Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 10: Fraud and Internal Control

Full screen (f)
exit full mode
Question
Motive and opportunity without means still results in fraud.
Use Space or
up arrow
down arrow
to flip the card.
Question
SOX emphasizes a strong system of internal control as a way of avoiding Enron-sized accounting frauds.
Question
________ should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
Question
What percentage of fraud cases were inadequate internal controls cited as a primary contributing factor?

A)48%
B)29%
C)35%
D)42%
Question
How long does the typical fraud last before being detected?

A)Six months
B)One year
C)Two years
D)Three years
Question
________ includes illegal acts such as bribery, kickbacks, money laundering, and rigging bids.
Question
SOX section 302 requires each annual report of a publicly traded company to contain an internal control report stating the management's responsibility to establish and maintain an adequate system of internal control for financial reporting.
Question
The SOX legislation basically requires management of privately held companies must assess and report on the effectiveness of internal controls for financial reporting using a recognized framework.
Question
Corruption involves theft of assets for personal gain.
Question
What percentage of occupational fraud is committed by the accounting department?

A)10%
B)29%
C)12%
D)21%
Question
What percentage of occupational fraud is committed by upper management?

A)19%
B)33%
C)29%
D)12%
Question
List the three fraud and abuse categories. Provide examples.
Question
Fraudulent financial reporting includes misstating financial statements to meet earnings targets.
Question
________ techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.
Question
The accounting profession is self-regulated.
Question
List and describe the principles for establishing an environment to effectively manage fraud risk.
Question
What three things must a perpetrator have to commit fraud? Include a brief description of each.
Question
Earnings management focuses on managing when revenues and expenses are recorded in order to favorably reflect a company's financial performance in a(n)________.

A)illegal manner
B)legal manner
C)questionable manner
D)vague manner
Question
Not even the strongest system of controls can eliminate all risk of organizations being defrauded by employees who are sufficiently motivated to find loopholes.
Question
________ focuses on managing when revenues and expenses are recorded in order to favorably reflect a company's financial performance in a legal manner.
Question
A(n)________ over financial reporting requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively.
Question
The internal control category control environment includes identifying, analyzing, and managing risks affecting the ability to report financial data properly.
Question
The Sarbanes-Oxley Act of 2002, which would become known as SOX, created the ________ to oversee and regulate public companies and their auditors.
Question
A(n)________ in internal control over financial reporting is defined as a deficiency as such that there is a reasonable possibility that a material misstatement of financial statements will not be prevented or detected in a timely basis.
Question
Internal control is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
Question
Which organization was created by the Sarbanes-Oxley Act of 2002?

A)Public Company Accounting Oversight Board (PCAOB)
B)Institute of Management Accountants (IMA)
C)Security and Exchange Commission (SEC)
D)Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Question
The COSO ________ provides a blueprint for implementing an internal control system to assist in ensuring the reliability of financial statements and compliance with Sarbanes-Oxley legislation.
Question
When investigating fraud, ________ enables auditors to extract, analyze, and interpret evidence to detect unusual patterns and irregularities.
Question
In a(n)________, the auditor performs tests of controls and substantive procedures.
Question
In control activities, ________ divide authorization, recording, and asset custody among different individuals.
Question
For internal control to be effective, an organization needs ________ with internal controls.
Question
SOX section 404 requires requires each annual report of a publicly traded company to contain an internal control report to contain a assessment of the effectiveness of the company's internal control structure and procedures.
Question
What does Auditing Standard No. 5, an Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements, require the auditor to understand about IT?
Question
SOX section 906 requires corporate management to certify reports filed with the SEC.
Question
Which SOX section requires the chief executive officer and the chief financial officer to disclose to the auditors and the audit committee of the board of directors all significant deficiencies in internal controls, which could adversely affect the ability to record, process, summarize, and report financial data and any material weaknesses in internal controls?

A)Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
B)Section 404. Management Assessment of Internal Controls
C)Section 906. Corporate Responsibility for Financial Reports
D)Section 302. Corporate Responsibility for Financial Reports
Question
Which SOX section requires the public accounting firm that audits the financial statements of the company to issue an attestation report regarding the effectiveness of the company's internal controls?

