation report regarding the effectiveness of the company’s internal controls?

  1. A) Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
  2. B) Section 404. Management Assessment of Internal Controls
  3. C) Section 906. Corporate Responsibility for Financial Reports
  4. D) Section 302. Corporate Responsibility for Financial Reports

Answer:  B

Diff: 2

Objective:  Q10.2 What is SOX?

 

 

16) Which audit type requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively?

  1. A) Audit of financial reporting control
  2. B) Audit of financial statements
  3. C) Audit of internal control
  4. D) IT audit

Answer:  C

Diff: 2

Objective:  Q10.2 What is SOX?

 

17) What is SOX?

Answer:  In response to the frauds and accounting scandals of 2002, the U.S. Congress passed legislation—the Sarbanes-Oxley Act of 2002, which would become known as SOX. The legislation created the Public Company Accounting Oversight Board (PCAOB) to oversee and regulate public companies and their auditors.

 

The Sarbanes-Oxley Act relates to corporate governance and financial disclosure requirements

only for organizations registered with the Securities and Exchange Commission (SEC) and listed on the U.S. stock exchanges. SOX emphasized a strong system of internal control as a means of avoiding Enron-sized accounting frauds. In addition to establishing the PCAOB to regulate the auditors of publicly traded companies, SOX legislation contains sections identifying management and external auditors’ responsibilities.

Diff: 2

Objective:  Q10.2 What is SOX?

 

18) What does Auditing Standard No. 5, an Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements, require the auditor to understand about IT?

Answer:  It requires the auditor to understand how IT affects the following:

  1. The company’s flow of transactions
  2. Internal control over financial reporting

Diff: 2

Objective:  Q10.2 What is SOX?

Objective 3

 

1) Internal control is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

Answer:  TRUE

Diff: 1

Objective:  Q10.3 What is internal control?

 

 

2) The internal control category control environment includes identifying, analyzing, and managing risks affecting the ability to report financial data properly.

Answer:  FALSE

Diff: 1

Objective:  Q10.3 What is internal control?

 

3) For internal control to be effective, an organization needs stated ________ and ________ for internal controls.

Answer:  policies, procedures

Diff: 1

Objective:  Q10.3 What is internal control?

 

4) For internal control to be effective, an organization needs ________ with internal controls.

Answer:  compliance

Diff: 1

Objective:  Q10.3 What is internal control?

 

5) The COSO ________ provides a blueprint for implementing an internal control system to assist in ensuring the reliability of financial statements and compliance with Sarbanes-Oxley legislation.

Answer:  Internal Control – Integrated Framework

Diff: 2

Objective:  Q10.3 What is internal control?

 

6) In control activities, ________ divide authorization, recording, and asset custody among different individuals.

Answer:  segregation of duties

Diff: 2

Objective:  Q10.3 What is internal control?

 

7) In control activities, ________ ensure appropriate information processing, authorization, and data integrity.

Answer:  information technology controls

Diff: 2

Objective:  Q10.3 What is internal control?

8) Which of the following is NOT the purpose of internal controls?

  1. A) Compliance with laws and regulations
  2. B) Effectiveness and efficiency of operations
  3. C) Public examine of private data
  4. D) Reliability of financial reporting

Answer:  C

Diff: 2

Objective:  Q10.3 What is internal control?

 

 

9) Which COSO Internal Control-Integrated Framework essential component of an effective internal control system involves identifying, analyzing, and managing risks that affect a company’s ability to record, process, summarize, and report financial data properly?

  1. A) Risk Assessment
  2. B) Control Environment
  3. C) Control Activities
  4. D) Monitoring

Answer:  A

Diff: 2

Objective:  Q10.3 What is internal control?

 

10) In the COSO Internal Control-Integrated Framework, risk assessment objectives include all of the following EXCEPT

  1. A) Identification and analysis of financial reporting risks
  2. B) Importance of financial reporting objectives
  3. C) Assessment of fraud risk
  4. D) Risks of financial controls

Answer:  D

Diff: 2

Objective:  Q10.3 What is internal control?

 

11) In the COSO Internal Control-Integrated Framework, control activities do NOT include

  1. A) Independent reconciliations of assets and accounting records
  2. B) Physical controls
  3. C) Segregation of duties
  4. D) Management controls

Answer:  D

Diff: 2

Objective:  Q10.3 What is internal control?

 

12) Which COSO Internal Control-Integrated Framework essential component of an effective internal control system includes the accounting system for identifying, recording, processing, and reporting transactions and financial data?

  1. A) Monitoring
  2. B) Information and Communication
  3. C) Control Activities
  4. D) Control Environment

Answer:  B

Diff: 2

Objective:  Q10.3 What is internal control?

