Deck 6: Control and Accounting Information Systems

A)corrective; detective
B)detective; corrective
C)preventive; corrective
D)detective; preventive

A)take a proactive approach to eliminate threats
B)detect threats that do occur
C)correct and recover from threats that do occur
D)All of the above are proper measures for the accountant to take.

A)identify the cause of the problem
B)correct the resulting errors
C)modify the system to prevent future occurrences of the problem
D)All of the above are accomplished by corrective controls.

A)providing accurate and reliable accounting records
B)promoting operational efficiency
C)ensuring that no fraud has occurred
D)encouraging adherence to management policies

A)Application
B)Detective
C)General
D)Preventive

A)to require corporations to maintain a good system of internal control.
B)to prevent the bribery of foreign officials by American companies.
C)to require the reporting of any material fraud by a business.
D)All of the above are required by the act.

A)threat.
B)exposure.
C)risk.
D)phenomenon.

A)preventative
B)detective
C)administrative
D)corrective

A)Foreign Corrupt Practices Act of 1977
B)The Securities Exchange Act of 1934
C)Federal Corruption Prevention Act of 1987
D)The Securities Act of 1933

A)threat.
B)exposure.
C)risk.
D)extraordinary loss.

A)a phenomenon.
B)internal control.
C)an AIS threat.
D)a preventive control.

A)control problems may be overestimated by many companies.
B)productivity and cost cutting cause management to forgo implementing and maintaining internal controls.
C)control technology has not yet been developed.
D)all of the above

A)Application
B)Detective
C)General
D)Preventive

A)detective controls.
B)corrective controls.
C)exposure controls.
D)preventive controls.

A)Confidentiality issues caused by interlinked inter-company networks
B)Difficult to control distributed computing networks
C)Increasing efficiency resulting from more automation
D)Increasing numbers of information systems and users

A)identify the cause of a problem
B)deter problems before they arise
C)correct resulting errors or difficulties
D)modify the system so that future problems are minimized or eliminated

A)threat.
B)exposure.
C)risk.
D)loss.

A)LANs and client/server systems are easier to control than centralized,mainframe systems.
B)Many companies do not realize that data security is crucial to their survival.
C)Computer control problems are often overestimated and overly emphasized by management.
D)Many companies believe that protecting information is a strategic requirement.

A)event
B)activity
C)process
D)system

A)Compliance objectives
B)Operations objectives
C)Reporting objectives
D)Strategic objectives

A)Boundary system
B)Diagnostic control system
C)Interactive control system
D)Internal control system

A)Internal environment
B)Monitoring
C)Risk response
D)Event assessment

A)Compliance objectives
B)Operations objectives
C)Reporting objectives
D)Strategic objectives

A)Boundary system
B)Diagnostic control system
C)Interactive control system
D)Internal control system

A)overseeing the internal control structure.
B)overseeing the financial reporting process.
C)working with the internal and external auditors.
D)All of the above are responsibilities.

A)Compliance objectives
B)Operations objectives
C)Reporting objectives
D)Strategic objectives

A)ISACF's control objectives for information and related technology
B)COSO's internal control framework
C)COSO's enterprise risk management framework
D)None of the above

A)organization structure
B)commitment to integrity and ethical values
C)the audit committee of the board of directors
D)management's philosophy and operating style

A)The creation of the Public Company Accounting Oversight Board
B)New rules for auditors and management
C)New roles for audit committees
D)New rules for information systems development

A)ISACF's control objectives for information and related technology
B)COSO's internal control framework
C)COSO's enterprise risk management framework
D)None of the above

A)control activities
B)organizational structure
C)budget framework
D)internal environment

A)Boundary system
B)Diagnostic control system
C)Interactive control system
D)Internal control system

A)officers of the company.
B)inside directors of the company.
C)outside directors of the company.
D)all of the above

A)ISACF's control objectives for information and related technology
B)COSO's internal control framework
C)COSO's enterprise risk management framework
D)None of the above

A)unintentional errors
B)employee fraud or embezzlement
C)fraud by outsiders
D)payroll irregularities

A)control environment
B)risk assessment
C)compliance with federal,state,or local laws
D)monitoring

A)The internal control framework has too narrow a focus.
B)Long-standing internal control systems often have controls that protect against items that are no longer risks.
C)Risk should be evaluated first,before controls.
D)The Sarbanes-Oxley Act of 2002 required it.

A)Does management take undue business risks to achieve its objectives?
B)Does management attempt to manipulate performance measures such as net income?
C)Does management pressure employees to achieve results regardless of the methods?
D)All of the above statements would raise "red flags" if answered "yes."

A)Compliance objectives
B)Operations objectives
C)Reporting objectives
D)Strategic objectives

A)asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process.
B)hired the head of the external audit team as company CFO six months after completion of the previous audit.
C)selected the company's Chief Financial Officer to chair the audit committee.
D)did not mention to auditors that the company had experienced significant losses due to fraud during the past year.

A)hiring practices
B)philosophy and operating style
C)internal environment
D)methods of assigning authority

A)$50,000
B)$650,000
C)$650
D)$50

A)$50,000
B)$650,000
C)$650
D)$50

A)Impact times expected loss
B)Impact times likelihood
C)Inherent risk times likelihood
D)Residual risk times likelihood

A)Performance evaluation
B)Project development plan
C)Steering committee
D)Strategic master plan

A)identify the threats that the company currently faces.
B)estimate the risk probability of negative events occurring.
C)estimate the exposure from negative events.
D)identify controls to reduce all risk to zero.

A)boundary system.
B)belief system.
C)interactive control system.
D)diagnostic control system.

A)boundary system.
B)belief system.
C)interactive control system.
D)diagnostic control system.

A)digital signature,specific authorization
B)custody,recording
C)digital signature,general authorization
D)custody,digital signature

A)a strategic threat.
B)an operating threat.
C)a financial threat.
D)an information threat.

A)Inherent risk
B)Residual risk
C)Risk appetite
D)Risk assessment

A)Authorization
B)General authorization
C)Special authorization
D)Specific authorization

A)Performance evaluation
B)Project development plan
C)Steering committee
D)Strategic master plan

A)Inherent risk
B)Residual risk
C)Risk appetite
D)Risk assessment

A)Foreign Corrupt Practices Act
B)McCain-Feingold Act
C)Truth in Lending Act
D)Sarbanes-Oxley Act

A)Performance evaluation
B)Project development plan
C)Steering committee
D)Strategic master plan

A)all companies with gross annual revenues exceeding $500 million.
B)only publicly held companies.
C)only privately held companies.
D)corporations and partnerships but not sole proprietorships.

A)Inherent risk
B)Residual risk
C)Risk appetite
D)Risk assessment

A)the competence of an organization's people
B)the integrity of an organization's people
C)monitoring activities within the organization itself
D)the ethical values of an organization's people

A)reduce.
B)share.
C)avoid.
D)accept.

A)$500
B)$650
C)$600
D)$50

A)custody; authorization
B)custody; recording
C)recording; authorization
D)management; custody

A)reduced.
B)shared.
C)avoided.
D)accepted.

A)reduced.
B)shared.
C)avoided.
D)accepted.

A)$50,000
B)$650,000
C)$650
D)$50

A)effective
B)partial
C)ineffective
D)limited

A)disbursement controls on petty cash.
B)operational controls applied to companies after mergers or acquisitions.
C)replacement of upper management and their introduction to the organization.
D)controls designed to ensure that updates in information technology do not have negative consequences.

A)effective
B)partial
C)ineffective
D)limited

A)The Purchasing Agent physically reviews the contents of shipments and compares them with the purchase orders he has placed.
B)Production teams perform quality evaluations of the products that they produce.
C)The General Manager compares budgeted amounts with expenditure records from all departments.
D)Petty cash is disbursed by the Fred Haynes in the Cashier's Office.He also maintains records of disbursements,places requests to finance to replace expended funds,and periodically reconciles the petty cash balance.

A)COSO-Integrated Framework; COBIT
B)COBIT; COSO-Integrated Framework
C)COBIT; COSO-ERM
D)COSO-Integrated Framework; COSO-ERM
E)COSO-ERM; COBIT

A)participate in food preparation.
B)operate cash registers.
C)bus tables.
D)evaluate potential employees.

A)are unable to collude.
B)have received supplemental ethics training.
C)understand the implications of the segregation of duties.
D)are carefully supervised.