BEC 1 Flashcards
(30 cards)
Which of the following is not true regarding the information and communication component of internal control?
The information system captures both internal and external sources of data.
The information and communication component involves developing channels for communication from external stakeholders.
A whistleblower hotline is an important aspect of the information and communication component.
An important aspect of the information and communication component is assessment of information about fraud.
An important aspect of the information and communication component is assessment of information about fraud.
This item is related to the risk assessment component.
Control Environment—Five Principles (Part of 17 COSO Control Principles)
- The organization demonstrates a commitment to integrity and ethical values.
- The board of directors demonstrates independence of management, and oversees the development and monitoring of internal control including:
- Clear board of directors oversight and independence
- Evidence and application of relevant expertise - Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities to achieve objectives, including integrating organizational structures and services including outsourced service providers.
- Competence—The organization demonstrates a commitment to attract, develop, and retain competent individuals consistent with achieving organizational objectives
- Accountability—The organization holds individuals accountable for their internal control responsibilities
Risk Assessment—Four Principles (Part of 17 COSO Control Principles)
- Objectives—The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks that threaten the achievement of objectives.
- Assessment—The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risk should be managed.
- Fraud—The organization considers the potential for fraud in assessing risks to the achievement of objectives.
- Change management—The organization identifies and assesses changes in the external environment (regulatory, economic, and physical environment of operation), assessing changes in the business model (new or existing business lines, rapid growth, new technologies, or acquisitions/divestitures) and changes in leadership.
Control Activities—Three Principles (Part of 17 COSO Control Principles)
- Risk reduction—Organizational control activities mitigate (i.e., reduce) the risks to the achievement of objectives to acceptable levels.
- Technology controls—The organization selects and implements general controls over technology, which support the achievement of its objectives.
- Policies—The organization deploys control activities through policies and procedures that establish stakeholder expectations. Established procedures ensure the implementation of these policies.
Information and Communication—Three Principles (Part of 17 COSO Control Principles)
- Quality—Relevant, high-quality information supports the internal control processes.
- Internal—Internal communication supports internal control processes.
- External—Communication with outsiders supports internal control processes.
Monitoring Activities—Two Principles (Part of 17 COSO Control Principles)
- Ongoing and periodic—Ongoing and separate evaluations evaluate internal control functioning.
- Address deficiencies—Parties responsible for taking corrective action, including senior management and the board of directors, receive timely communication of internal control deficiencies.
Jiffy Grill has an ERP system. It has assigned responsibility for determining who has what access rights within the ERP system. This assignment mostly likely was to:
Internal auditors.
Other personnel.
Management
Support functions
Support functions
(Correct!) This answer is correct because support functions are mostly likely to have responsibility for determining system access.
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring‐for‐change continuum?
Control baseline.
Change identification.
Change management.
Control revalidation/update.
Change identification.
Change Identification is the monitoring for change process that would include ongoing and separate evaluations intended to identify and address changes in internal control effectiveness.
In the COSO enterprise risk management framework, the term risk tolerance refers to
The level of risk an organization is willing to accept.
The acceptable variation with respect to a particular objective.
The risk of an event after considering management’s response.
Events that require no risk response.
The acceptable variation with respect to a particular objective.
This answer is correct because the COSO ERM framework defines risk tolerance as the acceptable variation with respect to a particular organizational objective.
Which of the following is most useful when risk is being prioritized?
Low and high probability exposures.
Low and high‐degree loss exposures.
Expected value.
Uncontrollable risks.
Expected value.
This is the best answer of the choices given. An expected value calculates (and integrates) the likelihood of losses with the amount of losses. Hence, an expected value combines the information in low and high probability exposures and low and high‐degree loss exposures into a decision‐relevant, single, valuable (for decision analysis) number.
Recognizing potential impediments to communication between system user and system designer can be useful in
monitoring control effectiveness.
the tone at the top.
complying with Sarbanes‐Oxley section 404.
managing change in the system of internal control.
managing change in the system of internal control.
This is the best answer because user and design communication issues are more important to managing changes in the system of internal control than to the processes mentioned in any of the other answers.
CFO Mar has been complicit in her public company’s accounting fraud. She consults a lawyer as it the time nears for filing her firm’s 10‐K with the SEC. She is a little uncomfortable about what she might have to do. The lawyer will likely tell her that she will have to certify (and be potentially criminally liable for lying about these matters) that:
She has reviewed the 10‐K.
To her knowledge, the 10‐K does not contain any materially untrue statements.
She, along with the CEO, is responsible for establishing and maintaining her company’s internal controls.
She has recently evaluated the effectiveness of the firm’s internal controls.
She has recently evaluated the effectiveness of the firm’s internal controls.
Correct! All three of the other choices are examples, and not the only examples, of things that CFO Mar must certify when her firm files a 10‐K.
This component of internal control concerns the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives.
Control activities.
Control environment.
Monitoring.
Risk assessment.
Control activities.
Control activities are, “…the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives.”
According to the 17 COSO control principles, risk reduction primarily relates to which fundamental component of internal control:
Control activities.
Control environment.
Risk assessment.
Monitoring.
Control activities.
According to the COSO principles, control activities primarily relate to risk reduction, technology controls, and policies.
Milo Corp. maintains daily backups of its accounting system in a fireproof vault in the file library. Weekly, monthly, and annual backups are stored in a secure, fireproof vault at an off‐site location.
Maintenance of the backup files is an example of
a detective control.
a feedback control.
a corrective control.
a preventive control.
a corrective control.
Corrective controls allow the user to recover from a problem once it has been identified.
Prepare a memorandum to Winston’s president describing the purpose and limitations of an enterprise risk management system.
Key limitations:
- Judgement about future that may or may not occur
- Not complete assurance
- system break down as result of bad judgement, collusion and management override
- cost-benefit of a system makes it imperfect
You have requested that I provide you with information about an enterprise risk management system. You are particularly concerned with the limitations of such a system. The primary purpose of an enterprise risk management system is to provide processes to identify potential risks to achieving a company’s objectives, and, to manage those risks to be within the company’s risk appetite.
In considering implementation of an enterprise risk management system, it is important to recognize that these systems have limitations. All enterprise risk management systems rely on judgments about future events that may or may not occur. Also, while an enterprise risk management system provides information about risks to achieving the company’s objectives, it does not provide complete assurance that the objectives will be achieved. Finally, as with all control systems, an enterprise risk management system can break down for a number of reasons, including bad judgments about risks and their impact, collusion among two or more individuals, or override by management. Also, due to cost‐benefit constraints, no enterprise risk management system can be perfect.
Adopting a structured plan for assessing the need for and developing a high-quality ERM system can mitigate these risks. If you have any additional questions about enterprise risk management systems, please contact me.
Economical Graph Relationships - Y = mx + b
Y = unknown value of Y. m = slope of the plotted line. x = value of the variable x. b = Y-intercept.
Which one of the following would not cause an increase in demand for a commodity?
An increase in the number of consumers.
An increase in the price of a substitute commodity.
An increase in consumers’ preference for the commodity.
A reduction in the price of the commodity.
A reduction in the price of the commodity.
A reduction in price will not cause an increase in demand for a commodity, but rather will change (increase) the quantity demanded. An increase in demand causes a shift of the demand curve (up and to the right). A change in price causes movement along a specific demand curve.
In the statement “quantity demanded is a function of price,” are the variables quantity and price dependent or independent variables?
Quantity Price Dependent Dependent Dependent Independent Independent Independent Independent Dependent
Quantity Price
Dependent Independent
Since “quantity” is a function of “price,” price is an independent variable and quantity is the dependent variable. The quantity demanded of a commodity depends upon (i.e., is dependent on) the price of acquiring the commodity.
Which one of the following factors would not cause an increase in the supply curve of a commodity?
Improvements in related technology.
A decrease in the cost of production inputs.
An increase in the number of manufacturers of the commodity.
An increase in the price of the commodity.
An increase in the price of the commodity.
A change in price changes the quantity supplied, which is a movement along a supply curve, not a shift in the supply curve. An increase in the price of a commodity would increase the quantity supplied, but would not shift the supply curve.
Which of the following will cause a shift in the supply curve of a product?
(This question is CIA adapted)
Changes in the price of the product.
Changes in production taxes.
Changes in consumer tastes.
Changes in the number of buyers in the market.
Changes in production taxes.
A shift in the supply curve may result from (1) changes in production technology, (2) changes or expected changes in resource prices, (3) changes in the prices of other goods, (4) changes in taxes or subsidies, (5) changes in the number of sellers in the market, and (6) expectations about the future price of the product. This item identifies changes in production taxes, which will alter the supply curve.
An increase in the market supply of beef would result in a/an
increase in the price of beef.
decrease in the demand for beef.
increase in the price of pork.
increase in the quantity of beef demanded.
increase in the quantity of beef demanded.
An increase in the market supply of beef (with no change in demand) would result in a new supply and demand equilibrium which reflects an increase in the quantity of beef demanded and a decrease in the price of beef (a movement along the “fixed” demand for beef curve).
Elasticity of Demand Formula
ED = % change in quantity demanded / % change in price
Note: This formula expresses the slope of the demand curve when showing demand graphically.
Formula expanded:
ED = (Change in quantity demanded/Quantity demanded) / (Change in price/Price)
If calculated coefficient is greater than 1 - Elastic, Equal to 1 - Unitary, Less than 1 - Inelastic
Elasticity of Supply Formula
ES = % change in quantity supplied / % change in price
Note: This formula expresses the slope of the supply curve when showing the supply graphically.
Formula expanded:
ES = (Change in quantity supplied / Prechange quantity supplied) / (Change in price / Prechange price)
If calculated coefficient is greater than 1 - Elastic, Equal to 1 - Unitary, Less than 1 - Inelastic
