Chapter 7

Accounting Information Systems, 13e (Romney/Steinbart)
Chapter 7 Control and Accounting Information Systems
7.1 Explain basic control concepts and explain why computer control and security are
important.
1) Why are threats to accounting information systems increasing?

A) Many companies do not realize that data security is crucial to their survival.
B) LANs and client/server systems are easier to control than centralized, mainframe systems.
C) Many companies believe that protecting information is a strategic requirement.
D) Computer control problems are often overestimated and overly emphasized by management.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
2) A control procedure designed so that the employee that records cash received from customers
does not also have access to the cash itself is an example of a(n)
A) preventive control.
B) detective control.
C) corrective control.
D) authorization control.
Answer: A
Difficulty: Moderate
AACSB: Reflective Thinking
3) Identify the preventive control below.

A) reconciling the bank statement to the cash control account
B) approving customer credit prior to approving a sales order
C) maintaining frequent backup records to prevent loss of data
D) counting inventory on hand and comparing counts to the perpetual inventory records
Answer: B
AACSB: Analytic
4) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors
is directly responsible for
A) hiring and firing the external auditors.
B) performing tests of the company's internal control structure.
C) certifying the accuracy of the company's financial reporting process.
D) overseeing day-to-day operations of the internal audit department.
Answer: A
AACSB: Analytic
1
Copyright © 2015 Pearson Education, Inc.
5) Which of the following measures can protect a company from AIS threats?
A) Take a proactive approach to eliminate threats.
B) Detect threats that do occur.
C) Correct and recover from threats that do occur.
D) All of the above are proper measures for the accountant to take.
Answer: D
Difficulty: Easy
AACSB: Analytic
6) Internal control is often referred to as a(n) ________, because it permeates an organization's

operating activities and is an integral part of management activities.
A) event
B) activity
C) process
D) system
Answer: C
Difficulty: Easy
AACSB: Analytic
7) Duplicate checking of calculations is an example of a ________ control, and procedures to

resubmit rejected transactions are an example of a ________ control.
A) corrective; detective
B) detective; corrective
C) preventive; corrective
D) detective; preventive
Answer: B
Difficulty: Easy
AACSB: Analytic
8) Which type of control is associated with making sure an organization's control environment is
stable?
A) general
B) application
C) detective
D) preventive
Answer: A
Difficulty: Easy
AACSB: Analytic
2
9) Which type of control prevents, detects, and corrects transaction errors and fraud?
A) general
B) application
C) detective
D) preventive
Answer: B
Difficulty: Easy
AACSB: Analytic
10) The primary purpose of the Foreign Corrupt Practices Act of 1977 was
A) to require corporations to maintain a good system of internal control.
B) to prevent the bribery of foreign officials by American companies.
C) to require the reporting of any material fraud by a business.
D) All of the above are required by the act.
Answer: B
Difficulty: Easy
AACSB: Analytic
11) Congress passed this federal law for the purpose of preventing financial statement fraud, to
make financial reports more transparent and to strengthen the internal control of public
companies.
A) Foreign Corrupt Practices Act of 1977
B) The Securities Exchange Act of 1934
C) The Sarbanes-Oxley Act of 2002
D) The Control Provision of 1998
Answer: C
Difficulty: Easy
AACSB: Analytic
12) Which of the following was not an important change introduced by the Sarbanes-Oxley Act
of 2002?
A) new roles for audit committees
B) new rules for auditors and management
C) new rules for information systems development
D) the creation of the Public Company Accounting Oversight Board
Answer: C
Difficulty: Easy
AACSB: Analytic
3
13) A(n) ________ measures company progress by comparing actual performance to planned
performance.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
Answer: B
Difficulty: Easy
AACSB: Analytic
14) A(n) ________ helps top-level managers with high-level activities that demand frequent and
regular attention.
A) boundary system
B) diagnostic control system
C) interactive control system
D) internal control system
Answer: C
Difficulty: Easy
AACSB: Analytic
15) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The
management at Oanez Dinnerware
A) asked their auditors to make recommendations for the redesign of their information
technology system and to aid in the implementation process.
B) hired the manager from the external audit team as company CFO twelve months after the
manager had worked on the audit.
C) selected the company's Chief Financial Officer to chair the audit committee.
D) did not mention to auditors that the company had experienced significant losses due to fraud
during the past year.
Answer: B
AACSB: Analytic
16) The Sarbanes-Oxley Act (SOX) applies to

A) all companies with gross annual revenues exceeding $500 million.
B) publicly traded companies with gross annual revenues exceeding $500 million.
C) all private and public companies incorporated in the United States.
D) all publicly traded companies.
Answer: D
AACSB: Analytic
4
17) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her
second martini, she began expressing her feelings about her company's budgeting practices. It
seems that as a result of controls put in place by the company, her ability to creatively manage
his department's activities have been curtailed. The level of control that the company is using in
this case is a(n)
A) boundary system.
B) diagnostic control system.
C) interactive control system.
D) belief system.
Answer: B
Difficulty: Easy
AACSB: Analytic
18) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her
second martini, she began expressing her feelings about her work environment. Recently, every
employee of the firm was required to attend a sexual harassment workshop. The level of control
that the company is using in this case is a(n)
A) boundary system.
B) diagnostic control system.
C) interactive control system.
D) belief system.
Answer: A
AACSB: Analytic
19) Explain why the Foreign Corrupt Practices Act was important to accountants.
Answer: The act is important to accountants because it incorporates the language of the AICPA
pronouncement on internal controls. The Act mandates that corporations should keep records
that accurately and fairly reflect their transactions and assets in reasonable detail. The internal
control system of these organizations should be able to provide reasonable assurance that: a)
transactions are properly authorized and recorded; b) assets are safeguarded and protected from
unauthorized access; and c) recorded asset values are periodically compared with actual assets
and any differences are corrected. The act requires corporations to maintain good systems of
internal accounting control.
AACSB: Analytic
5
7.2 Compare and contrast the COBIT, COSO, and ERM control frameworks.
1) Which of the below is not a component of the COSO ERM?

A) monitoring
B) control environment
C) risk assessment
D) compliance with federal, state, or local laws
Answer: D
Difficulty: Easy
AACSB: Analytic
2) The COSO Enterprise Risk Management Integrated Framework stresses that

A) risk management activities are an inherent part of all business operations and should be
considered during strategy setting.
B) effective risk management is comprised of just three interrelated components; internal
environment, risk assessment, and control activities.
C) risk management is the sole responsibility of top management.
D) risk management policies, if enforced, guarantee achievement of corporate objectives.
Answer: A
AACSB: Analytic
3) Nolwenn Limited has been diligent in ensuring that their operations meet modern control
standards. Recently, they have extended their control compliance system by incorporating
policies and procedures that require the specification of company objectives, uncertainties
associated with objectives, and contingency plans. Nolwenn Limited is transitioning from a
________ to a ________ control framework.
A) COSO-Integrated Framework; COBIT
B) COBIT; COSO-Integrated Framework
C) COBIT; COSO-ERM
D) COSO-Integrated Framework; COSO-ERM
E) COSO-ERM; COBIT
Answer: D
6
4) Discuss the weaknesses in COSO's internal control framework that led to the development of
the COSO Enterprise Risk Management framework.
Answer: COSO's internal control framework 1. had too narrow a focus. 2. examined controls
without first addressing purposes and risks of business processes 3. existing internal control
systems often have controls that protect against items that are no longer risks or are no longer
important. 4. focusing on controls first has an inherent bias toward past problems and concerns.
AACSB: Analytic
5) True or False: The COSO ERM contains all five of the same COSO-Integrated Framework
components.
Answer: TRUE
Difficulty: Easy
AACSB: Analytic
6) How many principles are there in the 2013 updated COSO - Internal Control Framework?
A) 5
B) 8
C) 17
D) 21
Answer: C
AACSB: Analytic
7) Why was the original 1992 COSO - Integrated Control framework updated in 2013?
A) Congress required COSO to modernize.
B) U.S. stock exchanges required more disclosure.
C) to more effectively address technological advancements
D) to comply with International accounting standards
Answer: C
AACSB: Analytic
8) Which internal control framework is widely accepted as the authority on internal controls?
A) COBIT
B) COSO Integrated Control
C) COSO Enterprise Risk Management
D) Sarbanes-Oxley Control Framework
Answer: B
AACSB: Analytic
7
9) Identify the statement below that is not true of the 2013 COSO Internal Control updated
framework.
A) It more efficiently deals with control implementation and documentation issues.
B) It more effectively deals with control implementation and documentation issues.
C) It provides users with more precise guidance.
D) It adds many new examples to clarify the framework concepts.
Answer: A
Difficulty: Difficult
AACSB: Analytic
10) Which of the following is not one of the five principles of COBIT5?
A) meeting stakeholder needs
B) covering the enterprise end-to-end
C) enabling a holistic approach
D) improving organization efficiency
Answer: D
AACSB: Analytic
11) The COBIT5 framework primarily relates to

A) best practices and effective governance and management of private companies.
B) best practices and effective governance and management of public companies.
C) best practices and effective governance and management of information technology.
D) best practices and effective governance and management of organizational assets.
Answer: D
Difficulty: Easy
AACSB: Analytic
12) Applying the COBIT5 framework, governance is the responsibility of

A) internal audit.
B) external audit.
C) management.
D) the board of directors.
Answer: D
AACSB: Analytic
8
13) Applying the COBIT5 framework, monitoring is the responsibility of
A) the CEO.
B) the CFO.
C) the board of directors.
D) all of the above
Answer: D
AACSB: Analytic
14) Why did COSO develop the Enterprise Risk Management framework?
A) to improve the audit process
B) to improve the risk management process
C) to improve the financial reporting process
D) to improve the manufacturing process
Answer: B
Difficulty: Easy
AACSB: Analytic
15) Which of the following is not a basic principle of the COSO ERM framework?
A) Companies are formed to create value for society.
B) Management must decide how much uncertainty it will accept to create value.
C) Uncertainty results in risk.
D) Uncertainty results in opportunity.
Answer: A
AACSB: Analytic
16) The largest differences between the COSO Integrated Control (IC) framework and the COSO
Enterprise Risk Management (ERM) framework is
A) IC is controls-based, while the ERM is risk-based.
B) IC is risk-based, while ERM is controls-based.
C) IC is required, while ERM is optional.
D) IC is more applicable to international accounting standards, while ERM is more applicable to
generally accepted accounting principles.
Answer: A
AACSB: Analytic
9
7.3 Describe the major elements in the internal environment of a company.
1) Rauol is a receptionist for The South American Paper Company, which has strict corporate
policies on appropriate use of corporate resources. The first week of March, Rauol saw Jim (the
branch manager) putting printer paper and toner into his briefcase on his way out the door. This
situation best reflects a weakness in which aspect of internal environment, as discussed in the
COSO Enterprise Risk Management Framework?
A) integrity and ethical values
B) risk management philosophy
C) restrict access to assets
D) methods of assigning authority and responsibility
Answer: A
Difficulty: Easy
AACSB: Analytic
2) Which of the following is not a factor of internal environment according to the COSO
Enterprise Risk Management Framework?
A) analyzing past financial performance and reporting
B) providing sufficient resources to knowledgeable employees to carry out duties
C) disciplining employees for violations of expected behavior
D) setting realistic targets for long-term performance
Answer: A
AACSB: Analytic
3) The audit committee of the board of directors

A) is usually chaired by the CFO.
B) conducts testing of controls on behalf of the external auditors.
C) provides a check and balance on management.
D) does all of the above.
Answer: C
AACSB: Analytic
4) The definition of the lines of authority and responsibility and the overall framework for
planning, directing, and controlling is laid out by the
A) control activities.
B) organizational structure.
C) budget framework.
D) internal environment.
Answer: B
Difficulty: Easy
AACSB: Analytic
10
5) Reducing management layers, creating self-directed work teams, and emphasizing continuous
improvement are all related to which aspect of internal environment?
A) organizational structure
B) methods of assigning authority and responsibility
C) management philosophy and operating style
D) commitment to competence
Answer: A
AACSB: Analytic
6) Personnel policies such as background checks, mandatory vacations, and rotation of duties
tend to deter
A) unintentional errors.
B) employee fraud or embezzlement.
C) fraud by outsiders.
D) disgruntled employees.
Answer: B
Difficulty: Easy
AACSB: Analytic
7) The SEC and FASB are best described as external influences that directly affect an
organization's
A) hiring practices.
B) philosophy and operating style.
C) internal environment.
D) methods of assigning authority.
Answer: C
Difficulty: Easy
AACSB: Analytic
8) Which attribute below is not an aspect of the COSO ERM Framework internal environment?
A) enforcing a written code of conduct
B) holding employees accountable for achieving objectives
C) restricting access to assets
D) avoiding unrealistic expectations
Answer: C
AACSB: Analytic
11
9) The amount of risk a company is willing to accept in order to achieve its goals and objectives
is
A) inherent risk.
B) residual risk.
C) risk appetite.
D) risk assessment.
Answer: C
Difficulty: Easy
AACSB: Analytic
10) Discuss the internal environment and identify the elements that comprise the internal
environment.
Answer: The internal environment embraces individuals and the environment in which they
operate in an organization. Individual employees are "the engine" that drive the organization and
form the foundation upon which everything in the organization rests. Elements of the internal
environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and
operating style of management; 3) organizational structure; 4) the audit committee of the board
of directors; 5) methods of assigning authority and responsibility; 6) human resources policies
and practices; and 7) various external influences. Each of these elements influences the internal
control structure of the organization. Likewise, these elements should be examined and analyzed
in detail when implementing or evaluating a system of internal controls.
AACSB: Analytic
11) Explain why management's philosophy and operating style are considered to be the most
important element of the internal environment.
Answer: Management truly sets the tone for the control environment of a business. If top
management takes good control seriously and makes this known to everyone in the organization,
then employees down the line will tend to do likewise. Management's attitude toward risk taking
and the assessment of risk before acting are indications. Willingness to manipulate performance
measures or to encourage employees to do likewise is another indication of attitude. Finally,
pressure on subordinates to achieve certain results regardless of the methods used can be a very
persuasive indicator of problems. Management concerned about control will assess risk and act
prudently, manipulation of performance measures will not be tolerated, and ethical behavior will
be instilled in and required of employees.
12
12) What are some of the ways to assign authority and responsibility within an organization?
Answer: It is incumbent on management to identify specific business objectives and assign such
objectives to certain departments and individuals. Management must also hold such departments
and individuals responsible and accountable for achieving the assigned business objectives.
Ways in which management may assign authority and responsibility is through formal job
descriptions, employee training, budgets, operating plans, and scheduling. A formal code of
conduct also sets the stage for responsible behavior on the part of employees by defining ethical
behavior, acceptable business practices, regulatory requirements, and conflicts of interest.
Another useful and important tool is a written policy and procedures manual.
AACSB: Analytic
7.4 Describe the four types of control objectives that companies need to set.
1) According to the ERM, these help the company address all applicable laws and regulations.
A) compliance objectives
B) operations objectives
C) reporting objectives
D) strategic objectives
Answer: A
Difficulty: Easy
AACSB: Analytic
2) According to the ERM, high level goals that are aligned with and support the company's
mission are
A) compliance objectives.
B) operations objectives.
C) reporting objectives.
D) strategic objectives.
Answer: D
Difficulty: Easy
AACSB: Analytic
3) According to the ERM, ________ deal with the effectiveness and efficiency of company
operations, such as performance and profitability goals.
A) compliance objectives
B) operations objectives
C) reporting objectives
D) strategic objectives
Answer: B
Difficulty: Easy
AACSB: Analytic
13
4) ________ objectives help ensure the accuracy, completeness and reliability of internal and
external company reports, Applying the ERM framework.
A) Compliance objectives
B) Operations objectives
C) Reporting objectives
D) Strategic objectives
Answer: C
Difficulty: Easy
AACSB: Analytic
7.5 Describe the events that affect uncertainty and the techniques used to identify them.
1) True or False: Using the COSO definition of an event, an event represents uncertainty.
Answer: TRUE
Difficulty: Easy
AACSB: Analytic
2) Identify the most correct statement with regards to an event.

A) An event identified by management will occur.
B) An event identified by management may or may not occur.
C) An event identified by management may not trigger other events.
D) It is easy to determine which events are most likely to occur.
Answer: B
Difficulty: Easy
AACSB: Analytic
3) Which of the following is not a commonly used technique used to identify potential events?
A) performing internal analysis
B) monitoring leading events
C) conducting interviews
D) none of the above
Answer: D
AACSB: Analytic
14
7.6 Explain how to assess and respond to risk using the Enterprise Risk Management (ERM)
model.
1) ________ is not a risk responses identified in the COSO Enterprise Risk Management
Framework.
A) Acceptance
B) Avoidance
C) Monitoring
D) Sharing
Answer: C
Difficulty: Easy
AACSB: Analytic
2) Best Friends, Incorporated is a publicly traded company where three BFF's (best friends
forever) serve as its key officers. This situation
A) is a violation of the Sarbanes-Oxley Act.
B) violates the Securities and Exchange Act.
C) increases the risk associated with an audit.
D) must be changed before your audit firm could accept the audit engagement.
Answer: C
Difficulty: Easy
AACSB: Analytic
3) ________ remains after management implements internal control(s).

A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment
Answer: B
Difficulty: Easy
AACSB: Analytic
4) ________ is the risk that exists before management takes any steps to mitigate it.
A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment
Answer: A
Difficulty: Easy
AACSB: Analytic
15
5) How is expected loss calculated when performing risk assessment?
A) impact times expected loss
B) impact times likelihood
C) inherent risk times likelihood
D) residual risk times likelihood
Answer: B
Difficulty: Easy
AACSB: Analytic
6) The first step of the risk assessment process is generally to

A) identify controls to reduce all risk to zero.
B) estimate the exposure from negative events.
C) identify the threats that the company currently faces.
D) estimate the risk probability of negative events occurring.
Answer: C
Difficulty: Easy
AACSB: Analytic
7) Whitewater Rapids provides canoes to tourists eager to ride Whitewater River's rapids.
Management has determined that there is one chance in a thousand of a customer being injured
or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a
$50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of
criminal negligence. What is the impact of this risk without insurance?
A) $50
B) $650
C) $50,000
D) $650,000
Answer: D
Difficulty: Easy
AACSB: Analytic
8) Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids.
criminal negligence. What is the expected loss without insurance?
A) $50
B) $650
C) $50,000
D) $650,000
Answer: B
Difficulty: Easy
AACSB: Analytic
16
criminal negligence. What is the expected loss with insurance?
A) $50
B) $650
C) $50,000
D) $650,000
Answer: A
Difficulty: Easy
AACSB: Analytic
criminal negligence. Based on cost-benefit analysis, what is the most that the business should
pay for the insurance?
A) $50
B) $500
C) $600
D) $650
Answer: C
Difficulty: Easy
AACSB: Analytic
11) According to the COSO Enterprise Risk Management Framework, the risk assessment
process incorporates all of the following components except
A) reporting potential risks to auditors.
B) identifying events that could impact the enterprise.
C) evaluating the impact of potential events on achievement of objectives.
D) establishing objectives for the enterprise.
Answer: A
AACSB: Analytic
17
12) As a result of an internal risk assessment, Allstate Insurance decided it was not profitable to
provide hurricane insurance in the state of Florida. Allstate apparently chose to ________ the
risk of paying hurricane claims in Florida.
A) reduce
B) share
C) avoid
D) accept
Answer: C
13) Upon getting into your new car, you suddenly became worried that you might become
injured in an auto accident. You decided to buckle your seat belt in response. You chose to
________ the risk of being injured in an auto accident.
A) reduce
B) share
C) avoid
D) accept
Answer: A
injured in an auto accident. In response, you decided to drive 5 miles under the speed limit. You
chose to ________ the risk of being injured in an auto accident.
A) reduce
B) share
C) avoid
D) accept
Answer: A
injured in an auto accident. In response, you decided to ride your bike instead. You chose to
________ the risk of being injured in an auto accident.
A) reduce
B) share
C) avoid
D) accept
Answer: C
18
7.7 Describe control activities commonly used in companies.
1) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each
day, the beginning ticket number is subtracted from the ending number to calculate the number
of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with
the number of tickets sold. Which of the following situations does this control detect?
A) Some customers presented tickets purchased on a previous day when there wasn't a ticket
taker at the theater entrance (so the tickets didn't get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.
Answer: A
2) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each
day, the beginning ticket number is subtracted from the ending number to calculate the number
of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the
following situations does this control detect?
A) Some customers presented tickets purchased on a previous day when there wasn't a ticket
taker at the theater entrance (so the tickets didn't get torn.)
B) A group of kids snuck into the theater through a back door when customers left after a show.
C) The box office cashier accidentally gives too much change to a customer.
D) The ticket taker admits his friends without tickets.
Answer: C
3) Independent checks on performance include all the following except

A) data input validation checks.
B) reconciling hash totals.
C) preparing a trial balance report.
D) supervisor review of journal entries and supporting documentation.
Answer: A
Difficulty: Easy
AACSB: Analytic
19
4) One of the key objectives of segregating duties is to
A) ensure that no collusion will occur.
B) achieve an optimal division of labor for efficient operations.
C) make sure that different people handle different transactions.
D) make sure that different people handle different parts of the same transaction.
Answer: D
AACSB: Analytic
5) Identify the statement below which is true.

A) Requiring two signatures on checks over $20,000 is an example of segregation of duties.
B) Although forensic specialists utilize computers, only people can accurately identify fraud.
C) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of
Enterprise Risk Management processes.
D) Re-adding the total of a batch of invoices and comparing the total with the first total you
calculated is an example of an independent check.
Answer: C
6) Of the following examples of fraud, which will be the most difficult to prevent and detect?
Assume the company enforces adequate segregation of duties.
A) A mail room employee steals a check received from a customer and destroys the
documentation.
B) The accounts receivable clerk does not record sales invoices for friends or family, so they can
receive free goods.
C) An employee puts inventory behind the dumpster while unloading a vendor's delivery truck,
then picks up the inventory later in the day and puts it in her car.
D) Mike issues credit cards to him and Maxine, and when the credit card balances are just under
$1,000, Maxine writes off the accounts as bad debt. Mike then issues new cards.
Answer: D
7) Which of the following is a control related to design and use of documents and records?
A) locking blank checks in a drawer or safe
B) sequentially prenumbering sales invoices
C) reconciling the bank statement to the general ledger
D) comparing physical inventory counts with perpetual inventory records
Answer: B
Difficulty: Easy
AACSB: Analytic
20
8) Which of the following duties could be performed by the same individual without violating
segregation of duties controls?
A) approving accounting software change requests and testing production scheduling software
changes
B) programming new code for accounting software and testing accounting software upgrades
C) approving software changes and implementing the upgraded software
D) managing accounts payable function and revising code for accounting software to more
efficiently process discount due dates on vendor invoices
Answer: A
9) With a limited work force and a desire to maintain strong internal control, which combination
of duties would result in the lowest risk exposure?
A) updating the inventory subsidiary ledgers and recording purchases in the purchases journal
B) approving a sales return on a customer's account and depositing customers' checks in the bank
C) updating the general ledger and working in the inventory warehouse
D) entering payments to vendors in the cash disbursements journal and entering cash received
from customers in the cash receipts journal
Answer: D
10) A store policy that allows retail clerks to process sales returns for $500 or less, with a receipt
dated within the past 30 days, is an example of
A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.
Answer: A
Difficulty: Easy
11) An accounting policy that requires a purchasing manager to sign off on all purchases over
$5,000 is an example of
A) general authorization.
B) specific authorization.
C) special authorization.
D) generic authorization.
Answer: B
Difficulty: Easy
21
12) A document that shows all projects that must be completed and the related IT needs in order
to achieve long-range company goals is known as a
A) performance evaluation.
B) project development plan.
C) data processing schedule.
D) strategic master plan.
Answer: D
AACSB: Analytic
13) A ________ is created to guide and oversee systems development and acquisition.
A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan
Answer: C
Difficulty: Easy
AACSB: Analytic
14) A ________ shows how a project will be completed, including tasks and who will perform
them as well as a timeline and cost estimates.
A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan
Answer: B
Difficulty: Easy
AACSB: Analytic
15) The organization chart for Renata Corporation includes a controller and an information
processing manager, both of whom report to the vice president of finance. Which of the
following would be a control weakness?
A) assigning the programming and operating of the computer system to an independent control
group which reports to the controller
B) providing for maintenance of input data controls by an independent control group which
reports to the controller
C) periodically rotating assignment of application processing among machine operators, who all
report to the information processing manager
D) providing for review and distribution of system-generated reports by an independent control
group which reports to the controller
Answer: A
22
16) Which of the following is an independent check on performance?
A) The Purchasing Agent physically reviews the contents of shipments and compares them with
the purchase orders he has placed.
B) Production teams perform quality evaluations of the products that they produce.
C) The General Manager compares budgeted amounts with expenditure records from all
departments.
D) Petty cash is disbursed by Fred Haynes. He also maintains records of disbursements, places
requests to finance to replace expended funds, and periodically reconciles the petty cash balance.
Answer: C
Difficulty: Easy
AACSB: Analytic
17) Petty cash is disbursed by the Manuela Luisina in the Cashier's Office. Manuela also
maintains records of disbursements, places requests to the Finance Department to replace
expended funds, and periodically reconciles the petty cash balance. This represents a(n)
________ segregation of duties.
A) ideal
B) effective
C) ineffective
D) limited
Answer: C
Difficulty: Easy
AACSB: Analytic
18) Hiring decisions at Maarja's Razors are made by Maimu Maarja, the Director of Human
Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay
period, supervisors submit time cards to Kasheena, who prepares paycheck requisitions.
Paychecks are then distributed through the company's mail room. This represents a(n) ________
segregation of duties.
A) partial
B) effective
C) ineffective
D) limited
Answer: B
23
19) The Director of Information Technology for the city of Tampa, Florida formed a company to
sell computer supplies and software. All purchases made on behalf of the City were made from
her company. She was later charged with fraud for overcharging the City, but was not convicted
by a jury. The control issue in this case arose because the Director had both ________ and
________ duties.
A) custody; authorization
B) custody; recording
C) recording; authorization
D) management; custody
Answer: C
20) Describe the differences between general and specific authorization.

Answer: Authorizations are often documented by signing, initializing, or entering an
authorization code on a transaction document or record. Management may deem that certain
transactions are of a routine nature and as such may authorize employees to handle such
transactions without special approval. This is known as general authorization. Other transactions
may be of such consequence that management grants specific authorization for them to occur.
Usually management must approve of such transactions and oversee them to completion,
requiring an additional signature required on checks exceeding a given dollar amount.
Management should have written policies on both specific and general authorization for all type
of transactions.
AACSB: Analytic
21) Explain how a company could be the victim of fraud, even if ideal segregation of duties is
enforced.
Answer: When a system effectively incorporates a separation of duties, it should be difficult for
any one employee to defeat the system and commit fraud. Fraud is possible when two or more
employees agree to defeat the system for their own dishonest ends. This problem is known as
collusion. When two or more employees act together to defeat the internal controls of the system,
they may likely succeed. It is more difficult to detect such activity because the employees may
have planned to "cover their tracks." This is why independent review of transaction activity by
third parties is important to monitor that internal controls are in place and working as designed.
24
7.8 Describe how to communicate information and monitor control processes in organizations.
1) Which component of the COSO Enterprise Risk Management Integrated Framework is

concerned with understanding how transactions are initiated, data are captured and processed,
and information is reported?
A) information and communication
B) internal environment
C) event identification
D) objective setting
Answer: A
Difficulty: Easy
AACSB: Analytic
2) Which of the following is not a principle related to information and communicating in the
updated COSO Integrated Control framework?
A) Communicate relevant internal control matters to external parties.
B) Obtain or generate relevant, high-quality information to support internal control.
C) Surround internal control processes with information technology that enables discrepancies to
be identified.
D) Internally communicate the information necessary to support the other components of internal
control.
Answer: C
AACSB: Analytic
3) COSO requires that any internal deficiencies identified through monitoring be reported to
whom?
A) the external auditor
B) appropriate federal, state, or local authorities
C) the board of directors
D) the audit committee
Answer: C
AACSB: Analytic
4) Which of the following is not a key method of monitoring performance?

A) performing internal control evaluation
B) employing a chief risk officer
C) implementing effective supervision
D) monitoring system activities
Answer: B
AACSB: Analytic
25
5) To ensure compliance with copyrights and to protect itself from software piracy lawsuits,
companies should ________.
A) periodically conduct software audits
B) update the operating system frequently
C) buy software from legitimate suppliers
D) adopt cloud operating platforms
Answer: A
AACSB: Analytic
6) Which type of audits can detect fraud and errors?

A) external audits
B) internal audits
C) network security audits
D) all of the above
Answer: D
Difficulty: Easy
AACSB: Analytic
7) Which of the following is not an example of something monitored by a responsibility

accounting system?
A) budgets
B) quotas
C) vendor analysis
D) quality standards
Answer: C
AACSB: Analytic
8) Which type of audit assesses employee compliance with management policies and
procedures?
A) external audit
B) internal audit
C) network security audit
D) all of the above
Answer: B
AACSB: Analytic
26
9) Which of the following factors is not a reason forensic investigators are increasingly used in
accounting?
A) the Sarbanes-Oxley Act
B) new accounting rules
C) audit fee increases
D) pressure from boards of directors
Answer: C
AACSB: Analytic
10) A neural network is a software program that has

A) the ability to read text.
B) the ability to learn.
C) the capability to extract information from an individual's brain.
D) the capability to inject information into an individual's brain.
Answer: B
AACSB: Analytic
27

Chapter 7

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Chapter 7

Caricato da

Copyright:

Formati disponibili

Accounting Information Systems, 13e (Romney/Steinbart)

Chapter 7 Control and Accounting Information Systems

1) Why are threats to accounting information systems increasing?

3) Identify the preventive control below.

6) Internal control is often referred to as a(n) ________, because it permeates an organization's

7) Duplicate checking of calculations is an example of a ________ control, and procedures to

16) The Sarbanes-Oxley Act (SOX) applies to

1) Which of the below is not a component of the COSO ERM?

2) The COSO Enterprise Risk Management Integrated Framework stresses that

11) The COBIT5 framework primarily relates to

12) Applying the COBIT5 framework, governance is the responsibility of

3) The audit committee of the board of directors

2) Identify the most correct statement with regards to an event.

3) ________ remains after management implements internal control(s).

6) The first step of the risk assessment process is generally to

3) Independent checks on performance include all the following except

5) Identify the statement below which is true.

20) Describe the differences between general and specific authorization.

1) Which component of the COSO Enterprise Risk Management Integrated Framework is

4) Which of the following is not a key method of monitoring performance?

6) Which type of audits can detect fraud and errors?

7) Which of the following is not an example of something monitored by a responsibility

10) A neural network is a software program that has

Potrebbero piacerti anche