E1: Governance, Risk, and Compliance

Question 1:
1E1-LS13

Which of the following is an example of segregation of duties?

A. The person who takes the order from a customer enters the order into the
system and supervises the shipment of the product.
B. The president of a small company is able to access payroll records and
adjust entries.

C. A clerk in the order department does not have access to the products and
therefore cannot ship products to customers.

D. The shipping manager can access the order-entry computer software and
enter an order.

Question 2:
1E1-AT07

Which of the following best describe the interrelated components of a

system of internal control?

A. organizational structure, management philosophy, and plannin

 B. control environment, risk assessment, control activities, information and
communication systems, and monitoring.
C. risk assessment, backup facilities, responsibility accounting, and natural
laws.

D. personnel practices and policies, authorization, and segregation of duties.

Question 3:
1E1-LS17

Inherent risk is the risk

A. that internal controls will not be followed.

B. that an internal audit will not uncover incidents where controls have not
been followed.

C. that the business will naturally experience, regardless of internal controls.

D. that measures the effectiveness of a firm's internal controls.

Question 4:
1E1-LS29

What is the role of the PCAOB in providing guidance on the auditing of

internal controls?

A. The PCAOB is responsible for the setting of standards for audits of

governmental organizations.
B. The PCAOB is responsible for the setting of standards for audits of
publicly held corporations.

C. The PCAOB is responsible for the setting of standards for audits of both
publicly held and privately held corporations.

D. The PCAOB is responsible for the setting of standards for audits of

privately held corporations.
Question 5:
1E1-AT05

A company's management is concerned about computer data

eavesdropping and wants to maintain the confidentiality of its information
as it is transmitted. The company should utilize:

A. data encryption.

B. password codes.

C. dial back systems.

D. message acknowledgment procedures.

Question 6:
1E1-LS24
Which of the following are responsibilities of management?
I. Aid in the choice of accounting methods and policies.
II. Document internal control procedures.
III. Sign quarterly and annual financial reports.
IV. Choose the auditor and approve auditor compensation.
V. Review the auditor's suggestions for improved internal controls.

A. I, II, III, and V only.

B. I, III, IV, and V only.

C. I, II, III, IV, and V.

D. I and IV only.

Question 7:
1E1-LS15

Which of the following is an example of a completeness control?

A. Pre-numbered forms that allow for reconciliation of form numbers against

shipping reports.
 B. Facilities utilization reports.

C. Thorough training on proper accounting classes to which transactions

should be posted.

D. Employees time sheets that must be completed before employees can

receive their paychecks.

Question 8:
1E1-LS27

The Sarbanes-Oxley Act of 2002 increased management's responsibility

for accurate financial reporting. Which of the following is not a requirement
of Section 404 of the Sarbanes-Oxley Act?

A. Document management's assessment of the effectiveness of the internal

control structure and procedures.
B. Document management's responsibility for establishing adequate internal
control policies.

C. Document management's responsibility to refuse to accept contracts or

business through the payment of bribes.

D. Document management's responsibility for maintaining adequate internal

control policies.

Question 9:
1E1-AT14

The Sarbanes-Oxley Act has multiple sections that outline management's

responsibility regarding:

A. required education for chief financial officers.

B. the purchase of securities.

C. long-term strategic planning.

D. internal controls and external reporting.

Question 10:
1E1-LS09

Which of the following has the most effect on the control environment?

A. Whether controls are changed on a regular basis.

B. Management philosophy and operating style.

C. Organizational structure.

D. Size of the company.

Question 11:
1E1-LS35

The Internal Control Integrated Framework from 1992 comprises five

mutually-reinforcing components. An organization's ongoing management
activities, evaluations, and internal audits are a part of:

A. monitoring.

B. information and communication.

C. control environment.

D. risk assessment.

Question 12:
1E1-LS16

Which of the following is true of control risk?

A. Control risk is an assessment of the likelihood that misstatements

exceeding an acceptable level will not be detected or prevented by
internal controls.

B. Control risk is measured in combination with safeguarding risk to

determine overall risk.

C. Control risk is an assessment of the likelihood that misstatements

exceeding an acceptable level will not be detected by an internal audit.
D. Control risk is dependent on detection risk.
Question 13:
1E1-LS34

The Internal Control Integrated Framework from 1992 comprises five

mutually-reinforcing components. An organization's management
philosophy and ethical values is a part of the:

A. control environment.

B. risk assessment.

C. Monitoring.

D. information and communication.

Question 14:
1E1-AT06

In designing systems of internal control, which of the following types of

controls are the best to include in the design in order to be fully effective?

A. systems development, operations, and access controls.

B. management, personnel, and administrative controls.

C. preventative, detective, and corrective controls.

D. edit, input verification, and output controls.

Question 15:
1E1-LS12

Which of the following statements is true?

A. Control procedures can completely make up for careless employees.

B. Control procedures are ineffective if employees are not all highly

educated and trained.

C. Hiring, promoting, and training competent personnel are integral to an

efficient control environment.
D. Higher-paid employees tend to follow control procedures more carefully
and consistently.
Question 16:
1E1-LS44
The principal impetus for the enactment of the Foreign Corrupt Act by the
U.S. Congress was to:
* Source: Retired ICMA CMA Exam Questions.

A. discourage unethical behavior by foreigners employed by U.S. firms.

B. promote the mandates issued by the United Nations with regard to global
trade between its member nations.

C. prevent the bribery of foreign officials by U.S. firms seeking to do

business overseas.

D. require mandatory documentation of the evaluation of internal controls by

the independent auditors.

Question 17:
1E1-LS10

Which of the following is true regarding the board of directors?

A. The board of directors must act in the best interest of management.

B. The board of directors must establish an audit committee to oversee all

internal controls.

C. The board of directors must act in the best interest of the employees.

D. The board of directors must act in the best interest of the shareholders.

Question 18:
1E1-LS37

When assessing a company's internal control structure policies and

procedures, the primary consideration is whether they:
* Source: Retired ICMA CMA Exam Questions.

A. affect the financial statement assertions.

B. reflect management's philosophy and operating style.

C. prevent management override.

 D. relate to the control environment.

Question 19:
1E1-LS33

The Sarbanes-Oxley Act of 2002 (SOX) established increased

requirements for audit committees. These requirements include all of the
following except:

A. the audit committee is responsible for selecting the external auditor.

B. the audit committee must consist of independent directors.

C. the audit committee must have at least one financial expert.

D. the CEO of the company can be a member of the audit committee.

Question 20:
1E1-LS32

Internal controls are designed to provide reasonable assurance of

achieving a corporation's control objectives. Several factors may present
inherent limitations to otherwise well-designed policies and procedures.
Which one of the following is not a factor that limits the effectiveness of
internal controls?

A. Management override.

B. Segregation of duties.

C. Carelessness.

D. Collusion.
Question 21:
1E1-LS25
Which of the following are provisions of the Sarbanes-Oxley Act?
I. The board of directors of an issuer must appoint an audit committee.
II. Management must certify financial statements.
III. Management must provide a written report on the effectiveness of
internal control procedures within 90 days of the publication of the annual
report.
IV. A public accounting firm may not audit the books of an issuer of public
securities if any officer or director of the issuer was employed by the public
accounting firm and participated in any audit activity with the issuer within
one year.

A. I, II, and IV only.

B. I, II, III, and IV.

C. II and IV only.

D. IV only.

Question 22:
1E1-LS39

Which one of the following functions performed in an organization is a

violation of internal control?
* Source: Retired ICMA CMA Exam Questions.

A. The General Ledger clerk compares the summary journal entry, received
from the Cashier for cash receipts applicable to outstanding accounts,
with the batch total for posting to the Subsidiary Ledger by the Accounts
Receivable clerk.
B. A mail clerk opening the mail compares the check received with the
source document accompanying the payment, noting the amount paid,
then forwards the checks daily (along with a listing of the cash receipts) to
the Cashier for deposit.

C. A mail clerk opening the mail compares the check received with the
source document accompanying the payment, noting the amount paid,
then forwards the source documents that accompany the payments
(along with a listing of the cash receipts) to Accounts Receivable, on a
daily basis, for posting to the subsidiary ledger.

D. At the end of the week the Cashier prepares a deposit slip for all of the
cash receipts received during the week.
Question 23:
1E1-LS23
Which of the following are responsibilities of the audit committee?
I. Aid in the choice of accounting methods and policies.
II. Document internal control procedures.
III. Sign quarterly and annual financial reports.
IV. Choose the auditor and approve auditor compensation.
V. Review the auditor's suggestions for improved internal control.

A. I, III, IV, and V only.

B. I, II, III, IV, and V.

C. I, II, and III only.

D. I, IV, and V only.

Question 24:
1E1-LS43

A public corporation that must meet the provisions of the Foreign Corrupt
Practices Act of 1977 should have a compliance program that includes all
of the following steps except:
* Source: Retired ICMA CMA Exam Questions.

A. a cost/benefit analysis of the controls and the risks that are being
minimized.
B. an authorized and properly signed agreement that it will abide by the Act.

C. a system of quality checks to evaluate the internal accounting control

system.
D. documentation of the corporation's existing internal accounting control
systems.
Question 25:
1E1-LS36

The Internal Control Integrated Framework from 1992 comprises five

mutually-reinforcing components including control activities. Control
activities include all of the following except:

A. Adequate separation of duties.

B. Risk Management.

C. Independent verifications.
D. Adequate documentation and records.

Question 26:
1E1-LS30

Which statement is not a requirement of PCAOB Auditing Standard No. 5?

A. Requires auditors to follow a rules-based approach to determine the

extent of audit testing.
B. Requires auditors to follow a risk-based approach to the development of
auditing procedures.

C. Requires the auditors to follow prescribed approaches to perform the

audit.

D. Requires auditors to scale the audit to the size of the organization.

Question 27:
1E1-CQ01

A firm is constructing a risk analysis to quantify the exposure of its data

center to various types of threats. Which one of the following situations
would represent the highest annual loss exposure after adjustment for
insurance proceeds?

A. Frequency of occurrence: 100 years, Loss Amount: $400,000, Insurance

coverage: 50%.
B. Frequency of occurrence: 8 years, Loss Amount: $75,000, Insurance
coverage: 80%.

C. Frequency of occurrence: 20 years, Loss Amount: $200,000, Insurance

coverage: 80%.

D. Frequency of occurrence: 1 year, Loss Amount: $15,000, Insurance

coverage: 85%.

Question 28:
1E1-LS22

Which of the following is not an internal control?

A. Pre-numbered forms.

B. Requirements for accurate recording of vacations.

C. Employee pay records.

D. Required dress code.
Question 29:
1E1-LS31

PCAOB Auditing Standard No. 5 requires auditors to follow a top-down, risk

assessment (TDRA) approach to auditing financial statements and internal
controls. Which item is not one of the steps in TDRA?

A. Identifying insignificant accounts or disclosures.

B. Identifying material misstatement risks within these accounts or

disclosures.

C. Determining which transaction-based controls compensate for possible

entity-level control failures.
D. Determining which entity-level controls sufficiently address the risks.

Question 30:
1E1-LS11

Which of the following are objectives of internal controls?

I. Reliability of financial reports

II. Guarantees against fraud
III. Effectiveness of operations
IV. Efficiency of operations
V. Compliance with applicable laws and regulations

A. I, II, III, IV, and V.

B. I, III, IV, and V only.

C. I, III, and V only.

D. I, II, and IV only.
Question 31:
1E1-AT13

Which one of the following is an example of monitoring controls?

I. Internal audits
II. Audit committee reviews
III.Management reviews

A. I only.

B. III only.

C. II only

D. I, II, and III.

Question 32:
1E1-LS21

Locked doors, security systems, ID badges, passwords, and similar

controls are designed to:

A. safeguard the firm's assets.

B. lower production costs.

C. protect the firm's reputation.

D. ensure that internal controls are followed.

Question 33:
1E1-LS41

Which one of the following methods, for the distribution of employees'

paychecks, would provide the best internal control for the organization?
* Source: Retired ICMA CMA Exam Questions.

A. Distribution of paychecks directly to each employee by a representative of

the Human Resource department.
B. Direct deposit in each employee's personal bank account.
 C. Delivery of the paychecks to each department supervisor, who in turn
would distribute paychecks directly to the employees in his/her
department.
D. Distribution of paychecks directly to each employee by the payroll
manager

Question 34:
1E1-AT10

Which of the following is not a requirement regarding a company's system

of internal control under the Foreign Corrupt Practices Act of 1977?

A. The recorded accountability for assets is compared with the existing

assets at reasonable intervals, and appropriate action is taken with
respect to any differences.
B. Management must annually assess the effectiveness of its system of
internal control.

C. Transactions are executed in accordance with management's general or

specific authorization.

D. Transactions are recorded as necessary (1) to permit preparation of

financial statements in conformity with GAAP or any other criteria
applicable to such statements, and (2) to maintain accountability for
assets.

Question 35:
1E1-AT09

Segregation of duties controls are examples of:

A. compensating controls.

B. preventive controls.

C. detective controls.

D. administrative controls.
Question 36:
1E1-AT04

Segregation of duties is a fundamental concept in an effective system of

internal control. Nevertheless, the internal auditor must be aware that this
safeguard can be compromised through:

A. absence of internal auditing.

B. collusion among employees.

C. irregular employee reviews.

D. lack of training of employees.

Question 37:
1E1-LS42

Which one of the following would be most effective in deterring the

commission of fraud?
* Source: Retired ICMA CMA Exam Questions.

A. Hiring ethical employees, employee training, and segregation of duties.

B. Policies of strong internal control and punishments for unethical behavior.

C. Employee training, segregation of duties, and punishment for unethical

behavior.

D. Policies of strong internal control, segregation of duties, and requiring

employees to take vacations.

Question 38:
1E1-AT11

Under the Sarbanes-Oxley Act of 2002, companies are now required to

implement anti-fraud programs and controls that they evaluate on an
annual basis as part of their integrated audit. A common component of
such anti-fraud programs and controls is the effective design and
implementation of codes of ethics and conduct. Which one of the following
is not a characteristic of the operating effectiveness of a code of conduct?

A. The existence of a plan to communicate the code of conduct to all (or

covered) employees of the company.
 B. Audit committee involvement and oversight of non-compliance with the
company's code of conduct.
C. Lack of employee training in the company's code of conduct upon hiring
and periodically thereafter.

D. The existence of an appropriate "hot-line" or whistle blowing to report any

violations with the company's code of conduct.

Question 39:
1E1-LS40

In order to properly segregate duties, which function within the computer

department should be responsible for reprocessing the errors detected
during the processing of data?
* Source: Retired ICMA CMA Exam Questions.

A. Computer programmer.

B. Systems analyst.

C. Department manager.

D. Data control group.

Question 40:
1E1-AT08

Preventive controls are:

A. found only in general accounting controls.

B. usually more costly to use than detective controls.

C. usually more cost beneficial than detective controls.

D. found only in accounting transaction controls.

Question 41:
1E1-LS26

The Sarbanes-Oxley Act has multiple sections that outline management's

responsibility regarding:

A. required education for chief financial officers.

B. internal controls and external reporting.

C. long-term strategic planning.

D. the purchase of securities.

Question 42:
1E1-AT12

When management of the sales department has the opportunity to override

the system of internal controls of the accounting department, a weakness
exists in:

A. information and communication.

B. monitoring.

C. risk management.

D. the control environment.

Question 43:
1E1-LS18

Detection risk is the risk:

A. that an internal audit will not uncover incidents where controls have not
been followed.
B. that the business will naturally experience, regardless of internal controls.

C. that internal controls will not be followed.

D. that measures the effectiveness of a firm's internal controls.

Question 44:
1E1-LS20
Which of the following are required under the Foreign Corrupt Practices Act
(FCPA)?
I. A firm must design internal control procedures.
II. A firm must have an internal audit department.
III. Transactions must be executed with management's authorization.
IV. Access to assets must be authorized.

A. I, II, III, and IV.

B. I, III, and IV only.

C. I and III only.

D. I and II only.

Question 45:
1E1-LS19

Which of the following statements is false?

A. Internal controls can be most effective if they are supported by word and
example of management.
B. Thorough and well documented internal controls can guarantee that fraud
cannot be committed.

C. Thorough and well-documented internal controls can result in fewer

misstatements of information.

D. The auditor will examine internal controls to determine control risk.

Question 46:
1E1-LS38

The basic concepts implicit in internal accounting controls include the

following:

• The cost of the system should not exceed benefits expected to be

attained.
• The overall impact of the control procedure should not hinder operating
efficiency.

Which one of the following recognizes these two factors?

* Source: Retired ICMA CMA Exam Questions.

A. Reasonable assurance.
B. Limitations.
 C. Management responsibility.

D. Methods of data processing.

Question 47:
1E1-LS28

What is management's responsibility under Section 302 of the Sarbanes-

Oxley Act of 2002?

A. Management must provide an anonymous hotline for employees to report

ethics violations.
B. Management must document their assessment of the effectiveness of the
internal control structure and procedures.

C. Management must require employees to sign a code of conduct.

D. A corporation's management must design and implement internal controls

to ensure the preparation of reliable financial reports.

Question 48:
1E1-LS14

Which of the following is a reason for independent checks?

A. To assess an employee and determine whether he or she is following

control procedures

B. To ensure that management appears compliant with external audit

standards

C. To detect and correct errors and misappropriation of assets

D. To ensure that mistakes can be corrected within the fiscal year they are
made