Professional Documents
Culture Documents
True/False
REQUIRED: For each of the following items, indicate whether it is (T) True or (F) False. For
those marked “False,” identify the error(s) and indicate the change or changes that are needed
to make the statement true.
1. The Foreign Corrupt Practices Act is administered by the Federal Trade Commission.
2. Under the Foreign Corrupt Practices Act, management and directors are both subject to
fines, penalties, and/or imprisonment.
4. The COSO report concludes that a few key people in an organization has some
responsibility the organization’s internal controls.
6. Internal auditors have primary responsibility for establishing and maintaining internal
controls.
7. Legislators and regulators establish minimum statutory and regulatory requirements for
the establishment of internal controls by certain entities.
8. Utility programs contain instructions that enable the computer to perform specific data
processing tasks for the user.
9. Under the traditional file method of data organization, transaction files contain the details
of individual transactions of the same class such as a day’s credit sales or a day’s cash
disbursements.
10. The database method of data organization is the main alternative to the traditional file
method.
12. To minimize the risks associated with on-line entry/batch processing, some companies
use memo updating of the master file at the time of data entry.
13. Application controls are designed to provide reasonable assurance that IT records,
processes, and reports data properly for specific applications.
16. Management’s risk assessment for financial reporting purposes is similar to the internal
1
auditor’s concern with inherent risks.
18. A company's accounting system should provide a complete “chain of evidence” for every
major transaction.
20. The accounting records for an asset should normally be maintained by the same
individual who controls that asset.
21. The auditor would expect a lesser degree of segregation of duties in a small company
than in a large company.
22. The echo check involves transmitting data received by an output device back to the
source unit for comparison with the original data.
23. Access controls relate to both the accounting records and the physical assets.
24. General authorization relates to the granting of the authorization on a case by case basis.
25. General controls provide a framework for controlling daily computer operations,
minimizing the likelihood of processing errors, and assuring the continuity of operations
in the event of a physical disaster of computer failure.
26. A before-and-after report shows a summary of the contents of a master file before and
after each update.
27. Security measures include limiting access to storage areas to authorized personnel.
28. A report that summarizes gross margin by region is an example of a procedure review.
29. Monitoring is a process that assesses the quality of the internal controls performance
over time.
31. The risk of misstatement is associated with changes in the content or form of information.
32. The external auditor is not required to test the work of internal auditors that pertains to
obtaining an understanding.
34. In an audit of a small company, a narrative memorandum may serve as the only
documentation of the auditor’s understanding of internal controls.
35. A very detailed flowchart would be prepared for the accounting system as a whole.
36. Organization and operation controls address risks related to the authorization,
completeness, and accuracy of transactions.
2
37. Parity check involves transmitting data received by an output device back to the source
unit for comparison with the original data.
38. Transactions consist of exchanges of assets and services between an entity and outside
parties, as well as the transfer or use of assets and services within an entity.
39. Communication includes making sure that personnel involved in the financial reporting
system understand how their activities relate to the work of others inside the
organization.
40. Some auditors associate controls related to recording transactions in the correct
accounting period with a separate objective identified as the extension objective.
42. In the example system of cash receipts, the cashier prepares the bank deposit slip and
makes the daily bank deposit.
Answers to True/False
1. F: Federal Trade Commission should be Securities and Exchange Commission.
2. T.
3. F: Nonfinancial should be financial.
4. F: A few key people should be everyone.
5. T.
6. F: Have should be do not have.
7. T.
8. F: Utility should be Application.
9. T.
10. T.
11. T.
12. F: After should be at.
13. T.
14. F: Lower should be higher.
15. T.
16. F: Internal should be external.
17. T.
18. F: Every major transaction should be every transaction.
19. F: A single employee should be different employees.
20. F: Should should be should not.
21. T.
22. T.
23. T.
24. F: General should be specific.
25. F: General should be data and procedural.
26. T.
27. T.
28. F: Procedure should be performance.
29. T.
3
30. F: IT Manager should be Librarian.
31. T.
32. T.
33. F: Minority should be majority.
34. T.
35. F: Very detailed should be broad overview.
36. F: Organization and operation controls should be Information processing controls.
37. F: Parity should be echo.
38. T.
39. F: Inside should be both inside and outside.
40. F: Extension should be cutoff.
41. F: Data repository should be data dictionary/directory.
42. T.
Multiple Choice
REQUIRED: Indicate the best answer choice for each of the following.
1. Which of the following is an incorrect quotation from the second field work standard?
a. “A sufficient understanding...”
b. “of the internal control structure is...”
c. “to be obtained to...”
d. “plan the audit and to...”
e. “determine the nature, timing, and extent of compliance tests...”
3. Which of the following requires managements of pubic companies to assess the adequacy
of internal controls over financial reporting and further requires their auditors to audit
management’s assessment of internal controls over financial reporting and the actual
effectiveness of the system of internal controls?
a. Foreign Corrupt Practices Act
b. Securities Exchange Act of 1934
c. SAS 55, Consideration of the Internal Control Structure in a Financial Statement Audit
d. Section 404 of Sarbanes-Oxley
e. PCAOB Standard No. 9
4. The COSO report identified five interrelated components of internal control. Since then, a
sixth category has been identified, which is:
a. monitoring.
b. risk assessment.
c. information and communication.
d. control activities
e. antifraud programs and controls
4
5. Which of the following is not one of the fundamental concepts in the COSO report’s
definition of internal control?
a. Internal control is a process.
b. Internal control is effected by people.
c. Internal control is a guarantee.
d. Internal control can be expected to provide only reasonable assurance, not absolute
assurance, to an entity’s management and board.
e. Internal control is geared to the achievement of objectives in the overlapping
categories of financial reporting, compliance, and operations.
6. Which of the following is not one of the interrelated components of internal controls
identified by the COSO report?
a. control activities
b. control environment
c. information and communication
d. regulating
e. risk assessment
7. Which one of the following is not an inherent limitation in an entity’s internal controls?
a. mistakes in judgment
b. collusion
c. cost versus market
d. breakdowns
e. management override
8. Which of the following systems programs perform common data processing tasks?
a. utility programs
b. operating systems
c. compilers
d. assemblers
e. database management systems
10. Which of the following is not normally a characteristic of batch entry/batch processing in
a small system?
a. processing of similar transactions together
b. audit trail in machine readable form only
c. master file update only after batch data accumulation
d. delays in correcting processing errors
e. control totals generated prior to processing
5
11. With which of the following data processing methods may validation checks be used and
data be screened for errors at the time of entry?
a. batch entry/batch processing
b. batch entry/on-line processing
c. on-line entry/on-line processing
d. off-line entry/batch processing
e. on-line entry/batch processing
12. The use of a transaction log is most commonly associated with which of the following
data processing methods?
a. batch entry/batch processing
b. batch entry/on-line processing
c. on-line entry/on-line processing
d. off-line entry/batch processing
e. on-line entry/batch processing
13. From a control standpoint, which one of the following is a benefit of IT systems over
manual systems?
a. information in machine-sensible form only
b. decrease in human involvement
c. reduction in documentation
d. consistency in processing
e. a more distinct transaction trail
14. Which of the following control program development, program changes, computer
operations, and access to programs and data?
a. general controls
b. application controls
c. access controls
d. process controls
e. system controls
15. Which of the following factors are included in a firm’s control environment?
16. Which of the following is not one of the factors that make up the control environment?
a. accounting personnel
b. board of directors and audit committee
c. organizational structure
d. human resource policies and practices
e. assignment of authority and responsibility
17. In order to emphasize the importance of integrity and ethical values among all personnel
6
or an organization, the CEO and other top managers should do all of the following
except:
a. set the tone by example.
b. communicate to all employees.
c. send email messages to all employees promoting ethical values.
d. reduce or eliminate incentives and temptations.
e. provide moral guidance to employees.
18. Which of the following is not one of the characteristics of management's philosophy and
operating style?
a. approach to taking and monitoring business risks
b. monitoring policies for developing and modifying accounting systems
c. conscientiousness and conservatism in developing accounting estimates
d. its attitudes and actions toward financial reporting
e. its attitudes toward information processing and accounting functions and
personnel
19. An effective accounting system should identify and record only the valid transaction of the
entity that occurred in the current period, which relates to the:
a. rights and obligations assertion.
b. presentation and disclosure assertion.
c. valuation or allocation assertion.
d. existence or occurrence assertion.
e. completeness assertion.
20. Management’s risk assessment should include the following special consideration of the
risks that can arise from changed circumstances except:
a. new personnel.
b. rapid growth.
c. new technology.
d. corporate restructurings.
e. domestic operations.
21. An effective accounting system should measure the value of transactions in a manner
that permits recording their proper monetary value in the financial statements, which
relates to the:
a. rights and obligations assertion.
b. presentation and disclosure assertion.
c. valuation or allocation assertion.
d. existence or occurrence assertion.
e. completeness assertion.
22. Essential to both management and auditors is a chain of evidence in the accounting
system provided by coding, cross references, and documentation connecting account
balances and other summary results with original data. This chain of evidence is referred
to as the:
a. control trail.
b. vouching or tracing trail.
c. system reference trail.
d. audit or transaction trail.
e. accounting trail.
7
23. Incompatible duties are those that allow an irregularity to be perpetrated:
a. and concealed by a single employee.
b. and concealed through collusive actions.
c. by a single employee.
d. by accounting personnel.
e. and concealed by a group of two or more employees.
24. Which of the following is incorrect concerning the segregation of duties within an
organization?
a. The various steps involved in authorizing and executing a transaction should be
separated.
b. Responsibility for certain accounting operations should be segregated, e.g., the cash
receipts person should not reconcile the bank account.
c. The IT department should be segregated from the user departments.
d. Responsibility for executing, recording, and maintaining assets custody for a
transaction should be separated.
e. Responsibility for executing transactions may be assigned to those who have access
to the assets, but not to the books.