A)Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
B)Section 404. Management Assessment of Internal Controls
C)Section 906. Corporate Responsibility for Financial Reports
D)Section 302. Corporate Responsibility for Financial Reports
Question
A(n)________, as required by Auditing Standard No. 5, integrates an audit of internal control with an audit of financial statements.
Question
What is SOX?
Question
Which audit type requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively?

A)Audit of financial reporting control
B)Audit of financial statements
C)Audit of internal control
D)IT audit
Question
For internal control to be effective, an organization needs stated ________ and ________ for internal controls.
Question
List and describe the control activities for mitigating financial, operational, and compliance controls risks.
Question
Application controls ensure completeness and accuracy of transaction processing, authorization, and validity.
Question
What is internal control and what is its purpose?
Question
In the COSO Internal Control-Integrated Framework, risk assessment objectives include all of the following EXCEPT

A)Identification and analysis of financial reporting risks
B)Importance of financial reporting objectives
C)Assessment of fraud risk
D)Risks of financial controls
Question
Input controls ensure data is processed properly.
Question
In control activities, ________ ensure appropriate information processing, authorization, and data integrity.
Question
IT general controls have a pervasive effect on all internal controls.
Question
Which of the following is NOT the purpose of internal controls?

A)Compliance with laws and regulations
B)Effectiveness and efficiency of operations
C)Public examine of private data
D)Reliability of financial reporting
Question
Which COSO Internal Control-Integrated Framework essential component of an effective internal control system involves assessing internal controls as well as the process for taking corrective action?

A)Control Environment
B)Risk Assessment
C)Monitoring
D)Control Activities
Question
Which COSO Internal Control-Integrated Framework essential component of an effective internal control system involves identifying, analyzing, and managing risks that affect a company's ability to record, process, summarize, and report financial data properly?

A)Risk Assessment
B)Control Environment
C)Control Activities
D)Monitoring
Question
Which COSO Internal Control-Integrated Framework essential component of an effective internal control system includes the accounting system for identifying, recording, processing, and reporting transactions and financial data?

A)Monitoring
B)Information and Communication
C)Control Activities
D)Control Environment
Question
What are the five major categories of internal control?
Question
What are the objectives of internal control?
Question
Internal control is a set of policies, procedures, and activities to achieve an enterprise's objectives that are related to what?
Question
For internal control to be effective what two things does an enterprise need?
Question
Increasingly the expectation is that the auditor and the IT professional learn more about the other's field.
Question
In the COSO Internal Control-Integrated Framework, control activities do NOT include

A)Independent reconciliations of assets and accounting records
B)Physical controls
C)Segregation of duties
D)Management controls
Question
Processing controls ensure reports and other output are distributed properly.
Question
Internal controls for the accounting system are incomplete without IT controls.
Question
What factors are part of the control environment?
Question
Which report provides an opinion regarding fairness of the service organization's description of controls other than those relevant to a company's internal control related to financial reporting, including the service auditor tests controls and expresses an opinion regarding the effectiveness of the controls?

A)SOC 1 Type 1 Report
B)SOC 1 Type 2 Report
C)SOC 2 Type 1 Report
D)SOC 2 Type 2 Report
Question
Match the privacy principle to the correct

-Management
definition.

A)The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
B)The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
C)The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
D)The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
E)The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
F)The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
G)The entity provides individuals their personal information for review and update.
H)The entity collects personal information only for the purposes identified in the notice.
I)The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
J)The entity protects personal information against unauthorized access (both physical and logical).
Question
Match the privacy principle to the correct

-Choice and Consent
definition.

A)The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
B)The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
C)The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
D)The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
E)The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
F)The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
G)The entity provides individuals their personal information for review and update.
H)The entity collects personal information only for the purposes identified in the notice.
I)The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
J)The entity protects personal information against unauthorized access (both physical and logical).
Question
To attest, the auditor is

A)Testifying in court
B)Expressing an opinion
C)Testing financial reporting controls
D)Testing the fairness of the description of controls
Question
Service organizations are external organizations that perform services to the company being audited.
Question
________ reports are issued by the service organization to report on controls other than those relevant to a company's internal control related to financial reporting.
Question
Which level in the company corresponds to the Entity-Level IT Controls?

A)Top management
B)Information management
C)Business processes
D)IT services
Question
Which SOC report is conducted by the service organization's auditors using Attestation Standards (AT)Section 101 and prepared using the AICPA Trust Services?

A)SOC 1
B)SOC 2
C)SOC 3
D)SOC 3 Type 2 report
Question
What are the three major objectives of an IT audit?
Question
What do the audit committee's responsibilities include?
Question
________ controls include IT governance at top management levels where strategic business objectives are set and policies are established.
Question
________ controls are embedded within business process applications.
Question
Match the privacy principle to the correct

-Notice
definition.

A)The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
B)The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
C)The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
D)The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
E)The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
F)The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
G)The entity provides individuals their personal information for review and update.
H)The entity collects personal information only for the purposes identified in the notice.
I)The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
J)The entity protects personal information against unauthorized access (both physical and logical).
Question
Which of the following is NOT part of the audit committee's responsibilities?

A)The organization's compliance with legal and regulatory requirements
B)The integrity of the organization's financial statements and reports
C)The organization's policies regarding ethical conduct
D)The organization's ability to process data efficiently and effectively
Question
________ reports are issued by the service organization to report on its controls relevant to a company's internal control over financial reporting.
Question
Which general IT control covers acquisition, implementation, and maintenance of system software including the operating system, DBMS, network software, and security software?

A)Access security controls
B)Computer operations controls
C)Program change controls
D)Program development controls
Question
________ controls support application controls to provide a reliable operating environment.
Question
The reporting framework for Service Organization Control (SOC)consists of five SOC reports.
Question
Which report provides an opinion regarding fairness of the service organization's description of controls relevant to a company's internal control over financial reporting, but does not test the controls or express an opinion regarding the effectiveness of the controls?

A)SOC 1 Type 1 Report
B)SOC 1 Type 2 Report
C)SOC 2 Type 1 Report
D)SOC 2 Type 2 Report
Question
Which general IT control includes control over SDLC phases for software upgrades and modifications?

A)Program development controls
B)Access security controls
C)Computer operations controls
D)Program change controls
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/115
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 10: Fraud and Internal Control
1
Motive and opportunity without means still results in fraud.
False
2
SOX emphasizes a strong system of internal control as a way of avoiding Enron-sized accounting frauds.
True
3
________ should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
Fraud Risk Assessment
4
What percentage of fraud cases were inadequate internal controls cited as a primary contributing factor?

A)48%
B)29%
C)35%
D)42%
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
5
How long does the typical fraud last before being detected?

A)Six months
B)One year
C)Two years
D)Three years
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
6
________ includes illegal acts such as bribery, kickbacks, money laundering, and rigging bids.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
7
SOX section 302 requires each annual report of a publicly traded company to contain an internal control report stating the management's responsibility to establish and maintain an adequate system of internal control for financial reporting.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
8
The SOX legislation basically requires management of privately held companies must assess and report on the effectiveness of internal controls for financial reporting using a recognized framework.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
9
Corruption involves theft of assets for personal gain.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
10
What percentage of occupational fraud is committed by the accounting department?

A)10%
B)29%
C)12%
D)21%
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
11
What percentage of occupational fraud is committed by upper management?

A)19%
B)33%
C)29%
D)12%
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
12
List the three fraud and abuse categories. Provide examples.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
13
Fraudulent financial reporting includes misstating financial statements to meet earnings targets.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
14
________ techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
15
The accounting profession is self-regulated.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
16
List and describe the principles for establishing an environment to effectively manage fraud risk.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
17
What three things must a perpetrator have to commit fraud? Include a brief description of each.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
18
Earnings management focuses on managing when revenues and expenses are recorded in order to favorably reflect a company's financial performance in a(n)________.

A)illegal manner
B)legal manner
C)questionable manner
D)vague manner
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
19
Not even the strongest system of controls can eliminate all risk of organizations being defrauded by employees who are sufficiently motivated to find loopholes.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
20
________ focuses on managing when revenues and expenses are recorded in order to favorably reflect a company's financial performance in a legal manner.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
21
A(n)________ over financial reporting requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
22
The internal control category control environment includes identifying, analyzing, and managing risks affecting the ability to report financial data properly.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
23
The Sarbanes-Oxley Act of 2002, which would become known as SOX, created the ________ to oversee and regulate public companies and their auditors.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
24
A(n)________ in internal control over financial reporting is defined as a deficiency as such that there is a reasonable possibility that a material misstatement of financial statements will not be prevented or detected in a timely basis.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
25
Internal control is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
26
Which organization was created by the Sarbanes-Oxley Act of 2002?

A)Public Company Accounting Oversight Board (PCAOB)
B)Institute of Management Accountants (IMA)
C)Security and Exchange Commission (SEC)
D)Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
27
The COSO ________ provides a blueprint for implementing an internal control system to assist in ensuring the reliability of financial statements and compliance with Sarbanes-Oxley legislation.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
28
When investigating fraud, ________ enables auditors to extract, analyze, and interpret evidence to detect unusual patterns and irregularities.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
29
In a(n)________, the auditor performs tests of controls and substantive procedures.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
30
In control activities, ________ divide authorization, recording, and asset custody among different individuals.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
31
For internal control to be effective, an organization needs ________ with internal controls.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
32
SOX section 404 requires requires each annual report of a publicly traded company to contain an internal control report to contain a assessment of the effectiveness of the company's internal control structure and procedures.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
33
What does Auditing Standard No. 5, an Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements, require the auditor to understand about IT?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
34
SOX section 906 requires corporate management to certify reports filed with the SEC.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
35
Which SOX section requires the chief executive officer and the chief financial officer to disclose to the auditors and the audit committee of the board of directors all significant deficiencies in internal controls, which could adversely affect the ability to record, process, summarize, and report financial data and any material weaknesses in internal controls?

A)Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
B)Section 404. Management Assessment of Internal Controls
C)Section 906. Corporate Responsibility for Financial Reports
D)Section 302. Corporate Responsibility for Financial Reports
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
36
Which SOX section requires the public accounting firm that audits the financial statements of the company to issue an attestation report regarding the effectiveness of the company's internal controls?

A)Section 806. Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud
B)Section 404. Management Assessment of Internal Controls
C)Section 906. Corporate Responsibility for Financial Reports
D)Section 302. Corporate Responsibility for Financial Reports
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
37
A(n)________, as required by Auditing Standard No. 5, integrates an audit of internal control with an audit of financial statements.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
38
What is SOX?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
39
Which audit type requires the auditor to conduct tests of controls to obtain evidence that internal control over financial reporting has operated effectively?

A)Audit of financial reporting control
B)Audit of financial statements
C)Audit of internal control
D)IT audit
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
40
For internal control to be effective, an organization needs stated ________ and ________ for internal controls.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
41
List and describe the control activities for mitigating financial, operational, and compliance controls risks.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
42
Application controls ensure completeness and accuracy of transaction processing, authorization, and validity.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
43
What is internal control and what is its purpose?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
44
In the COSO Internal Control-Integrated Framework, risk assessment objectives include all of the following EXCEPT

A)Identification and analysis of financial reporting risks
B)Importance of financial reporting objectives
C)Assessment of fraud risk
D)Risks of financial controls
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
45
Input controls ensure data is processed properly.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
46
In control activities, ________ ensure appropriate information processing, authorization, and data integrity.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
47
IT general controls have a pervasive effect on all internal controls.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
48
Which of the following is NOT the purpose of internal controls?

A)Compliance with laws and regulations
B)Effectiveness and efficiency of operations
C)Public examine of private data
D)Reliability of financial reporting
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
49
Which COSO Internal Control-Integrated Framework essential component of an effective internal control system involves assessing internal controls as well as the process for taking corrective action?

A)Control Environment
B)Risk Assessment
C)Monitoring
D)Control Activities
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
50
Which COSO Internal Control-Integrated Framework essential component of an effective internal control system involves identifying, analyzing, and managing risks that affect a company's ability to record, process, summarize, and report financial data properly?

A)Risk Assessment
B)Control Environment
C)Control Activities
D)Monitoring
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
51
Which COSO Internal Control-Integrated Framework essential component of an effective internal control system includes the accounting system for identifying, recording, processing, and reporting transactions and financial data?

A)Monitoring
B)Information and Communication
C)Control Activities
D)Control Environment
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
52
What are the five major categories of internal control?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
53
What are the objectives of internal control?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
54
Internal control is a set of policies, procedures, and activities to achieve an enterprise's objectives that are related to what?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
55
For internal control to be effective what two things does an enterprise need?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
56
Increasingly the expectation is that the auditor and the IT professional learn more about the other's field.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
57
In the COSO Internal Control-Integrated Framework, control activities do NOT include

A)Independent reconciliations of assets and accounting records
B)Physical controls
C)Segregation of duties
D)Management controls
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
58
Processing controls ensure reports and other output are distributed properly.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
59
Internal controls for the accounting system are incomplete without IT controls.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
60
What factors are part of the control environment?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
61
Which report provides an opinion regarding fairness of the service organization's description of controls other than those relevant to a company's internal control related to financial reporting, including the service auditor tests controls and expresses an opinion regarding the effectiveness of the controls?

A)SOC 1 Type 1 Report
B)SOC 1 Type 2 Report
C)SOC 2 Type 1 Report
D)SOC 2 Type 2 Report
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
62
Match the privacy principle to the correct

-Management
definition.

A)The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
B)The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
C)The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
D)The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
E)The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
F)The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
G)The entity provides individuals their personal information for review and update.
H)The entity collects personal information only for the purposes identified in the notice.
I)The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
J)The entity protects personal information against unauthorized access (both physical and logical).
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
63
Match the privacy principle to the correct

-Choice and Consent
definition.

A)The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
B)The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
C)The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
D)The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
E)The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
F)The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
G)The entity provides individuals their personal information for review and update.
H)The entity collects personal information only for the purposes identified in the notice.
I)The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
J)The entity protects personal information against unauthorized access (both physical and logical).
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
64
To attest, the auditor is

A)Testifying in court
B)Expressing an opinion
C)Testing financial reporting controls
D)Testing the fairness of the description of controls
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
65
Service organizations are external organizations that perform services to the company being audited.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
66
________ reports are issued by the service organization to report on controls other than those relevant to a company's internal control related to financial reporting.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
67
Which level in the company corresponds to the Entity-Level IT Controls?

A)Top management
B)Information management
C)Business processes
D)IT services
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
68
Which SOC report is conducted by the service organization's auditors using Attestation Standards (AT)Section 101 and prepared using the AICPA Trust Services?

A)SOC 1
B)SOC 2
C)SOC 3
D)SOC 3 Type 2 report
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
69
What are the three major objectives of an IT audit?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
70
What do the audit committee's responsibilities include?
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
71
________ controls include IT governance at top management levels where strategic business objectives are set and policies are established.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
72
________ controls are embedded within business process applications.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
73
Match the privacy principle to the correct

-Notice
definition.

A)The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
B)The entity provides information about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
C)The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information only for as long as necessary to fulfill the stated purposes.
D)The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
E)The entity shares personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
F)The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.
G)The entity provides individuals their personal information for review and update.
H)The entity collects personal information only for the purposes identified in the notice.
I)The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
J)The entity protects personal information against unauthorized access (both physical and logical).
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
74
Which of the following is NOT part of the audit committee's responsibilities?

A)The organization's compliance with legal and regulatory requirements
B)The integrity of the organization's financial statements and reports
C)The organization's policies regarding ethical conduct
D)The organization's ability to process data efficiently and effectively
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
75
________ reports are issued by the service organization to report on its controls relevant to a company's internal control over financial reporting.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
76
Which general IT control covers acquisition, implementation, and maintenance of system software including the operating system, DBMS, network software, and security software?

A)Access security controls
B)Computer operations controls
C)Program change controls
D)Program development controls
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
77
________ controls support application controls to provide a reliable operating environment.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
78
The reporting framework for Service Organization Control (SOC)consists of five SOC reports.
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
79
Which report provides an opinion regarding fairness of the service organization's description of controls relevant to a company's internal control over financial reporting, but does not test the controls or express an opinion regarding the effectiveness of the controls?

A)SOC 1 Type 1 Report
B)SOC 1 Type 2 Report
C)SOC 2 Type 1 Report
D)SOC 2 Type 2 Report
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
80
Which general IT control includes control over SDLC phases for software upgrades and modifications?

A)Program development controls
B)Access security controls
C)Computer operations controls
D)Program change controls
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 115 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree