54) The risk that remains after management implements internal controls is
A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment
55) The risk that exists before management takes any steps to control the likelihood or impact of a risk is
A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment
56) When undertaking risk assessment, the expected loss is calculated like this.
A) Impact times expected loss
B) Impact times likelihood
C) Inherent risk times likelihood
D) Residual risk times likelihood
57) Generally in a risk assessment process, the first step is to
A) identify the threats that the company currently faces.
B) estimate the risk probability of negative events occurring.
C) estimate the exposure from negative events.
D) identify controls to reduce all risk to zero.
58) Store policy that allows retail clerks to process sales returns for $300 or less, with a receipt dated
within the past 60 days, is an example of
A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.
59) Corporate policy that requires a purchasing agent and purchasing department manager to sign off on
asset purchases over $1,500 is an example of
A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.
60) A document that shows all projects that must be completed and the related IT needs in order to
achieve long-range company goals is known as a
A) performance evaluation.
B) project development plan.
C) data processing schedule.
D) strategic master plan.
61) A ________ is created to guide and oversee systems development and acquisition.
A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan
62) A ________ shows how a project will be completed, including tasks and who will perform them as
well as a timeline and cost estimates.
A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan
63) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at
Folding Squid Technologies
A) asked their auditors to make recommendations for the redesign of their information technology
system and to aid in the implementation process.
B) hired the manager from the external audit team as company CFO twelve months after the manager
had worked on the audit.
C) selected the company’s Chief Financial Officer to chair the audit committee.
D) did not mention to auditors that the company had experienced significant losses due to fraud during
the past year.
64) The Sarbanes-Oxley Act (SOX) applies to
A) all companies with gross annual revenues exceeding $500 million.
B) publicly held companies with gross annual revenues exceeding $500 million.
C) all private and publicly held companies incorporated in the United States.
D) all publicly held companies.
65) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second
martini, he began expressing his opinions about his company’s budgeting practices. It seems that, as a
result of “budget handcuffs” that require managers to explain material deviations from budgeted
expenditures, his ability to creatively manage his department’s activities have been curtailed. The level
of control that the company is using in this case is a
A) boundary system.
B) belief system.
C) interactive control system.
D) diagnostic control system.
66) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second
martini, he began expressing his opinions about his work environment. It seems that, as a result of
“feminazi” interference, the suggestive banter that had been prevalent in the workplace during his youth
was no longer acceptable. He even had to sit through a sexual harassment workshop! The level of
control that the company is using in this case is a
A) boundary system.
B) belief system.
C) interactive control system.
D) diagnostic control system.
67) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild
rivers of Iowa. Management has determined that there is one chance in a thousand of a client being
injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a
$50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal
negligence. What is the impact of this risk without insurance?
A) $50,000
B) $650,000
C) $650
D) $50
68) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild
rivers of Iowa. Management has determined that there is one chance in a thousand of a client being
injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a
$50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal
negligence. What is the expected loss without insurance?
A) $50,000
B) $650,000
C) $650
D) $50
69) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild
rivers of Iowa. Management has determined that there is one chance in a thousand of a client being
injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a
$50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal
negligence. What is the expected loss with insurance?
A) $50,000
B) $650,000
C) $650
D) $50
70) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild
rivers of Iowa. Management has determined that there is one chance in a thousand of a client being
injured or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a
$50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal
negligence. Based on cost-benefit analysis, what is the most that the business should pay for the
insurance?
A) $500
B) $650
C) $600
D) $50
71) Due to data errors occurring from time to time in processing the Albert Company’s payroll, the
company’s management is considering the addition of a data validation control procedure that is
projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is
estimated to be $11,000. The cost of implementing the data validation control procedure is expected to
be $700. Which of the following statements is true?
A) The data validation control procedure should be implemented because its net estimated benefit is
$510.
B) The data validation control procedure should be implemented because its cost of $700 is less than the
payroll reprocessing cost of $1,430.
C) The data validation control procedure should not be implemented because its cost of $700 exceeds
the expected benefit by $480.
D) The data validation control procedure should not be implemented because its net estimated benefit is
a negative $1,210.
72) The organization chart for Geerts Corporation includes a controller and an information processing
manager, both of whom report to the vice president of finance. Which of the following would be a
control weakness?
A) Assigning the programming and operating of the computer system to an independent control group
which reports to the controller
B) Providing for maintenance of input data controls by an independent control group which reports to
the controller
C) Periodically rotating assignment of application processing among machine operators, who all report
to the information processing manager
D) Providing for review and distribution of system-generated reports by an independent control group
which reports to the controller
73) Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern
control standards. Recently, they have extended their control compliance system by incorporating
policies and procedures that require the specification of company objectives, uncertainties associated
with objectives, and contingency plans. They are transitioning from a ________ to a ________ control
framework.
