Exam 11: Ais and Internal Controls

The main objective of the ISO 27000 series is to provide a model for establishing, implementing, operating, monitoring, maintaining, and improving information security.

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission? A. Hash total. B. Parity check. C. Encryption. D. Check digit.

Proper segregation of duties calls for separation of the following functions: A. Authorization, execution, and payment. B. Authorization, recording, and custody. C. Custody, execution, and reporting. D. Authorization, payment, and recording.

In a large pubic corporation, evaluating internal control procedures should be responsibility of: A. Accounting management staff who report to the CFO. B. Internal audit staff who report to the board of directors. C. Operations management staff who report to the chief operation officer. D. Security management staff who report to the chief facilities officer.

Processing controls are IT general controls.

Each of the following types of controls is considered to be an entity-level control, except those: A. Relating to the control environment. B. Pertaining to the company's risk assessment process. C. Regarding the company's annual stockholder meeting. D. Addressing policies over significant risk management practices

The Public Company Accounting Oversight Board (PCAOB) is not responsible for standards related to: A. Accounting practice. B. Attestation. C. Auditing. D. Quality control over attestation and/or assurance.

When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that A. Internal control may be ineffective due to mistakes in judgment and personal carelessness. B. Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability. C. Establishing and maintaining internal control is an important responsibility of management. D. The cost of an entity's internal control should not exceed the benefits expected to be derived.

In a computerized environment, internal controls can be categorized into which of the following? A. General controls and application controls. B. Detective controls and protective controls. C. Network controls and transaction controls. D. Preventive controls and mandatory controls.

Tracing shipping documents to pre-numbered sales invoices provides evidence that A. No duplicate shipments or billings occurred. B. Shipments to customers were properly invoiced. C. All goods ordered by customers were shipped. D. All pre-numbered sales invoices were accounted for.

Reconciliation of cash accounts may be referred to as what type of control? A. Detective. B. Preventive. C. Adjustive. D. Non-routine.

According to COSO ERM, which of the following is not one of the bases that should be used to analyze the risks of an identified event? A. Inherent risk. B. Organizational risk. C. Residual risk. D. Control risk.

Internal controls guarantee the accuracy and reliability of accounting records.

Management philosophy and operating style would have a relatively less significant influence on a firm's control environment when A. The internal auditor reports directly to the controller. B. Management is dominated by one individual. C. Accurate management job descriptions delineate specific duties. D. The audit committee does not have regular meetings.

Review of the audit log is an example of which of the following types of security control? A. Governance. B. Detective. C. Preventive. D. Corrective.

Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should A. Add the checks to the daily cash summary. B. Verify that each check is supported by a pre-numbered sales invoice. C. Prepare a summary listing of checks received. D. Record the checks in the cash receipts journal.

Which of the following is an example of a validity check? A. The computer ensures that a numerical amount in a record does not exceed some predetermined amount. B. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out. C. After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent. E. The computer flags any transmission for which the control field value did not match that of an existing file record.

Which of the following best describes what is meant by corporate governance? A. The organizational structure and responsibilities of the executive team and board of directors of a corporation. B. Regulatory bodies, such as the SEC and PCAOB, that govern the behavior of corporations. C. The ability of a corporation's management team to meet earnings forecasts over an extended period of time.. D. Management's processes, policies, and ethical approach to safeguarding stakeholder interests.

Controls in the information technology area are classified into preventive, detective, and corrective categories. Which of the following is preventive control? A. Contingency planning. B. Hash total. C. Echo check. D. Access control software.

A firm must establish control policies, procedures, and practices that ensure the firm's business objectives are achieved and its risk mitigation strategies are carried out.