Ch. 1

Question 1

According to the Sarbanes-Oxley Act of 2002, an issuer must disclose whether or not it has adopted a code of ethics to who?

Given: all employees, senior financial officers, audit committee or audit staff

Answer 1

senior financial officers only

Question 2

Who is the person ultimately responsible for enterprise risk management within a company?

Who provides oversight of an entity’s enterprise risk management?

Answer 2

The chief executive officer CEO

The BOD

Question 3

According to COSO, what provides the strongest mechanism for monitoring control in this new foreign venture?

Answer 3

An internal audit is being performed

Question 4

Expected value is most useful when risk is being prioritized.

What is the formula?

Answer 4

sum of the outcomes (payoff) of each event
x
the probability of each event occurring
= Expected value

Question 5

Control activities specifically mentioned by COSO is top-level reviews. What is top-level review? Name an example.

Answer 5

periodic reviews and analyses of actual results versus
benchmarks such as organizational goals or plans, metrics, and other key performance indicators

example is a comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved

Question 6

The audit committee is tasked with receiving and resolving what?

Answer 6

Confidential and anonymous complaints from employees

Question 7

The issuer must provide the audit committee with the authority and resources to do what?

Answer 7

Engage outside advisors

Question 8

What does the independent auditor handle?

Answer 8

Legal challenges of executive salaries

All exemptions to auditing procedures performed via confirmation

All feedback from SEC 10-k questionnaires

Question 9

What is a problem with decentralization?

Answer 9

There may be a duplication of resources in each division.
When a company is decentralized, significant responsibility is delegated to lower-level managers. Some work is duplicated, creating additional costs. Additionally, goal congruence is more difficult to achieve. However, response times are usually faster, and managers are more motivated as they have more control.

Question 10

In larger firms, controls over activities should be _________, as compared to a small firm where controls can be __________ with a more involved owner/operator.

Answer 10

decentralized as is authority; centralized

A larger firm with more employees can decentralize and achieve segregation of duties. Controls should follow that decentralized authority. In a small firm, the owner will be able to authorize all or almost all transactions; it is a more centralized environment.

Question 11

Risk is represented by events. Events provide risk through uncertainty. Which type(s) of uncertainty is commonly present in the risk of events?

Answer 11

Both probability and size of each occurrence

Each event is uncertain as to occurrence, but a probability or likelihood may be found or estimated. Each event will likewise represent an estimated loss. After identifying the risk, the significance of the risk is analyzed and assessed, and management will determine how best to respond to the risk.

Question 12

The comparison of budgets to actual results, relating operating and financial data together, and evaluating functional performance are activities found under which internal control component? use CRIME

Answer 12

**control activities.
are the policies and procedures that help ensure that management directives are carried out. The organization should develop activities to mitigate identified risks; comparing budget to actual results to discover anomalies worthy of investigation can aid in the detection of risks that threaten the achievement of the entity’s objectives.

Question 13

Achieving the internal control system objective of reliable financial reporting would seem to be supported by ensuring that all processed transactions are valid and that all valid transactions are processed. The internal control component found under which internal control component? use CRIME

Answer 13

**information and communication.

Question 14

A company’s internal controls are established to provide protection for the company’s assets as well as to detect fraud. It is an internal control that allows for a firm’s resources to be properly:

Answer 14

properly used,
monitored, and
measured.

Question 15

What is a COSO-encouraged way to help an agent determine if a gift was acceptance?

Answer 15

include a general statement in a code of behavior and include a list of frequently asked questions (FAQs) that would interpret gray areas.

Question 16

What does monitoring include?

Answer 16

conducting ongoing
separate evaluations
evaluating and communicating deficiencies.

Question 17

According to COSO, the difference between inherent risk and residual risk arises because of management’s:

Answer 17

ACTIONS to reduce the INHERENT risk.

Question 18

In small organizations with few managers, a code of ethical conduct might be:

Answer 18

brief and then supported by management instructions when situations arise.

Question 19

A financial transaction control allows a firm to do what?

Answer 19

Monitor and measure its resources

Question 20

The Enterprise Risk Management—Integrated Framework of the Committee of Sponsoring Organizations (COSO) is best defined as a:

Answer 20

A process effected by an entity’s board of directors, management, and other personnel.

the board of directors has overall responsibility for managing enterprise risk and can delegate parts of the process to entity personnel.

Question 21

According to the 2004 COSO enterprise risk management (ERM) framework, uncertainty in enterprise risk management refers to:

Answer 21

the state of not knowing how or if potential events may manifest.

Question 22

The four categories of entity objectives in the enterprise risk management framework are:

Answer 22

1. strategic (high-level goals, aligned with and supporting the entity’s mission),
2. operations (effective and efficient use of its resources)

Question 23

COSO issued an update to the 2004 ERM framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance, which focuses on the importance of considering risk in both the strategy-setting process and in driving performance. Which of the following does the 2017 framework not address?

Answer 23

Ensures compliance with laws, rules, and regulations

Question 24

Enterprise risk management is a process designed to (among other things) to do what 4 things?

Answer 24

1. manage risk to be within its risk appetite, not increase or decrease it.
2. encompasses enhancing risk response decisions,
3. improving deployment of capital, and
4. seizing opportunities.

Question 25

Periodically, an independent employee or supervisor will compare sales records to cash receipts to determine if it is likely that all sales have been received in some form and properly recorded. This activity is an example of a control activity that has elements of which control type(s)?

Answer 25

Preventive, detective, and corrective

Question 26

During a period when an enterprise is under the direction of a particular management, its financial statements will directly provide information about:

Answer 26

enterprise performance but not directly provide information about management performance.

Financial statements provide direct information about enterprise performance because the primary focus of the statements is to provide information about the financial performance of that enterprise by providing information about earnings.

Question 27

Not all parts of an internal control system relate to achieving control over financial aspects of an organization. An example of nonfinancial goals would be to achieve:

Answer 27

efficiency and effectiveness.

Both efficiency and effectiveness are nonfinancial in nature

Question 28

When a barcode scanner malfunctions or an item is scanned twice, one item’s sale must be removed to correct the error. This usually requires a supervisor’s passcode or key to be applied to the checkout terminal or cash register. This control activity can best be described as which type of control?

Answer 28

Preventive

It is not detective or corrective.

Question 29

Typical cost objects are pizza, purchase order and children clothing. What is not a cost object?

Answer 29

A packaging machine for the company’s products

Under activity-based costing (ABC), products (cost objects) result from activities; those activities consume resources. Resource costs are accumulated in cost pools, and those costs are then allocated to cost objects on the basis of the relative amount of the particular activities consumed to produce the particular product. Cost objects are products, services, jobs, and divisions for which costs are accumulated.

A packaging machine is a cost generator for depreciation and maintenance. The costs of a machine need to be allocated to cost objects. The cost related to the machine is likely part of a cost pool.

Question 30

Which of the following is a component of the learning and growth perspective?

Answer 30

The balanced scorecard is a strategic planning and management tool, used extensively in business and industry to align business activities with the vision and strategy of the organization, improve internal and external communications, and monitor organizational performance against strategic goals.

The balanced scorecard views an organization from four perspectives, one of which is learning and growth. This perspective forms the foundation of all knowledge-worker organizations and includes employee morale and satisfaction, employee turnover, product life cycle, timing of new products to market when compared to their competitors, and management and employee training opportunities.

Question 31

When a company actively monitors a foreign country’s political events whenever a supply chain disruption occurs within the country that exceeds 90 days, the company is following which risk-response strategy?

Answer 31

Accept

By taking no action and only monitoring the situation, it is acceptance.

Question 32

Performance component of ERM does what?

Answer 32

Identify and assess risks that may impact the achievement of strategy and business objectives

Question 33

governance and culture component of ERM does what?

Answer 33

sets the organization’s tone, reinforcing the importance of and establishing oversight responsibilities for enterprise risk management (ERM)

Question 34

The information, communication, and reporting component of ERM does what?

Answer 34

provides a continual process of obtaining and sharing necessary information, from both internal and external sources.

Question 35

The review and revision component of ERM does what?

Answer 35

assists the entity in determining how well the ERM components are functioning over time.

Question 36

The four categories of entity objectives in the enterprise risk management framework are:

Answer 36

1. strategic (high-level goals, aligned with and supporting the entity’s mission),
2. operations (effective and efficient use of its resources),
3. reporting (reliability of reporting), and
4. compliance (compliance with applicable laws and regulations).
   The actual implementation of internal controls is not one of the entity objectives.

Question 37

Improving resource deployment is

Answer 37

one of the benefits that can be achieved when entities integrate ERM throughout the organization; it is not one of the oversight responsibilities of the BOD.