CHAPTER 7 Control and Accounting Information Systems Flashcards
- Verifying the validity of credit or debit card numbers during an online transaction is an example of
a. detective controls.
b. preventive controls.
c. application controls.
d. general controls.
c. application controls. [Correct. Controls that prevent, detect, and correct transaction errors
and fraud in application programs.]
- In the ERM model, COSO specified four types of objectives that management must meet to achieve company goals. Which of the following is NOT one of those types?
a. responsibility objectives
b. strategic objectives
c. compliance objectives
d. reporting objectives
e. operations objectives
a. responsibility objectives (Correct. Responsibility objectives are NOT one of the objectives
in COSO’s ERM model.)
- Which of the following statements is true?
a. COSO’s enterprise risk management framework is narrow in scope and is limited to
financial controls.
b. COSO’s internal control integrated framework has been widely accepted as the authority on internal controls.
c. The Foreign Corrupt Practices Act had no impact on internal accounting control systems.
d. It is easier to add controls to an already designed system than to include them during
the initial design stage.
b. COSO’s internal control integrated framework has been widely accepted as the authority
on internal controls. (Correct. The internal control integrated framework is the
accepted authority on internal controls and is incorporated into policies, rules, and regulations
that are used to control business activities.)
- All other things being equal, which of the following is true?
a. Detective controls are superior to preventive controls.
b. Corrective controls are superior to preventive controls.
c. Preventive controls are equivalent to detective controls.
d. Preventive controls are superior to detective controls.
d. Preventive controls are superior to detective controls. (Correct. With respect to controls,
it is always of utmost importance to prevent errors from occurring.)
- Which of the following statements about the control environment is false?
a. Management’s attitudes toward internal control and ethical behavior have little impact on employee beliefs or actions.
b. An overly complex or unclear organizational structure may be indicative of problems that are more serious.
c. A written policy and procedures manual is an important tool for assigning authority and responsibility.
d. Supervision is especially important in organizations that cannot afford elaborate responsibility
reporting or are too small to have an adequate separation of duties.
a. Management’s attitudes toward internal control and ethical behavior have little impact
on employee beliefs or actions. (Correct. This statement is false. Management’s attitude
toward internal control is critical to the organization’s effectiveness and success.
They set the “tone at the top” that other employees follow.)
- To achieve effective segregation of duties, certain functions must be separated. Which of the following is the correct listing of the accounting-related functions that must be segregated?
a. control, recording, and monitoring
b. authorization, recording, and custody
c. control, custody, and authorization
d. monitoring, recording, and planning
b. authorization, recording, and custody (Correct. See Figure 7-5.)
- Which of the following is NOT an independent check?
a. bank reconciliation
b. periodic comparison of subsidiary ledger totals to control accounts
c. trial balance
d. re-adding the total of a batch of invoices and comparing it with your first total
d. re-adding the total of a batch of invoices and comparing it with your first total (Correct.
One person performing the same procedure twice using the same documents, such as
re-adding invoice batch totals, is not an independent check because it does not involve
a second person, a second set of documents or records, or a second process.)
- Which of the following is a control procedure relating to both the design and the use of documents and records?
a. locking blank checks in a drawer
b. reconciling the bank account
c. sequentially prenumbering sales invoices
d. comparing actual physical quantities with recorded amounts
c. sequentially prenumbering sales invoices (Correct. Designing documents so that they
are sequentially prenumbered and then using them in order is a control procedure relating
to both the design and the use of documents.)
- Which of the following is the correct order of the risk assessment steps discussed in this chapter?
a. Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits.
b. Identify controls, estimate risk and exposure, identify threats, and estimate costs and benefits.
c. Estimate risk and exposure, identify controls, identify threats, and estimate costs and benefits.
d. Estimate costs and benefits, identify threats, identify controls, and estimate risk and exposure.
a. Identify threats, estimate risk and exposure, identify controls, and estimate costs and
benefits. (Correct. See Figure 7-4.)
- Your current system is deemed to be 90% reliable. A major threat has been identified with an impact of $3,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost $100,000 and reduce the likelihood to 6%. Implementation of control B would cost $140,000 and reduce the likelihood to 4%. Implementation of
both controls would cost $220,000 and reduce the likelihood to 2%. Given the data, and based solely on an economic analysis of costs and benefits, what should you do?
a. Implement control A only.
b. Implement control B only.
c. Implement both controls A and B.
d. Implement neither control.
b. Implement control B only. (Correct. Control procedure B provides a net benefit of
$40,000. Procedure A and the combination of A and B provide a benefit of only
$20,000.)
