Ch3 Risk Management And Internal Controls Complete Test Bank - Digital Test Bank | Accounting Info Systems 1e by Arline A. Savage. DOCX document preview.
Accounting Information Systems, 1e (Savage)
Chapter 3 Risk Management and Internal Controls
1) What type of process is implemented by management to mitigate risks?
A) External controls
B) Internal controls
C) External regulations
D) Internal regulations
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
2) A company's process of implementing internal control provides reasonable assurance that
A) financial statements are fairly presented.
B) operations are efficient and effective.
C) laws and regulations are being followed.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
3) In what ways do companies address risk?
A) Mitigating it
B) Transferring it
C) Avoiding it
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
4) Which of the following is the most commonly used response to risk by businesses?
A) Accepting it
B) Mitigating it
C) Transferring it
D) Avoiding it
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
5) The first consideration for reliable accounting information includes ensuring the
A) security of the accounting information system.
B) privacy of the accounting information system.
C) integrity of the accounting information system.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
6) Proper internal controls can
A) safeguard assets from theft and waste.
B) increase operating efficiency.
C) provide investors with reassurance.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
7) Internal controls
A) are mandated for public companies.
B) may be adopted voluntarily.
C) provide reasonable assurance, not absolute mitigation.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
8) Internal controls
A) are defined based on industry specifications.
B) are customized to fit a company's unique risks and risk appetite.
C) are predefined for public companies.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
9) Internal controls for accounting information focus on
A) safeguarding equity from theft.
B) providing quality information to management and stakeholders.
C) lessening the risk of fraudulent investor activity.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
10) The functions of internal controls are to do which of the following?
A) Process, defend, correct
B) Prevent, detect, control
C) Prevent, detect, correct
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
11) Which type of internal control seeks to stop problems from occurring?
A) Preventative controls
B) Detective controls
C) Corrective controls
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
12) Charles audits the internal controls of Devinshire Corporation and finds that Devinshire lacks a robust firewall to prevent unauthorized access to their computer network. Charles recommends that Devinshire research and implement a more robust firewall as a
A) preventative control.
B) detective controls.
C) corrective control.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
13) The American Institute of Certificate Public Accountants describes this as a basic building block of internal control.
A) Preventative controls
B) Ensuring the security, privacy, and integrity of the AIS
C) Management override
D) Separation or segregation of duties
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
14) Segregation of duties ensures that
A) one employee authorizes and records data for a transaction to ensure accuracy.
B) the work of one employee acts as a check on the work of another employee.
C) employees have access to input, approve, and receive goods into the AIS.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
15) Jon works as a purchasing manager. Jon must approve purchase orders input throughout the company before the order is placed. Which duty is Jon performing in his role?
A) Recording
B) Authorizing
C) Custody
D) Segregation
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
16) Which type of control monitors business processes to identify problems like fraud risk, quality control, or legal compliance?
A) Preventative
B) Detective
C) Corrective
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
17) Which of the following is NOT an example of a detective control?
A) A firm performs a physical inventory count monthly and compares the count to totals in the inventory system.
B) Store managers count the cash drawer nightly and reconcile the cash with sales for the day.
C) A manufacturing firm requires that purchases are recorded, approved, and received by different employees.
D) An accounting firm programs the digital dashboard to show abnormal account balances in bold red to draw attention to them.
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
18) Jose requires that the night manager responsible for closing the restaurant count the cash drawer and reconcile the total with cash sales for the day. Which type of control did Jose implement?
A) Preventative
B) Detective
C) Corrective
D) All of the answer choices are correct.
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
19) Which of the following statements concerning corrective controls is TRUE?
A) Corrective controls change undesirable outcomes.
B) Corrective controls occur after a risk has become a reality.
C) Corrective controls are used as a backup plan when preventative or detective controls fail.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Systems and Process Management
20) Which of the following reasons can lead to the failure of internal controls?
A) Management override
B) Human judgment
C) Collusion
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
21) Which of the following is an example of a corrective control?
A) An employee is disciplined for not following procedures.
B) IT updates and patches software regularly.
C) Management oversees and updates company policies.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
22) Which of the following represents the time-based model of controls for technology attacks?
A) P > (D + C)
B) C < (P + D)
C) D > (P + D)
D) P < (D + C)
Diff: 1
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
23) Which of the following functions as a preventative, detective, and corrective control simultaneously?
A) Locked doors
B) Security cameras
C) Firewall
D) Security guard
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
24) Internal controls are classified by
A) function and technology.
B) physical and computer.
C) function and where in a business process the control exists.
D) technology and where in a business process the control exists.
Diff: 1
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
25) Which of the following types of controls governs human activities?
A) Physical controls
B) IT general controls
C) IT application controls
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
26) Which of the following controls is an example of an IT general control?
A) Business continuity plan
B) Password policy
C) Separation of duties
D) Motion sensors
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
27) Systems roles that enforce separation of duties is an example of a(n)
A) physical control.
B) IT general control.
C) IT application control.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
28) Which of the following are subject to IT general controls?
A) Email
B) Benefits management system
C) Time-keeping software
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
29) Alfonso is asked to make recommendations on what kinds of IT general controls the company should implement to prevent any disruption of services. How should Alfonso begin his analysis?
A) Alfonso should create a detailed list of risks to the system.
B) Alfonso should recommend a firewall.
C) Alfonso should review the business continuity plan.
D) Alfonso should create system roles to enforce separation of duties.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
30) Detective network activity monitoring is an example of a(n)
A) physical control.
B) IT general control.
C) IT application control.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
31) When a control applies specifically to a software tool and the business processes and accounts that are linked to it, this control is classified as a(n)
A) physical control.
B) IT general control.
C) IT application control.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
32) Cox Enterprises tested a trial of working from home in response to a pending threat. The successful trial became part of Cox's business continuity plan. How would you classify Cox's controls?
A) Preventative and physical
B) Corrective and physical
C) Preventative and IT general
D) Corrective and IT general
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
33) Which of the following methods of control yields increased reliability and consistency?
A) Manual
B) Automated
C) IT general
D) IT application
Diff: 1
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
34) Which of the following methods of controls is implemented when human judgment or physical interaction is required?
A) Manual
B) Automated
C) Physical
D) IT general
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
35) Which type of control has a higher risk of failure?
A) Manual
B) Automated
C) IT general
D) IT application
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
36) Rural Enterprises raises sheep and cattle for meat production. As a technologically advanced ranching operation, Rural Enterprises has experimented with using drones to capture images of herds grazing to assist employees in obtaining physical inventory counts. Employees then count the animals in the images and record the data in the information system. What type of control classification best characterizes Rural's inventory system?
A) Manual control
B) Automated control
C) Combination of manual and automated controls
D) Continuous monitoring
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
37) Which type of control is less susceptible to override and judgment errors?
A) Manual
B) Automated
C) Combination of manual and automated
D) Continuous
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
38) Fully automated physical inventory controls may prevent errors associated with
A) human miscount.
B) fraud.
C) laziness.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
39) Which of the following statements is TRUE?
A) Artificial intelligence can replace human judgment.
B) Combining automated and manual controls is not feasible for most solutions.
C) Risk response is optimized by combining human expertise with insight from systems.
D) Fully automated controls may require human judgment.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
40) Automated controls use technology to implement a control activity. To be classified as automated, the control must
A) include an automated component.
B) be fully automated.
C) reside on the accounting information system.
D) utilize robots or drone technology for physical inventory.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
41) Continuous monitoring technology can be classified as what type of internal control?
A) Preventative
B) Detective
C) Corrective
D) Physical
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
42) Continuous monitoring is often programmed to monitor
A) key performance indicators.
B) gross profit margin.
C) fraud risk indicators.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
43) Which of the following statements concerning continuous monitoring is FALSE?
A) Data analysts use continuous monitoring technology to create detective controls.
B) Continuous monitoring software uses rules-based programming to monitor the business's data for red flags of risks.
C) Continuous monitoring can notify management in real-time when risk events occur.
D) Continuous monitoring focuses on segregation of duties to prevent fraud.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
44) Africell operates several call centers for customer service. Charles implements a digital dashboard that will display the following: number of rings to answer, number of minutes on hold, and the number of dropped calls. What kind of internal control has Charles implemented for Africell?
A) Physical
B) IT general
C) Continuous monitoring
D) Manual
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
45) A control is characterized by its
A) type, location, and implementation.
B) function, location, and implementation.
C) location, implementation, and technology.
D) type, technology, and location.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
46) Which of the following statements concerning continuous monitoring is FALSE?
A) Continuous monitoring uses data stored in the AIS for analysis.
B) The continuous monitoring program is often its own system with its own risks.
C) Continuous monitoring is an internal control that often uses additional internal controls for its source data and the monitoring program.
