Question 1

Which of the following best describes an auditor's responsibility regarding whistleblower information?

Accepted Answer

A)   The auditor must evaluate the effectiveness of the audit committee's processes for receiving and evaluating whistleblower information.
B)   The auditor must establish a procedure for receiving tips and handling complaints from client personnel.
C)   The auditor must complete a checklist identifying key points in the company's procedures for investigating whistleblower accusations.
D)   The auditor must require the company to prepare a Form 8-K to report any whistleblower accusations to the SEC. A

Question 2

Which of the following is not one of the operating benefits provided by a strong system of internal controls?

Accepted Answer

A)   Streamlining accounting and financial information systems.
B)   Improving the company's financial activities.
C)   Identifying procedures that are not cost effective.
D)   Isolating transactions that generate significant profits or losses. D

Question 3

Segregation of duties calls for separation of the development and operations responsibilities.

Accepted Answer

A) True 
 B)False  True

Question 4

Why is it necessary for an auditor to perform audit work after the "as of" date to which the opinion on ICFR applies?

Accepted Answer

A)   Whistleblower information may become available after the end of the year.
B)   Audit documentation is only prepared after the end of the year.
C)   End-of-period financial reporting occurs after the end of the year.
D)   IT systems may be changed after the end of the year.

Question 5

Event identification in the ERM Framework is primarily concerned with identifying:

Accepted Answer

A)   opportunities and threats that impact the company's events and relationships.
B)   the relevant economic and political sources of risk.
C)   qualitative and quantitative techniques for assessing risk.
D)   the acceptable level of residual risk.

Question 6

Which of the following describes management's responsibility for providing documentation for its assessment of the effectiveness of ICFR?

Accepted Answer

A)   The documentation must follow strict SEC guidelines regarding its format and length.
B)   The documentation must show the connection between significant financial statement accounts, management assertions, and controls.
C)   The documentation must be updated monthly and updated via narrative reports.
D)   All of the above are true.

Question 7

For an auditor's report to conclude that ICFR is effective, the auditor must have confidence in the conclusion that the ICFR are effective in both design and operation. The applicable period of time pertaining to this conclusion is:

Accepted Answer

A)   the last day of the fiscal year.
B)   the end of the fiscal year and for a reasonable period of time prior to the fiscal year-end.
C)   throughout the majority of the fiscal year.
D)   throughout the entire fiscal year.

Question 8

In the U.S., the first legislation requiring management of public companies to maintain a system of internal controls was the:

Accepted Answer

A)   Committee of Sponsoring Organizations (COSO)  of the Treadway Commission Act.
B)   Sarbanes-Oxley Act.
C)   Foreign Corrupt Practices Act.
D)   Public Company Accounting Oversight Board (PCAO
B)   Act.

Question 9

Each of the following is a monitoring procedure from the COSO monitoring guidance except:

Accepted Answer

A)   periodic evaluation and testing of controls by the internal auditors.
B)   supervisory reconciliations and other reviews of controls.
C)   analysis of and follow up on metrics that might identify control failures.
D)   cumulative access and authority of a super-user.

Question 10

The portfolio view of ERM is one in which management reduces risks to acceptable levels by:

Accepted Answer

A)   sharing risks with employees.
B)   considering individual business unit risks and then aggregating those risks across the entity.
C)   avoiding the use of third party service providers in all instances except those with the highest risk of business interruption.
D)   terminating all entity activities that cause significant risk.

Question 11

Social engineering is the term used to describe:

Accepted Answer

A)   policies defining employee's acceptable uses of the company's email system.
B)   the behavior of someone who plans to circumvent controls by manipulating employees.
C)   policies that address warning signals regarding the risk of circumvention of controls.
D)   the network of computer assets and sensitive employee data.

Question 12

If a company's system of ICFR is effective, auditors can rely upon the evidence that is produced by the system to reduce the extent of substantive testing on the audit.

Accepted Answer

A) True 
 B)False

Question 13

Auditors' working papers must be in electronic format in order to protect their confidentiality.

Accepted Answer

A) True 
 B)False

Question 14

Each of the following is a control used to combat denial of service attacks except:

Accepted Answer

A)   firewalls.
B)   patches.
C)   electronic vaulting.
D)   cookie detection.

Question 15

The management assertion that is concerned with whether recorded transactions are real and actually happened is the:

Accepted Answer

A)   occurrence assertion.
B)   accuracy assertion.
C)   completeness assertion.
D)   cutoff assertion.

Question 16

To which of the following accounts would the management assertion
"valuation" be relevant, and why? For any accounts to which it would not be relevant,
explain why.
Cash
Cash when foreign currency translation is involved
Gross amount of accounts receivable
Net amount of accounts receivable

Accepted Answer

The answer of To which of the following accounts would...

Question 17

Which of the following is an example of a transaction-level ITGC?

Accepted Answer

A)   Supervisory review and approval of supporting documents.
B)   A corporate code of conduct.
C)   Second-layer passwords that limit users to specifically approved individuals.
D)   Programmed recalculations for checking accuracy of data files.

Question 18

When a client company's operations have expanded rapidly, auditors should be aware that existing systems may become strained and break down.

Accepted Answer

A) True 
 B)False

Question 19

Which of the following is not an important consideration for the auditor's assessment of audit committee effectiveness?

Accepted Answer

A)   Independence of audit committee members from management.
B)   The audit committee's oversight of external financial reporting and ICFR.
C)   The audit committee's approval of the external auditors' approach to the audit.
D)   The audit committee's responsiveness to issues raised by the external auditors.

Question 20

Which of the following circumstances would not warrant special risk assessment attention?

Accepted Answer

A)   New client personnel.
B)   New product lines.
C)   New information systems.
D)   New audit firm.

Exam 7: Internal Control, Understanding the Clients Internal Control Over Financial Reporting and Auditing Design Effectiveness

Which of the following best describes an auditor's responsibility regarding whistleblower information?

Which of the following is not one of the operating benefits provided by a strong system of internal controls?

Segregation of duties calls for separation of the development and operations responsibilities.

Why is it necessary for an auditor to perform audit work after the "as of" date to which the opinion on ICFR applies?

Event identification in the ERM Framework is primarily concerned with identifying:

Which of the following describes management's responsibility for providing documentation for its assessment of the effectiveness of ICFR?

For an auditor's report to conclude that ICFR is effective, the auditor must have confidence in the conclusion that the ICFR are effective in both design and operation. The applicable period of time pertaining to this conclusion is:

In the U.S., the first legislation requiring management of public companies to maintain a system of internal controls was the:

Each of the following is a monitoring procedure from the COSO monitoring guidance except:

The portfolio view of ERM is one in which management reduces risks to acceptable levels by:

Social engineering is the term used to describe:

If a company's system of ICFR is effective, auditors can rely upon the evidence that is produced by the system to reduce the extent of substantive testing on the audit.

Auditors' working papers must be in electronic format in order to protect their confidentiality.

Each of the following is a control used to combat denial of service attacks except:

The management assertion that is concerned with whether recorded transactions are real and actually happened is the:

To which of the following accounts would the management assertion "valuation" be relevant, and why? For any accounts to which it would not be relevant, explain why. Cash Cash when foreign currency translation is involved Gross amount of accounts receivable Net amount of accounts receivable

Which of the following is an example of a transaction-level ITGC?

When a client company's operations have expanded rapidly, auditors should be aware that existing systems may become strained and break down.

Which of the following is not an important consideration for the auditor's assessment of audit committee effectiveness?

Which of the following circumstances would not warrant special risk assessment attention?