Professional Documents
Culture Documents
BSA 301
1. Many organizations use electronic funds transfer to pay their suppliers instead of
issuing checks. Regarding the risks associated with issuing checks, which of the
following risk management techniques does this represent? *
1 point
Transferring.
Avoiding.
Controlling.
Accepting.
EXPLANATION:
ANSWER: An internal auditor will fail to detect a material misstatement that causes
financial statements or internal reports to be misstated or misleading.
EXPLANATION: Because the word risk pertains to the failure of auditor may it be internal or
external to detect the error or fraud in financial statement of the company that is why at the end of
their work, due to this error, the result of their financial statement might be misleading or they
provide wrong information to their intented user.
3. A preliminary survey of the purchasing function indicates that: Department
managers initiate purchase requests that must be approved by the plant
superintendent, Purchase orders are typed by the purchasing department using
prenumbered and controlled forms, Buyers regularly update the official vendor listing
as new sources of supply become known, Rush orders can be placed with a vendor by
telephone but must be followed by a written purchase order before delivery can be
accepted, and Vendor invoice payment requests must be accompanied by a purchase
order and receiving report. One possible fault of this system is that *
1 point
ANSWER:
EXPLANATION:
4. Archie B. Carroll wrote that there are four ascending levels of social responsibility
including philanthropic, ethical, legal, and economic. Carroll referred to these levels as
the “Pyramid of Social Responsibility.” Which of the following would not be an
economic responsibility? *
1 point
Maximizing sales.
Minimizing costs.
Having an attentive dividend policy.
Contributing financial resources to the community.
A company has decided to self-insure for its employees' medical insurance. This is an
example of *
1 point
A security guard allows one of the warehouse employees to remove company assets from
the premises without authorization.
The comptroller both makes and records cash deposits.
The firm sells to customers on account, without credit approval.
An employee, who is unable to read, is assigned custody of the firm's computer tape library and
run manuals that are used during the third shift.
ANSWER: A security guard allows one of the warehouse employees to remove company
assets from the premises without authorization.
EXPLANATION: Management has the responsibility of ensuring the timely implementation of the audit
recommendations. The internal audit activity is responsible for the development of a timely procedure to
monitor the disposition of the audit recommendations. It works with senior management and the board
to ensure that audit recommendations receive appropriate attention.
7. Corporate directors, management, external auditors, and internal auditors all play
important roles in creating a proper control environment. Top management is primarily
responsible for *
1 point
8. Boards should contain a suitable balance of power in order to prevent one person
or group of people from dominating the decision-making of the board. What are some
ways to achieve suitable balance?I. The same person should not hold the position of
CEO and board Chair at the same time.II. The roles of the CEO and board Chair
should be specified formally so that one individual is not able to take responsibility
away from the other.III. There needs to be a suitable number of independent non-
executive directors on the board.IV. Decision making should never be delegated down
to the board committees. *
1 point
Name *
10. The Canadian institute of Chartered Accountants designed an internal control
model which is commonly referred to as the CoCo model. The CoCo model has four
components and twenty criteria. The CoCo model comprises those elements of a
company that, taken together, support people in the achievement of the company's
objectives. Which of the following is not a purpose criteria based on the CoCo
model? *
1 point
The CoCo model consists of four components and twenty criteria. Which of the
following is not a criteria of the capability component? *
1 point
13. The cash receipts function should be separated from the related recordkeeping
function in an organization in order to *
1 point
Sorted, treated, and packaged before disposition takes place, in order to obtain the best selling
price.
Retained within the regular storage area.
Determined by an approved authority to be lacking in regular usability.
Carried at cost in the accounting records until the actual disposition takes place.
The marketing department for a major retailer assigns separate product managers for
each product line. Product managers are responsible for ordering products and
determining retail pricing. Each product manager’s purchasing budget is set by the
marketing manager. Products are delivered to a central distribution center where
goods are segregated for distribution to the company’s 52 department stores. Because
receipts are recorded at the distribution center, the company does not maintain a
receiving function at each store. Product managers are evaluated on a combination of
sales and gross profit generated from their product lines. Many products are seasonal
and individual store managers can require that seasonal products be removed to
make space for the next season’s products. Which of the following is a control
deficiency in this situation? *
1 point
Evaluating product managers by total gross profit generated by product line will lead to
dysfunctional behavior.
The store manager can require items to be removed, thus affecting the potential performance
evaluation of individual product managers.
The product manager negotiates the purchase price and sets the selling price.
There is no receiving function located at individual stores.
Two organizations have recently merged. The audit committee has asked the internal
auditors from both organizations to assess risks that should be addressed after the
merger. One manager has suggested that the engagement teams jointly examine the
organizational culture and the "tone at the top" to identify control risks associated with
the proposed merger. Which of the following statements is true? *
1 point
The organizational culture is not a part of the control environment and therefore should not be
considered for a proposed engagement.
Differences in the organizational culture should be systematically identified because the
differences may present major risks to the success of the merger. However, identifying
differences is not an appropriate activity because it is political and subjective.
None of the answers are correct.
Although the organizational culture could be considered part of the control environment, the
assessment of such an environment would be highly subjective and therefore not useful.
The control that would most likely ensure that payroll checks are written only for
authorized amounts is to: *
1 point
The best reason for establishing a code of conduct within an organization is that such
codes *
1 point
Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet
prepared in the mail room.
Approving customer credit prior to shipping merchandise.
Reviewing the sequence of prenumbered documents.
Scanning the general ledger for accounts with unusually high or low balances.
Which of the following statements is false concerning what the Turnbull report says
about an organization's system of internal control? *
1 point
Internal control should be embedded in the operations of the company and form a part of its
culture.
Internal control should be capable of responding quickly to evolving risks to the business arising
from factors within the company and to changes in the business environment.
Internal control should include procedures for reporting immediately to appropriate levels of
management any significant control failings or weaknesses.
Internal control should include guarantees that organizational objectives will be achieved in a
timely manner.
Human resources and payroll are separate departments. Which of the following
combinations would provide the best segregation of duties? *
1 point
Human resources adds employees, payroll processes hours, and human resources delivers the
paychecks to employees.
Human resources adds employees, and payroll processes hours and enters employee bank
account numbers. Paychecks are automatically deposited in the employee's bank account.
Human resources adds employees, reviews and submits payroll hours to payroll for processing,
and delivers paychecks to employees.
Payroll adds employees and enters employees' bank account numbers but processes hours only
as approved by human resources. Paychecks are automatically deposited in the employee's bank
account.
Which of the following is not a component of the Canadian internal control model
(CoCo)? *
1 point
Monitoring and Learning
Planning.
Commitment
Capability
A bank loan officer has the responsibility of making the credit decision, funding, and
collecting the loans. A clerk is responsible for reconciling the respective accounts and
posting transactions to the customer subsidiary records. Reconciliations have not
been completed for four months. Previous reconciliations contained minor differences
which were written off.Based on the scenario above, the internal auditor's primary
concern would be *
1 point
Undiversifiable risk.
Assessed risk.
Remaining risk.
Residual risk.
The cash receipts function should be separated from the related recordkeeping
function in an organization in order to *
1 point
Senior management has an important role in making sure the organization has the
right risk management culture. All of the following statements are true concerning
management’s responsibility towards cultivating the right culture except: *
1 point
Management has to ensure the culture is consistent with the needs and values of the key
stakeholders.
Management has to make sure the culture only considers risk to shareholder value.
Management has to make sure the culture promotes the reporting and management of risks.
Management needs to make sure the culture is focused on the mission and goals of the
organization.
Designing and operating a control system that provides reasonable assurance that established
objectives and goals will be achieved.
The internal auditor.
Ensuring that external and internal auditors adequately monitor the control environment.
Establishing a proper organizational culture and specifying a system of internal control.
Implementing and monitoring controls designed by the board of directors.
EXPLANATION: the top managers are responsible for controlling and overseeing the entire
organization. They develop goals, strategic plans, company policies, and make decisions on the
direction of the business.
The primary responsibility for establishing and maintaining internal control rests with *
1 point
The controller.
The internal auditor.
The treasurer.
Management.
Management has requested the internal audit activity to conduct an audit of the
implementation of its recently developed company code of conduct. In preparing for
the audit, the internal auditor reviews the newly developed code and compares it with
several others for comparable companies and concludes that the newly developed
code has severe deficiencies. Based on this conclusion, the internal auditor should *
1 point
Conduct the audit as requested by management, reporting only noncompliance with the code.
Inform management of the problems with the existing code and report that it would be
inappropriate to conduct an audit until the code is revised to incorporate the "best practices" from
industry.
Report the nature of the deficiencies in a formal report to management.
Plan an audit for the implementation of management's code of conduct and also for compliance
with the "best practices" from the other codes since this represents the best available criteria.
The board is ultimately responsible for the company’s corporate governance, not the
internal auditors.Which of the following items impact risk? I. Reliability of reportingII.
Risk responseIII. Time periodIV. Utilization of resourcesV. Volatility *
1 point
III and V
I and IV
I, II and III
III, IV and V
Which of the following are the key responsibilities that make up the governance
process?I. Complies with society's legal and regulatory rules.II. Satisfies the generally
accepted business norms, ethical precepts, and social expectations of society.III.
Provides overall benefit to society and enhances the interests of the specific
stakeholders in both the long and short-term.IV. Provides additional assistance in the
consolidation of financial reports. *
1 point
I, II and IV.
I, II, III.
I and II only
I, II, III and IV.
In evaluating the effectiveness and efficiency with which resources are employed, an
internal auditor is responsible for *
1 point
The marketing department for a major retailer assigns separate product managers for
each product line. Product managers are responsible for ordering products and
determining retail pricing. Each product manager’s purchasing budget is set by the
marketing manager. Products are delivered to a central distribution center where
goods are segregated for distribution to the company’s 52 department stores. Because
receipts are recorded at the distribution center, the company does not maintain a
receiving function at each store. Product managers are evaluated on a combination of
sales and gross profit generated from their product lines. Many products are seasonal
and individual store managers can require that seasonal products be removed to
make space for the next season’s products. Requests for purchases beyond those
initially budgeted must be approved by the marketing manager. This procedure:I.
Should provide for the most efficient allocation of scarce organizational resources.II. Is
a detective control procedure.III. Is unnecessary because each product manager is
evaluated on profit generated. *
1 point
III only.
II and III only.
I only.
I, II, and III.
A code of conduct was developed several years ago and distributed by a large
financial institution to all its officers and employees. Identify the internal auditor’s best
approach to provide the board with the highest level of comfort about the code of
conduct. *
1 point
Fully evaluate the comprehensiveness of the code and compliance therewith, and report the
results to the board.
Perform tests on various employee transactions to detect potential violations of the code of
conduct.
Fully evaluate organizational practices for compliance with the code, and report to the board.
Review employee activities for compliance with provisions of the code, and report to the board.
An auditor noted that the accounts receivable department is separate from other
accounting activities. A separate credit department approves credit. Control accounts
and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly.
The company's treasurer writes off delinquent accounts after 1 year, or sooner if a
bankruptcy or other unusual circumstances are involved. Credit memoranda are pre-
numbered and must be correlated with receiving reports. Which of the following areas
could be viewed as internal control strengths of the above organization?I. Credit
approvals.II. Write-offs of delinquent accounts.III. Monthly aging of receivables.IV.
Handling of credit memos. *
1 point
I and IV only.
I, II, III and IV.
I, III and IV only.
III and IV only.
Email *
Risk capacity is the limit of risk that can be taken by a firm without going into
bankruptcy. The risk committee determining that the company would be able to
withstand a $500,000 loss means the company is willing to put at risk $500,000, which
is the determined risk capacity of the company.AlfaTech is a large and reasonably
well-capitalized high-tech company with profit and growth goals. The board recently
established a risk committee to better manage the company’s risks.The committee is
currently evaluating its insurance policies covering its plant assets.Which of the
following would best describe a company’s risk appetite? *
1 point
The risk committee determines that if a fire were to happen, the company would be able to
withstand a loss of $500,000.
The risk committee makes a decision that the insurance policy will have a $150,000 deductible.
The risk committee decides that under normal circumstances, the company should have
insurance coverage that covers no less than 80% of the plant assets’ replacement value.
The risk committee reviews and updates the company’s insurance policy on a yearly basis.
The cash receipts function should be separated from the related recordkeeping
function in an organization in order to *
1 point
Feedforward.
Feedback.
Preventive.
Concurrent.
Which of the following observations, made during the preliminary survey of a local
department store's disbursement cycle, reflects a control strength? *
1 point
The receiving department is given a copy of the purchase order complete with a description of
goods, quantity ordered, and extended price for all merchandise ordered.
Individual department managers are responsible for the movement of merchandise from the
receiving dock to storage or sales areas as appropriate.
The treasurer's office prepares checks for suppliers based on vouchers prepared by the accounts
payable department.
Individual department managers use prenumbered forms to order merchandise from vendors.
The role of CEO and board Chair should be separated. The CEO runs the company
and the board Chair runs the board. Some of the reasons to separate the two
positions include all of the following except: *
1 point
A means of ensuring that payroll checks are drawn for properly authorized amounts is
to *
1 point
AlfaTech is a large and reasonably well-capitalized high-tech company with profit and
growth goals. The board recently established a risk committee to better manage the
company’s risks.The committee is currently evaluating its insurance policies covering
its plant assets.Regarding insurance coverage of plant assets, which of the following
best describes the company’s risk capacity? *
1 point
The risk committee makes a decision that the insurance policy will have a $150,000 deductible.
The risk committee decides that under normal circumstances, the company should have
insurance coverage that covers no less than 80% of the plant assets’ replacement value.
The risk committee reviews and updates the company’s insurance policy on a yearly basis.
The risk committee determines that if a fire were to happen, the company would be able to
withstand a loss of $500,000.