 

13) Which COSO Internal Control-Integrated Framework essential component of an effective internal control system involves assessing internal controls as well as the process for taking corrective action?

  1. A) Control Environment
  2. B) Risk Assessment
  3. C) Monitoring
  4. D) Control Activities

Answer:  C

Diff: 2

Objective:  Q10.3 What is internal control?

 

14) What are the objectives of internal control?

Answer:  The objectives of internal control are:

  1. Effectiveness and efficiency of operations
  2. Reliability of financial reporting
  3. Compliance with laws and regulations

Diff: 2

Objective:  Q10.3 What is internal control?

 

15) What is internal control and what is its purpose?

Answer:  Internal control is a process, effected by an entity’s board of directors, management, and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations (coso. org, 2009).

Diff: 2

Objective:  Q10.3 What is internal control?

 

16) What are the five major categories of internal control?

Answer:

  1. Control environment
  2. Risk assessment
  3. Information and communications systems relevant to financial reporting
  4. Control activities
  5. Monitoring of controls

Diff: 2

Objective:  Q10.3 What is internal control?

 

 

17) What factors are part of the control environment?

Answer:

– integrity and ethical values

– importance of board of directors

– management philosophy and operating style

-organizational structure

– commitment to financial reporting competencies

– authority and responsibility

– human resources

Diff: 2

Objective:  Q10.3 What is internal control?

18) List and describe the control activities for mitigating financial, operational, and compliance controls risks.

Answer:

– Segregation of duties to divide authorization, recording, and asset custody among different individuals. For example, the person responsible for custody of an inventory of digital cameras should not also have access to the accounting records. If the inventory clerk stole 10 digital cameras to give to family and friends, the accounting records should show a discrepancy between the actual physical count of inventory that would be 10 cameras short versus the accounting records.

– Independent reconciliations of assets and accounting records, such as bank statement reconciliations and inventory reconciliations.

– Physical controls to provide for physical security of assets, such as security cameras and restricted access to corporate buildings.

– Information technology (IT) controls to ensure appropriate information processing, authorization, and data integrity. An example of an IT control would be data validation, techniques to ensure that only valid data is entered, such as five spaces for ZIP code.

Diff: 2

Objective:  Q10.3 What is internal control?

 

19) Internal control is a set of policies, procedures, and activities to achieve an enterprise’s objectives that are related to what?

Answer:

  1. Effective and efficient operations.
  2. Reliable financial reporting, preventing and detecting both intentional errors (fraud) and unintentional errors (mistakes).
  3. Safeguard assets including information assets associated with the accounting system.
  4. Comply with applicable laws and regulations.

Diff: 2

Objective:  Q10.3 What is internal control?

 

 

20) For internal control to be effective what two things does an enterprise need?

Answer:

  1. Stated policies and procedures for internal controls, and
  2. Compliance with internal controls (individuals comply with or follow the policies and procedures)

Diff: 2

Objective:  Q10.3 What is internal control?

 

Objective 4

 

1) Increasingly the expectation is that the auditor and the IT professional learn more about the other’s field.

Answer:  TRUE

Diff: 2

Objective:  Q10.4 What are IT controls?

 

2) Internal controls for the accounting system are incomplete without IT controls.

Answer:  TRUE

Diff: 2

Objective:  Q10.4 What are IT controls?

3) Application controls ensure completeness and accuracy of transaction processing, authorization, and validity.

Answer:  TRUE

Diff: 2

Objective:  Q10.4 What are IT controls?

 

4) Input controls ensure data is processed properly.

Answer:  FALSE

Diff: 1

Objective:  Q10.4 What are IT controls?

 

5) Processing controls ensure reports and other output are distributed properly.

Answer:  FALSE

Diff: 1

Objective:  Q10.4 What are IT controls?

 

6) IT general controls have a pervasive effect on all internal controls.

Answer:  TRUE

Diff: 1

Objective:  Q10.4 What are IT controls?

 

7) ________ controls include IT governance at top management levels where strategic business objectives are set and policies are established.

Answer:  Entity-level IT

Diff: 2

Objective:  Q10.4 What are IT controls?

 

8) ________ controls are embedded within business process applications.

Answer:  Application

Diff: 2

Objective:  Q10.4 What are IT controls?

 

9) ________ controls support application controls to provide a reliable operating environment.

Answer:  IT general

Diff: 2

Objective:  Q10.4 What are IT controls?

 

10) Which level in the company corresponds to the Entity-Level IT Controls?

  1. A) Top management
  2. B) Information management
  3. C) Business processes
  4. D) IT services

Answer:  A

Diff: 2

Objective:  Q10.4 What are IT controls?

11) Which of the following is NOT part of the audit committee’s responsibilities?

  1. A) The organization’s compliance with legal and regulatory requirements
  2. B) The integrity of the organization’s financial statements and reports
  3. C) The organization’s policies regarding ethical conduct
  4. D) The organization’s ability to process data efficiently and effectively

Answer:  D

Diff: 2

Objective:  Q10.4 What are IT controls?

 

12) Which general IT control includes control over SDLC phases for software upgrades and modifications?

  1. A) Program development controls
  2. B) Access security controls
  3. C) Computer operations controls
  4. D) Program change controls

Answer:  D

Diff: 2

Objective:  Q10.4 What are IT controls?

 

 

13) Which general IT control covers acquisition, implementation, and maintenance of system software including the operating system, DBMS, network software, and security software?

  1. A) Access security controls
  2. B) Computer operations controls
  3. C) Program change controls
  4. D) Program development controls

Answer:  B

Diff: 2

Objective:  Q10.4 What are IT controls?

 

14) What do the audit committee’s responsibilities include?

Answer:  1. The integrity of the organization’s financial statements and reports

  1. The organization’s internal controls
  2. The organization’s compliance with legal and regulatory requirements
  3. The organization’s policies regarding ethical conduct

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

15) What are the three major objectives of an IT audit?

Answer:

  1. Confidentiality—to ensure that information in the system will only be disclosed to authorized individuals
  2. Integrity—to ensure that information provided by the system is accurate, reliable, and timely
  3. Availability—to ensure information systems are available when required and protected against disasters

Diff: 2

Objective:  Q10.5 What are service organization controls?

Objective 5

 

1) The reporting framework for Service Organization Control (SOC) consists of five SOC reports.

Answer:  FALSE

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

2) Service organizations are external organizations that perform services to the company being audited.

Answer:  TRUE

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

3) ________ reports are issued by the service organization to report on its controls relevant to a company’s internal control over financial reporting.

Answer:  SOC 1

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

4) ________ reports are issued by the service organization to report on controls other than those relevant to a company’s internal control related to financial reporting.

Answer:  SOC 2

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

5) Which report provides an opinion regarding fairness of the service organization’s description of controls other than those relevant to a company’s internal control related to financial reporting, including the service auditor tests controls and expresses an opinion regarding the effectiveness of the controls?

  1. A) SOC 1 Type 1 Report
  2. B) SOC 1 Type 2 Report
  3. C) SOC 2 Type 1 Report
  4. D) SOC 2 Type 2 Report

Answer:  D

Diff: 2

Objective:  Q10.4 What are IT controls?

 

6) Which report provides an opinion regarding fairness of the service organization’s description of controls relevant to a company’s internal control over financial reporting, but does not test the controls or express an opinion regarding the effectiveness of the controls?

  1. A) SOC 1 Type 1 Report
  2. B) SOC 1 Type 2 Report
  3. C) SOC 2 Type 1 Report
  4. D) SOC 2 Type 2 Report

Answer:  A

Diff: 2

Objective:  Q10.4 What are IT controls?

7) Which SOC report is conducted by the service organization’s auditors using Attestation Standards (AT) Section 101 and prepared using the AICPA Trust Services?

  1. A) SOC 1
  2. B) SOC 2
  3. C) SOC 3
  4. D) SOC 3 Type 2 report

Answer:  C

Diff: 2

Objective:  Q10.4 What are IT controls?

 

 

8) To attest, the auditor is

  1. A) Testifying in court
  2. B) Expressing an opinion
  3. C) Testing financial reporting controls
  4. D) Testing the fairness of the description of controls

Answer:  B

Diff: 2

Objective:  Q10.3 What is internal control?

 

 

Match the privacy principle to the correct definition.

 

  1. A) The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
  2. B) The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
  3. C) The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
  4. D) The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
  5. E) The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
  6. F) The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
  7. G) The entity provides individuals their personal information for review and update.
  8. H) The entity collects personal information only for the purposes identified in the notice.
  9. I) The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
  10. J) The entity protects personal information against unauthorized access (both physical and logical).

 

9) Management

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

10) Notice

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

11) Choice and Consent

Diff: 1

Objective:  Q10.5 What are service organization controls?

 

12) Collection

Diff: 1

Objective:  Q10.5 What are service organization controls?

 

13) Use and Retention

Diff: 1

Objective:  Q10.5 What are service organization controls?

 

14) Access

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

15) Disclosure to Third Parties

Diff: 1

Objective:  Q10.5 What are service organization controls?

 

16) Security for Privacy

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

17) Quality

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

18) Monitoring and Enforcement

Diff: 1

Objective:  Q10.5 What are service organization controls?

 

Answers: 9) A 10) B 11) I 12) H 13) C 14) G 15) E 16) J 17) D 18) F

 

19) Define the two types of SOC 1 reports.

Answer:  SOC 1 Type 1 Report: The service auditor provides an opinion regarding fairness of the service organization’s description of controls, but does not test the controls or express an opinion regarding the effectiveness of the controls.

 

SOC 1 Type 2 Report: The Type 2 report includes Type 1 information plus the service auditor tests controls and expresses an opinion regarding the effectiveness of the controls.

Diff: 2

Objective:  Q10.5 What are service organization controls?

20) Define the two types of SOC 2 reports.

Answer:  SOC 2 Type 1 Report: The service auditor provides an opinion regarding fairness of the service organization’s description of controls, but does not test the controls or express an opinion regarding the effectiveness of the controls.

SOC 2 Type 2 Report: The Type 2 report includes Type 1 information plus the service auditor tests controls and expresses an opinion regarding the effectiveness of the controls.

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

21) What is the main difference between a SOC 2 and SOC 3 report?

Answer:  The main difference between SOC 2 and SOC 3 reports is the guidance used when preparing the reports. SOC 3 reports are conducted by the service organization’s auditors using Attestation Standards (AT) Section 101 and prepared using the AICPA Trust Services.

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

 

22) List the five principle the on which the Trust Services framework is based.

Answer:  Security, Availability, Processing Integrity, Confidentiality, and Online Privacy

Diff: 2

Objective:  Q10.5 What are service organization controls?

23) Define or explain the five principle the on which the Trust Services framework is based.

Answer:  Security. The system is protected against unauthorized access, both physical and logical.

 

Availability. The system is available for use as committed or agreed. This principle does not address system functionality (the functions performed by the system) or usability (how easy the system is to use). The principle, instead, addresses system availability (whether the system is available to use).

 

Processing Integrity. System processing is accurate, timely, complete, valid, and authorized. Processing integrity is different than data integrity. For example, an organization’s system processing may be accurate; however, the data imported from external sites may contain errors, resulting in loss of data integrity.

 

Confidentiality. Confidential information is protected as committed or agreed. Whereas personal information is defined and subject to privacy regulations in a number of countries, confidential information is less well-defined. In business transactions, confidential information is often exchanged, intellectual property shared, and contractual information revealed. This principle refers to the organization’s ability to protect designated confidential information as mutually agreed. The next chapter on Cybersecurity will cover in depth some of the specific IT measures used for ensuring confidentiality of data during transmission and storage.

 

Privacy. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in GAPP issued by the AICPA and CICA. GAPP are essential to the proper protection and management of personal information. They are based on internationally known fair information practices included in many privacy laws and regulations of various jurisdictions around the world and recognized as good privacy practices.

Diff: 3

Objective:  Q10.5 What are service organization controls?

 

24) List the four aspects of the Trust Services framework.

Answer:  Policies, Communications, Procedures, and Monitoring

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

 

25) Define the four aspects of the Trust Services framework.

Answer:  Policies. The organization has defined and documented policies for the specific principle.

 

Communications. The organization has communicated its policies to responsible parties and authorized users.

 

Procedures. In accordance with its policies, the organization implemented procedures to achieve defined objectives.

 

Monitoring. The organization monitors the system and takes corrective action to maintain compliance with its policies.

Diff: 2

Objective:  Q10.5 What are service organization controls?

26) What is the purpose of the Trust Services framework?

Answer:  The purpose of this framework is to provide guiding principles for accounting practitioners who provide attestation and consulting services that involve IT-enabled systems, addressing both the risks and opportunities of IT.

Diff: 1

Objective:  Q10.5 What are service organization controls?

 

 

27) List and define the 10 generally accepted privacy principles.

Answer:

  1. Management. The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
  2. Notice. The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
  3. Choice and consent. The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
  4. Collection. The entity collects personal information only for the purposes identified in the notice.
  5. Use and retention. The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
  6. Access. The entity provides individuals with access to their personal information for review

and update.

  1. Disclosure to third parties. The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
  2. Security for privacy. The entity protects personal information against unauthorized access

(both physical and logical).

  1. Quality. The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
  2. Monitoring and enforcement. The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.

Diff: 2

Objective:  Q10.5 What are service organization controls?

 

Chapter Extension 10A

 

1) The ________ of internal auditors establishes trust and thus provides the basis for reliance on their judgment.

