Chapter 7 – ‘Control and AIS’ Flashcards
- COSO identified five interrelated components of internal control.
Which of the following is NOT one of those five?
a. risk assessment
b. internal control policies
c. monitoring
d. information and communication
b. internal control policies (Correct. Internal control policies are NOT one of
COSO’s five components of internal control. However, control environment
and control activities are two of the five internal control framework
components.)
2. In the ERM model, COSO specified four types of objectives that management must meet to achieve company goals. Which of the following is NOT one of those types? a. responsibility objectives b. strategic objectives c. compliance objectives d. reporting objectives e. operations objectives
a. responsibility objectives (Correct. Responsibility objectives are NOT one of
the objevtives in COSO’s ERM model.)
- Which of the following statements is true?
a. COSO’s enterprise risk management framework is narrow in scope and is
limited to financial controls.
b. COSO’s internal control integrated framework has been widely accepted as
the authority on internal controls.
c. The Foreign Corrupt Practices Act had no impact on internal accounting
control systems.
d. It is easier to add controls to an already designed system than to include
them during the initial design stage.
b. COSO’s internal control integrated framework has been widely accepted as
the authority on internal controls. (Correct. The internal control integrated
framework is the accepted authority on internal controls and is incorporated
into policies, rules, and regulations that are used to control business
activities.)
- All other things being equal, which of the following is true?
a. Detective controls are superior to preventive controls.
b. Corrective controls are superior to preventive controls.
c. Preventive controls are equivalent to detective controls.
d. Preventive controls are superior to detective controls.
d. Preventive controls are superior to detective controls. (Correct. With
respect to controls, it is always of utmost importance to prevent errors from
occurring.)
- Which of the following statements about the control environment is
false?
a. Management’s attitudes toward internal control and ethical behavior have
little impact on employee beliefs or actions.
b. An overly complex or unclear organizational structure may be indicative of
problems that are more serious.
c. A written policy and procedures manual is an important tool for assigning
authority and responsibility.
d. Supervision is especially important in organizations that cannot afford
elaborate responsibility reporting or are too small to have an adequate
separation of duties.
a. Management’s attitudes toward internal control and ethical behavior have
little impact on employee beliefs or actions. (Correct. This statement is false.
Management’s atti- tude toward internal control is critical to the
organization’s effectiveness and success. They set the “tone at the top” that
other employees follow.)
- To achieve effective segregation of duties, certain functions must be
separated. Which of the following is the correct listing of the accountingrelated
functions that must be segregated?
a. control, recording, and monitoring
b. authorization, recording, and custody
c. control, custody, and authorization
d. monitoring, recording, and planning
b. authorization, recording, and custody (Correct. See Figure 7-5.)
- Which of the following is NOT an independent check?
a. bank reconciliation
b. periodic comparison of subsidiary ledger totals to control accounts
c. trial balance
d. re-adding the total of a batch of invoices and comparing it with your first
total
d. re-adding the total of a batch of invoices and comparing it with your first
total (Correct. One person performing the same procedure twice using the
same documents, such as re-adding invoice batch totals, is not an independent
check because it does not involve a second person, a second set of documents
or records, or a second process.)
- Which of the following is a control procedure relating to both the design
and the use of documents and records?
a. locking blank checks in a drawer
b. reconciling the bank account
c. sequentially prenumbering sales invoices
d. comparing actual physical quantities with recorded amounts
c. sequentially prenumbering sales invoices (Correct. Designing documents so
that they are sequentially prenumbered and then using them in order is a
control procedure relat- ing to both the design and the use of documents.)
- Which of the following is the correct order of the risk assessment steps
discussed in this chapter?
a. Identify threats, estimate risk and exposure, identify controls, and estimate
costs and benefits.
b. Identify controls, estimate risk and exposure, identify threats, and estimate
costs and benefits.
c. Estimate risk and exposure, identify controls, identify threats, and estimate
costs and benefits.
d. Estimate costs and benefits, identify threats, identify controls, and estimate
risk and exposure.
a. Identify threats, estimate risk and exposure, identify controls, and estimate
costs and benefits. (Correct. See Figure 7-4.)
- Your current system is deemed to be 90% reliable. A major threat has
been identified with an impact of $3,000,000. Two control procedures exist
to deal with the threat. Implemen- tation of control A would cost $100,000
and reduce the likelihood to 6%. Implementation of control B would cost
$140,000 and reduce the likelihood to 4%. Implementation of both
controls would cost $220,000 and reduce the likelihood to 2%. Given the
data, and based solely on an economic analysis of costs and benefits, what
should you do?
a. Implement control A only.
b. Implement control B only.
c. Implement both controls A and B.
d. Implement neither control.
b. Implement control B only. (Correct. Control procedure B provides a net
benefit of $40,000. Procedure A and the combination of A and B provide a
benefit of only $20,000.)
