Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Accounting Information Systems, 13e (Romney/Steinbart)
Chapter 7 Control and Accounting Information Systems
7.1 Explain basic control concepts and explain why computer control and security are
important.
1) Why are threats to accounting information systems increasing?
A) Many companies do not realize that data security is crucial to their survival.
B) LANs and client/server systems are easier to control than centralized, mainframe systems.
C) Many companies believe that protecting information is a strategic requirement.
D) Computer control problems are often overestimated and overly emphasized by management.
2) A control procedure designed so that the employee that records cash received from customers
does not also have access to the cash itself is an example of a(n)
A) preventive control.
B) detective control.
C) corrective control.
D) authorization control.
3) Identify the preventive control below.
A) reconciling the bank statement to the cash control account
B) approving customer credit prior to approving a sales order
C) maintaining frequent backup records to prevent loss of data
D) counting inventory on hand and comparing counts to the perpetual inventory records
4) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors
is directly responsible for
A) hiring and firing the external auditors.
B) performing tests of the company's internal control structure.
C) certifying the accuracy of the company's financial reporting process.
D) overseeing day-to-day operations of the internal audit department.
5) Which of the following measures can protect a company from AIS threats?
A) Take a proactive approach to eliminate threats.
B) Detect threats that do occur.
C) Correct and recover from threats that do occur.
D) All of the above are proper measures for the accountant to take.
6) Internal control is often referred to as a(n) ________, because it permeates an organization's
operating activities and is an integral part of management activities.
A) event
B) activity
C) process
D) system
7) Duplicate checking of calculations is an example of a ________ control, and procedures to
resubmit rejected transactions are an example of a ________ control.
A) corrective; detective
B) detective; corrective
C) preventive; corrective
D) detective; preventive
8) Which type of control is associated with making sure an organization's control environment is
stable?
A) general
B) application
C) detective
D) preventive
9) Which type of control prevents, detects, and corrects transaction errors and fraud?
A) general
B) application
C) detective
D) preventive
10) The primary purpose of the Foreign Corrupt Practices Act of 1977 was
A) to require corporations to maintain a good system of internal control.
B) to prevent the bribery of foreign officials by American companies.
C) to require the reporting of any material fraud by a business.
D) All of the above are required by the act.
11) Congress passed this federal law for the purpose of preventing financial statement fraud, to
make financial reports more transparent and to strengthen the internal control of public
companies.
A) Foreign Corrupt Practices Act of 1977
B) The Securities Exchange Act of 1934
C) The Sarbanes-Oxley Act of 2002
D) The Control Provision of 1998
12) Which of the following was not an important change introduced by the Sarbanes-Oxley Act
of 2002?
A) new roles for audit committees
B) new rules for auditors and management
C) new rules for information systems development
D) the creation of the Public Company Accounting Oversight Board
13) A(n) ________ measures company progress by comparing actual performance to planned
performance.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
14) A(n) ________ helps top-level managers with high-level activities that demand frequent and
regular attention.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
15) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The
management at Oanez Dinnerware
A) asked their auditors to make recommendations for the redesign of their information
technology system and to aid in the implementation process.
B) hired the manager from the external audit team as company CFO twelve months after the
manager had worked on the audit.
C) selected the company's Chief Financial Officer to chair the audit committee.
D) did not mention to auditors that the company had experienced significant losses due to fraud
during the past year.
16) The Sarbanes-Oxley Act (SOX) applies to
A) all companies with gross annual revenues exceeding $500 million.
B) publicly traded companies with gross annual revenues exceeding $500 million.
C) all private and public companies incorporated in the United States.
D) all publicly traded companies.
17) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her
second martini, she began expressing her feelings about her company's budgeting practices. It
seems that as a result of controls put in place by the company,her ability to creatively manage his
department's activities have been curtailed. The level of control that the company is using in this
case is a(n)
A) boundary system.
B) diagnostic control system.
C) interactive control system.
D) belief system.
18) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her
second martini, she began expressing her feelings about her work environment. Recently, every
employee of the firm was required to attend a sexual harassment workshop. The level of control
that the company is using in this case is a(n)
A) boundary system.
B) diagnostic control system.
C) interactive control system.
D) belief system.
19) Explain why the Foreign Corrupt Practices Act was important to accountants.
7.2 Compare and contrast the COBIT, COSO, and ERM control frameworks.
1) Which of the below is not a component of the COSO ERM?
A) monitoring
B) control environment
C) risk assessment
D) compliance with federal, state, or local laws
2) The COSO Enterprise Risk Management Integrated Framework stresses that
A) risk management activities are an inherent part of all business operations and should be
considered during strategy setting.
B) effective risk management is comprised of just three interrelated components; internal
environment, risk assessment, and control activities.
C) risk management is the sole responsibility of top management.
D) risk management policies, if enforced, guarantee achievement of corporate objectives.
3) Nolwenn Limited has been diligent in ensuring that their operations meet modern control
standards. Recently, they have extended their control compliance system by incorporating
policies and procedures that require the specification of company objectives, uncertainties
associated with objectives, and contingency plans. Nolwenn Limited is transitioning from a
________ to a ________ control framework.
A) COSO-Integrated Framework; COBIT
B) COBIT; COSO-Integrated Framework
C) COBIT; COSO-ERM
D) COSO-Integrated Framework; COSO-ERM
E) COSO-ERM; COBIT
4) Discuss the weaknesses in COSO's internal control framework that led to the development of
the COSO Enterprise Risk Management framework.
5) True or False: The COSO ERM contains all five of the same COSO-Integrated Framework
components.
6) How many principles are there in the 2013 updated COSO - Internal Control Framework?
A) 5
B) 8
C) 17
D) 21
7) Why was the original 1992 COSO - Integrated Control framework updated in 2013?
A) Congress required COSO to modernize.
B) U.S. stock exchanges required more disclosure.
C) to more effectively address technological advancements
D) to comply with International accounting standards
8) Which internal control framework is widely accepted as the authority on internal controls?
A) COBIT
B) COSO Integrated Control
C) COSO Enterprise Risk Management
D) Sarbanes-Oxley Control Framework
9) Identify the statement below that is not true of the 2013 COSO Internal Control updated
framework.
A) It more efficiently deals with control implementation and documentation issues.
B) It more effectively deals with control implementation and documentation issues.
C) It provides users with more precise guidance.
D) It adds many new examples to clarify the framework concepts.
10) Which of the following is not one of the five principles of COBIT5?
A) meeting stakeholder needs
B) covering the enterprise end-to-end
C) enabling a holistic approach
D) improving organization efficiency
11) The COBIT5 framework primarily relates to
A) best practices and effective governance and management of private companies.
B) best practices and effective governance and management of public companies.
C) best practices and effective governance and management of information technology.
D) best practices and effective governance and management of organizational assets.
12) Applying the COBIT5 framework, governance is the responsibility of
A) internal audit.
B) external audit.
C) management.
D) the board of directors.
13) Applying the COBIT5 framework, monitoring is the responsibility of
A) the CEO.
B) the CFO.
C) the board of directors.
D) all of the above
14) Why did COSO develop the Enterprise Risk Management framework?
A) to improve the audit process
B) to improve the risk management process
C) to improve the financial reporting process
D) to improve the manufacturing process
15) Which of the following is not a basic principle of the COSO ERM framework?
A) Companies are formed to create value for society.
B) Management must decide how much uncertainty it will accept to create value.
C) Uncertainty results in risk.
D) Uncertainty results in opportunity.
16) The largest differences between the COSO Integrated Control (IC) framework and the COSO
Enterprise Risk Management (ERM) framework is
A) IC is controls-based, while the ERM is risk-based.
B) IC is risk-based, while ERM is controls-based.
C) IC is required, while ERM is optional.
D) IC is more applicable to international accounting standards, while ERM is more applicable to
generally accepted accounting principles.
7.3 Describe the major elements in the internal environment of a company.
1) Rauol is a receptionist for The South American Paper Company, which has strict corporate
policies on appropriate use of corporate resources. The first week of March, Rauol saw Jim (the
branch manager) putting printer paper and toner into his briefcase on his way out the door. This
situation best reflects a weakness in which aspect of internal environment, as discussed in the
COSO Enterprise Risk Management Framework?
A) integrity and ethical values
B) risk management philosophy
C) restrict access to assets
D) methods of assigning authority and responsibility
2) Which of the following is not a factor of internal environment according to the COSO
Enterprise Risk Management Framework?
A) analyzing past financial performance and reporting
B) providing sufficient resources to knowledgeable employees to carry out duties
C) disciplining employees for violations of expected behavior
D) setting realistic targets for long-term performance
3) The audit committee of the board of directors
A) is usually chaired by the CFO.
B) conducts testing of controls on behalf of the external auditors.
C) provides a check and balance on management.
D) does all of the above.
4) The definition of the lines of authority and responsibility and the overall framework for
planning, directing, and controlling is laid out by the
A) control activities.
B) organizational structure.
C) budget framework.
D) internal environment.
5) Reducing management layers, creating self-directed work teams, and emphasizing continuous
improvement are all related to which aspect of internal environment?
A) organizational structure
B) methods of assigning authority and responsibility
C) management philosophy and operating style
D) commitment to competence
6) Personnel policies such as background checks, mandatory vacations, and rotation of duties
tend to deter
A) unintentional errors.
B) employee fraud or embezzlement.
C) fraud by outsiders.
D) disgruntled employees.
7) The SEC and FASB are best described as external influences that directly affect an
organization's
A) hiring practices.
B) philosophy and operating style.
C) internal environment.
D) methods of assigning authority.
8) Which attribute below is not an aspect of the COSO ERM Framework internal environment?
A) enforcing a written code of conduct
B) holding employees accountable for achieving objectives
C) restricting access to assets
D) avoiding unrealistic expectations
9) The amount of risk a company is willing to accept in order to achieve its goals and objectives
is
A) inherent risk.
B) residual risk.
C) risk appetite.
D) risk assessment.
10) Discuss the internal environment and identify the elements that comprise the internal
environment.
11) Explain why management's philosophy and operating style are considered to be the most
important element of the internal environment.
12) What are some of the ways to assign authority and responsibility within an organization?
7.4 Describe the four types of control objectives that companies need to set.
1) According to the ERM, these help the company address all applicable laws and regulations.
A) compliance objectives
B) operations objectives
C) reporting objectives
D) strategic objectives
2) According to the ERM, high level goals that are aligned with and support the company's
mission are
A) compliance objectives.
B) operations objectives.
C) reporting objectives.
D) strategic objectives.
3) According to the ERM, ________ deal with the effectiveness and efficiency of company
operations, such as performance and profitability goals.
A) compliance objectives
B) operations objectives
C) reporting objectives
D) strategic objectives
4) ________ objectives help ensure the accuracy, completeness and reliability of internal and
external company reports, Applying the ERM framework.
A) Compliance objectives
B) Operations objectives
C) Reporting objectives
D) Strategic objectives
7.5 Describe the events that affect uncertainty and the techniques used to identify them.
1) True or False: Using the COSO definition of an event, an event represents uncertainty.
2) Identify the most correct statement with regards to an event.
A) An event identified by management will occur.
B) An event identified by management may or may not occur.
C) An event identified by management may not trigger other events.
D) It is easy to determine which events are most likely to occur.
3) Which of the following is not a commonly used technique used to identify potential events?
A) performing internal analysis
B) monitoring leading events
C) conducting interviews
D) none of the above