D) Continuous monitoring programs are kept separate from the AIS to avoid creating its own technology risks.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
47) Who in an organization is responsible for making sure that internal controls are functioning as designed?
A) Management
B) Internal audit department
C) External auditors
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
48) Which of the following statements concerning internal controls is TRUE?
A) Internal controls are designed and implemented without the need for assessment.
B) Internal controls provide absolute confidence in risk mitigation.
C) Internal controls must be continuously assessed.
D) Manual internal controls must be assessed but not automated controls.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
49) Internal audit has responsibility for which line of defense?
A) First
B) Second
C) Third
D) Fourth
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
50) What role in an organization is responsible for enforcing mitigating measures to prevent an identified risks from occurring?
A) Management
B) Internal Audit
C) External Audit
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
51) Enterprise risk management (ERM) provides which line of defense in combating risk?
A) First
B) Second
C) Third
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
52) Internal audit provides the third line of defense by testing internal controls and reporting to
A) executive management.
B) board of directors.
C) external audit.
D) both executive management and the board of directors.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
53) Which of the following statements concerning internal audit is TRUE?
A) Internal audit is an independent function of the company.
B) Internal audit reports both to executive management and the board of directors.
C) Internal audit tests internal controls to provide assurance of their effectiveness.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
54) Which of the following statements concerning external audit is TRUE?
A) External audit serves as the third line of defense of a company.
B) External audit reports directly to stockholders regarding risk mitigation.
C) External audit provides additional assurance to the company stakeholders.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
55) What role in a company is responsible for designing and implementing controls?
A) Management
B) Board of directors
C) Internal audit
D) External audit
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
56) What type of tool is used to measure how far a company is on its journey to reach the ideal state?
A) Maturity ruler
B) Maturity model
C) Optimization ruler
D) Optimization model
Diff: 1
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
57) Which statement concerning maturity models is FALSE?
A) Companies use maturity models to measure their current performance.
B) Companies use maturity models to create a plan for continuous improvement.
C) Companies use custom-designed maturity models from the Institute of Internal Auditors.
D) Companies use guidelines from the Institute of Internal Auditors to custom design models.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
58) The Key Company provides staffing services for South Florida. Key has clearly defined processes and controls and employs a top-down, proactive approach to management with clear communication throughout the organization. Based on your review, at which phase of maturity would you classify Key?
A) Phase 1 — Limited
B) Phase 2 — Informal
C) Phase 3 — Defined
D) Phase 4 — Optimized
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
59) Inspire Accounting Services operates a regional tax and accounting services for small businesses. Inspire has some processes and controls defined, but documentation is lacking, so Inspire relies on some key individuals to perform these processes and controls. Based on your review, at which phase of maturity would you classify Inspire?
A) Phase 1 — Limited
B) Phase 2 — Informal
C) Phase 3 — Defined
D) Phase 4 — Optimized
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
60) Biloxi Bowling Products manufactures bowling lane equipment and accessories. Biloxi has relied on key individuals and has yet to document processes. During your audit, you determine that Biloxi's management seems to be reactive to issues that occur and not proactive with controls. At what phase of maturity would you classify Biloxi?
A) Phase 1 — Limited
B) Phase 2 — Informal
C) Phase 3 — Defined
D) Phase 4 — Optimized
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
61) Internal audit adds value to a business by providing
A) assurance.
B) insight.
C) objectivity.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
62) Internal audit provides
A) assurance that the organization is operating in accordance with management's plan.
B) insight that may improve policies, procedures, controls, and risk management.
C) objective assessment of the company through an independent consulting point of view.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
63) Jenna works as an internal auditor for a local bank. Jenna determines that the procedure for counting change in a teller's cash drawer at the end of a shift creates a challenge for the manager checking in the drawers. Jenna designed and tested an alternative procedure. Which of the following roles of internal audit most accurately describes Jenna's added value for the bank?
A) Assurance
B) Insight
C) Objectivity
D) Independence
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
64) Which characteristic of internal audit must be present to assess the company from an independent point of view?
A) Assurance
B) Insight
C) Objectivity
D) Assessment
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
65) Which role of internal audit includes the discovery of improvements for risk management?
A) Assurance
B) Insight
C) Objectivity
D) Independence
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
66) Which of the following statements concerning internal audit is FALSE?
A) Internal audit must remain independent of all business functions that they audit.
B) Internal auditors have a stake in the outcome of the business processes that they audit.
C) Internal audit departments may be in-house employees or contractors.
