Section D Review Questions 1. Which of the following is not a type of risk? ( ) a. Inherent risk ( ) b. Detection risk ( ) c. Safeguarding risk ( ) d. Control risk 1. Which of the following is not a type of risk? ( ) a. Inherent risk ( ) b. Detection risk (x) c. Safeguarding risk ( ) d. Control risk 2. Which of the following is true of control risk? ( ) a. Control risk is an assessment of the likelihood that misstatements exceeding an acceptable level will not be detected by internal controls. ( ) b. Control risk is an assessment of the likelihood that misstatements exceeding an acceptable level will not be detected by an internal audit. ( ) c. Control risk is dependent on detection risk. ( ) d. Control risk is measured in combination with safeguarding risk to determine overall risk. 2. Which of the following is true of control risk? (x) a. Control risk is an assessment of the likelihood that misstatements exceeding an acceptable level will not be detected by internal controls. ( ) b. Control risk is an assessment of the likelihood that misstatements exceeding an acceptable level will not be detected by an internal audit. ( ) c. Control risk is dependent on detection risk. ( ) d. Control risk is measured in combination with safeguarding risk to determine overall risk. 3. The primary authority over the internal audit is: ( ) a. departmental managers ( ) b. senior management ( ) c. the external auditor ( ) d. the audit committee 3. The primary authority over the internal audit is: ( ) a. departmental managers ( ) b. senior management ( ) c. the external auditor (x) d. the audit committee 4. Internal controls are designed to provide reasonable assurance regarding which of the following? I. Efficiency of operations II. Reliability of fmancial reporting III. Compliance with applicable laws and regulations IV. Feasibility of project completion ( ) a.I ( ) b.II and III ( ) c. I, II, and III ( ) d. I, II, III, and IV 4. Internal controls are designed to provide reasonable assurance regarding which of the following? I. Efficiency of operations II. Reliability of financial reporting III. Compliance with applicable laws and regulations IV. Feasibility of project completion ( ) a. I ( ) b. II and III (x) c. I, II, and III ( ) d.I,IIIII,andIV 5. The audit committee can contain all of the following except: ( ) a. the company president ( ) b. the chairman of the board of directors ( ) c. a member of the board of directors who owns a separate business not related to the business of the company ( ) d. the president of the local chamber of commerce 5. The audit committee can contain all of the following except: (x) a. the company president ( ) b. the chairman of the board of directors ( ) c. a member of the board of directors who owns a separate business not related to the business of the company ( ) d. the president of the local chamber of commerce 6. Which of the following are types of internal controls? I. Preventive II. Detective III. Corrective IV. Compensating ( ) a. I ( ) b. Il and III ( ) c. I, II and III ( ) d. I, II, III, and IV 6. Which of the following are types of internal controls? I. Preventive II. Detective III. Corrective IV. Compensating ( )a. I ( ) b. II and III ( ) c. 1,11, and III (x) d. I, II, III, and IV 7. Detective controls _____________________________________ ( ) a. serve as a backup for corrective controls. ( ) b. are the procedures the internal auditor follows to detect flaws in the control process. ( ) c. serve as a backup for preventive controls. ( ) d. are the procedures the external auditor follows if fraud is suspected 7. Detective controls ( ) a. serve as a backup for corrective controls. ( ) b. are the procedures the internal auditor follows to detect flaws in the control process. (x) c. serve as a backup for preventive controls. ( ) d. are the procedures the external auditor follows if fraud is suspected 8. Directive controls __________________________________ ( ) a. serve as a backup for corrective controls. ( ) b. relate to the override of controls by management. ( ) c. serve as a backup for preventive controls. ( ) d. are designed to create positive results. 8. Directive controls ( ) a. serve as a backup for corrective controls. ( ) b. relate to the override of controls by management. ( ) c. serve as a backup for preventive controls. (x) d. are designed to create positive results. 9. Name the five components of the Internal Control-Integrated Framework established in 1992 by COSO: a.______________________________ b._________________________ c.______________________________ d.__________________________ e.______________________________ 9. Name the five components of the Internal Control-Integrated Framework established in 1992 by COSO: a. Control environment b. Risk assessment c. Control activities d. Information and communication e. Monitoring 10. Which of the following are required under the Foreign Corrupt Practices Act? I. A firm must design internal control procedures. II. A firm must have an internal audit department. III. Transactions must be executed with management’s authorization. IV. Access to assets must be authorized. ( ) a.Iand II ( ) b. III ( ) c. I, III, and IV ( ) ci. I, Ii, III, and IV 10.Which of the following are required under the Foreign Corrupt Practices Act? I. A firm must design internal control procedures. II. A firm must have an internal audit department. III. Transactions must be executed with management’s authorization. IV. Access to assets must be authorized. ( ) a. I and II ( ) b. III (x) c. I, III, and IV ( ) d. 1,11,111, and lV 11. Which of the following are categories of standards for internal auditing? I. Attribute II. Characteristic III. Performance IV. Implementation ( ) a.Iand III ( ) b. II and IV ( ) c. 1,111, and IV ( ) d. I, II, III, and IV 11 Which of the following are categories of standards for internal auditing’ 1. Attribute II. Characteristic III. Performance IV. Implementation ( ) a.IandIII ( ) b.IlandIV (x) c. 1, III, and IV ( ) d. I, II, III, and IV 12. A compliance audit in a manufacturing firm could verify which of the following? ( ) a. Compliance with GAAP ( ) b. Compliance with employment laws ( ) c. Compliance with worker safety and health laws ( ) d. All of the above 12. A compliance audit in a manufacturing firm could verify which of the following? ( ) a. Compliance with GAAP ( ) b. Compliance with employment laws ( ) c. Compliance with worker safety and health laws (x) d. All of the above 13. Which of the following would not be a type of recommendation an internal auditor would make? ( ) a. Add a procedure for ensuring that transactions cannot be placed by unauthorized personnel. ( ) b. Controls should be implemented to ensure that unauthorized personnel cannot access payroll files. ( ) c. Controls should be implemented that ensure increasing compensation for production managers. ( ) d. Add a procedure for ensuring that key files cannot be accidentally deleted from the computer system. 13. Which of the following would not be a type of recommendation an internal auditor would make? ( ) a. Add a procedure for ensuring that transactions cannot be placed by unauthorized personnel. ( ) b. Controls should be implemented to ensure that unauthorized personnel cannot access payroll files. (x) c. Controls should be implemented that ensure increasing compensation for production managers. ( ) d. Add a procedure for ensuring that key files cannot be accidentally deleted from the computer system. 14. The auditor can make four types of recommendations. Complete the list below. a. Make no changes b. Modify internal control policies and/or procedures C. _________________________________ d. __________________________________ 14. The auditor can make four types of recommendations. Complete the list below. a. Make no changes b. Modify internal control policies and/or procedures c. Add insurance for potential risks discovered during the audit d. Adjust the required rate of return on an activity to match the associated risk. 15. Which of the following is not something that would be done by the chief audit executive prior to releasing results about an audit? ( ) a. Provide a summary report to the external auditors. ( ) b. Assess the potential risk to the organization. ( ) c. Control dissemination by restricting the use of the results. ( ) d. Consult with senior management and/or legal counsel as appropriate. 15. Which of the following is not something that would be done by the chief audit executive prior to releasing results about an audit? (x) a. Provide a summary report to the external auditors. ( ) b. Assess the potential risk to the organization. ( ) c. Control dissemination by restricting the use of the results. ( ) d. Consult with senior management and/or legal counsel as appropriate. 16. Which of the following is a risk specifically associated with computer systems? ( ) a. Risk of information assets being stolen ( ) b. Risk of errors caused by careless input ( ) c. Risk of limited visibility of the audit trail ( ) d. Risk of break-in to the facility 16. Which of the following is a risk specifically associated with computer systems? ) a. Risk of information assets being stolen ( ) b. Risk of errors caused by careless input (x) c. Risk of limited visibility of the audit trail ( ) d. Risk of break-in to the facility 17. Which of the following control procedures can be used to uncover a fraud scheme? ( ) a. Prototype ( ) b. Vacation rule ( ) c. Disaster recovery procedures ( ) d. Backup procedures 17. Which of the following control procedures can be used to uncover a fraud scheme? ( ) a. Prototype (x) b. Vacation rule ) c. Disaster recovery procedures ( ) d. Backup procedures 18 . Which of the following are effective systems development controls? I. Designate a team involving end users and representatives from various departments to create a thorough design. II. Develop a prototype for the design team and end users to test and approve before full production. III. Conduct thorough pilot and parallel testing. IV. Each programmer should be responsible for placing the fmal version of his or her program into the fmal version of the system. a. I ( ) b.IIandIII ( ) c. I, II,andIII ( ) d. I, II, III, and IV 18. Which of the following are effective systems development controls? I. Designate a team involving end users and representatives from various departments to create a thorough design. II. Develop a prototype for the design team and end users to test and approve before full production. III. Conduct thorough pilot and parallel testing. IV. Each programmer should be responsible for placing the fmal version of his or her program into the fmal version of the system. ( ) a.I ( ) b.IIandIII (x) c. I, II, and III ( ) d. I, II, III, andlV 19. Which of the following are true regarding accounting controls? 