Question 1

When a control applies specifically to a software tool and the business processes and accounts that are linked to it, this control is classified as a(n)

Accepted Answer

A)  physical control. 
B)  IT general control. 
C)  IT application control. 
D)  All of these answer choices are correct. 
A)  physical control. 
B)  IT general control. 
C)  IT application control. 
D)  All of these answer choices are correct. C

Question 2

Which of the following is the best definition of the COSO Cube?

Accepted Answer

A)  The COSO Cube is a die rolled to determine which control component to execute for the day. 
B)  The COSO Cube is a diagram used to list control objectives for a firm. 
C)  The COSO Cube is a three-dimensional illustration of how management, internal audit, and external audit work together. 
D)  The COSO Cube is a three-dimensional illustration that depicts how all parts of the Internal Control Integrated Framework are related. 
A)  The COSO Cube is a die rolled to determine which control component to execute for the day. 
B)  The COSO Cube is a diagram used to list control objectives for a firm. 
C)  The COSO Cube is a three-dimensional illustration of how management, internal audit, and external audit work together. 
D)  The COSO Cube is a three-dimensional illustration that depicts how all parts of the Internal Control Integrated Framework are related. D

Question 3

Which of the following is NOT one of the COSO Internal Control Integrated Framework control components?

Accepted Answer

A)  Control environment 
B)  Risk assessment 
C)  Information and communication 
D)  Compliance objectives 
A)  Control environment 
B)  Risk assessment 
C)  Information and communication 
D)  Compliance objectives D

Question 4

Which of the following types of controls governs human activities?

Accepted Answer

A)  Physical controls 
B)  IT general controls 
C)  IT application controls 
D)  All of these answer choices are correct. 
A)  Physical controls 
B)  IT general controls 
C)  IT application controls 
D)  All of these answer choices are correct.

Question 5

Internal controls

Accepted Answer

A)  are defined based on industry specifications. 
B)  are customized to fit a company's unique risks and risk appetite. 
C)  are predefined for public companies. 
D)  All of these answer choices are correct. 
A)  are defined based on industry specifications. 
B)  are customized to fit a company's unique risks and risk appetite. 
C)  are predefined for public companies. 
D)  All of these answer choices are correct.

Question 6

Which type of control monitors business processes to identify problems like fraud risk, quality control, or legal compliance?

Accepted Answer

A)  Preventative 
B)  Detective 
C)  Corrective 
D)  All of these answer choices are correct. 
A)  Preventative 
B)  Detective 
C)  Corrective 
D)  All of these answer choices are correct.

Question 7

Which COSO Internal Control Integrated Framework control component deals with the analysis of significant change?

Accepted Answer

A)  Control environment 
B)  Risk assessment 
C)  Information and communication 
D)  Monitoring 
A)  Control environment 
B)  Risk assessment 
C)  Information and communication 
D)  Monitoring

Question 8

Draw a diagram that accurately depicts how a control is classified based on its function, location, and implementation.

Accepted Answer

The answer of Draw a diagram that accurately depicts how...

Question 9

Internal audit has responsibility for which line of defense?

Accepted Answer

A)  First 
B)  Second 
C)  Third 
D)  Fourth 
A)  First 
B)  Second 
C)  Third 
D)  Fourth

Question 10

Which of the following is an example of a regulatory control?

Accepted Answer

A)  Internal controls 
B)  Segregation of duties 
C)  Maturity models 
D)  Sarbanes-Oxley Act 
A)  Internal controls 
B)  Segregation of duties 
C)  Maturity models 
D)  Sarbanes-Oxley Act

Question 11

Continuous monitoring is often programmed to monitor

Accepted Answer

A)  key performance indicators. 
B)  gross profit margin. 
C)  fraud risk indicators. 
D)  All of these answer choices are correct. 
A)  key performance indicators. 
B)  gross profit margin. 
C)  fraud risk indicators. 
D)  All of these answer choices are correct.

Question 12

Which of the following is NOT a Sarbanes-Oxley (SOX) Act requirement?

Accepted Answer

A)  An internal control report included in the annual financial statements 
B)  An external audit that includes a disclosure of internal control deficiencies 
C)  An internal audit report that confirms that management did not review financial statements before they were published 
D)  An external audit evaluates management's assessment of the effectiveness of the system of internal control. 
A)  An internal control report included in the annual financial statements 
B)  An external audit that includes a disclosure of internal control deficiencies 
C)  An internal audit report that confirms that management did not review financial statements before they were published 
D)  An external audit evaluates management's assessment of the effectiveness of the system of internal control.

Question 13

A published set of specifications and criteria that assists companies in achieving objectives is a(n)

Accepted Answer

A)  control. 
B)  framework. 
C)  assessment. 
D)  report. 
A)  control. 
B)  framework. 
C)  assessment. 
D)  report.

Question 14

Compliance with the Sarbanes-Oxley Act is required for

Accepted Answer

A)  U.S. publicly traded companies. 
B)  private companies planning their initial public offering. 
C)  foreign companies traded in or that do business in the United States. 
D)  All of these answer choices are correct. 
A)  U.S. publicly traded companies. 
B)  private companies planning their initial public offering. 
C)  foreign companies traded in or that do business in the United States. 
D)  All of these answer choices are correct.

Question 15

The key part of the COSO Internal Control Integrated Framework that functions as the steps to implement an effective system of internal control is referred to as the

Accepted Answer

A)  control objectives. 
B)  control components. 
C)  framework objectives. 
D)  framework components. 
A)  control objectives. 
B)  control components. 
C)  framework objectives. 
D)  framework components.

Question 16

A control is characterized by its

Accepted Answer

A)  type, location, and implementation. 
B)  function, location, and implementation. 
C)  location, implementation, and technology. 
D)  type, technology, and location. 
A)  type, location, and implementation. 
B)  function, location, and implementation. 
C)  location, implementation, and technology. 
D)  type, technology, and location.

Question 17

Diagram the three lines of defense to protect organizations against risk. Include the roles of each line of defense.

Accepted Answer

The answer of Diagram the three lines of defense to...

Question 18

Which of the following statements concerning corrective controls is TRUE?

Accepted Answer

A)  Corrective controls change undesirable outcomes. 
B)  Corrective controls occur after a risk has become a reality. 
C)  Corrective controls are used as a backup plan when preventative or detective controls fail. 
D)  All of these answer choices are correct. 
A)  Corrective controls change undesirable outcomes. 
B)  Corrective controls occur after a risk has become a reality. 
C)  Corrective controls are used as a backup plan when preventative or detective controls fail. 
D)  All of these answer choices are correct.

Question 19

Inspire Accounting Services operates a regional tax and accounting services for small businesses. Inspire has some processes and controls defined, but documentation is lacking, so Inspire relies on some key individuals to perform these processes and controls. Based on your review, at which phase of maturity would you classify Inspire?

Accepted Answer

A)  Phase 1 - Limited 
B)  Phase 2 - Informal 
C)  Phase 3 - Defined 
D)  Phase 4 - Optimized 
A)  Phase 1 - Limited 
B)  Phase 2 - Informal 
C)  Phase 3 - Defined 
D)  Phase 4 - Optimized

Question 20

The rules enacted with Sarbanes-Oxley (SOX) include which of the following?

Accepted Answer

A)  SOX places the responsibility for financial reporting failures on the U.S. government. 
B)  SOX places the responsibility for financial reporting failures on the internal audit team. 
C)  SOX places the responsibility for control failures with managers of the company. 
D)  SOX places the responsibility for control failures with accountants of the company. 
A)  SOX places the responsibility for financial reporting failures on the U.S. government. 
B)  SOX places the responsibility for financial reporting failures on the internal audit team. 
C)  SOX places the responsibility for control failures with managers of the company. 
D)  SOX places the responsibility for control failures with accountants of the company.

When a control applies specifically to a software tool and the business processes and accounts that are linked to it, this control is classified as a(n)

Which of the following is the best definition of the COSO Cube?

Which of the following is NOT one of the COSO Internal Control Integrated Framework control components?

Which of the following types of controls governs human activities?

Internal controls

Which type of control monitors business processes to identify problems like fraud risk, quality control, or legal compliance?

Which COSO Internal Control Integrated Framework control component deals with the analysis of significant change?

Draw a diagram that accurately depicts how a control is classified based on its function, location, and implementation.

Internal audit has responsibility for which line of defense?

Which of the following is an example of a regulatory control?

Continuous monitoring is often programmed to monitor

Which of the following is NOT a Sarbanes-Oxley (SOX) Act requirement?

A published set of specifications and criteria that assists companies in achieving objectives is a(n)

Compliance with the Sarbanes-Oxley Act is required for

The key part of the COSO Internal Control Integrated Framework that functions as the steps to implement an effective system of internal control is referred to as the

A control is characterized by its

Diagram the three lines of defense to protect organizations against risk. Include the roles of each line of defense.

Which of the following statements concerning corrective controls is TRUE?

The rules enacted with Sarbanes-Oxley (SOX) include which of the following?

Accounting As Information

Risks and Risk Assessments

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Information Systems and Controls

Fraud

Cybersecurity

Data Analytics

Data Visualization

Audit Assurance

Filters

Exam 3: Risk Management and Internal Controls

When a control applies specifically to a software tool and the business processes and accounts that are linked to it, this control is classified as a(n)

Which of the following is the best definition of the COSO Cube?

Which of the following is NOT one of the COSO Internal Control Integrated Framework control components?

Which of the following types of controls governs human activities?

Internal controls

Which type of control monitors business processes to identify problems like fraud risk, quality control, or legal compliance?

Which COSO Internal Control Integrated Framework control component deals with the analysis of significant change?

Draw a diagram that accurately depicts how a control is classified based on its function, location, and implementation.

Internal audit has responsibility for which line of defense?

Which of the following is an example of a regulatory control?

Continuous monitoring is often programmed to monitor

Which of the following is NOT a Sarbanes-Oxley (SOX) Act requirement?

A published set of specifications and criteria that assists companies in achieving objectives is a(n)

Compliance with the Sarbanes-Oxley Act is required for

The key part of the COSO Internal Control Integrated Framework that functions as the steps to implement an effective system of internal control is referred to as the

A control is characterized by its

Diagram the three lines of defense to protect organizations against risk. Include the roles of each line of defense.

Which of the following statements concerning corrective controls is TRUE?

The rules enacted with Sarbanes-Oxley (SOX) include which of the following?

Accounting As Information

Risks and Risk Assessments

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Information Systems and Controls

Fraud

Cybersecurity

Data Analytics

Data Visualization

Audit Assurance

Filters