Section 1 A pt 2

Question 1

Risk Assessment

Specifies suitable ___
Identifies and analyzes ___
Assesses ___ risk
Identifies and analyzes significant ___

Answer 1

Objectives
Risk
Fraud
Change

Question 2

Control Activities

Selected and develeop ___ activities
Select and develop ___ controls over ___
Deploy through ___ and ___

Answer 2

Control activities
General controls over technology
policies and procedures

Question 3

Info & Communication

Use __ info
Communicate __ and ___

Answer 3

relevant

internally & externally

Question 4

Monitoring

Evaluate and communicate __

Answer 4

deficiencies

Question 5

A senior executive of an international organization who wishes to demonstrate the importance of the security of company information to all team members should:

visibly participate in a global information security campaign.

allocate additional budget resources for external audit services.

review and accept the information security risk assessments in a staff meeting.

refer to the organization’s U.S. human resources policies on privacy in a company newsletter.

Answer 5

visibly participate in a global information security campaign.

“All team members” refers to the entire international organization, which implies the executive would provide this message to all employees worldwide. The tone at the top is most clearly demonstrated by personal example set by senior executives. The other answer choices are good behaviors but they are not visible to the worldwide entity.

Question 6

Which of the following is most useful when risk is being prioritized?

Low- and high-probability exposures

Low- and high-degree loss exposures

Expected value

Uncontrollable risks

Answer 6

Expected value

Question 7

A company officer who is not a director is authorized to perform which of the following duties?

Enter into a contract with a vendor of computers for the company

Terminate the company’s external audit firm

Remove a director for failure to exercise reasonable supervision

Declare dividends to shareholders

Answer 7

Enter into a contract with a vendor of computers for the company

Question 8

Duty of __. Directors and officers must act in good faith, with the care of a reasonable person in a similar position, and with reasonable belief their decisions are in best interest of the corporation.

Duty of \_\_: they must put the interests of shareholders and the corporation above their own interests.

Duty of ___. refers to the care a reasonable person should take before entering into an agreement or a transaction with another party; it is essentially a way of preventing unnecessary harm to either party involved in a transaction.

Answer 8

Care

Loyalty

Due diligence

Question 9

According to COSO, what is the first ongoing monitoring step in evaluating the effectiveness of an internal control system?

Establishing a control baseline

Identifying changes in internal control that have taken place

Re-evaluating the design and implementation to establish a new baseline

Periodically revalidating operations where no known change has occurred

Answer 9

Establishing a control baseline

Question 10

COSO stands for what?

Answer 10

he Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Question 11

According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes in:

risks.

the law.

technology.

operating procedures.

Answer 11

risks

Question 12

An internal audit manager requested information detailing the amount and type of training that the IT department’s staff received during the last year. According to COSO, the training records would provide documentation for which of the following principles?

Exercising oversight of the development and performance of internal control

Demonstrating a commitment to retain competent individuals in alignment with objectives

Developing general control activities over technology to support the achievement of objectives

Holding individuals responsible for their internal control responsibilities in the pursuit of objectives

Answer 12

Demonstrating a commitment to retain competent individuals in alignment with objectives

Question 13

Ways to demonstrate commitment to competence

Promote employees based on \_\_

Training T/F

Answer 13

merit and performance.

True

Question 14

Under COSO’s internal control framework, how many control principles are spread over the five major components?

20
10
17
5

How many COMPONENTS?

Answer 14

17 principles

5 components

Question 15

Internal controls are likely to fail for any of the following reasons, except:

they are not designed and implemented properly at the outset.

they are designed and implemented properly as static controls, but the environment in which they operate changes.

they are designed and implemented properly, but their operation changes in some way.

they are designed and implemented properly, and their design changes as processes change.

Answer 15

they are designed and implemented properly, and their design changes as processes change.

Question 16

member of the board of directors of Central Communications Co. is offered a license by a third party to operate a cellular phone system. The director does not present this offer to the board of directors for approval but informally mentions it to a fellow board member, who does not think it will be a problem. The director buys the license. Which of the following statements is correct regarding the director’s actions?

The director breached a duty of care by failing to use prudent business judgment.

The director breached the duty of due diligence.

The director breached a duty of loyalty by usurping a corporate opportunity.

The director acted properly in purchasing the license.

Answer 16

The director breached a duty of loyalty by usurping a corporate opportunity.

Question 17

Internal controls are designed to provide reasonable (but not absolute) assurance that objectives are achieved and compliance to laws and regulations is obtained. Control objectives related to financial reporting, operational efficiency, and law and regulation compliance include all of the following except:

only transactions that are valid, authorized, and legal are processed.

only transactions that occurred within the period are recorded.

transactions are accurately recorded free of omissions, accounting categorization errors, and/or mathematical errors.

sufficient funds are on hand to meet current and long-term obligations.

Answer 17

sufficient funds are on hand to meet current and long-term obligations.a company that is highly centralized will have a more diverse ethical culture than a company that is decentralized.

Question 18

Enforces Accountability? T/F

Formal Job Description

Answer 18

True

Question 19

In respect to the roles and responsibilities within an internal control framework:

the goals of internal controls are to provide close to absolute assurance that the objectives of the company will be met.

the CEO of an organization is expected to allow his senior staff to set the ethical tone for the organization so as not to micromanage and stifle the organization.

since the board of directors do not devote themselves to the day-to-day operations, they have little influences on the internal control environment.

the internal and external auditors are responsible for the assessment of internal controls in relation to design, implementation, and effectiveness.

Answer 19

the internal and external auditors are responsible for the assessment of internal controls in relation to design, implementation, and effectiveness.

Question 20

the internal and external auditors are responsible for the assessment of internal controls in relation to design, implementation, and effectiveness.

Answer 20

Change identification

Monitoring identifies changes in the environment or internal control system and the entity’s ability to manage those changes. To “identify and address changes” is part of change identification.

Question 21

A written policy and procedure manual should contain:

a formal job description.

an employee training program.

corporation budgets.

proper business practices.

Answer 21

prop biz practice

Question 22

Which of the following is not an internal control objective?

Reasonable (Standard methodologies are used to determine the value representative of transactions.)

Fund (Sufficient funds are on hand to meet current obligations.)

Recording accuracy (Transactions are mostly free of error.)

Supportability (The goods and services received and provided are recorded properly.)

Answer 22

Recording accuracy (Transactions are mostly free of error.)

Accurately recorded” is an objective of internal control but should be free of error, not “mostly free of error.”

Question 23

A company’s internal controls are established to provide protection for the company’s assets as well as to detect fraud. An internal control allows for the firm’s resources to be all of the following except:

monitored.

designed.

properly used.

measured.

Answer 23

designed

Such a control will aid an organization in achieving specific goals and objectives. It is an internal control that allows for a firm’s resources to be properly:

used,
monitored, and
measured.

Question 24

Within the COSO Internal Control—Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively?

Control environment

Risk assessment

Information and communication

Monitoring activities

Answer 24

monitor

Question 25

According to COSO, an effective approach to monitoring internal control involves each of the following steps, except:

establishing a foundation for monitoring.

increasing the reliability of financial reporting and compliance with applicable laws and regulations.

designing and executing monitoring procedures that are prioritized based on risks to achieve organizational objectives.

assessing and reporting the results, including following up on corrective action where necessary.

Answer 25

increasing the reliability of financial reporting and compliance with applicable laws and regulations.

Question 26

nternal auditors play a role in an entity’s internal control through all of the following methods except:

implementing control activities.

evaluating the effectiveness of controls.

promoting continuous improvement.

evaluating the efficiency of controls.

Answer 26

implementing control activities.

Question 27

periodic reviews and analyses of actual results versus benchmarks such as organizational goals or plans, metrics, and other key performance indicators

what is this

Answer 27

top level review

Question 28

According to COSO, which of the following activities provides an example of a top-level review as a control activity?

Computers owned by the entity are secured and periodically compared with amounts shown in the records.

A comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved.

Reconciliations are made of daily wire transfers with positions reported centrally.

Verification of status on a medical claim determines whether the charge is appropriate for the policyholder.

Answer 28

A comprehensive marketing plan is implemented, and management reviews actual performance to determine the extent to which benchmarks were achieved.

Question 29

Under COSO, which of the following principles falls under monitoring?

Evaluates and communicates deficiencies

Establishes structure, authority and responsibility

Specifies suitable objectives

Deploys through policies and procedures

Answer 29

Evaluates and communicates deficiencies