Chapter 7 – ‘Control and AIS’ Flashcards

1
Q
  1. COSO identified five interrelated components of internal control.
    Which of the following is NOT one of those five? 
    a. risk assessment  
    b. internal control policies
    c. monitoring
    d. information and communication
A

b. internal control policies (Correct. Internal control policies are NOT one of
COSO’s five components of internal control. However, control environment
and control activities are two of the five internal control framework
components.) 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
2. In the ERM model, COSO specified four types of objectives that
management must meet to achieve company goals. Which of the following
is NOT one of those types?
a. responsibility objectives 
b. strategic objectives 
c. compliance objectives
d. reporting objectives 
e. operations objectives
A

a. responsibility objectives (Correct. Responsibility objectives are NOT one of
the objevtives in COSO’s ERM model.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which of the following statements is true? 
    a. COSO’s enterprise risk management framework is narrow in scope and is
    limited to financial controls.
    b. COSO’s internal control integrated framework has been widely accepted as
    the authority on internal controls.
    c. The Foreign Corrupt Practices Act had no impact on internal accounting
    control systems.
    d. It is easier to add controls to an already designed system than to include
    them during the initial design stage.
A

b. COSO’s internal control integrated framework has been widely accepted as
the authority on internal controls. (Correct. The internal control integrated
framework is the accepted authority on internal controls and is incorporated
into policies, rules, and regulations that are used to control business
activities.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. All other things being equal, which of the following is true?
    a. Detective controls are superior to preventive controls.
    b. Corrective controls are superior to preventive controls.
    c. Preventive controls are equivalent to detective controls.
    d. Preventive controls are superior to detective controls.
A

d. Preventive controls are superior to detective controls. (Correct. With
respect to controls, it is always of utmost importance to prevent errors from
occurring.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following statements about the control environment is
    false? 
    a. Management’s attitudes toward internal control and ethical behavior have
    little impact on employee beliefs or actions.
    b. An overly complex or unclear organizational structure may be indicative of
    problems that are more serious.
    c. A written policy and procedures manual is an important tool for assigning
    authority and responsibility.
    d. Supervision is especially important in organizations that cannot afford
    elaborate responsibility reporting or are too small to have an adequate
    separation of duties.
A

a. Management’s attitudes toward internal control and ethical behavior have
little impact on employee beliefs or actions. (Correct. This statement is false.
Management’s atti- tude toward internal control is critical to the
organization’s effectiveness and success. They set the “tone at the top” that
other employees follow.) 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. To achieve effective segregation of duties, certain functions must be
    separated. Which of the following is the correct listing of the accountingrelated
    functions that must be segregated?  
    a. control, recording, and monitoring
    b. authorization, recording, and custody
    c. control, custody, and authorization
    d. monitoring, recording, and planning
A

b. authorization, recording, and custody (Correct. See Figure 7-5.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following is NOT an independent check?  
    a. bank reconciliation
    b. periodic comparison of subsidiary ledger totals to control accounts

c. trial balance
d. re-adding the total of a batch of invoices and comparing it with your first
total

A

d. re-adding the total of a batch of invoices and comparing it with your first
total (Correct. One person performing the same procedure twice using the
same documents, such as re-adding invoice batch totals, is not an independent
check because it does not involve a second person, a second set of documents
or records, or a second process.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following is a control procedure relating to both the design
    and the use of documents and records?
    a. locking blank checks in a drawer
    b. reconciling the bank account
    c. sequentially prenumbering sales invoices
    d. comparing actual physical quantities with recorded amounts
A

c. sequentially prenumbering sales invoices (Correct. Designing documents so
that they are sequentially prenumbered and then using them in order is a
control procedure relat- ing to both the design and the use of documents.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following is the correct order of the risk assessment steps
    discussed in this chapter?
    a. Identify threats, estimate risk and exposure, identify controls, and estimate
    costs and benefits.
    b. Identify controls, estimate risk and exposure, identify threats, and estimate
    costs and benefits.
    c. Estimate risk and exposure, identify controls, identify threats, and estimate
    costs and benefits.
    d. Estimate costs and benefits, identify threats, identify controls, and estimate
    risk and exposure.
A

a. Identify threats, estimate risk and exposure, identify controls, and estimate
costs and benefits. (Correct. See Figure 7-4.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Your current system is deemed to be 90% reliable. A major threat has
    been identified with an impact of $3,000,000. Two control procedures exist
    to deal with the threat. Implemen- tation of control A would cost $100,000
    and reduce the likelihood to 6%. Implementation of control B would cost
    $140,000 and reduce the likelihood to 4%. Implementation of both
    controls would cost $220,000 and reduce the likelihood to 2%. Given the
    data, and based solely on an economic analysis of costs and benefits, what
    should you do?
    a. Implement control A only.
    b. Implement control B only.
    c. Implement both controls A and B.
    d. Implement neither control.
A

b. Implement control B only. (Correct. Control procedure B provides a net
benefit of $40,000. Procedure A and the combination of A and B provide a
benefit of only $20,000.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly