Accounting Information Systems, 12e (Romney/Steinbart)
Chapter 7 Control and Accounting Information Systems
1) What is one reason why AIS threats are increasing?
A) LANs and client/server systems are easier to control than centralized, mainframe systems.
B) Many companies do not realize that data security is crucial to their survival.
C) Computer control problems are often overestimated and overly emphasized by management.
D) Many companies believe that protecting information is a strategic requirement.
2) Which of the following is not one of the risk responses identified in the COSO Enterprise Risk
Management Framework?
A) Monitoring
B) Avoidance
C) Acceptance
D) Sharing
3) A control procedure designed so that the employee that records cash received from customers does
not also have access to the cash itself is an example of a(n)
A) preventive control.
B) detective control.
C) corrective control.
D) authorization control.
4) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the
beginning ticket number is subtracted from the ending number to calculate the number of tickets sold.
Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets
sold. Which of the following situations does this control detect?
A) Some customers presented tickets purchased on a previous day when there wasn’t a ticket taker at the
theater entrance (so the tickets didn’t get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.
5) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the
beginning ticket number is subtracted from the ending number to calculate the number of tickets sold.
Cash is counted and compared with the number of tickets sold. Which of the following situations does
this control detect?
A) Some customers presented tickets purchased on a previous day when there wasn’t a ticket taker at the
theater entrance (so the tickets didn’t get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.
6) Which of the following is an example of a preventive control?
A) approving customer credit prior to approving a sales order
B) reconciling the bank statement to the cash control account
C) counting inventory on hand and comparing counts to the perpetual inventory records
D) maintaining frequent backup records to prevent loss of data
7) Independent checks on performance include all the following except
A) data input validation checks.
B) reconciling hash totals.
C) preparing a trial balance report.
D) supervisor review of journal entries and supporting documentation.
8) A computer operator is allowed to work as a programmer on a new payroll software project. Does this
create a potential internal control problem?
A) Yes, the computer operator could alter the payroll program to increase her salary.
B) Yes, this is a potential problem unless the computer operator is supervised by the payroll manager.
C) No, ideal segregation of duties is not usually possible, and operators are often the best at
programming changes and updates.
D) No, as long as the computer operator separately accounts for hours worked in programming and in
operations.
9) One of the objectives of the segregation of duties is to
A) make sure that different people handle different parts of the same transaction.
B) ensure that no collusion will occur.
C) make sure that different people handle different transactions.
D) achieve an optimal division of labor for efficient operations.
10) Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate
use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting
pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation
best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise
Risk Management Framework?
A) Integrity and ethical values
B) Risk management philosophy
C) Restrict access to assets
D) Methods of assigning authority and responsibility
11) Which of the following statements is true?
A) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise
Risk Management processes.
B) Re-adding the total of a batch of invoices and comparing the total with the first total you calculated is
an example of an independent check.
C) Requiring two signatures on checks over $20,000 is an example of segregation of duties.
D) Although forensic specialists utilize computers, only people can accurately identify fraud.
12) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume
the company enforces adequate segregation of duties.
A) Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000,
Marie writes off the accounts as bad debt. Jim then issues new cards.
B) An employee puts inventory behind the dumpster while unloading a vendor’s delivery truck, then
picks up the inventory later in the day and puts it in her car.
C) A mail room employee steals a check received from a customer and destroys the documentation.
D) The accounts receivable clerk does not record sales invoices for friends or family, so they can receive
free goods.
13) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is
directly responsible for
A) hiring and firing the external auditors.
B) performing tests of the company’s internal control structure.
C) certifying the accuracy of the company’s financial reporting process.
D) overseeing day-to-day operations of the internal audit department.
14) Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice
President of Finance and CEO. This situation
A) increases the risk associated with an audit.
B) must be changed before your audit firm could accept the audit engagement.
C) is a violation of the Sarbanes-Oxley Act.
D) violates the Securities and Exchange Act.
15) Which of the following is a control related to design and use of documents and records?
A) Sequentially prenumbering sales invoices
B) Comparing physical inventory counts with perpetual inventory records
C) Reconciling the bank statement to the general ledger
D) Locking blank checks in a drawer or safe
16) Which of the following duties could be performed by the same individual without violating
segregation of duties controls?
A) Approving accounting software change requests and testing production scheduling software changes
B) Programming new code for accounting software and testing accounting software upgrades
C) Approving software changes and implementing the upgraded software
D) Managing accounts payable function and revising code for accounting software to more efficiently
process discount due dates on vendor invoices
17) With a limited work force and a desire to maintain strong internal control, which combination of
duties would result in the lowest risk exposure?
A) Updating the inventory subsidiary ledgers and recording purchases in the purchases journal
B) Approving a sales return on a customer’s account and depositing customers’ checks in the bank
C) Updating the general ledger and working in the inventory warehouse
D) Entering payments to vendors in the cash disbursements journal and entering cash received from
customers in the cash receipts journal
18) Which of the following is not a factor of internal environment according to the COSO Enterprise
Risk Management Framework?
A) Analyzing past financial performance and reporting
B) Providing sufficient resources to knowledgeable employees to carry out duties
C) Disciplining employees for violations of expected behavior
D) Setting realistic targets for long-term performance
19) Which of the following suggests a weakness in a company’s internal environment?
A) The audit committee regularly meets with the external auditors.
B) The Board of Directors is primarily independent directors.
C) The company has an up-to-date organizational chart.
D) Formal employee performance evaluations are prepared every three years.
20) Which of the following statements about internal environment is false?
A) Management’s attitudes toward internal control and ethical behavior have only minimal impact on
employee beliefs or actions.
B) Supervision is especially important in organizations that cannot afford elaborate responsibility
reporting or are too small to have adequate segregation of duties.
C) An overly complex or unclear organizational structure may be indicative of more serious problems.
D) A written policy and procedures manual is an important tool for assigning authority and
responsibility.
21) Which of the following is not a reason for the increase in security problems for AIS?
A) Confidentiality issues caused by interlinked inter-company networks
B) Difficult to control distributed computing networks
C) Increasing efficiency resulting from more automation
D) Increasing numbers of information systems and users
22) One reason why many organizations do not adequately protect their systems is because
A) control problems may be overestimated by many companies.
B) productivity and cost cutting cause management to forgo implementing and maintaining internal
controls.
C) control technology has not yet been developed.
D) all of the above
23) Accountants must try to protect the AIS from threats. Which of the following would be a measure
that should be taken?
A) Take a proactive approach to eliminate threats.
B) Detect threats that do occur.
C) Correct and recover from threats that do occur.
D) All of the above are proper measures for the accountant to take.
24) The process that a business uses to safeguard assets, provide accurate and reliable information, and
promote and improve operational efficiency is known as
A) a phenomenon.
B) internal control.
C) an AIS threat.
D) a preventive control.
25) Safeguarding assets is one of the control objectives of internal control. Which of the following is not
one of the other control objectives?
A) providing accurate and reliable information
B) promoting operational efficiency
C) ensuring that no fraud has occurred
D) encouraging adherence to management policies
26) Internal control is often referred to as a(n) ________, because it permeates an organization’s
operating activities and is an integral part of management activities.
A) event
B) activity
C) process
D) system
27) Which of the following is accomplished by corrective controls?
A) Identify the cause of the problem.
B) Correct the resulting errors.
C) Modify the system to prevent future occurrences of the problem.
D) All of the above are accomplished by corrective controls.
28) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit
rejected transactions is an example of a ________ control.
A) corrective; detective
B) detective; corrective
C) preventive; corrective
D) detective; preventive
29) What is not a corrective control procedure?
A) Identify the cause of a problem.
B) Deter problems before they arise.
C) Correct resulting errors or difficulties.
D) Modify the system so that future problems are minimized or eliminated.
30) ________ controls are designed to make sure an organization’s control environment is stable and
well managed.
A) Application
B) Detective
C) General
D) Preventive
31) ________ controls prevent, detect and correct transaction errors and fraud.
A) Application
B) Detective
C) General
D) Preventive
32) The primary purpose of the Foreign Corrupt Practices Act of 1977 was
A) to require corporations to maintain a good system of internal control.
B) to prevent the bribery of foreign officials by American companies.
C) to require the reporting of any material fraud by a business.
D) All of the above are required by the act.
33) Congress passed this federal law for the purpose of preventing financial statement fraud, to make
financial reports more transparent and to strengthen the internal control of public companies.
A) Foreign Corrupt Practices Act of 1977
B) The Securities Exchange Act of 1934
C) The Sarbanes-Oxley Act of 2002
D) The Control Provision of 1998
34) Which of the following is not one of the important aspects of the Sarbanes-Oxley Act?
A) The creation of the Public Company Accounting Oversight Board
B) New rules for auditors and management
C) New roles for audit committees
D) New rules for information systems development
35) A(n) ________ helps employees act ethically by setting limits beyond which an employee must not
pass.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
36) A(n) ________ measures company progress by comparing actual performance to planned
performance.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
37) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular
attention.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
38) This control framework addresses the issue of control from three vantage points: business
objectives, information technology resources, and information technology processes.
A) ISACA’s control objectives for information and related technology
B) COSO’s internal control framework
C) COSO’s enterprise risk management framework
D) none of the above
39) This control framework’s intent includes helping the organization to provide reasonable assurance
that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to
the organization’s reputation.
A) ISACA’s control objectives for information and related technology
B) COSO’s internal control framework
C) COSO’s enterprise risk management framework
D) none of the above
40) The COSO Enterprise Risk Management Framework includes eight components. Which of the
following is not one of them?
A) control environment
B) risk assessment
C) compliance with federal, state, or local laws
D) monitoring
41) Which of the following is not one of the eight interrelated risk and control components of COSO
Enterprise Risk Management Framework?
A) Internal environment
B) Monitoring
C) Risk response
D) Event assessment
42) The COSO Enterprise Risk Management Integrated Framework stresses that
A) risk management activities are an inherent part of all business operations and should be considered
during strategy setting.
B) effective risk management is comprised of just three interrelated components; internal environment,
risk assessment, and control activities.
C) risk management is the sole responsibility of top management.
D) risk management policies, if enforced, guarantee achievement of corporate objectives.
43) Which of the following would be considered a “red flag” for problems with management operating
style if the question were answered “yes”?
A) Does management take undue business risks to achieve its objectives?
B) Does management attempt to manipulate performance measures such as net income?
C) Does management pressure employees to achieve results regardless of the methods?
D) All of the above statements would raise “red flags” if answered “yes.”
44) Which component of the COSO Enterprise Risk Management Integrated Framework is concerned
with understanding how transactions are initiated, data are captured and processed, and information is
reported?
A) Information and communication
B) Internal environment
C) Event identification
D) Objective setting
45) The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary
to achieve corporate goals. Objectives specifically identified include all of the following except
A) implementation of newest technologies.
B) compliance with laws and regulations.
C) effective and efficient operations.
D) reliable reporting.
46) The audit committee of the board of directors
A) is usually chaired by the CFO.
B) conducts testing of controls on behalf of the external auditors.
C) provides a check and balance on management.
D) does all of the above.
47) The audit committee is responsible for
A) overseeing the internal control structure.
B) overseeing the financial reporting process.
C) working with the internal and external auditors.
D) All of the above are responsibilities.
48) The definition of the lines of authority and responsibility and the overall framework for planning,
directing, and controlling is laid out by the
A) control activities
B) organizational structure
C) budget framework
D) internal environment
49) Reducing management layers, creating self-directed work teams, and emphasizing continuous
improvement are all related to which aspect of internal environment?
A) Organizational structure
B) Methods of assigning authority and responsibility
C) Management philosophy and operating style
D) Commitment to competence
50) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to
deter
A) unintentional errors.
B) employee fraud or embezzlement.
C) fraud by outsiders.
D) disgruntled employees.
51) The SEC and FASB are best described as external influences that directly affect an organization’s
A) hiring practices.
B) philosophy and operating style.
C) internal environment.
D) methods of assigning authority.
52) Which attribute below is not an aspect of the COSO ERM Framework internal environment?
A) Enforcing a written code of conduct
B) Holding employees accountable for achieving objectives
C) Restricting access to assets
D) Avoiding unrealistic expectations
53) The amount of risk a company is willing to accept in order to achieve its goals and objectives is
A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment