Chapter 7 test bank 13th edition romney PDF

Preview

Summary

Accounting Information Systems, 13e Chapter 7 Control and Accounting Information Systems 7 Explain basic control concepts and explain why computer control and security are important. 1) Why are threats to accounting information systems increasing? A) Many companies do not realize that data security ...

Description

Accounting Information Systems, 13e (Romney/Steinbart) Chapter 7 Control and Accounting Information Systems 7.1 Explain basic control concepts and explain why computer control and security are important. 1) Why are threats to accounting information systems increasing? A) Many companies do not realize that data security is crucial to their survival. B) LANs and client/server systems are easier to control than centralized, mainframe systems. C) Many companies believe that protecting information is a strategic requirement. D) Computer control problems are often overestimated and overly emphasized by management. Answer: A Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 2) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n) A) preventive control. B) detective control. C) corrective control. D) authorization control. Answer: A Objective: Learning Objective 1 Difficulty: Moderate AACSB: Reflective Thinking 3) Identify the preventive control below. A) reconciling the bank statement to the cash control account B) approving customer credit prior to approving a sales order C) maintaining frequent backup records to prevent loss of data D) counting inventory on hand and comparing counts to the perpetual inventory records Answer: B Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytic 4) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for A) hiring and firing the external auditors. B) performing tests of the company's internal control structure. C) certifying the accuracy of the company's financial reporting process. D) overseeing day-to-day operations of the internal audit department. Answer: A Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytic

5) Which of the following measures can protect a company from AIS threats? A) Take a proactive approach to eliminate threats. B) Detect threats that do occur. C) Correct and recover from threats that do occur. D) All of the above are proper measures for the accountant to take. Answer: D Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 6) Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities. A) event B) activity C) process D) system Answer: C Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 7) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control. A) corrective; detective B) detective; corrective C) preventive; corrective D) detective; preventive Answer: B Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 8) Which type of control is associated with making sure an organization's control environment is stable? A) general B) application C) detective D) preventive Answer: A Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic

9) Which type of control prevents, detects, and corrects transaction errors and fraud? A) general B) application C) detective D) preventive Answer: B Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 10) The primary purpose of the Foreign Corrupt Practices Act of 1977 was A) to require corporations to maintain a good system of internal control. B) to prevent the bribery of foreign officials by American companies. C) to require the reporting of any material fraud by a business. D) All of the above are required by the act. Answer: B Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 11) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies. A) Foreign Corrupt Practices Act of 1977 B) The Securities Exchange Act of 1934 C) The Sarbanes-Oxley Act of 2002 D) The Control Provision of 1998 Answer: C Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 12) Which of the following was not an important change introduced by the Sarbanes-Oxley Act of 2002? A) new roles for audit committees B) new rules for auditors and management C) new rules for information systems development D) the creation of the Public Company Accounting Oversight Board Answer: C Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic

13) A(n) ________ measures company progress by comparing actual performance to planned performance. A) boundary system B) diagnostic control system C) interactive control system D) internal control system Answer: B Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 14) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention. A) boundary system B) diagnostic control system C) interactive control system D) internal control system Answer: C Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 15) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Oanez Dinnerware A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process. B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit. C) selected the company's Chief Financial Officer to chair the audit committee. D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year. Answer: B Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytic 16) The Sarbanes-Oxley Act (SOX) applies to A) all companies with gross annual revenues exceeding $500 million. B) publicly traded companies with gross annual revenues exceeding $500 million. C) all private and public companies incorporated in the United States. D) all publicly traded companies. Answer: D Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytic

17) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her company's budgeting practices. It seems that as a result of controls put in place by the company,her ability to creatively manage his department's activities have been curtailed. The level of control that the company is using in this case is a(n) A) boundary system. B) diagnostic control system. C) interactive control system. D) belief system. Answer: B Objective: Learning Objective 1 Difficulty: Easy AACSB: Analytic 18) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her work environment. Recently, every employee of the firm was required to attend a sexual harassment workshop. The level of control that the company is using in this case is a(n) A) boundary system. B) diagnostic control system. C) interactive control system. D) belief system. Answer: A Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytic 19) Explain why the Foreign Corrupt Practices Act was important to accountants. Answer: The act is important to accountants because it incorporates the language of the AICPA pronouncement on internal controls. The Act mandates that corporations should keep records that accurately and fairly reflect their transactions and assets in reasonable detail. The internal control system of these organizations should be able to provide reasonable assurance that: a) transactions are properly authorized and recorded; b) assets are safeguarded and protected from unauthorized access; and c) recorded asset values are periodically compared with actual assets and any differences are corrected. The act requires corporations to maintain good systems of internal accounting control. Objective: Learning Objective 1 Difficulty: Moderate AACSB: Analytic

7.2 Compare and contrast the COBIT, COSO, and ERM control frameworks. 1) Which of the below is not a component of the COSO ERM? A) monitoring B) control environment C) risk assessment D) compliance with federal, state, or local laws Answer: D Objective: Learning Objective 2 Difficulty: Easy AACSB: Analytic 2) The COSO Enterprise Risk Management Integrated Framework stresses that A) risk management activities are an inherent part of all business operations and should be considered during strategy setting. B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities. C) risk management is the sole responsibility of top management. D) risk management policies, if enforced, guarantee achievement of corporate objectives. Answer: A Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 3) Nolwenn Limited has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. Nolwenn Limited is transitioning from a ________ to a ________ control framework. A) COSO-Integrated Framework; COBIT B) COBIT; COSO-Integrated Framework C) COBIT; COSO-ERM D) COSO-Integrated Framework; COSO-ERM E) COSO-ERM; COBIT Answer: D Objective: Learning Objective 2 Difficulty: Moderate AACSB: Reflective Thinking

4) Discuss the weaknesses in COSO's internal control framework that led to the development of the COSO Enterprise Risk Management framework. Answer: COSO's internal control framework 1. had too narrow a focus. 2. examined controls without first addressing purposes and risks of business processes 3. existing internal control systems often have controls that protect against items that are no longer risks or are no longer important. 4. focusing on controls first has an inherent bias toward past problems and concerns. Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 5) True or False: The COSO ERM contains all five of the same COSO-Integrated Framework components. Answer: TRUE Objective: Learning Objective 2 Difficulty: Easy AACSB: Analytic 6) How many principles are there in the 2013 updated COSO - Internal Control Framework? A) 5 B) 8 C) 17 D) 21 Answer: C Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 7) Why was the original 1992 COSO - Integrated Control framework updated in 2013? A) Congress required COSO to modernize. B) U.S. stock exchanges required more disclosure. C) to more effectively address technological advancements D) to comply with International accounting standards Answer: C Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 8) Which internal control framework is widely accepted as the authority on internal controls? A) COBIT B) COSO Integrated Control C) COSO Enterprise Risk Management D) Sarbanes-Oxley Control Framework Answer: B Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 9) Identify the statement below that is not true of the 2013 COSO Internal Control updated

framework. A) It more efficiently deals with control implementation and documentation issues. B) It more effectively deals with control implementation and documentation issues. C) It provides users with more precise guidance. D) It adds many new examples to clarify the framework concepts. Answer: A Objective: Learning Objective 2 Difficulty: Difficult AACSB: Analytic 10) Which of the following is not one of the five principles of COBIT5? A) meeting stakeholder needs B) covering the enterprise end-to-end C) enabling a holistic approach D) improving organization efficiency Answer: D Objective: Learning Objective 2 Difficulty: Difficult AACSB: Analytic 11) The COBIT5 framework primarily relates to A) best practices and effective governance and management of private companies. B) best practices and effective governance and management of public companies. C) best practices and effective governance and management of information technology. D) best practices and effective governance and management of organizational assets. Answer: D Objective: Learning Objective 2 Difficulty: Easy AACSB: Analytic 12) Applying the COBIT5 framework, governance is the responsibility of A) internal audit. B) external audit. C) management. D) the board of directors. Answer: D Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic

13) Applying the COBIT5 framework, monitoring is the responsibility of A) the CEO. B) the CFO. C) the board of directors. D) all of the above Answer: D Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 14) Why did COSO develop the Enterprise Risk Management framework? A) to improve the audit process B) to improve the risk management process C) to improve the financial reporting process D) to improve the manufacturing process Answer: B Objective: Learning Objective 2 Difficulty: Easy AACSB: Analytic 15) Which of the following is not a basic principle of the COSO ERM framework? A) Companies are formed to create value for society. B) Management must decide how much uncertainty it will accept to create value. C) Uncertainty results in risk. D) Uncertainty results in opportunity. Answer: A Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic 16) The largest differences between the COSO Integrated Control (IC) framework and the COSO Enterprise Risk Management (ERM) framework is A) IC is controls-based, while the ERM is risk-based. B) IC is risk-based, while ERM is controls-based. C) IC is required, while ERM is optional. D) IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounting principles. Answer: A Objective: Learning Objective 2 Difficulty: Moderate AACSB: Analytic

7.3 Describe the major elements in the internal environment of a company. 1) Rauol is a receptionist for The South American Paper Company, which has strict corporate policies on appropriate use of corporate resources. The first week of March, Rauol saw Jim (the branch manager) putting printer paper and toner into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework? A) integrity and ethical values B) risk management philosophy C) restrict access to assets D) methods of assigning authority and responsibility Answer: A Objective: Learning Objective 3 Difficulty: Easy AACSB: Analytic 2) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework? A) analyzing past financial performance and reporting B) providing sufficient resources to knowledgeable employees to carry out duties C) disciplining employees for violations of expected behavior D) setting realistic targets for long-term performance Answer: A Objective: Learning Objective 3 Difficulty: Moderate AACSB: Analytic 3) The audit committee of the board of directors A) is usually chaired by the CFO. B) conducts testing of controls on behalf of the external auditors. C) provides a check and balance on management. D) does all of the above. Answer: C Objective: Learning Objective 3 Difficulty: Moderate AACSB: Analytic 4) The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the A) control activities. B) organizational structure. C) budget framework. D) internal environment. Answer: B Objective: Learning Objective 3 Difficulty: Easy AACSB: Analytic

5) Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment? A) organizational structure B) methods of assigning authority and responsibility C) management philosophy and operating style D) commitment to competence Answer: A Objective: Learning Objective 3 Difficulty: Moderate AACSB: Analytic 6) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter A) unintentional errors. B) employee fraud or embezzlement. C) fraud by outsiders. D) disgruntled employees. Answer: B Objective: Learning Objective 3 Difficulty: Easy AACSB: Analytic 7) The SEC and FASB are best described as external influences that directly affect an organization's A) hiring practices. B) philosophy and operating style. C) internal environment. D) methods of assigning authority. Answer: C Objective: Learning Objective 3 Difficulty: Easy AACSB: Analytic 8) Which attribute below is not an aspect of the COSO ERM Framework internal environment? A) enforcing a written code of conduct B) holding employees accountable for achieving objectives C) restricting access to assets D) avoiding unrealistic expectations Answer: C Objective: Learning Objective 3 Difficulty: Moderate AACSB: Analytic

9) The amount of risk a company is willing to accept in order to achieve its goals and objectives is A) inherent risk. B) residual risk. C) risk appetite. D) risk assessment. Answer: C Objective: Learning Objective 3 Difficulty: Easy AACSB: Analytic 10) Discuss the internal environment and identify the elements that comprise the internal environment. Answer: The internal environment embraces individuals and the environment in which they operate in an organization. Individual employees are "the engine" that drive the organization and form the foundation upon which everything in the organization rests. Elements of the internal environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and operating style of management; 3) organizational structure; 4) the audit committee of the board of directors; 5) methods of assigning authority and responsibility; 6) human resources policies and practices; and 7) various external influences. Each of these elements influences the internal control structure of the organization. Likewise, these elements should be examined and analyzed in detail when implementing or evaluating a system of internal controls. Objective: Learning Objective 3 Difficulty: Moderate AACSB: Analytic 11) Explain why management's philosophy and operating style are considered to be the most important element of the internal environment. Answer: Management truly sets the tone for the control environment of a business. If top management takes good control seriously and makes this known to everyone in the organization, then employees down the line will tend to do likewise. Management's attitude toward risk taking and the assessment of risk before acting are indications. Willingness to manipulate performance measures or to encourage employees to do likewise is another indication of attitude. Finally, pressure on subordinates to achieve certain results regardless of the methods used can be a very persuasive indicator of problems. Management concerned about control will assess risk and act prudently, manipulation of performance measures will not be tolerated, and ethical behavior will be instilled in and required of employees. Objective: Learning Objective 3 Difficulty: Moderate AACSB: Reflective Thinking

12) What are some of the ways to assign authority and responsibility within an organization? Answer: It is incumbent on management to identify specific business objectives and assign such objectives to certain departments and individuals. Management must also hold such departments and individuals responsible and accountable for achieving the assigned business objectives. Ways in which management may assign authority and responsibility is through formal job descriptions, employee training, budgets, operating plans, and scheduling. A formal code of conduct also sets the stage for responsible behavior on the part of employees by defining ethical behavior, acceptable business practices, regulatory requirements, and conflicts of interest. Another useful and important tool is a written policy and procedures manual. Objective: Learning Objective 3 Difficulty: Moderate AACSB: Analytic 7.4 Describe the four types of control objectives that companie...