Section 1 A

Question 1

___of controls is a process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions. According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in what?

Answer 1

Monitoring Risks

Question 2

According to COSO, which of the following components addresses the need to respond in an organized manner to significant changes resulting from international exposure, acquisitions, or executive transitions? Control activities Risk assessment Monitoring activities Information and communication

Answer 2

Risk Assessment

Question 3

_____ is the process for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP

Answer 3

An entity’s risk assessment

Question 4

The organization should identify changes that could affect the current control system. Assesses changes in the ___environment Assesses changes in the __model Assesses changes in __ship

Answer 4

external business leader

Question 5

____is the risk that exists before management takes any steps to control the likelihood or impact of a risk. ___is the risk that remains after management reacts to the risk, such as by implementing internal controls.

Answer 5

Inherent Risk Residual risk

Question 6

According to COSO (the Committee of Sponsoring Organizations of the Treadway Commission), the difference between inherent risk and residual risk arises because of management’s actions to ___ Who is tasked for the exercise of oversight responsibility? CEO Board of directors

Answer 6

reduce inherent risk. BoD

Question 7

The board must be apprised(informed) of: risks and deficiencies of the internal control. assessments of internal control deficiencies. assessments of internal control effectiveness. T/f

Answer 7

true to all

Question 8

A small- to mid-size entity’s culture is: strongly influenced by the integrity and ethical behavior of top management. T/F They may implement the control environment differently than a larger entity. T/F They may not have a written code of conduct. T/F The characteristics of top management style and attitude are more pronounced in smaller organizations. T/F

Answer 8

True to all

Question 9

The board is usually organized into committees to: (omitted obvious ones) Establish a code of __ Review management decisions t/f ___ and ___ effective internal control procedures

Answer 9

conduct True Design & Enforce

Question 10

COSO has developed a widely accepted and used framework for internal control that was designed to provide reasonable assurance for a firm’s objects related to: ___and efficiency of operations, ___of financial reporting, and ___with laws and regulations.

Answer 10

Effectiveness Reliability Compliance

Question 11

COSO studied internal controls and issued a report that: Defined internal controls t/f Provide guidance for ____I/C systems widely accepted as the ___on I/C

Answer 11

true - Effectiveness, of operations, reliability of Financial Reporting, & compliance w/ laws & Reg evaluating authority

Question 12

If controls add to the efficiency of operations, management must: implement the controls immediately. ask the internal auditor for recommendations. weigh the benefit of reducing loss or inefficiency against the cost of the control. consider only the cost of the control.

Answer 12

weigh the benefit of reducing loss or inefficiency against the cost of the control Managers must weigh the benefit of reducing loss or inefficiency against the cost of the controls. They should not implement controls without first understanding whether any benefits of implementing these controls outweigh the costs. Although management can solicit recommendations from the internal auditor, it is not a requirement.

Question 13

Limitations related to the control process include the following: Limitations on staff size can result in the inability to properly have a ___ The judgment of employees may be affected by lack of time and pressure to provide a ___ Breakdowns in communication, training, and technology can result in controls not __ Two or more employees could __to alter financial information or underlying data. Management could __various controls for illegitimate purposes.

Answer 13

segregation of duties. rapid response. performing as designed. collude override

Question 14

___are the lines of authority, responsibility, and reporting. Centralized organizational structures tend to rely on one or a few individuals to make decisions and provide direction for the company, while decentralized organizations tend to rely on a team environment with multiple decision-making levels within the organization.

Answer 14

An organizational structure

Question 15

The audit committee of the board of directors oversees the following: Financial reporting T/F Financial disclosure T/F Compliance with standards T/F

Answer 15

True to all

Question 16

Which of the following is not a part of the change control process? Requesting a change Controlling a control Reviewing the effectiveness of the change Implementing the change

Answer 16

Controlling a control The change control process is designed to ensure that any necessary changes to internal control over financial reporting are appropriately identified, reviewed, approved, and implemented in a controlled manner.

Question 17

____is designed to ensure that any necessary changes to internal control over financial reporting are appropriately identified, reviewed, approved, and implemented in a controlled manner.