1. Batch totals are calculated when the transaction is output. II. Control accounts should be accessed only by authorized personnel. III. Invoices and supporting documents should be subject to controls for appropriate voiding after payment is received. IV. Input should be processed only by management accountants. () a. I ( ) b. II and III ( ) c.IIandIV ( ) d. 1,11, III, andlV 19. Which of the following are true regarding accounting controls? I. Batch totals are calculated when the transaction is output. II. Control accounts should be accessed only by authorized personnel. 111. Invoices and supporting documents should be subject to controls for appropriate voiding after payment is received. IV. Input should be processed only by management accountants. a.i (x) b. II and III ( ) c. II and IV ( ) d. I, II, III, and IV 20. Which of the following is an example of computerized input control procedures? ( ) a. Unfound records test ( ) b. Dual observation ( ) c. Processing controls ( ) d. Backup procedures 20. Which of the following is an example of computerized input control procedures? (x) a. Unfound records test ( ) b. Dual observation ( ) c. Processing controls ( ) d. Backup procedures 21. Which of the following is true regarding network controls? I. Data encryption helps protect information from unauthorized access. II. Routing verification procedures ensure that transmissions are routed to the correct address. III. EFT transmissions require strict control procedures to protect from unauthorized funds transfers. IV. Firewalls are designed principally to detect unauthorized access from the Internet. ()a. I ( ) b. II and III ( ) c. I, II, and III ( ) d. I, II, III, and IV 21. Which of the following is true regarding network controls? I. Data encryption helps protect information from unauthorized access. II. Routing verification procedures check that data is delivered to the correct address. III. EFT transmissions require strict control procedures to protect from unauthorized funds transfers. IV. Firewalls are designed principally to detect unauthorized access from the Internet. a.I ( ) b. II and III (x) c. I, II, and III ( ) d. I, II, III, and IV 22. Which of the following statements about backup and disaster recovery procedures is true? ( ) a. Disaster recovery procedures are recommended in the situation where backups are run only on a weekly basis. ( ) b. Disaster recovery procedures ensure the uninterrupted operation of the business. ( ) c. Backup procedures protect the company from complete loss of data. ( ) d. Backup procedures ensure the uninterrupted operation of the business in the event of a natural disaster that destroys the computer system. 22. Which of the following statements about backup and disaster recovery procedures is true? ( ) a. Disaster recovery procedures are recommended in the situation where backups are run only on a weekly basis. ( ) b. Disaster recovery procedures ensure the uninterrupted operation of the business. (x) c. Backup procedures protect the company from complete loss of data. ( ) d. Backup procedures ensure the uninterrupted operation of the business in the event of a natural disaster that destroys the computer system. 23. Which of the following statements about flowcharting is not correct? ( ) a. Flowcharts can help the auditor and management analyze a set of internal controls. ( ) b. Flowcharts can be useful for summarizing the internal auditor’s information about processes. ( ) c. Flowcharts can be used to depict the movement of a single document through a process. ( ) d. All of the above are correct. 23. Which of the following statements about flowcharting is not correct? ( ) a. Flowcharts can help the auditor and management analyze a set of internal controls. ( ) b. Flowcharts can be useful for summarizing the internal auditor’s information about processes. ( ) c. Flowcharts can be used to depict the movement of a single document through a process. (x) d. All of the above are correct. 24 Feedback: The correct answer is: a. 1, $15,000, 85. The exposure is the same as the expected loss, which is calculated by dividing one by the “Frequency of Occurrence,” multiplying it by the loss amount, and then multiplying that by one minus the “Insurance % coverage” rate. Expected loss = (frequency of occurrence) (loss amount) (1 — % insurance coverage) For answer a, the expected loss (1/l)($l5,000)(l— 0.85) = $2,250 For answerb, the expected loss = (1/8)($75,000)(l— 0.8) = $1,875 For answer c, the expected loss = (1/20)($200,000)(1— 0.8) = $2,000 For answer d, the expected loss = (1/100)($400,000)(l— 0.5) = $2,000 Answer “a” represents the highest annual loss exposure after adjusting for insurance proceeds. 25 : When management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in which of the following? a. risk management b. information and communication c. monitoring d. the control environment Feedback: The correct answer is: d. the control environment. Control environment includes attitude of management toward the concept of controls. Question 26 Topic: Risk assessment, controls, and risk management Segregation of duties is a fundamental concept in an effective system of internal control. Nevertheless, the internal auditor must be aware that this safeguard can be compromised through a. lack of training of employees. b. collusion among employees. c. irregular employee reviews. d. absence of internal auditing. Feedback: The correct answer is: b. collusion among employees. Effective segregation of duties means that no single employee has control over authorization, recording and custody. If two or more employees are in collusion, these controls can be overridden. Question 27 Topic: Risk assessment, controls, and risk management A company’s management is concerned about computer data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted. The company should utilize: a. data encryption. b. dial back systems. c. message acknowledgment procedures. d. password codes. Feedback: The correct answer is: a. data encryption. Data encryption, which uses secret codes, ensures that data transmissions are protected from unauthorized tampering or electronic eavesdropping. Question 28 Topic: Systems controls and security measures Which one of the following would most compromise the use of the grandfather-father- son principle of file retention as protection against loss or damage of master files? a. Use of magnetic tape b. Inadequate ventilation c. Storing of all files in one location d. Failure to encrypt data Feedback: The correct answer is: c. Storing of all flies in one location. Storing all files in one location undermines the concept of multiple backups inherent in the grandfather-father-son principle. Question 29 Topic: Systems controls and security measures In entering the billing address for a new client in Emil Company’s computerized database, a clerk erroneously entered a nonexistent zip code. As a result, the first month’s bill mailed to the new client was returned to Emil Company. Which one of the following would most likely have led to discovery of the error at the time of entry into Emil Company’s computerized database? a. Limit test b. Validity test c. Parity test d. Record count test Feedback: The correct answer is: b. Validity test. A validity test compares data against a master file for accuracy. Data that cannot possibly be correct (e.g., a nonexistent zip code) would be discovered at that time. Question 30 Topic: Systems controls and security measures In the organization of the information systems function, the most important separation of duties is: a. assuring that those responsible for programming the system do not have access to data processing operations. b. not allowing the data librarian to assist in data processing operations. c. using different programming personnel to maintain utility programs from those who maintain the application programs. d. having a separate department that prepares the transactions for processing and verifies the correct entry of the transactions. Feedback: The correct answer is: a. assuring that those responsible for programming the system do not have access to data processing operations. The IT function should be separate from the other functional areas in the organization. In addition, within IT, there should be a separation between programmers/analysts, operations, and technical support. Question 31 Topic: Internal auditing There are three components of audit risk: inherent risk, control risk, and detection risk. Inherent risk is described as: a. the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. b. the susceptibility of an assertion to a material misstatement, assuming that there are no related internal control structure policies or procedures. c. the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity’s internal control structure policies or procedures. d. the risk that the auditor will not detect a material misstatement that exists in an assertion. Feedback: The correct answer is: b. the susceptibility of an assertion to a material misstatement, assuming that there are no related internal control structure policies or procedures. Inherent risk is the probability of an error or irregularity causing a material misstatement in an assertion. This is also referred to as the probability that a threat to the system will occur. Question 32 Topic: Systems controls and security measures Accounting controls are concerned with the safeguarding of assets and the reliability of fmancial records. Consequently, these controls are designed to provide reasonable assurance that all of the following take place except: a. executing transactions in accordance with management’s general or specific authorization. b. comparing recorded assets with existing assets at periodic intervals and taking appropriate action with respect to differences. c. recording transactions as necessary to permit preparation of fmancial statements in conformity with generally accepted accounting principles and maintaining accountability for assets. d. compliance with methods and procedures ensuring operational efficiency and adherence to managerial policies. Feedback: The correct answer is: d. compliance with methods and procedures ensuring operational efficiency and adherence to managerial policies. An internal control system is concerned with safeguarding assets, accuracy and reliability of records, operational efficiency, adherence to policy, and compliance with laws and regulations. The first two are called accounting controls. The latter three are referred to as administrative controls. Question 33 Topic: Risk assessment, controls, and risk management Preventive controls are: a. usually more cost beneficial than detective controls. b. usually more costly to use than detective controls. c. found only in general accounting controls. d. found only in accounting transaction controls. Feedback: The correct answer is: a. usually more cost beneficial than detective controls. The three types of controls designed into information systems are preventive, detective, and corrective. Preventive controls are designed to prevent threats, errors and irregularities from occurring. They are more cost beneficial than detecting and correcting the problems that threats, errors and irregularities can cause. Question 34 Topic: Internal auditing in planning an audit, the auditor considers audit risk. Audit risk is the a. susceptibility of an account balance to material error assuming the client does not have any related internal control. b. risk that a material error in an account will not be prevented or detected on a timely basis by the client’s internal control system. c. risk that the auditor may unknowingly fail to appropriately modify his opinion on fmancial statements that are materially misstated. d. risk that the auditor’s procedures for verifying account balances will not detect a material error when in fact such error exists. Feedback: The correct answer is: c. risk that the auditor may unknowingly fail to appropriately modify his opinion on fmancial statements that are materially misstated. Audit risk is the probability of an audit failure. An audit failure occurs when the auditor’s opinion states that the financial statements “fairly present, in all material respects, in accordance with GAAP (Generally Accepted Accounting Principles)” when, in fact, they are materially misstated. Question 35 Topic: Internal auditing Control risk is the risk that a material error in an account will not be prevented or detected on a timely basis by the client’s internal control system. The best control procedure to prevent or detect fictitious payroll transactions is a. to use and account for pre-numbered payroll checks. b. personnel department authorization for hiring, pay rate, job status, and termination. c. internal verification of authorized pay rates, computations, and agreement with the payroll register. d. storage of unclaimed wages in a vault with restricted access. Feedback: The correct answer is: b. personnel department authorization for hiring, pay rate, job status, and termination. An independent personnel department responsible for hiring personnel, maintaining personnel records, and processing and documenting personnel terminations is a key control needed to prevent or detect fictitious personnel. Question 36 Topic: Internal auditing Of the following, the primary objective of compliance testing is to determine whether a. procedures are regularly updated. b. controls are functioning as planned. c. fmancial statement line items are properly stated. d. collusion is taking place. Feedback: The correct answer is: b. controls are functioning as planned. A compliance audit is a review of controls to see how they conform with established laws, standards, and procedures. Question 37 Topic: Systems controls and security measures A critical aspect of a disaster recovery plan is to be able to regain operational capability as soon as possible. In order to accomplish this, an organization can have an arrangement with its computer hardware vendor to have a fully operational facility available that is configured to the use?s specific needs. This is best known as a(n) a. uninterruptible power system. b. parallel system. c. cold site. d. hot site. Feedback: The correct answer is: d. hot site. A hot site is a backup site in another location that has the company’s hardware and software and is ready to run on a moment’s notice. Question 38 Topic: Risk assessment, controls, and risk management Which of the following is not a requirement regarding a company’s system of internal control under the Foreign Corrupt Practices Act of 1977? a. Management must annually assess the effectiveness of its system of internal control. b. Transactions are executed in accordance with management’s general or specific authorization. c. Transactions are recorded as necessary (1) to permit preparation of financial statements in conformity with GAAP or any other criteria applicable to such statements, and (2) to maintain accountability for assets. d. The recorded accountability for assets is compared with the existing assets at reasonable intervals, and appropriate action is taken with respect to any differences Feedback: The correct answer is: a. Management must annually assess the effectiveness of its system of internal control. Management’s annual assessment of internal control is not a requirement of the Foreign Corrupt Practices Act. It became a requirement with the passage of the 2002 Sarbanes-Oxley Act.
Posted on: Tue, 08 Oct 2013 12:40:12 +0000
Trending Topics
© 2015