exam 2

Question 1

A scheme where the perpetrator steals the cash or check that customer A mails in to pay its accounts receivable, then the perpetrator takes the funds from customer B to later cover that account. And so on with customer C.

Answer 1

Lapping

Question 2

Which of the following creates an environment where computer fraud is less likely to occur?

Answer 2

Increase the penalties for committing fraud.

Question 3

Kitting is a scheme in which:

Answer 3

Insufficient funds are covered up by deposits made at one bank by checks drawn at another bank.

Question 4

Which of the following is not part of the fraud triangle?

Answer 4

All are part of the fraud triangle.

Question 5

In order for an act to be legally considered fraud it must be all of the following except

Answer 5

No intent to deceive

Question 6

According to Statement on Auditing Standards No. 99 (SAS 99) an auditor should do all of the following except:

Answer 6

Acquire malpractice insurance in case the auditor does not detect actual fraud during the audit.

Question 7

According to the opportunity part of the fraud triangle, a person may do all of the following acts except:

Answer 7

Control the fraud.

Question 8

Which of the following pressures are classified as Management Characteristics that can lead to financial statement fraud?

Answer 8

High management and/or employee turnover

Question 9

All of the following are classifications of computer fraud except:

Answer 9

Reconciliation fraud.

Question 10

Which of the following actions are used to reduce fraud loss after fraud occurs?

Answer 10

Maintain adequate insurance.

Question 11

Which of the following is considered a financial pressure (as opposed to emotional or lifestyle pressures) that can lead to employee fraud?

Answer 11

Poor credit ratings

Question 12

There are many threats to accounting information systems. Which of the following is an example of an Intentional Act?

Answer 12

Computer Fraud

Question 13

A computer crime that involves attacking phone lines is:

Answer 13

phreaking.

Question 14

Hackers use all of the following techniques except:

Answer 14

war driving.

Question 15

Social engineering is most likely to facilitate what type of computer fraud?

Answer 15

identity theft

Question 16

The computer crime of piggybacking

Answer 16

can involve the clandestine use of another user’s WIFI

Question 17

A network of computers used in a denial-of-service (DoS) attack is called a(n):

Answer 17

botnet

Question 18

Time bombs are most likely planted in an information system by:

Answer 18

disgruntled computer programmers

Question 19

Spyware infections came from:

Answer 19

all of the above

Question 20

Which of the following is not a characteristic of computer viruses?

Answer 20

They are easy to detect and destroy.

Question 21

Which of the following is known as a zero-day attack?

Answer 21

an attack between the time a new software vulnerability is discovered and the time a patch for fixing the problem is released

Question 22

Which of the following is a method used to embezzle money a small amount at a time from many different accounts?

Answer 22

Salami technique

Question 23

Which of the following is not a method that is used for identity theft?

Answer 23

spamming

Question 24

A computer fraud and abuse technique that steals information, trade secrets, and intellectual property.

Answer 24

economic espionage

Question 25

The Sarbanes Oxley Act is the most important business-oriented legislation in the past 80 years. Which of the following are elements of the Sarbanes Oxley Act?

Answer 25

All of the above

Question 26

After the Sarbanes Oxley Act (SOX) was passed, the Securities and Exchange Commission (SEC) required management to do which of the following:

Answer 26

report material internal control weaknesses

Question 27

Which of the following system(s) compares actual performance with planned performance?

Answer 27

diagnostic control system

Question 28

Which of the following is (are) a component(s) of COSO's internal control model?

Answer 28

all of the above

Question 29

What is (are) a principle(s) behind enterprise risk management (ERM)?

Answer 29

all of the above

Question 30

General authorization is different from specific authorization. With general authorization an employee in the proper functional area can:

Answer 30

all of the above

Question 31

The ERM model includes an element called Risk Response. According to that element, which of the following is an appropriate way to respond to risk?

Answer 31

Share the risk with another

Question 32

What is an assumption underlying the valuation of internal controls?

Answer 32

The internal control should at least provide reasonable assurance that control problems do not develop

Question 33

Which functions should be segregated?

Answer 33

all of the above

Question 34

Which of the following is not a principle applicable to project development and acquisition controls?

Answer 34

network management

Question 35

According to sound internal control concepts, which of the following systems duties should be segregated?

Answer 35

Answers 1 and 2 are correct

Question 36

Which of the following are internal control functions?

Answer 36

all of the above are internal control functions

Question 37

Component 1

Answer 37

Control Environment

Question 38

The organization demonstrates a commitment to _____ and ______ _______.

Answer 38

integrity; ethical values

Question 39

The board of directors demonstrates ________ from management and ________ ________ of the development and performance of internal control.

Answer 39

independence; exercises oversight

Question 40

_________ establishes, with ______ oversight, structures, reporting lines, and appropriate authorities and responsibilities in the _______ __ _________.

Answer 40

Management; board; pursuit of objectives

Question 41

The organization demonstrates a commitment to attract, develop, and retain _______ ________ in alignment with objectives.

Answer 41

competent individuals

Question 42

The organization _______ ________ ________ for their internal control responsibilities in the pursuit of objectives.

Answer 42

holds individuals accountable

Question 43

Component 2

Answer 43

Risk Assessment

Question 44

The organization specifies _________ with ________ ________ to enable the identification and assessment of risks relating to objectives.

Answer 44

objectives; sufficient clarity

Question 45

The organization _______ _______ to the achievement of its objectives across the entity and ________ _____ as a basis for determining how the risks should be managed.

Answer 45

identifies risks; analyzes risks

Question 46

The organization considers the _______ ____ _______ in assessing risks to the achievement of objectives.

Answer 46

potential for fraud

Question 47

The organization _______ and _______ _______ that could significantly impact the system of internal control.

Answer 47

identifies; assesses changes

Question 48

Component 3

Answer 48

Control Activities

Question 49

The organization selects and develops _____ ______ that contribute to the mitigation of risks to the achievement of objectives to _______ ______.

Answer 49

control activities; acceptable levels

Question 50

The organization selects and develops general ______ _______ over _______ to support the achievement of objectives.

Answer 50

control activities; technology

Question 51

The organization deploys ______ _____ through _____ that establish what is expected and _____ that put policies into action.

Answer 51

control activities; policies; procedures

Question 52

Component 4

Answer 52

Information and Communication

Question 53

The organization obtains or generates and uses ______, _______ ________ to support the functioning of internal control.

Answer 53

relevant; quality information

Question 54

The organization _______ __________ _______, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.

Answer 54

internally communicates information

Question 55

The organization ______ with _______ _______ regarding matters affecting the functioning of internal control.

Answer 55

communicates; external parties

Question 56

Component 5

Answer 56

Monitoring Activities

Question 57

The organization selects, develops, and performs ongoing and/or separate _______ to ascertain whether the _____ of internal control are present and functioning.

Answer 57

evaluations; components

Question 58

The organization _____ and ________ internal control ________ in a timely manner to those participants responsible for taking corrective action, including senior management and the board of directors, as appropriate.

Answer 58

evaluates; communicates; deficiencies