Exam 3: Fraud, Ethics, and Internal Control

The category of control activities referred to as segregation of duties requires that certain activities should be the responsibility of different person or department.The three duties that are to be separated are:

Which of the following is NOT one of the three critical actions that a company can undertake to assist with fraud prevention and fraud detection?

A vendor audit occurs when a vendor examines the books and records of a customer.

Which of the following statements related to the COSO report is false?

The COSO report identified a component of internal control as the policies and procedures that help ensure that management directives are carried out and that management directives are achieved The component is:

The three conditions that make up the fraud triangle are theft, concealment, and conversion.

Factors that limit the effectiveness of internal controls include all of the following except:

According to the ACFE 2010 Report to the Nation, fraudulent financial statements account for less than 5% of the cases, and were the least costly form of fraud.

Maintaining high ethics can help prevent fraud but will not help to detect fraud.

Which of the following objectives were not identified as necessary to be provided by an effective accounting system?

Feedback needed by management to assess, manage, and control the efficiency and effectiveness of the operations of an organization relates to both financial and operational information.

A hacker is someone who has gained unauthorized access to the computer and must be someone outside the organization.

In response to the need for internal controls above and beyond what was described by COSO, the Information Systems Audit and Control Association developed an extensive framework of IT controls entitled:

Small businesses, those having fewer than 100 employees, are less vulnerable to fraud and abuse than are larger businesses.

A cash payment made by a vendor to an organization's employee in exchange for a sale to the organization by the vendor is termed:

A situation where the organization's cash is stolen after it is entered in the accounting records is termed:

The Trust Services Principles document divided the risks and controls in IT into five categories.Which of the following is not one of those categories?

A situation where the organization's cash is stolen before it is entered in the accounting records is termed:

A good set of internal controls may not be as effective in reducing the chance of management fraud as it would be in reducing the chance of fraud committed by an employee.

The ongoing review and evaluation of a system of internal control is referred to as: