chapter 7

Accounting Information Systems, 12e (Romney/Steinbart) Chapter 7 Control and Accounting Information Systems 1) What is one reason why AIS threats are increasing? A) LANs and client/server systems are easier to control than centralized, mainframe systems. B) Many companies do not realize that data security is crucial to their survival. C) Computer control problems are often overestimated and overly emphasized by management. D) Many companies believe that protecting information is a strategic requirement. Answer: B Page Ref: 184 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 2) Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework? A) Monitoring B) Avoidance C) Acceptance D) Sharing Answer: A Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 3) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n) A) preventive control. B) detective control. C) corrective control. D) authorization control. Answer: A Page Ref: 185 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Reflective Thinking

1 Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

4) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect? A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.) B) A group of kids snuck into the theater through a back door when customers left after a show. C) The box office cashier accidentally gives too much change to a customer. D) The ticket taker admits his friends without tickets. Answer: A Page Ref: 199-200 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking 5) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect? A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.) B) A group of kids snuck into the theater through a back door when customers left after a show. C) The box office cashier accidentally gives too much change to a customer. D) The ticket taker admits his friends without tickets. Answer: C Page Ref: 199-200 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking 6) Which of the following is an example of a preventive control? A) approving customer credit prior to approving a sales order B) reconciling the bank statement to the cash control account C) counting inventory on hand and comparing counts to the perpetual inventory records D) maintaining frequent backup records to prevent loss of data Answer: A Page Ref: 185 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic


7) Independent checks on performance include all the following except A) data input validation checks. B) reconciling hash totals. C) preparing a trial balance report. D) supervisor review of journal entries and supporting documentation. Answer: A Page Ref: 200 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic 8) A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem? A) Yes, the computer operator could alter the payroll program to increase her salary. B) Yes, this is a potential problem unless the computer operator is supervised by the payroll manager. C) No, ideal segregation of duties is not usually possible, and operators are often the best at programming changes and updates. D) No, as long as the computer operator separately accounts for hours worked in programming and in operations. Answer: A Page Ref: 198 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Analytic 9) One of the objectives of the segregation of duties is to A) make sure that different people handle different parts of the same transaction. B) ensure that no collusion will occur. C) make sure that different people handle different transactions. D) achieve an optimal division of labor for efficient operations. Answer: A Page Ref: 196 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Analytic 10) Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework? A) Integrity and ethical values B) Risk management philosophy C) Restrict access to assets D) Methods of assigning authority and responsibility Answer: A Page Ref: 189 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 3 Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

11) Which of the following statements is true? A) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes. B) Re-adding the total of a batch of invoices and comparing the total with the first total you calculated is an example of an independent check. C) Requiring two signatures on checks over $20,000 is an example of segregation of duties. D) Although forensic specialists utilize computers, only people can accurately identify fraud. Answer: A Page Ref: 201 Objective: Learning Objective 7 Difficulty : Difficult AACSB: Reflective Thinking 12) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties. A) Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards. B) An employee puts inventory behind the dumpster while unloading a vendor's delivery truck, then picks up the inventory later in the day and puts it in her car. C) A mail room employee steals a check received from a customer and destroys the documentation. D) The accounts receivable clerk does not record sales invoices for friends or family, so they can receive free goods. Answer: A Page Ref: 197 Objective: Learning Objective 7 Difficulty : Difficult AACSB: Reflective Thinking 13) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for A) hiring and firing the external auditors. B) performing tests of the company's internal control structure. C) certifying the accuracy of the company's financial reporting process. D) overseeing day-to-day operations of the internal audit department. Answer: A Page Ref: 186 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic


14) Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice President of Finance and CEO. This situation A) increases the risk associated with an audit. B) must be changed before your audit firm could accept the audit engagement. C) is a violation of the Sarbanes-Oxley Act. D) violates the Securities and Exchange Act. Answer: A Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 15) Which of the following is a control related to design and use of documents and records? A) Sequentially prenumbering sales invoices B) Comparing physical inventory counts with perpetual inventory records C) Reconciling the bank statement to the general ledger D) Locking blank checks in a drawer or safe Answer: A Page Ref: 199 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic 16) Which of the following duties could be performed by the same individual without violating segregation of duties controls? A) Approving accounting software change requests and testing production scheduling software changes B) Programming new code for accounting software and testing accounting software upgrades C) Approving software changes and implementing the upgraded software D) Managing accounts payable function and revising code for accounting software to more efficiently process discount due dates on vendor invoices Answer: A Page Ref: 198 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking 17) With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure? A) Updating the inventory subsidiary ledgers and recording purchases in the purchases journal B) Approving a sales return on a customer's account and depositing customers' checks in the bank C) Updating the general ledger and working in the inventory warehouse D) Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal Answer: D Page Ref: 196-197 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking


18) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework? A) Analyzing past financial performance and reporting B) Providing sufficient resources to knowledgeable employees to carry out duties C) Disciplining employees for violations of expected behavior D) Setting realistic targets for long-term performance Answer: A Page Ref: 188 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 19) Which of the following suggests a weakness in a company's internal environment? A) The audit committee regularly meets with the external auditors. B) The Board of Directors is primarily independent directors. C) The company has an up-to-date organizational chart. D) Formal employee performance evaluations are prepared every three years. Answer: D Page Ref: 191 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 20) Which of the following statements about internal environment is false? A) Management's attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions. B) Supervision is especially important in organizations that cannot afford elaborate responsibility reporting or are too small to have adequate segregation of duties. C) An overly complex or unclear organizational structure may be indicative of more serious problems. D) A written policy and procedures manual is an important tool for assigning authority and responsibility. Answer: A Page Ref: 189 Objective: Learning Objective 3 Difficulty : Easy AACSB: Reflective Thinking 21) Which of the following is not a reason for the increase in security problems for AIS? A) Confidentiality issues caused by interlinked inter-company networks B) Difficult to control distributed computing networks C) Increasing efficiency resulting from more automation D) Increasing numbers of information systems and users Answer: C Page Ref: 184 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic


22) One reason why many organizations do not adequately protect their systems is because A) control problems may be overestimated by many companies. B) productivity and cost cutting cause management to forgo implementing and maintaining internal controls. C) control technology has not yet been developed. D) all of the above Answer: B Page Ref: 184 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 23) Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken? A) Take a proactive approach to eliminate threats. B) Detect threats that do occur. C) Correct and recover from threats that do occur. D) All of the above are proper measures for the accountant to take. Answer: D Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 24) The process that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as A) a phenomenon. B) internal control. C) an AIS threat. D) a preventive control. Answer: B Page Ref: 184 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 25) Safeguarding assets is one of the control objectives of internal control. Which of the following is not one of the other control objectives? A) providing accurate and reliable information B) promoting operational efficiency C) ensuring that no fraud has occurred D) encouraging adherence to management policies Answer: C Page Ref: 184 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic


26) Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities. A) event B) activity C) process D) system Answer: C Page Ref: 184 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 27) Which of the following is accomplished by corrective controls? A) Identify the cause of the problem. B) Correct the resulting errors. C) Modify the system to prevent future occurrences of the problem. D) All of the above are accomplished by corrective controls. Answer: D Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 28) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions is an example of a ________ control. A) corrective; detective B) detective; corrective C) preventive; corrective D) detective; preventive Answer: B Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 29) What is not a corrective control procedure? A) Identify the cause of a problem. B) Deter problems before they arise. C) Correct resulting errors or difficulties. D) Modify the system so that future problems are minimized or eliminated. Answer: B Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic


30) ________ controls are designed to make sure an organization's control environment is stable and well managed. A) Application B) Detective C) General D) Preventive Answer: C Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 31) ________ controls prevent, detect and correct transaction errors and fraud. A) Application B) Detective C) General D) Preventive Answer: A Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 32) The primary purpose of the Foreign Corrupt Practices Act of 1977 was A) to require corporations to maintain a good system of internal control. B) to prevent the bribery of foreign officials by American companies. C) to require the reporting of any material fraud by a business. D) All of the above are required by the act. Answer: B Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 33) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies. A) Foreign Corrupt Practices Act of 1977 B) The Securities Exchange Act of 1934 C) The Sarbanes-Oxley Act of 2002 D) The Control Provision of 1998 Answer: C Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic


34) Which of the following is not one of the important aspects of the Sarbanes-Oxley Act? A) The creation of the Public Company Accounting Oversight Board B) New rules for auditors and management C) New roles for audit committees D) New rules for information systems development Answer: D Page Ref: 186 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 35) A(n) ________ helps employees act ethically by setting limits beyond which an employee must not pass. A) boundary system B) diagnostic control system C) interactive control system D) internal control system Answer: A Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 36) A(n) ________ measures company progress by comparing actual performance to planned performance. A) boundary system B) diagnostic control system C) interactive control system D) internal control system Answer: B Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 37) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention. A) boundary system B) diagnostic control system C) interactive control system D) internal control system Answer: C Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic


38) This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes. A) ISACA's control objectives for information and related technology B) COSO's internal control framework C) COSO's enterprise risk management framework D) none of the above Answer: A Page Ref: 186 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 39) This control framework's intent includes helping the organization to provide reasonable assurance that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to the organization's reputation. A) ISACA's control objectives for information and related technology B) COSO's internal control framework C) COSO's enterprise risk management framework D) none of the above Answer: C Page Ref: 187 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 40) The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them? A) control environment B) risk assessment C) compliance with federal, state, or local laws D) monitoring Answer: C Page Ref: 188 Objective: Learning Objective 2 Difficulty : Easy AACSB: Analytic 41) Which of the following is not one of the eight interrelated risk and control components of COSO Enterprise Risk Management Framework? A) Internal environment B) Monitoring C) Risk response D) Event assessment Answer: D Page Ref: 188 Objective: Learning Objective 2 Difficulty : Moderate AACSB: Analytic


42) The COSO Enterprise Risk Management Integrated Framework stresses that A) risk management activities are an inherent part of all business operations and should be considered during strategy setting. B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities. C) risk management is the sole responsibility of top management. D) risk management policies, if enforced, guarantee achievement of corporate objectives. Answer: A Page Ref: 187 Objective: Learning Objective 2 Difficulty : Moderate AACSB: Analytic 43) Which of the following would be considered a "red flag" for problems with management operating style if the question were answered "yes"? A) Does management take undue business risks to achieve its objectives? B) Does management attempt to manipulate performance measures such as net income? C) Does management pressure employees to achieve results regardless of the methods? D) All of the above statements would raise "red flags" if answered "yes." Answer: D Page Ref: 189 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 44) Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported? A) Information and communication B) Internal environment C) Event identification D) Objective setting Answer: A Page Ref: 201 Objective: Learning Objective 8 Difficulty : Easy AACSB: Analytic 45) The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary to achieve corporate goals. Objectives specifically identified include all of the following except A) implementation of newest technologies. B) compliance with laws and regulations. C) effective and efficient operations. D) reliable reporting. Answer: A Page Ref: 192 Objective: Learning Objective 4 Difficulty : Easy AACSB: Analytic 12 Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

46) The audit committee of the board of directors A) is usually chaired by the CFO. B) conducts testing of controls on behalf of the external auditors. C) provides a check and balance on management. D) does all of the above. Answer: C Page Ref: 189 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 47) The audit committee is responsible for A) overseeing the internal control structure. B) overseeing the financial reporting process. C) working with the internal and external auditors. D) All of the above are responsibilities. Answer: D Page Ref: 189 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 48) The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the A) control activities B) organizational structure C) budget framework D) internal environment Answer: B Page Ref: 190 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 49) Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment? A) Organizational structure B) Methods of assigning authority and responsibility C) Management philosophy and operating style D) Commitment to competence Answer: A Page Ref: 190 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic


50) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter A) unintentional errors. B) employee fraud or embezzlement. C) fraud by outsiders. D) disgruntled employees. Answer: B Page Ref: 190-191 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 51) The SEC and FASB are best described as external influences that directly affect an organization's A) hiring practices. B) philosophy and operating style. C) internal environment. D) methods of assigning authority. Answer: C Page Ref: 192 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic 52) Which attribute below is not an aspect of the COSO ERM Framework internal environment? A) Enforcing a written code of conduct B) Holding employees accountable for achieving objectives C) Restricting access to assets D) Avoiding unrealistic expectations Answer: C Page Ref: 188 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 53) The amount of risk a company is willing to accept in order to achieve its goals and objectives is A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment Answer: C Page Ref: 189 Objective: Learning Objective 3 Difficulty : Easy AACSB: Analytic


54) The risk that remains after management implements internal controls is A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment Answer: B Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 55) The risk that exists before management takes any steps to control the likelihood or impact of a risk is A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment Answer: A Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 56) When undertaking risk assessment, the expected loss is calculated like this. A) Impact times expected loss B) Impact times likelihood C) Inherent risk times likelihood D) Residual risk times likelihood Answer: B Page Ref: 194 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 57) Generally in a risk assessment process, the first step is to A) identify the threats that the company currently faces. B) estimate the risk probability of negative events occurring. C) estimate the exposure from negative events. D) identify controls to reduce all risk to zero. Answer: A Page Ref: 194 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic


58) Store policy that allows retail clerks to process sales returns for $300 or less, with a receipt dated within the past 60 days, is an example of A) general authorization. B) specific authorization. C) special authorization. D) generic authorization. Answer: A Page Ref: 196 Objective: Learning Objective 7 Difficulty : Easy AACSB: Reflective Thinking 59) Corporate policy that requires a purchasing agent and purchasing department manager to sign off on asset purchases over $1,500 is an example of A) general authorization. B) specific authorization. C) special authorization. D) generic authorization. Answer: B Page Ref: 196 Objective: Learning Objective 7 Difficulty : Easy AACSB: Reflective Thinking 60) A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a A) performance evaluation. B) project development plan. C) data processing schedule. D) strategic master plan. Answer: D Page Ref: 198 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Analytic 61) A ________ is created to guide and oversee systems development and acquisition. A) performance evaluation B) project development plan C) steering committee D) strategic master plan Answer: C Page Ref: 198 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic


62) A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates. A) performance evaluation B) project development plan C) steering committee D) strategic master plan Answer: B Page Ref: 198 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic 63) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Folding Squid Technologies A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process. B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit. C) selected the company's Chief Financial Officer to chair the audit committee. D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year. Answer: B Page Ref: 186 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 64) The Sarbanes-Oxley Act (SOX) applies to A) all companies with gross annual revenues exceeding $500 million. B) publicly held companies with gross annual revenues exceeding $500 million. C) all private and publicly held companies incorporated in the United States. D) all publicly held companies. Answer: D Page Ref: 185 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic


65) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his company's budgeting practices. It seems that, as a result of "budget handcuffs" that require managers to explain material deviations from budgeted expenditures, his ability to creatively manage his department's activities have been curtailed. The level of control that the company is using in this case is a A) boundary system. B) belief system. C) interactive control system. D) diagnostic control system. Answer: D Page Ref: 185 Objective: Learning Objective 1 Difficulty : Easy AACSB: Analytic 66) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his work environment. It seems that, as a result of "feminazi" interference, the suggestive banter that had been prevalent in the workplace during his youth was no longer acceptable. He even had to sit through a sexual harassment workshop! The level of control that the company is using in this case is a A) boundary system. B) belief system. C) interactive control system. D) diagnostic control system. Answer: A Page Ref: 185 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 67) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the impact of this risk without insurance? A) $50,000 B) $650,000 C) $650 D) $50 Answer: B Page Ref: 194 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic


68) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss without insurance? A) $50,000 B) $650,000 C) $650 D) $50 Answer: C Page Ref: 194 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 69) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss with insurance? A) $50,000 B) $650,000 C) $650 D) $50 Answer: D Page Ref: 194 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 70) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance? A) $500 B) $650 C) $600 D) $50 Answer: C Page Ref: 194 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic


71) Due to data errors occurring from time to time in processing the Albert Company's payroll, the company's management is considering the addition of a data validation control procedure that is projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is estimated to be $11,000. The cost of implementing the data validation control procedure is expected to be $700. Which of the following statements is true? A) The data validation control procedure should be implemented because its net estimated benefit is $510. B) The data validation control procedure should be implemented because its cost of $700 is less than the payroll reprocessing cost of $1,430. C) The data validation control procedure should not be implemented because its cost of $700 exceeds the expected benefit by $480. D) The data validation control procedure should not be implemented because its net estimated benefit is a negative $1,210. Answer: A Page Ref: 194 Objective: Learning Objective 6 Difficulty : Moderate AACSB: Analytic 72) The organization chart for Geerts Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness? A) Assigning the programming and operating of the computer system to an independent control group which reports to the controller B) Providing for maintenance of input data controls by an independent control group which reports to the controller C) Periodically rotating assignment of application processing among machine operators, who all report to the information processing manager D) Providing for review and distribution of system-generated reports by an independent control group which reports to the controller Answer: A Page Ref: 198 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking


73) Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. They are transitioning from a ________ to a ________ control framework. A) COSO-Integrated Framework; COBIT B) COBIT; COSO-Integrated Framework C) COBIT; COSO-ERM D) COSO-Integrated Framework; COSO-ERM E) COSO-ERM; COBIT Answer: D Page Ref: 187-188 Objective: Learning Objective 2 Difficulty : Moderate AACSB: Reflective Thinking 74) FranticHouse Partners, L.L.C., does home remodeling and repair. All employees are bonded, so the firm's risk exposure to employee fraud is A) reduced. B) shared. C) avoided. D) accepted. Answer: B Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 75) FranticHouse Partners, L.L.C., does home remodeling and repair. The firm does not accept jobs that require the installation of slate or copper roofing because these materials often require costly postinstallation services. The firm's risk exposure to costly post-installation services is A) reduced. B) shared. C) avoided. D) accepted. Answer: C Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic


76) According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except A) reporting potential risks to auditors. B) identifying events that could impact the enterprise. C) evaluating the impact of potential events on achievement of objectives. D) establishing objectives for the enterprise. Answer: A Page Ref: 193 Objective: Learning Objective 6 Difficulty : Moderate AACSB: Analytic 77) Ferdinand Waldo Demara was known as the great imposter. He had an astounding ability to convince people that he was who he truly was not. He worked as a naval officer, physician, college teacher, prison warden, and other jobs without any of the prerequisite qualifications. By not diligently checking references, the organizations fooled by Demara (including the Canadian Navy) apparently chose to ________ the risk of fraud. A) reduce B) share C) avoid D) accept Answer: D Page Ref: 193 Objective: Learning Objective 6 Difficulty : Easy AACSB: Analytic 78) Which of the following is an independent check on performance? A) The Purchasing Agent physically reviews the contents of shipments and compares them with the purchase orders he has placed. B) Production teams perform quality evaluations of the products that they produce. C) The General Manager compares budgeted amounts with expenditure records from all departments. D) Petty cash is disbursed by Fred Haynes. He also maintains records of disbursements, places requests to finance to replace expended funds, and periodically reconciles the petty cash balance. Answer: C Page Ref: 200 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic


79) Petty cash is disbursed by the Fred Haynes in the Cashier's Office. He also maintains records of disbursements, places requests to the Finance Department to replace expended funds, and periodically reconciles the petty cash balance. This represents a(an) ________ segregation of duties. A) effective B) ideal C) ineffective D) limited Answer: C Page Ref: 196 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic 80) Hiring decisions at Frazier's Razors are made by Sheila Frazier, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Sheila, who prepares paycheck requisitions. Paychecks are then distributed through the company's mail room. This represents a(an) ________ segregation of duties. A) effective B) partial C) ineffective D) limited Answer: A Page Ref: 196 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking 81) Change management refers to A) disbursement controls on petty cash. B) operational controls applied to companies after mergers or acquisitions. C) replacement of upper management and their introduction to the organization. D) controls designed to ensure that updates in information technology do not have negative consequences. Answer: D Page Ref: 199 Objective: Learning Objective 7 Difficulty : Easy AACSB: Analytic


82) The Director of Information Technology for the city of Bumpkiss, Minnesota, formed a company to sell computer supplies and software. All purchases made on behalf of the City were made from his company. He was later charged with fraud for overcharging the City, but was not convicted. The control issue in this case arose because the Director had both ________ and ________ duties. A) custody; authorization B) custody; recording C) recording; authorization D) management; custody Answer: C Page Ref: 196 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking 83) According to the ERM, these help the company address all applicable laws and regulations. A) Compliance objectives B) Operations objectives C) Reporting objectives D) Strategic objectives Answer: A Page Ref: 192 Objective: Learning Objective 4 Difficulty : Easy AACSB: Analytic 84) According to the ERM, high level goals that are aligned with and support the company's mission are A) compliance objectives. B) operations objectives. C) reporting objectives. D) strategic objectives. Answer: D Page Ref: 192 Objective: Learning Objective 4 Difficulty : Easy AACSB: Analytic 85) According to the ERM, these deal with the effectiveness and efficiency of company operations, such as performance and profitability goals. A) Compliance objectives B) Operations objectives C) Reporting objectives D) Strategic objectives Answer: B Page Ref: 192 Objective: Learning Objective 4 Difficulty : Easy AACSB: Analytic


86) According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports. A) Compliance objectives B) Operations objectives C) Reporting objectives D) Strategic objectives Answer: C Page Ref: 192 Objective: Learning Objective 4 Difficulty : Easy AACSB: Analytic 87) Which of the following is not a risk reduction element of a disaster recovery plan? A) Identification of alternate work site B) Off-site storage of backup files and programs C) Documentation of procedures and responsibilitie D) Adequate casualty insurance Answer: D Page Ref: 193 Objective: Learning Objective 6 Difficulty : Difficult AACSB: Reflective Thinking 88) Describe the differences between general and specific authorization. Answer: Authorizations are often documented by signing, initializing, or entering an authorization code on a transaction document or record. Management may deem that certain transactions are of a routine nature and as such may authorize employees to handle such transactions without special approval. This is known as general authorization. Other transactions may be of such consequence that management grants specific authorization for them to occur. Usually management must approve of such transactions and oversee them to completion, requiring an additional signature required on checks exceeding a given dollar amount. Management should have written policies on both specific and general authorization for all type of transactions. Page Ref: 196 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Analytic 89) Explain how a company could be the victim of fraud, even if ideal segregation of duties is enforced. Answer: When a system effectively incorporates a separation of duties, it should be difficult for any one employee to defeat the system and commit fraud. Fraud is possible when two or more employees agree to defeat the system for their own dishonest ends. This problem is known as collusion. When two or more employees act together to defeat the internal controls of the system, they may likely succeed. It is more difficult to detect such activity because the employees may have planned to "cover their tracks." This is why independent review of transaction activity by third parties is important to monitor that internal controls are in place and working as designed. Page Ref: 197 Objective: Learning Objective 7 Difficulty : Moderate AACSB: Reflective Thinking 25 Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

90) Classify each of the following controls as preventive, detective, or corrective. Periodic bank reconciliation Separation of cash and accounting records Maintaining backup copies of master and transaction files Pre-numbering of sales invoices Chart of accounts Retina scan before entering a sensitive R & D facility Resubmission of error transactions for subsequent processing Internal auditor rechecking the debits and credits on the payment voucher Depositing all cash receipts intact Hiring qualified accounting personnel Answer: Detective. Preventive. Corrective. Preventive. Preventive. Preventive. Corrective. Detective. Preventive. Preventive Page Ref: 185 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 91) Discuss four reasons why AIS threats are increasing. Answer: 1. Client/server systems have proliferated and have enabled large numbers of employees to have access to the information. 2. LANs and client/server systems distribute data to various users and are more difficult to control than centralized systems. 3. EDI and e-commerce have enabled customers and suppliers to access each other's systems and data, making confidentiality a major concern. 4. Organizations are not aggressively protecting their data for various reasons. 5. Computer control problems are often underestimated and downplayed. 6. Control implications of networked systems are not properly reasoned out. 7. Top management does not grasp the effect of security of data and information on survival and profitability of the company. 8. Internal controls become a casualty in cost cutting and productivity measures undertaken by the management. Page Ref: 184 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 92) Explain why the Foreign Corrupt Practices Act was important to accountants. Answer: The act is important to accountants because it incorporates the language of the AICPA pronouncement on internal controls. The Act mandates that corporations should keep records that accurately and fairly reflect their transactions and assets in reasonable detail. The internal control system of these organizations should be able to provide reasonable assurance that: a) transactions are properly authorized and recorded; b) assets are safeguarded and protected from unauthorized access; and c) recorded asset values are periodically compared with actual assets and any differences are corrected. The act requires corporations to maintain good systems of internal accounting control. Page Ref: 185 Objective: Learning Objective 1 Difficulty : Moderate AACSB: Analytic 26 Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

93) Discuss the internal environment and identify the elements that comprise the internal environment. Answer: The internal environment embraces individuals and the environment in which they operate in an organization. Individual employees are "the engine" that drive the organization and form the foundation upon which everything in the organization rests. Elements of the internal environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and operating style of management; 3) organizational structure; 4) the audit committee of the board of directors; 5) methods of assigning authority and responsibility; 6) human resources policies and practices; and 7) various external influences. Each of these elements influences the internal control structure of the organization. Likewise, these elements should be examined and analyzed in detail when implementing or evaluating a system of internal controls. Page Ref: 188 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic 94) Explain why management's philosophy and operating style are considered to be the most important element of the internal environment. Answer: Management truly sets the tone for the control environment of a business. If top management takes good control seriously and makes this known to everyone in the organization, then employees down the line will tend to do likewise. Management's attitude toward risk taking and the assessment of risk before acting are indications. Willingness to manipulate performance measures or to encourage employees to do likewise is another indication of attitude. Finally, pressure on subordinates to achieve certain results regardless of the methods used can be a very persuasive indicator of problems. Management concerned about control will assess risk and act prudently, manipulation of performance measures will not be tolerated, and ethical behavior will be instilled in and required of employees. Page Ref: 189 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Reflective Thinking 95) What are some of the ways to assign authority and responsibility within an organization? Answer: It is incumbent on management to identify specific business objectives and assign such objectives to certain departments and individuals. Management must also hold such departments and individuals responsible and accountable for achieving the assigned business objectives. Ways in which management may assign authority and responsibility is through formal job descriptions, employee training, budgets, operating plans, and scheduling. A formal code of conduct also sets the stage for responsible behavior on the part of employees by defining ethical behavior, acceptable business practices, regulatory requirements, and conflicts of interest. Another useful and important tool is a written policy and procedures manual. Page Ref: 190 Objective: Learning Objective 3 Difficulty : Moderate AACSB: Analytic


96) Discuss the weaknesses in COSO's internal control framework that led to the development of the COSO Enterprise Risk Management framework. Answer: COSO's internal control framework 1. had too narrow a focus. 2. examined controls without first addressing purposes and risks of business processes 3. existing internal control systems often have controls that protect against items that are no longer risks or are no longer important. 4. focusing on controls first has an inherent bias toward past problems and concerns. Page Ref: 187-188 Objective: Learning Objective 2 Difficulty : Moderate AACSB: Analytic


chapter 7

Recommend Documents