Answer:  integrity

Diff: 2

Objective:  Chapter 10 Extension

2) Internal auditors exhibit the highest level of professional ________ in gathering, evaluating, and communicating information about the activity or process being examined.

Answer:  objectivity

Diff: 2

Objective:  Chapter 10 Extension

 

 

Match the internal auditors code of ethics principle to the appropriate definition.

 

  1. A) Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
  2. B) The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
  3. C) Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
  4. D) Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

 

3) Competency

Diff: 2

Objective:  Chapter 10 Extension

 

4) Integrity

Diff: 1

Objective:  Chapter 10 Extension

 

5) Confidentiality

Diff: 2

Objective:  Chapter 10 Extension

 

6) Objectivity

Diff: 1

Objective:  Chapter 10 Extension

 

Answers: 3) D 4) B 5) C 6) A

 

Match the internal auditors code of conduct principle with the appropriate definition.

 

  1. A) Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
  2. B) Shall be prudent in the use and protection of information acquired in the course of their duties.
  3. C) Shall perform their work with honesty, diligence, and responsibility.
  4. D) Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment.

 

7) Competency

Diff: 2

Objective:  Chapter 10 Extension

 

8) Confidentiality

Diff: 2

Objective:  Chapter 10 Extension

 

9) Integrity

Diff: 2

Objective:  Chapter 10 Extension

 

10) Objectivity

Diff: 2

Objective:  Chapter 10 Extension

 

Answers: 7) A 8) B 9) C 10) D

 

11) Which principle in the Code of Ethics for internal auditors states that the are to make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments?

  1. A) Confidentiality
  2. B) Competency
  3. C) Objectivity
  4. D) Integrity

Answer:  C

Diff: 2

Objective:  Chapter 10 Extension

 

 

12) Which principle in the Code of Ethics for internal auditors states that they are to respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so?

  1. A) Confidentiality
  2. B) Competency
  3. C) Objectivity
  4. D) Integrity

Answer:  A

Diff: 2

Objective:  Chapter 10 Extension

13) Which Rule of Conduct for internal auditors states that they will not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization?

  1. A) Objectivity
  2. B) Integrity
  3. C) Competency
  4. D) Confidentiality

Answer:  B

Diff: 2

Objective:  Chapter 10 Extension

 

14) Which Rule of Conduct for internal auditors states that they shall respect and contribute to the legitimate and ethical objectives of the organization.

  1. A) Confidentiality
  2. B) Competency
  3. C) Objectivity
  4. D) Integrity

Answer:  D

Diff: 2

Objective:  Chapter 10 Extension

 

15) Which Rule of Conduct for internal auditors states that they are to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review?

  1. A) Objectivity
  2. B) Integrity
  3. C) Competency
  4. D) Confidentiality

Answer:  A

Diff: 2

Objective:  Chapter 10 Extension

 

 

16) Which Rule of Conduct for internal auditors states that they will not accept anything that may or be presumed to impair their professional judgment.

  1. A) Integrity
  2. B) Competency
  3. C) Objectivity
  4. D) Confidentiality

Answer:  C

Diff: 2

Objective:  Chapter 10 Extension

17) Which Rule of Conduct for internal auditors states that they are not to use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization?

  1. A) Objectivity
  2. B) Integrity
  3. C) Competency
  4. D) Confidentiality

Answer:  D

Diff: 2

Objective:  Chapter 10 Extension

 

18) Which Rule of Conduct for internal auditors states that they shall continually improve their proficiency and the effectiveness and quality of their services.

  1. A) Objectivity
  2. B) Integrity
  3. C) Competency
  4. D) Confidentiality

Answer:  C

Diff: 2

Objective:  Chapter 10 Extension

 

19) You are an internal auditor for a company with a policy stating all software on company computers must be approved and installed by the IT department. During the course of an IT audit you discover an employee has installed MP3s on their company computer. What do you do?

Answer:  Report your findings immediately.

Include the discovery in you report.

Write a proposal for correcting this security hole. The proposal should include the following:

– Recommend removing administrative rights on all company desktop and laptop computers

– Recommend granting temporary administrative rights for users to install approved software to be granted for approved software upon request by IT

– Recommend expanding the audit to include additional company desktop and laptop computers.

Diff: 2

Objective:  Chapter 10 Extension

Accounting Information Systems : The Crossroads of Accounting and IT 2nd Edition Test Bank – Donna Kay – Ali Ovlia

Reviews

There are no reviews yet.

Be the first to review “Accounting Information Systems : The Crossroads of Accounting and IT 2nd Edition Test Bank – Donna Kay – Ali Ovlia”

Your email address will not be published. Required fields are marked *