Chapter 7

Question 1

why are threats to accounting information systems increasing

Answer 1

Many companies do not realize that data security is crucial to their survival

Question 2

a control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a

Answer 2

preventative control

Question 3

Identify the preventative control

Answer 3

a) reconciling the bank statement to the cash control account
b) approving customer credit prior to approving a sales order
c) maintaining frequent backup records to prevent loss of data
d) counting inventory on hand and comparing counts to the perpetual inventory records

B

Question 4

according to Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for

Answer 4

hiring and firing external auditors

Question 5

what measures can be taken to protect a company from AIS threats

Answer 5

1. take a proactive approach to eliminate threats
2. detect threats that do occur
3. correct and recover from threats that do occur

Question 6

Internal control is often referred as what, because it permeates an organization’s operating activities and is an integral part of management activities

Answer 6

process

Question 7

duplicate checking of calculations is an example of what kind of control

Answer 7

detective

Question 8

procedures to resubmit rejected transactions are an example of what kind of control

Answer 8

corrective

Question 9

which type of control is associated with making sure an organization’s control environment is stable

Answer 9

general

Question 10

which type of control prevents, detects, and corrects transaction errors and fraud

Answer 10

application

Question 11

the primary purpose of the Foreign Corrupt Practices Act of 1977 was

Answer 11

to prevent the bribery of foreign officials by American companies

Question 12

What was not an important change introduced by the Sarbanes-Oxley Act of 2002

Answer 12

new rules for information systems development

Question 13

measures company progress by comparing actual performance to planned performance

Answer 13

diagnostic control system

Question 14

helps top level managers with high level activities that demand frequent and regular attention

Answer 14

interactive control system

Question 15

Sarbanes-Oxley Act applies to whom

Answer 15

all publicly traded companies

Question 16

measures, monitors, and compares actual company progress to budgets and performance goals

Answer 16

diagnostic control system

Question 17

describes how a company creates value, helps employees understand management’s vision, communicates company core values, and inspires employees to live by those rules

Answer 17

belief system

Question 18

helps employees act ethically by setting boundaries on employee behavior

Answer 18

boundary system

Question 19

helps managers to focus subordinates’ attention on key strategic issues and to be more involved in their decisions

Answer 19

interactive control system

Question 20

COSO framework that improves the risk management process by expanding COSO’s Internal Control–Integrated

Answer 20

Enterprise Risk Management (ERM)

Question 21

which of the following is not a component of COSO ERM

Answer 21

a) monitoring
b) control environment
c) risk assessment
d) compliance with federal, state, or local laws

D

Question 22

The COSO Enterprise Risk Management Integrated Framework stresses that

Answer 22

risk management activities are an inherent part of all business operations and should be considering during strategy setting

Question 23

T or F: the COSO ERM contains all five of the same COSO Integrated Framework components

Answer 23

TRUE

Question 24

how many principles are in the updated COSO integrated framework

Answer 24

17

Question 25

how many principles are in the updated COSO integrated framework

Answer 25

17

Question 26

Why was COSO integrated control framework updating in 2013 from 1992

Answer 26

to more effectively address technological advancements

Question 27

COBIT 5 key principles

Answer 27

1. Meeting Stakeholder needs
2. Covering the enterprise end-to-end
3. Applying a single, integrated framework
4. Enabling a holistic approach
5. Separating governance from management

Question 28

COBIT 5 framework primarily relates to

Answer 28

best practices and effective governance and management of organizational assets

Question 29

Applying COBIT 5 framework governance is the responsibility of

Answer 29

the board of directors

Question 30

applying the COBIT 5 framework monitoring is the responsibility of

Answer 30

CEO, CFO, and board of directors

Question 31

what is not a factor of internal environment according to the COSO ERM framework

Answer 31

analyzing past financial performance and reporting

Question 32

the audit committee of the board of directors

Answer 32

provides checks and balances on management

Question 33

reducing management layers, creating self directed work teams, and emphasizing continuous improvement are all related to which aspect of internal enviornment

Answer 33

organizational structure

Question 34

the SEC and FASB are best described as external influences that directly affect an organization’s

Answer 34

internal environment

Question 35

an attribute that is not apart of the COSO ERM framework internal environment is

Answer 35

restricting access to assets

Question 36

according to ERM, these help the company address all applicable laws and regulations

Answer 36

compliance objectives

Question 37

using the COSO definition of an event, and event repressents

Answer 37

uncertainty

Question 38

using the COSO definition of an event, and event repressents

Answer 38

uncertainty

Question 39

is not a risk response identified in the COSO ERM framework

Answer 39

Monitoring

Question 40

a publicly traded company were three best friends serve as its key officers

Answer 40

increases the risk associated with an audit

Question 41

how is expected loss calculated

Answer 41

Impact X likelihood

Question 42

According to COSO ERM framework he risk assessment process does not include

Answer 42

reporting potential risks to auditors

Question 43

independent checks on performance do not include

Answer 43

data input validation checks

Question 44

one of the key objectives of segregating duties is to

Answer 44

make sure that different people handle different parts of the same transaction

Question 45

approving accounting software change requests and testing production scheduling software changes

Answer 45

is an example of coupling duties that do not violate the segregation of duties

Question 46

a document that shows all projects that must be completed and the related IT needs in order to achieve long range company goals is known as a

Answer 46

strategic master plan

Question 47

this is created to guide and oversee systems development and acquisition

Answer 47

steering committee

Question 48

shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates

Answer 48

project development plan

Question 49

which component of the COSO ERM integrated framework is concerned with understanding how transactions are initiated, data are captured and processed, and information reported

Answer 49

information and communication

Question 50

COSO requires that any internal deficiencies identified through monitoring be reported to whom

Answer 50

the board of directors

Question 51

to ensure compliance with copyrights and to protect itself from software piracy lawsuits, companies should

Answer 51

periodically conduct software audits

Question 52

something not monitored by a responsibility accounting system

Answer 52

vendor analysis

Question 53

budgets quotas and quality standards

Answer 53

are monitored by a responsibility accounting system