A) COSO-Integrated Framework; COBIT
B) COBIT; COSO-Integrated Framework
C) COBIT; COSO-ERM
D) COSO-Integrated Framework; COSO-ERM
E) COSO-ERM; COBIT
74) FranticHouse Partners, L.L.C., does home remodeling and repair. All employees are bonded, so the
firm’s risk exposure to employee fraud is
A) reduced.
B) shared.
C) avoided.
D) accepted.
75) FranticHouse Partners, L.L.C., does home remodeling and repair. The firm does not accept jobs that
require the installation of slate or copper roofing because these materials often require costly post–
installation services. The firm’s risk exposure to costly post-installation services is
A) reduced.
B) shared.
C) avoided.
D) accepted.
76) According to the COSO Enterprise Risk Management Framework, the risk assessment process
incorporates all of the following components except
A) reporting potential risks to auditors.
B) identifying events that could impact the enterprise.
C) evaluating the impact of potential events on achievement of objectives.
D) establishing objectives for the enterprise.
77) Ferdinand Waldo Demara was known as the great imposter. He had an astounding ability to
convince people that he was who he truly was not. He worked as a naval officer, physician, college
teacher, prison warden, and other jobs without any of the prerequisite qualifications. By not diligently
checking references, the organizations fooled by Demara (including the Canadian Navy) apparently
chose to ________ the risk of fraud.
A) reduce
B) share
C) avoid
D) accept
78) Which of the following is an independent check on performance?
A) The Purchasing Agent physically reviews the contents of shipments and compares them with the
purchase orders he has placed.
B) Production teams perform quality evaluations of the products that they produce.
C) The General Manager compares budgeted amounts with expenditure records from all departments.
D) Petty cash is disbursed by Fred Haynes. He also maintains records of disbursements, places requests
to finance to replace expended funds, and periodically reconciles the petty cash balance.
79) Petty cash is disbursed by the Fred Haynes in the Cashier’s Office. He also maintains records of
disbursements, places requests to the Finance Department to replace expended funds, and periodically
reconciles the petty cash balance. This represents a(an) ________ segregation of duties.
A) effective
B) ideal
C) ineffective
D) limited
80) Hiring decisions at Frazier’s Razors are made by Sheila Frazier, the Director of Human Resources.
Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors
submit time cards to Sheila, who prepares paycheck requisitions. Paychecks are then distributed through
the company’s mail room. This represents a(an) ________ segregation of duties.
A) effective
B) partial
C) ineffective
D) limited
81) Change management refers to
A) disbursement controls on petty cash.
B) operational controls applied to companies after mergers or acquisitions.
C) replacement of upper management and their introduction to the organization.
D) controls designed to ensure that updates in information technology do not have negative
consequences.
82) The Director of Information Technology for the city of Bumpkiss, Minnesota, formed a company to
sell computer supplies and software. All purchases made on behalf of the City were made from his
company. He was later charged with fraud for overcharging the City, but was not convicted. The control
issue in this case arose because the Director had both ________ and ________ duties.
A) custody; authorization
B) custody; recording
C) recording; authorization
D) management; custody
83) According to the ERM, these help the company address all applicable laws and regulations.
A) Compliance objectives
B) Operations objectives
C) Reporting objectives
D) Strategic objectives
84) According to the ERM, high level goals that are aligned with and support the company’s mission are
A) compliance objectives.
B) operations objectives.
C) reporting objectives.
D) strategic objectives.
85) According to the ERM, these deal with the effectiveness and efficiency of company operations, such
as performance and profitability goals.
A) Compliance objectives
B) Operations objectives
C) Reporting objectives
D) Strategic objectives
86) According to the ERM, these objectives help ensure the accuracy, completeness and reliability of
internal and external company reports.
A) Compliance objectives
B) Operations objectives
C) Reporting objectives
D) Strategic objectives
87) Which of the following is not a risk reduction element of a disaster recovery plan?
A) Identification of alternate work site
B) Off-site storage of backup files and programs
C) Documentation of procedures and responsibilitie
D) Adequate casualty insurance
88) Describe the differences between general and specific authorization.
89) Explain how a company could be the victim of fraud, even if ideal segregation of duties is enforced.
90) Classify each of the following controls as preventive, detective, or corrective.
Periodic bank reconciliation
Separation of cash and accounting records
Maintaining backup copies of master and transaction files
Pre-numbering of sales invoices
Chart of accounts
Retina scan before entering a sensitive R & D facility
Resubmission of error transactions for subsequent processing
Internal auditor rechecking the debits and credits on the payment voucher
Depositing all cash receipts intact
Hiring qualified accounting personnel
91) Discuss four reasons why AIS threats are increasing.
92) Explain why the Foreign Corrupt Practices Act was important to accountants.
93) Discuss the internal environment and identify the elements that comprise the internal environment.
94) Explain why management’s philosophy and operating style are considered to be the most important
element of the internal environment.
95) What are some of the ways to assign authority and responsibility within an organization?
96) Discuss the weaknesses in COSO’s internal control framework that led to the development of the
COSO Enterprise Risk Management framework.