Answer 17

The change control process

Question 18

Control objectives related to financial reporting, operational efficiency, and law and regulation compliance include the following: (STRAFA-VA)

Answer 18

Supportable - Supported by documentation Timely Recorded - within the applicable time period Reasonable Accurate - Free of omission Funded - Sufficient funds to meet obligations Appropriate - Approved & relate to entity’s goals Valid - Only valid/authorized/legal transactions are processed Adequate - Representation of Right & Obligation

Question 19

A company implements an enterprise resource planning application to help improve its financial and operational reporting, while gaining other efficiencies related to sales and inventory management. For the implementation, the company hires an individual specializing in preparing the company for the changes through documenting new policies and procedures and developing new training. This is an example of:

Answer 19

Change management “Change management” is correct because implementing an ERP application is a change to the entity’s internal controls and documenting the change is part of the process of managing the change. “An economic event” is incorrect because this is the implementation of a change in the financial reporting system, not an economic event.

Question 20

The internal audit function must also determine whether risk management processes are effective; this judgment results from the internal auditor’s assessment that: Organizational objectives support and align with the _ Sig risks are ___ and __ Appropriate risk responses are selected that align risks within the orgz’s ___ Relevant risk information is captured and ___ timely

Answer 20

org’s mission identified and assessed risk appetite communicated

Question 21

According to COSO, which of the following is the most effective method to transmit a message of ethical behavior throughout an organization? Demonstrating appropriate behavior by example Strengthening internal audit’s ability to deter and report improper behavior Removing pressures to meet unrealistic targets, particularly for short-term results Specifying the competence levels for every job in an organization and translating those levels to requisite knowledge and skills

Answer 21

Demonstrating appropriate behavior by example All of the other answer choices are examples of controls that would encourage proper activity by employees, but they do not refer to transmitting a message about ethical behavior.

Question 22

In order to comply with a director’s duty of loyalty to a corporation, what action(s) should a director take when presented personally with a new business opportunity? Reject the opportunity and not offer it to th corporation Accept the opportunity and not offer it to the corporation Accept the opportunity and disclose the acceptance to the corporation Offer the opportunity to the corporation and accept it only if the corporation rejects it

Answer 22

Offer the opportunity to the corporation and accept it only if the corporation rejects it The director’s duty of loyalty forbids the director or officer from taking an opportunity for his or herself before giving the opportunity to the company. The director or officer should first offer the opportunity to the corporation and, once the corporation denies the opportunity, he or she may then take the opportunity for him or herself.

Question 23

There are three types of controls: _____: Designed to keep errors or irregularities from occurring in the first place ____: Designed to discover/detect errors or irregularities that have occurred, despite the preventive controls ____: Designed to correct errors or irregularities that have been detected

Answer 23

Preventive Detective Corrective

Question 24

Under COSO, the I/C environment consists of 17 principles spread of the 5 components of I/C What are the principles for Control Activities, Information, & Monitoring

Answer 24

CONTROL ACTIVITIES Select/develop control activities Select/Develop General Controls over tech Deploy through policies and procedure INFORMATION/COMMUNICATION Use relevant info Communicate internally Communicate Externally MONITORING Conduct ongoing evaluation Evaluate/communicate deficiencies

Question 25

In order to be in compliance with SOX 404, a company needs to: develop documentation of existing internal controls and procedures associated with ___ test the ___of those controls and procedures. provide details on any ___in the controls and/or documentation.

Answer 25

financial reporting. effectiveness deficiencies

Question 26

an internal control that allows for a firm’s resources to be properly:

Answer 26

used, monitored, and measured.

Question 27

A ____ control is a procedure that is developed to discover and/or prevent errors, misappropriations, or policy noncompliance in a financial transaction process.

Answer 27

A financial transaction

Question 28

Segregation of duties segregates 3 things

Answer 28

custody recordkeeping Authorization

Question 29

A company headquartered in the United States has operations in 27 countries. The company purchased a subsidiary to expand operations into another country last year. According to COSO, which of the following provides the strongest mechanism for monitoring control in this new foreign venture? An internal audit is being performed. Ethics and fraud training is being conducted. An accounting and control manual is being distributed. Management has oversight over litigation and foreign regulation.

Answer 29

An internal audit is being performed. While the remaining three answer choices are valid tasks (ethics and fraud training is being conducted; an accounting and control manual is being distributed; and management has oversight over litigation and foreign regulation), they are not the strongest mechanisms for monitoring control in a foreign country.

Question 30

TYPES OF CONTROL ACTIVITIES Top-level reviews: Periodic reviews of progress toward goals by upper management to see if corrective action needs to be taken

Answer 30

Yep

Question 31

The ___ (CSA) framework helps improve the efficiency and effectiveness of financial statements The process consists of ___employees taking part in the responsibility of internal controls by lower-level employees and managers completing risk assessment and internal control evaluations.

Answer 31

Control Self-Assessment all

Question 32

The change control process should never be released without testing. The procedures for a well-defined change control process would include the following: The change control board ___the change and assigns a _______. The project manager makes sure all paperwork has been __and __. The project manager sets up ___for all personnel involved. The projects are completed. T/F Changes are tested and approved before __.

Answer 32

approves , project manager received and approved schedules True release

Question 33

Why is a well-defined organizational structure important? To inspect corporate records To elect officers To define lines of authority To oversee the internal control structure

Answer 33

To define lines of authority Organizational structures help no one unless they are well-defined. The structure helps define lines of authority, so an organization does not have too many people in management. This structure creates working relationships between the various employees in the organization

Question 34

What is the responsibility of a corporation to ensure the validity of a contract between a director of a corporation and the corporation? The director must clearly disclose any conflict of interest and must recluse themselves for any decision making where a conflict may exist. Shareholders must decide whether a conflict of interest exists. The director must resign if a conflict exists. Outside independent arbitrators decide whether a conflict exists.

Answer 34

The director must clearly disclose any conflict of interest and must recluse themselves for any decision making where a conflict may exist. The board of directors has a fiduciary duty to act in the best interests of the corporation. Directors may not put themselves in a position where their interests and duties conflict with the duties that they owe to the company. Corporations are allowed to enter into contracts with board members. This is called a related-party transaction and is only valid if the director makes the relationship known and no conflict exists.

Question 35

Each of the following statements is correct regarding the existence and implementation of codes of conduct, except: employees understand what behavior is acceptable or unacceptable and know what to do if they encounter improper behavior. the codes of conduct are comprehensive, addressing conflicts of interest, illegal or other improper payments, anticompetitive guidelines, and insider trading. the codes of conduct are periodically acknowledged by all employees. the codes of conduct must be in writing and displayed in public areas, such as a break room.

Answer 35

the codes of conduct must be in writing and displayed in public areas, such as a break room. The incorrect statement is, “The codes of conduct must be in writing and displayed in public areas, such as a break room,” because there are numerous ways to make a code of conduct available to employees, such as distributing written handbooks or presenting the code of conduct on the entity’s website.

Question 36

According to COSO, which of the following is a compliance objective? To maintain adequate staffing to keep overtime expense within budget To maintain a safe level of carbon dioxide emissions during production To maintain material price variances within published guidelines To maintain accounting principles that conform to GAAP

Answer 36

To maintain a safe level of carbon dioxide emissions during production…………..OSHA regulations requiring a safe workplace cover the maintenance of a safe level of emissions to protect workers. . The other answer choices refer to the COSO objectives of operating effectiveness/efficiency and financial statement reliability.

Question 37

A ____in IT uses standardized methods, processes, and procedures to efficiently and promptly handle changes to the control IT infrastructure.

Answer 37

Change management

Question 38

Entity-level internal controls mitigate financial reporting risks. All of the following are examples of such controls except: an internal audit department. variance analysis procedures. documentation of future internal controls. oversight by senior management.

Answer 38

documentation of future internal controls Documentation of future internal controls does not mitigate financial reporting risks.

Question 39

Which of the following statements is true regarding internal control objectives of information systems? A secure system may have inherent risks due to management’s analysis of trade-offs identified by cost-benefit studies. T/F

Answer 39

True

Question 40

Which of the following is most useful when risk is being prioritized? Low- and high-probability exposures Low- and high-degree loss exposures Expected value Uncontrollable risks

Answer 40

Expected Value Expected value is the sum of the outcomes (payoff) of each event multiplied by the probability of each event occurring. It combines the likelihood of each outcome with the payoff of that outcome, and so is a way of prioritizing alternatives while considering risk. None of the other answer choices consider both the likelihood and payoff of each alternative course of action.

Question 41

____is the sum of the outcomes (payoff) of each event multiplied by the probability of each event occurring. It combines the likelihood of each outcome with the payoff of that outcome, and so is a way of prioritizing alternatives while considering risk. None of the other answer choices consider both the likelihood and payoff of each alternative course of action.

Answer 41

Expected value

Question 42

Employees of an entity feel peer pressure to do the right thing; management appropriately deals with signs that problems exist and resolves the issues; and dealings with customers, suppliers, employees, and other parties are based on honesty and fairness. According to COSO, the above scenario is indicative of which of the following?

Answer 42

Tone at the top “Tone at the top” is an accounting term used to describe the attitude established by the entity’s board of directors, audit committee, officers, and senior management toward the control environment and internal controls, forming the foundation of the importance of the entity’s general ethical climate. Establishing and maintaining a strong tone at the top helps in corporate governance, promotes honesty and fairness, and assists in preventing and detecting fraud and other unethical practices

Question 43

Cost-effective and efficient control activities should be developed throughout all levels and functions of an organization. Control activities can be grouped into a number of categories. Which of the following is not a reasonable control activity category? Retention of records Education, training, and monitoring Top-level reviews by upper management Employee handbook

Answer 43

Employee handbook

Question 44

Control Acitivites include the following T/F Education Training IT Security Top Level Review Reconciliations Retention of Records Employee Handbook

Answer 44

T T T T T F

Question 45

limitations related to the control process. Limitations would include the following: __staff size, resulting in the inability to effectively segregate duties The need for rapid responses by employees, thus affecting their judgment and performance Breakdowns in communication, training, and technology

Answer 45

Small True True

Question 46

A top-down risk assessment (TDRA) is done in order for a company to be in compliance with Sarbanes-Oxley Act (SOX) Section 404. A TDRA is a set of steps used to identify and assess financial reporting elements, related risks, and internal control procedures meant to limit those risks. TDRA steps include all of the following except: the identification of material risks related to important financial reporting elements. the identification of financial-statement level controls that would mitigate the risks in the absence of precise entity-level controls. the identification of important financial reporting elements. the identification of entity-level controls that would mitigate the risks with adequate precision.

Answer 46

the identification of financial-statement level controls that would mitigate the risks in the absence of precise entity-level controls.

Question 47

TDRA steps include the following: The identification of important ___elements The identification of ___related to the important financial reporting elements The identification of ___that would mitigate the risks with adequate precision The identification of ___(not financial-statement level controls) that would mitigate the risks in the absence of precise entity-level controls The analysis of the ___of evidence collected about the internal controls as part of the assessment process

Answer 47

financial reporting material risks entity-level controls transaction-level controls nature, extent, and timing

Question 48

A ___is done in order for a company to be in compliance with SOX 404. A ____is a set of steps used to identify and assess financial reporting elements, related risks, and internal control procedures meant to limit those risks

Answer 48

top-down risk assessment (TDRA) for both

Question 49

A financial transaction control allows a firm to do which of the following? Monitor and measure its resources Audit its finances Hire outside accountants Increase process variation

Answer 49

Monitor and measure its resources

Question 50

According to the COSO internal control framework, which of the following is not an underlying structure of the control environment? Identify and analyze significant changes Demonstrate a commitment to integrity and ethical values Exercise of oversight responsibility Demonstrate commitment to competence

Answer 50

Identify and analyze significant changes

Question 51

Under COSO, which of the following principles falls under control activities? Assesses fraud risk Selects and develops control activities Exercises oversight Specifies suitable objectives

Answer 51

Selects and develops control activities

Question 52

Answer 52

Yeahhh