D) Internal audit provides insight to the company leadership, audit committee, and board.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
67) For what reasons do internal audit departments report to an audit committee?
A) The audit committee provides objective oversight of a company.
B) The audit committee oversees management who may be the subject of an audit report.
C) The audit committee includes board members and others with qualifications in accounting.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
68) Internal auditors who are employees of the organization must have no stake in or influence over the outcome of the business processes they are auditing. This principle is known as
A) assurance.
B) insight.
C) objectivity.
D) independence.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
69) Which of the following statements concerning internal audit departments is TRUE?
A) All companies are required to have an internal audit department.
B) Public companies listed on the New York Stock Exchanges are required to have an internal audit department.
C) Internal auditors report to the leader of the enterprise risk management team.
D) Internal auditors must be employed by the organization.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
70) A published set of specifications and criteria that assists companies in achieving objectives is a(n)
A) control.
B) framework.
C) assessment.
D) report.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
71) Frameworks
A) provide a set of instructions for a business to follow.
B) are often referred to as roadmaps for companies.
C) give an outline for companies to follow on how to approach a topic.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
72) What bill was passed by the U.S. government in 2002 to increase the liability of corporate leaders for companies' actions?
A) Sarbanes-Oxley Act
B) Enron Act
C) Risk Management Act
D) Financial Trust Act
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
73) The goal of the Sarbanes-Oxley Act of 2002 is to
A) protect the U.S. government from fraudulent acts committed by U.S. companies.
B) protect investors from fraud and other risks by improving the reliability and accuracy of financial statements.
C) protect companies from the U.S. government interfering in how they present financial statements.
D) protect investors from the risk of increased taxes impacting the financial statements of companies in which they are invested.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
74) The rules enacted with Sarbanes-Oxley (SOX) include which of the following?
A) SOX places the responsibility for financial reporting failures on the U.S. government.
B) SOX places the responsibility for financial reporting failures on the internal audit team.
C) SOX places the responsibility for control failures with managers of the company.
D) SOX places the responsibility for control failures with accountants of the company.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
75) Which of the following is an example of a regulatory control?
A) Internal controls
B) Segregation of duties
C) Maturity models
D) Sarbanes-Oxley Act
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
76) Compliance with the Sarbanes-Oxley Act is required for
A) U.S. publicly traded companies.
B) private companies planning their initial public offering.
C) foreign companies traded in or that do business in the United States.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
77) The Sarbanes-Oxley Act requires that chief executive and chief financial officers of firms are responsible for
A) the accuracy of financial statements.
B) overall internal control structure reports.
C) informing external auditors about issues or concerns.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
78) Which of the following is NOT a Sarbanes-Oxley (SOX) Act requirement?
A) An internal control report included in the annual financial statements
B) An external audit that includes a disclosure of internal control deficiencies
C) An internal audit report that confirms that management did not review financial statements before they were published
D) An external audit evaluates management's assessment of the effectiveness of the system of internal control.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
79) Which of the following is NOT a Sarbanes-Oxley (SOX) Act requirement?
A) Formal implementation of a maturity model
B) Ensuring that financial statements are reviewed by management
C) Formal data security policy that is communicated and enforced
D) Companies ensure the protection of all financial data in storage and use.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
80) Most publicly traded companies comply with Sarbanes-Oxley requirements by utilizing a framework from the
A) Securities and Exchange Commission.
B) Committee of Sponsoring Organizations.
C) Compliance and Sarbanes-Oxley Organization.
D) Company and Securities Organization.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
81) Which of the following statements concerning the COSO Internal Control Integrated Framework is TRUE?
A) COSO provides guidance for SOX compliance in the form of the Internal Control Integrated Framework.
B) The Internal Control Integrated Framework is a controls-based approach to risk management that is widely accepted.
C) The Internal Control Integrated Framework consists of control objectives and components and related principles.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
82) Internal Control Integrated Framework focuses on control objectives in these areas
A) internal audit, external audit, and management.
B) management, operations, and audit.
C) operations, compliance, and audit.
D) operations, reporting, and compliance.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
83) Operations objectives relate to the effectiveness and efficiency of an organization's
A) prevention of losses.
B) allocation of resources.
C) operation and financial performance.
D) All of these answer choices are correct.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
84) Jorge works in the accounting department of a public company. Jorge is tasked with preparing documentation of nonfinancial information for the company. In the COSO Internal Control Integrated Framework, where might Jorge look for guidance on how best to present the information?
A) Operations objectives section of the control objectives
B) Reporting objectives section of the control objectives
C) Compliance objectives section of the control objectives
D) Monitoring section of the control components
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
85) The key part of the COSO Internal Control Integrated Framework that functions as the steps to implement an effective system of internal control is referred to as the
A) control objectives.
B) control components.
C) framework objectives.
D) framework components.
Diff: 1
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
86) Which of the following is NOT one of the COSO Internal Control Integrated Framework control components?
A) Control environment
B) Risk assessment
C) Information and communication
D) Compliance objectives
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
87) Which COSO Internal Control Integrated Framework control component deals with the enforcement of accountability?
A) Control environment
B) Risk assessment
C) Information and communication
D) Monitoring
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
88) Which COSO Internal Control Integrated Framework control component deals with quality information and reporting?
A) Control environment
B) Risk assessment
C) Information and communication
D) Monitoring
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
89) Which COSO Internal Control Integrated Framework control component deals with the analysis of significant change?
A) Control environment
B) Risk assessment
C) Information and communication
D) Monitoring
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
90) Which of the following is the best definition of the COSO Cube?
A) The COSO Cube is a die rolled to determine which control component to execute for the day.
B) The COSO Cube is a diagram used to list control objectives for a firm.
C) The COSO Cube is a three-dimensional illustration of how management, internal audit, and external audit work together.
D) The COSO Cube is a three-dimensional illustration that depicts how all parts of the Internal Control Integrated Framework are related.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
91) Which of the following statements concerning the COSO Enterprise Risk Management Integrating with Strategy and Performance Framework is TRUE?
A) The 2017 release of the framework updated the framework to focus more on strategy and less on risk.
B) The 2017 release of the framework updated the framework to reflect the importance of risk management in strategic planning.
C) The 2017 release of the framework utilizes the COSO Cube to present and interpret the components.
D) The 2017 release of the framework includes four objectives and eight components for firms to reference in regard to risk management.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Systems and Process Management
92) Which of the following statements concerning the COSO Enterprise Risk Management Integrating with Strategy and Performance Framework is TRUE?
A) It embeds risk management throughout the organization as a prime responsibility of management and the board of directors.
B) It is more comprehensive than the COSO Internal Control Integrated Framework because it focuses on all types of risks.
C) Its principles apply to all functions across all levels of an organization.
D) All of these answer choices are correct.
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Systems and Process Management
93) Explain the time-based model of controls for technology attacks.
Diff: 2
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Systems and Process Management
94) Akiko works as an accounts payable manager for True Steel. Explain why True Steel's management has the information system set to prohibit Akiko from inputting data into the system?
Diff: 3
Learning Objective: 3.1 Distinguish among the three functions of internal controls.
Section Reference: How Do Internal Controls Mitigate Risk?
AACSB: Analytic
Bloom's: Evaluation
AICPA: AC: Systems and Process Management
95) Draw a diagram that accurately depicts how a control is classified based on its function, location, and implementation.
Diff: 2
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
96) Caio Computers implemented additional functionality in their accounting information system to perform a three-way match on transactions. Classify this control based on function, location, and implementation, and explain your reasoning.
Diff: 3
Learning Objective: 3.2 Characterize a control by its location and implementation method.
Section Reference: How Are Controls Classified?
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Systems and Process Management
97) Describe the reporting relationship between internal audit and the organization.
Diff: 2
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Systems and Process Management
98) Diagram the three lines of defense to protect organizations against risk. Include the roles of each line of defense.
Diff: 3
Learning Objective: 3.3 Explain the three lines of defense to ensure the effectiveness of internal controls.
Section Reference: How Do We Assess Internal Controls?
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Systems and Process Management
99) Why would a company that is NOT required to comply with the Sarbanes-Oxley (SOX) Act regulations still do so voluntarily?
Diff: 2
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
100) Numerical Technology (NT) hired your accounting and consulting firm to review and recommend changes to prepare NT to move toward an initial public offering (IPO). Your review suggests that NT could utilize a framework to add structure to their risk management approach. Which framework will you recommend to NT and why?
Diff: 3
Learning Objective: 3.4 Describe the importance of frameworks in an internal control environment.
Section Reference: Why Are Internal Control Frameworks Important?
AACSB: Analytic
Bloom's: Evaluation
AICPA: AC: Systems and Process Management
© 2022 John Wiley & Sons, Inc. All rights reserved. Instructors who are authorized users of this course are permitted to download these materials and use them in connection with the course. Except as permitted herein or by law, no part of these materials should be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise.