Minglana, Mitch T.

BSA 301

QUIZ SECTION 5 CIA PART 1

Governance, Risk Management, and
Control
You are given 70 minutes to answer the MCQ questions. After submitting this form, you are given
30 minutes to submit the explanation to your answers to the MCQ questions. Email your answer
to leonardoonline101@gmail.com with the follow subject format "QUIZ SECTION 5 CIA PART 1 -
YOUR FULL NAME"

1. Many organizations use electronic funds transfer to pay their suppliers instead of
issuing checks. Regarding the risks associated with issuing checks, which of the
following risk management techniques does this represent? *
1 point

Transferring.
Avoiding.
Controlling.
Accepting.

ANSWER: The correct answer is avoiding.

EXPLANATION:

2. The term "risk" is best defined as the uncertainty that *

1 point

Financial statements or internal records will contain material misstatements.

An internal auditor will fail to detect a material misstatement that causes financial
statements or internal reports to be misstated or misleading.
Management will, either knowingly or unknowingly, make decisions that increase the potential
liability of the organization.
An event could occur affecting the achievement of objectives.

ANSWER: An internal auditor will fail to detect a material misstatement that causes
financial statements or internal reports to be misstated or misleading.

EXPLANATION: Because the word risk pertains to the failure of auditor may it be internal or
external to detect the error or fraud in financial statement of the company that is why at the end of
their work, due to this error, the result of their financial statement might be misleading or they
provide wrong information to their intented user.
3. A preliminary survey of the purchasing function indicates that: Department
managers initiate purchase requests that must be approved by the plant
superintendent, Purchase orders are typed by the purchasing department using
prenumbered and controlled forms, Buyers regularly update the official vendor listing
as new sources of supply become known, Rush orders can be placed with a vendor by
telephone but must be followed by a written purchase order before delivery can be
accepted, and Vendor invoice payment requests must be accompanied by a purchase
order and receiving report. One possible fault of this system is that *
1 point

Unnecessary supplies can be purchased by department managers.

Purchases could be made from a vendor controlled by a buyer at prices higher than
normal.
Payment can be made for supplies not received.
Payment can be made for supplies received but not ordered by the purchasing department.

ANSWER:

EXPLANATION:

4. Archie B. Carroll wrote that there are four ascending levels of social responsibility
including philanthropic, ethical, legal, and economic. Carroll referred to these levels as
the “Pyramid of Social Responsibility.” Which of the following would not be an
economic responsibility? *
1 point

Maximizing sales.
Minimizing costs.
Having an attentive dividend policy.
Contributing financial resources to the community.

A company has decided to self-insure for its employees' medical insurance. This is an
example of *
1 point

transferring the risk.

reducing the risk.
retaining the risk.
exploiting the risk.
5. The internal auditor recognizes that certain limitations are inherent in any internal
control system. Which one of the following scenarios is the result of an inherent
limitation of internal control? *
1 point

A security guard allows one of the warehouse employees to remove company assets from
the premises without authorization.
The comptroller both makes and records cash deposits.
The firm sells to customers on account, without credit approval.
An employee, who is unable to read, is assigned custody of the firm's computer tape library and
run manuals that are used during the third shift.

ANSWER: A security guard allows one of the warehouse employees to remove company
assets from the premises without authorization.

EXPLANATION: Inherethe nt limitations in internal control arise from mistakes in judgment,

misunderstandings of instructions, personnel carelessness, distraction, fatigue, collusion,
perpetrations by management, changing conditions, and deterioration of degrees of compliance.
Thus, a control (use of security guards) based on segregation of functions may be overcome by
collusion among two or more employees.

6. An independent director is one who has no professional or personal ties (either

current or former) to the company or its management. The directors in situations I, II
and III would not be considered independent because of their current personal or
former professional ties with the company.Which of the following is not a role of the
internal audit activity in best practice governance activities? *
1 point

Monitor compliance with the corporate code of conduct.

Ensure the timely implementation of audit recommendations.
Support the board in enterprisewide risk assessment.
Discuss areas of significant risks.

ANSWER: Ensure the timely implementation of audit recommendations.

EXPLANATION: Management has the responsibility of ensuring the timely implementation of the audit
recommendations. The internal audit activity is responsible for the development of a timely procedure to
monitor the disposition of the audit recommendations. It works with senior management and the board
to ensure that audit recommendations receive appropriate attention.
7. Corporate directors, management, external auditors, and internal auditors all play
important roles in creating a proper control environment. Top management is primarily
responsible for *
1 point

Establishing a proper environment and specifying an overall internal control structure.

Ensuring that external and internal auditors adequately monitor the control environment.
Implementing and monitoring controls designed by the board of directors.
Reviewing the reliability and integrity of financial information and the means used to collect and
report such information.

ANSWER: Establishing a proper environment and specifying an overall internal control

structure.

EXPLANATION: The top management is primarily responsible for establishing a proper

environment and specifying an overall internal control system. It is where they oversee and
control the entire organization. They develop goals, strategic plans, company policies, and make
decisions on the direction of the business. In addition, top level managers play a significant role
in the mobilization of outside resources.

8. Boards should contain a suitable balance of power in order to prevent one person
or group of people from dominating the decision-making of the board. What are some
ways to achieve suitable balance?I. The same person should not hold the position of
CEO and board Chair at the same time.II. The roles of the CEO and board Chair
should be specified formally so that one individual is not able to take responsibility
away from the other.III. There needs to be a suitable number of independent non-
executive directors on the board.IV. Decision making should never be delegated down
to the board committees. *
1 point

I, III and IV only.

II and IV only.
I, II, III and IV.
I, II and III only.

9. Which of the following could contribute to discrepancies between receiving reports

and the number of units in a shipment? *
1 point

Failing to compare the quality of goods received with specifications.

Using inadequate vendor selection procedures.
Accepting improper authorization of purchases.
Showing quantities ordered on the receiving department's copy of purchase orders.

Name *
10. The Canadian institute of Chartered Accountants designed an internal control
model which is commonly referred to as the CoCo model. The CoCo model has four
components and twenty criteria. The CoCo model comprises those elements of a
company that, taken together, support people in the achievement of the company's
objectives. Which of the following is not a purpose criteria based on the CoCo
model? *
1 point

There should be measurable performance targets in the objectives and plans.

Objectives should be established and communicated.
Significant internal and external risks should be identified and assessed.
Control activities should be designed and implemented.

The CoCo model consists of four components and twenty criteria. Which of the
following is not a criteria of the capability component? *
1 point

The decision-making process within the organization should be coordinated between

departments.
Communications within the organization should support the values and achievement of the
organization's objectives.
People within the organization should have the skills and knowledge to support the
achievement of the organization's objectives.
Organizations should periodically review of the effectiveness of their control systems.

11. Which of the following would be considered a risk factor to an organization? *

1 point

A significant improvement in the product of a competitor.

A planned audit engagement that will be completed on a timely basis.
The purchase of new equipment that will improve profitability.
A commitment to further develop an employee's technical skills.

13. The cash receipts function should be separated from the related recordkeeping
function in an organization in order to *
1 point

Establish accountability when the cash is first received.

Prevent the disbursement of cash from cash receipts.
Physically safeguard the cash receipts.
Minimize undetected losses of cash receipts.

ANSWER: Minimize undetected losses of cash receipts.

EXPLANATION: separating cash receipts and recordkeeping prevents an employee from
misappropriating cash and altering the records to conceal the irregularity.

14.Appropriate control over obsolete materials requires that they be *

1 point

Sorted, treated, and packaged before disposition takes place, in order to obtain the best selling
price.
Retained within the regular storage area.
Determined by an approved authority to be lacking in regular usability.
Carried at cost in the accounting records until the actual disposition takes place.

Organizational independence in the processing of payroll is achieved by functional

separations that are built into the system. Which one of the following functional
separations is not required for internal control purposes? *
1 point

Separation of payroll preparation and paycheck distribution.

Separation of personnel function from payroll preparation.
Separation of timekeeping from payroll preparation.
Separation of payroll preparation and maintenance of year-to-date records.

The marketing department for a major retailer assigns separate product managers for
each product line. Product managers are responsible for ordering products and
determining retail pricing. Each product manager’s purchasing budget is set by the
marketing manager. Products are delivered to a central distribution center where
goods are segregated for distribution to the company’s 52 department stores. Because
receipts are recorded at the distribution center, the company does not maintain a
receiving function at each store. Product managers are evaluated on a combination of
sales and gross profit generated from their product lines. Many products are seasonal
and individual store managers can require that seasonal products be removed to
make space for the next season’s products. Which of the following is a control
deficiency in this situation? *
1 point

Evaluating product managers by total gross profit generated by product line will lead to
dysfunctional behavior.
The store manager can require items to be removed, thus affecting the potential performance
evaluation of individual product managers.
The product manager negotiates the purchase price and sets the selling price.
There is no receiving function located at individual stores.

Two organizations have recently merged. The audit committee has asked the internal
auditors from both organizations to assess risks that should be addressed after the
merger. One manager has suggested that the engagement teams jointly examine the
organizational culture and the "tone at the top" to identify control risks associated with
the proposed merger. Which of the following statements is true? *
1 point

The organizational culture is not a part of the control environment and therefore should not be
considered for a proposed engagement.
Differences in the organizational culture should be systematically identified because the
differences may present major risks to the success of the merger. However, identifying
differences is not an appropriate activity because it is political and subjective.
None of the answers are correct.
Although the organizational culture could be considered part of the control environment, the
assessment of such an environment would be highly subjective and therefore not useful.

The control that would most likely ensure that payroll checks are written only for
authorized amounts is to: *
1 point

Require the return of undelivered checks to the cashier

Conduct periodic floor verification of employees on the payroll.
Periodically witness the distribution of payroll checks.
Require supervisory approval of employee timecards.

The best reason for establishing a code of conduct within an organization is that such
codes *
1 point

Have tremendous public relations potential.

Express standards of individual behavior for members of the organization.
Are typically required by governments.
Provide a quantifiable basis for personnel evaluations.

Which of the following is not a component of the ERM’s internal environment? *

1 point

Having a commitment to integrity and ethics.

Identifying internal and external risks.
Understanding management’s risk philosophy.
Determining the company’s risk appetite.

Internal auditors can evaluate the management function of controlling by determining

if *
1 point

Management is provided with prompt feedback on performance variances.

Employee turnover rates are analyzed for trends and investigations are made for adverse trends.
Anticipated problems are discussed, identified, and evaluated with possible solutions
provided.
The grouping of activities in a department meets departmental objectives.

Furthermore, payroll preparation and maintenance of year-to-date records are both

recordkeeping functions and for that reason, they are not incompatible. It is acceptable
for both functions to be performed by the same person.Which of the following would
be a preventive control? *
1 point

Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet
prepared in the mail room.
Approving customer credit prior to shipping merchandise.
Reviewing the sequence of prenumbered documents.
Scanning the general ledger for accounts with unusually high or low balances.

Which of the following statements is false concerning what the Turnbull report says
about an organization's system of internal control? *
1 point

Internal control should be embedded in the operations of the company and form a part of its
culture.
Internal control should be capable of responding quickly to evolving risks to the business arising
from factors within the company and to changes in the business environment.
Internal control should include procedures for reporting immediately to appropriate levels of
management any significant control failings or weaknesses.
Internal control should include guarantees that organizational objectives will be achieved in a
timely manner.

Human resources and payroll are separate departments. Which of the following
combinations would provide the best segregation of duties? *
1 point

Human resources adds employees, payroll processes hours, and human resources delivers the
paychecks to employees.
Human resources adds employees, and payroll processes hours and enters employee bank
account numbers. Paychecks are automatically deposited in the employee's bank account.
Human resources adds employees, reviews and submits payroll hours to payroll for processing,
and delivers paychecks to employees.
Payroll adds employees and enters employees' bank account numbers but processes hours only
as approved by human resources. Paychecks are automatically deposited in the employee's bank
account.

Which of the following is not a component of the Canadian internal control model
(CoCo)? *
1 point
Monitoring and Learning
Planning.
Commitment
Capability

A bank loan officer has the responsibility of making the credit decision, funding, and
collecting the loans. A clerk is responsible for reconciling the respective accounts and
posting transactions to the customer subsidiary records. Reconciliations have not
been completed for four months. Previous reconciliations contained minor differences
which were written off.Based on the scenario above, the internal auditor's primary
concern would be *
1 point

Reconciliations have not been completed in a timely manner.

There are no deficiency findings.
Reconciliation duties are not properly segregated.
Functions performed by the loan officer are not properly segregated.

As defined by Statement on Management Accounting: Enterprise Risk Management:

Frameworks, Elements and Integration, the amount of risk that remains after
management has taken action to mitigate risk is known as *
1 point

Undiversifiable risk.
Assessed risk.
Remaining risk.
Residual risk.

The cash receipts function should be separated from the related recordkeeping
function in an organization in order to *
1 point

Prevent the disbursement of cash from cash receipts.

Physically safeguard the cash receipts.
Minimize undetected losses of cash receipts.
Establish accountability when the cash is first received.

Senior management has an important role in making sure the organization has the
right risk management culture. All of the following statements are true concerning
management’s responsibility towards cultivating the right culture except: *
1 point

Management has to ensure the culture is consistent with the needs and values of the key
stakeholders.
Management has to make sure the culture only considers risk to shareholder value.
Management has to make sure the culture promotes the reporting and management of risks.
Management needs to make sure the culture is focused on the mission and goals of the
organization.

An organization's directors, management, external auditors, and internal auditors all

play important roles in creating a proper control environment. Senior management is
primarily responsible for *
1 point

Designing and operating a control system that provides reasonable assurance that established
objectives and goals will be achieved.
The internal auditor.
Ensuring that external and internal auditors adequately monitor the control environment.
Establishing a proper organizational culture and specifying a system of internal control.
Implementing and monitoring controls designed by the board of directors.

ANSWER: Establishing a proper organizational culture and specifying a system of internal

control.

EXPLANATION: the top managers are responsible for controlling and overseeing the entire
organization. They develop goals, strategic plans, company policies, and make decisions on the
direction of the business.

The primary responsibility for establishing and maintaining internal control rests with *
1 point

The controller.
The internal auditor.
The treasurer.
Management.

Management has requested the internal audit activity to conduct an audit of the
implementation of its recently developed company code of conduct. In preparing for
the audit, the internal auditor reviews the newly developed code and compares it with
several others for comparable companies and concludes that the newly developed
code has severe deficiencies. Based on this conclusion, the internal auditor should *
1 point

Conduct the audit as requested by management, reporting only noncompliance with the code.
Inform management of the problems with the existing code and report that it would be
inappropriate to conduct an audit until the code is revised to incorporate the "best practices" from
industry.
Report the nature of the deficiencies in a formal report to management.
Plan an audit for the implementation of management's code of conduct and also for compliance
with the "best practices" from the other codes since this represents the best available criteria.
The board is ultimately responsible for the company’s corporate governance, not the
internal auditors.Which of the following items impact risk? I. Reliability of reportingII.
Risk responseIII. Time periodIV. Utilization of resourcesV. Volatility *
1 point

III and V
I and IV
I, II and III
III, IV and V

Which of the following are the key responsibilities that make up the governance
process?I. Complies with society's legal and regulatory rules.II. Satisfies the generally
accepted business norms, ethical precepts, and social expectations of society.III.
Provides overall benefit to society and enhances the interests of the specific
stakeholders in both the long and short-term.IV. Provides additional assistance in the
consolidation of financial reports. *
1 point

I, II and IV.
I, II, III.
I and II only
I, II, III and IV.

Management has a role in the maintenance of control. In fact, management

sometimes is a control. Which of the following involves managerial functions as a
control? *
1 point

Maintenance of a quality assurance program.

Use of an organizational policies manual.
Establishment of an internal audit activity.
Monitoring performance.

In evaluating the effectiveness and efficiency with which resources are employed, an
internal auditor is responsible for *
1 point

Reviewing the reliability of operating information.

Determining the extent to which adequate operating criteria have been established.
Verifying the accuracy of asset valuation.
Verifying the existence of assets.

The marketing department for a major retailer assigns separate product managers for
each product line. Product managers are responsible for ordering products and
determining retail pricing. Each product manager’s purchasing budget is set by the
marketing manager. Products are delivered to a central distribution center where
goods are segregated for distribution to the company’s 52 department stores. Because
receipts are recorded at the distribution center, the company does not maintain a
receiving function at each store. Product managers are evaluated on a combination of
sales and gross profit generated from their product lines. Many products are seasonal
and individual store managers can require that seasonal products be removed to
make space for the next season’s products. Requests for purchases beyond those
initially budgeted must be approved by the marketing manager. This procedure:I.
Should provide for the most efficient allocation of scarce organizational resources.II. Is
a detective control procedure.III. Is unnecessary because each product manager is
evaluated on profit generated. *
1 point

III only.
II and III only.
I only.
I, II, and III.

Which of the following observations by an auditor is most likely to indicate the

existence of control weaknesses over safeguarding of assets?I. A service
department’s location is not well suited to allow adequate service to other units.II.
Employees hired for sensitive positions are not subjected to background checks.III.
Managers do not have access to reports that profile overall performance in relation to
other benchmarked organizations.IV. Management has not taken corrective action to
resolve past engagement observations related to inventory controls. *
1 point

Reconciliations have not been completed in a timely manner.

There are no deficiency findings.
Functions performed by the loan officer are not properly segregated.
Reconciliation duties are not properly segregated.

A code of conduct was developed several years ago and distributed by a large
financial institution to all its officers and employees. Identify the internal auditor’s best
approach to provide the board with the highest level of comfort about the code of
conduct. *
1 point

Fully evaluate the comprehensiveness of the code and compliance therewith, and report the
results to the board.
Perform tests on various employee transactions to detect potential violations of the code of
conduct.
Fully evaluate organizational practices for compliance with the code, and report to the board.
Review employee activities for compliance with provisions of the code, and report to the board.

Organizational independence in the processing of payroll is achieved by functional

separations that are built into the system. Which one of the following functional
separations is not required for internal control purposes? *
1 point

Separation of personnel function from payroll preparation.

Separation of timekeeping from payroll preparation.
Separation of payroll preparation and paycheck distribution.
Separation of payroll preparation and maintenance of year-to-date records.

An auditor noted that the accounts receivable department is separate from other
accounting activities. A separate credit department approves credit. Control accounts
and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly.
The company's treasurer writes off delinquent accounts after 1 year, or sooner if a
bankruptcy or other unusual circumstances are involved. Credit memoranda are pre-
numbered and must be correlated with receiving reports. Which of the following areas
could be viewed as internal control strengths of the above organization?I. Credit
approvals.II. Write-offs of delinquent accounts.III. Monthly aging of receivables.IV.
Handling of credit memos. *
1 point

I and IV only.
I, II, III and IV.
I, III and IV only.
III and IV only.

Email *

Risk capacity is the limit of risk that can be taken by a firm without going into
bankruptcy. The risk committee determining that the company would be able to
withstand a $500,000 loss means the company is willing to put at risk $500,000, which
is the determined risk capacity of the company.AlfaTech is a large and reasonably
well-capitalized high-tech company with profit and growth goals. The board recently
established a risk committee to better manage the company’s risks.The committee is
currently evaluating its insurance policies covering its plant assets.Which of the
following would best describe a company’s risk appetite? *
1 point

The risk committee determines that if a fire were to happen, the company would be able to
withstand a loss of $500,000.
The risk committee makes a decision that the insurance policy will have a $150,000 deductible.
The risk committee decides that under normal circumstances, the company should have
insurance coverage that covers no less than 80% of the plant assets’ replacement value.
The risk committee reviews and updates the company’s insurance policy on a yearly basis.

The cash receipts function should be separated from the related recordkeeping
function in an organization in order to *
1 point

Showing quantities ordered on the receiving department's copy of purchase orders.

Using inadequate vendor selection procedures.
Accepting improper authorization of purchases.
Failing to compare the quality of goods received with specifications.

A processing operation has control procedures in place that make ongoing

adjustments to the process based upon the immediate feedback from the system.
What type of control is this? *
1 point

Feedforward.
Feedback.
Preventive.
Concurrent.

A principle of good corporate governance is the independence of its directors. Of the

following, which director(s) would not be considered independent?I. The director is the
brother in-law of the CEO.II. The director’s brother is the CEO of the company’s major
supplier.III. The director retired as CEO from the company six months ago.IV. The
director owns a thousand shares of a mutual fund which does have investment in the
company. *
1 point

None of the directors would be considered independent.

II and III only
I and II only
I, II and III only

Which of the following observations, made during the preliminary survey of a local
department store's disbursement cycle, reflects a control strength? *
1 point

The receiving department is given a copy of the purchase order complete with a description of
goods, quantity ordered, and extended price for all merchandise ordered.
Individual department managers are responsible for the movement of merchandise from the
receiving dock to storage or sales areas as appropriate.
The treasurer's office prepares checks for suppliers based on vouchers prepared by the accounts
payable department.
Individual department managers use prenumbered forms to order merchandise from vendors.

The role of CEO and board Chair should be separated. The CEO runs the company
and the board Chair runs the board. Some of the reasons to separate the two
positions include all of the following except: *
1 point

The separation of roles avoids any conflict of interest issues.

It is difficult to make the CEO accountable if there is no one senior to him/her.
The CEO is able to focus on operational matters instead of strategic.
The board can make the CEO more accountable for management if the roles are separated.

A means of ensuring that payroll checks are drawn for properly authorized amounts is
to *
1 point

Require that undelivered checks be returned to the cashier.

Witness the distribution of payroll checks.
Require supervisory approval of employee time cards.
Conduct periodic floor verification of employees on the payroll.

AlfaTech is a large and reasonably well-capitalized high-tech company with profit and
growth goals. The board recently established a risk committee to better manage the
company’s risks.The committee is currently evaluating its insurance policies covering
its plant assets.Regarding insurance coverage of plant assets, which of the following
best describes the company’s risk capacity? *
1 point

The risk committee makes a decision that the insurance policy will have a $150,000 deductible.
The risk committee decides that under normal circumstances, the company should have
insurance coverage that covers no less than 80% of the plant assets’ replacement value.
The risk committee reviews and updates the company’s insurance policy on a yearly basis.
The risk committee determines that if a fire were to happen, the company would be able to
withstand a loss of $500,000.