P1SE Internal Controls Flashcards
Which one of the following tasks is least likely to be undertaken in the implementation phase of an accounting software application?
A. Enter and verify test data.
B. Obtain and install hardware.
C. Identify inputs and outputs.
D. Document user procedures.
C. Identify inputs and outputs
Ensuring an effective systems/program development process includes the following steps as per System Development Life Cycle:
-Systems analysis
-Systems design
-Systems implementation
-Systems evaluation and maintenance
During implementation, the new system is integrated with the current operations. It can be a phased-in implementation or a complete replacement.
Entering and verifying test data, obtaining, and installing hardware and documenting user procedures are all steps undertaken during implementation.
The identification of inputs and outputs must occur well before implementation. Inputs and outputs of the current system are identified during systems analysis, while inputs and outputs of the new system are developed during the design phase.
Which of the following statements is correct regarding information technology governance?
A. A primary goal of IT governance is to balance risk versus return over IT and its processes
B. IT governance is an appropriate issue for organizations at the level of the board of directors only
C. IT goals should be independent of strategic goals
D. IT governance requires that the Control Objectives for Information and related Technology (COBIT) framework be adopted and implemented
A. A primary goal of IT governance is to balance risk versus return over IT and its processes
IT governance is a framework that ensures your organization’s IT infrastructure supports and enables the achievement of its corporate strategies and objectives. It provides a structure for aligning IT strategy with business strategy.
By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. A formal program also takes stakeholders’ interests into account, as well as the needs of staff and the processes they follow.
In the big picture, IT governance is an integral part of overall enterprise governance. The primary goal of IT governance is to balance risk versus return over IT and its processes.
IT governance is an appropriate issue for organizations at all levels of organizations.IT goals should be aligned with strategic goals.
COBIT is a globally accepted framework for the governance and management of enterprise IT. COBIT provides globally accepted principles, analytical tools and models to increase trust in information systems, as well as add value. It is a best practices framework that all IT companies should adopt. It is not a requirement.
Pursuant to the Sarbanes-Oxley Act of 2002, an accountant who destroys documents to impede an investigation by a U.S. agency can be
a. suspended or barred from being associated with a registered public accounting firm or be required to end such association
b. temporarily or permanently limited on the activities, functions or operations conducted on behalf of a registered public accounting firm
c. fined and/or imprisoned not more than 20 years
d. fined and/or imprisoned not more than 10 years
c. fined and/or imprisoned not more than 20 years
Section 802 of the Sarbanes-Oxley Act of 2002 prohibits a person from knowingly destroying, mutilating or concealing records or documents to impede or influence the investigation of any department or agency of the United States.
The penalty is a fine or imprisonment for not more than 20 years or both. This section also imposes penalties of fines and/or imprisonment up to 10 years on any accountant who knowingly and willfully violates the requirements of maintenance of all audit or review papers for a period of 5 years.
A clerk entered information regarding a new employee’s home address, but unintentionally omitted a city from the mailing address. The best control to be detect this omission is a
a. batch total
b. completeness test
c. hash total
d. limit or reasonableness test
b. completeness test
A completeness test confirms that all required data fields are present before accepting the transaction for processing. Frequently, the system is programmed to notify the user as to which element is missing.
A batch total is the total of one element in several different records.
A hash total is also the total of one elements in several different records, except that a hash total has no meaning except as a control total such as the total of social security numbers might be checked from one payroll to another.
A limit or reasonableness test confirms information against established limits.
Which of the following sets of duties would not be performed by a single individual in a company with the most effective segregation of duties in place?
a. posting accounts payable transactions and entering additions and terminations to payroll
b. Having custody of signed checks yet to be mailed and maintaining depreciation schedules
c. Approving sales returns on customers’ accounts and depositing customers’ checks in the bank
d. Preparing monthly customer statements and maintaining the accounts payable subsidiary ledger
c. Approving sales returns on customers’ accounts and depositing customers’ checks in the bank
If a single person handles both the approvals of sales returns as well the deposits of checks in the banks, there is a high chance that he may post a false sales return on account of a customer and process the refund in his own bank. Moreover, the chance of colluding with a customer to conduct fraud is also very high.
Which of the following tasks would be included in a document flowchart for processing cash receipts?
a. compare control and remittance totals
b. record returns and allowances
c. authorize and generate an invoice
d. authorize and generate a voucher
a. compare control and remittance totals
Comparing control and remittance totals would be included in a document flowchart for processing cash receipts. An example would be comparing a batch total to the calculated amount that accounts receivable has decreased when processing cash receipts.
Recording returns and allowances, authorizing and generating an invoice, and authorizing and generating a voucher are not part of processing cash receipts and would not be shown on this document flowchart.
All the following are examples of encryption techniques used for computer security except
a. public key
b. private key
c. primary key
d. authentication key
c. primary key
Encryption technology converts data into a code. Unauthorized user may still be able to access the data but without the encryption key, they will be unable to decode the information.
Two major types of encryption software exist: public key and private key.
An example of authentication is assigning each user a unique identification and password. Not even information security personnel should be able to view unencrypted passwords.
Primary key is the unique field any data.
Which of the following is not identified as a function that must be segregated from the other duties for sound internal control?
a. Authorization to purchase assets
b. Record keeping of assets
c. Maintaining custody of assets
D. Marketing for the sale of assets
D. Marketing for the sale of assets
Incompatible functions place a person in the position to both perpetrate and conceal errors or fraud in the normal course of her/his duties. A well-designed plan of internal control separates the duties of authorization, record keeping, and custody of assets.
A person who markets the sale of assets also could perform any one of the other three duties and still have difficulty both perpetrating and concealing errors and fraud.
Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage?
a. having the supervisor of the data entry clerk verify that each employee’s hours worked are correctly entered into the system
b. Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register
c. Giving payroll data entry clerk the ability to change any suspicious hourly pay rates to a reasonable rate
d. Limiting access to employee master files to authorized employees in the personnel department
d. Limiting access to employee master files to authorized employees in the personnel department
According to COSO, which of the following is a compliance objective?
a. To maintain adequate staffing to keep overtime expense within budget
b. To maintain a safe level of carbon dioxide emissions during production
c. To maintain material price variances within published guidelines
d. To maintain accounting principles that conform to GAAP
b. To maintain a safe level of carbon dioxide emissions during production
COSO teaches that an effective internal control system can be measured by the capacity to provide reasonable assurance in three categories: operations, financial reporting, and compliance.
Maintaining adequate staffing to keep overtime expense within budget and maintaining material price variances within published guidelines are both objectives of operations. Maintaining accounting principles that conform to GAAP is an objective of Financial Reporting. Maintaining a safe level of carbon dioxide emissions during production per health and safety regulations is a compliance objective.
A system engineer is developing the input routines for a payroll system. Which of the following methods validates the proper entry of hours worked for each employee?
A. Check digit
B. Sequence check
C. Capacity check
D. Reasonableness check
D. Reasonableness check
A reasonableness test checks a particular field of an transaction record to be sure it is not outside a prescribed range of acceptable values.
A check digit is a digit added to the end of a piece of numeric data (such as product code) to permit the data to be checked for accuracy.
A sequence check confirms that all items are in a sequence.
A capacity check is concerned with whether sufficient capacity exists to handle a process.
An auditor most likely would introduce test data into a computerized payroll system to test internal controls related to the
a. Existence of unclaimed payroll checks held by supervisors
b. Early cashing of payroll checks by employees
c. Discovery of invalid employee I.D. numbers
d. Proper approval of overtime by supervisors
c. Discovery of invalid employee I.D. numbers
An auditor testing computer controls in a payroll system would most likely use test data containing invalid employee ID numbers. The computer should be programmed to compare employee ID numbers with a list of valid, authorized employee numbers.
Which of the following is not a Management Reporting System?
a. Management Information System
b. Algorithmic Information Dynamics
c. Executive Information System
d. Decision Support System
b. Algorithmic Information Dynamics
Algorithmic Information Dynamics is a type of match (calculus) and is not a Management Reporting System.
A Management Reporting System process information to manage & support business decisions and include MIS, EIS, and DSS.
A Management Information System (MIS) provides information/reports to management which may be utilized in decision-making.
An Executive Information System (EIS) is designed specifically to support executive strategy.
A Decision Support System (DSS) combines model & data to help in decision-making but critical judgement and extensive user interpretation is needed.