26. PCAOB standards require the auditor to evaluate the effectiveness of the audit
committee as part of understanding the control environment and monitoring. Which of
the following is not a factor the auditor should consider in making this evaluation?
a. The audit committee’s responsiveness to issues raised by the auditor.
b. The independence of the audit committee from management.
c. Compensation practices with respect to members of the audit committee.
d. The clarity with which the audit committee’s responsibilities are articulated.
e. The audit committee’s interaction with key members of financial management.
27. Which of the following management responsibilities is not established under PCAOB
standards?
a. To present a written assessment of the effectiveness of the company’s internal
control over financial reporting as of the end of the company’s most recent fiscal
year.
b. To accept responsibility for the effectiveness of the company’s internal control over
financial reporting.
c. To evaluate the effectiveness of the company’s internal control over financial
reporting using suitable criteria.
d. To perform cost-benefit analysis with respect to internal controls relating to
assertions having a material effect on the financial statements.
e. To support it’s evaluation of internal control with sufficient evidence, including
documentation.
8
28. Which one of the following is not recognized as one of the types of general controls?
a. processing controls
b. organization and operation controls
c. access controls
d. data and procedural controls
e. hardware and system software controls
29. Which one of the following positions maintains custody of systems documentation,
programs, and files?
a. IT Manager
b. Programmer
c. Computer Operator
d. Network Administrator
e. Librarian
30. Which of the following is not a hardware and systems software control?
a. echo check
b. read after write
c. data dictionary/directory
d. dual read
e. parity check
33. When planning an audit of internal controls over financial reporting, the auditor needs a
comprehensive knowledge of the company and its environment. This knowledge might
include:
a. preliminary judgments about the results of operations.
b. assessments about the efficiency of operations.
c. conclusions about the effectiveness of internal controls.
d. an assessment of the effectiveness of the audit committee.
e. legal or regulatory matters of which the company is aware.
37. Which of the following is not a widely recognized type of computer general controls?
a. organization and operation controls
b. hardware and system software controls
c. access controls
d. data and procedural controls
e. information processing controls
39. The least likely procedure to obtain an understanding of internal controls would be:
a. reviewing previous experience with the client.
b. inspecting documents and records.
c. confirming transactions.
d. inquiring of appropriate management.
e. observing entity operations.
10
Answers to Multiple Choice
1. e 11. e 21. c 31. c
2. b 12. c 22. d 32. d
3. d 13. d 23. a 33. e
4. e 14. a 24. e 34. a
5. c 15. b 25. b 35. b
6. d 16. a 26. c 36. d
7. c 17. c 27. d 37. e
8. a 18. b 28. a 38. b
9. e 19. d 29. e 39. c
10. b 20. e 30. c 40. a
An entity's internal controls consist of five interrelated components (plus an overriding concern
with fraud prevention and detection):
A: control environment
B: risk assessment
C: information and communication
D: control activities
E: monitoring
REQUIRED: Using the appropriate letter, identify the component to which each of the
following control activities or considerations pertains.
1. Performance reviews
2. Commitment to competence
5. Access controls
8. Segregation of duties
9. Organizational structure
11
13. Physical controls
Listed below are eight positions within an IT department coded by the letters A through H.
REQUIRED: Match the primary responsibilities below with the codes for the positions above.
3. Exercises overall control, develops short and long range plans, and approves
systems.
4. Designs content and organization of the database and controls access to and use
of the database.
5. Evaluates existing systems, designs new systems, outlines the systems, and
prepares specifications for programmers.
6. Acts as liaison with user departments and monitors input, processing, and
output.
12
8. Operates the computer hardware and executes the program according to
operating instructions.
What procedures are normally used by the auditor to obtain an understanding of internal
controls?
List the fundamental concepts that are embodied in the definition of internal control as per the
COSO report.
13
4. Internal control is geared to the achievement of objectives in the overlapping categories of
financial reporting, compliance, and operations.
Distinguish between systems programs and application programs, and identify four types of
systems programs.
14
Answers — Short Answer 10-6
1. The purpose of general controls is to control program development, program changes,
computer operations, and to secure access to programs and data. The following five
types of general controls are widely recognized:
a. organization and operation controls,
b. systems development and documentation controls,
c. hardware and system software controls,
d. access controls, and
e. data and procedural controls.
Computer general controls pertain to the IT environment and all IT activities as opposed
to a single IT application. Therefore, these controls are pervasive in their effect.
2. If the auditor is able to obtain evidence that general controls function effectively, then the
auditor also has assurance that individual applications may be properly designed and
operate effectively. Alternatively, deficiencies in general controls may affect many
applications and may prevent the auditor from assessing control risk below the
maximum for many applications and transaction cycles.
1. The cashier makes bank deposits and records all cash transactions.
2. Raw materials are stored in an unlocked warehouse.
3. Prenumbered receiving reports are not used in the receiving department.
4. Monthly statements of account are sent to customers by personnel who maintain the
accounts in the accounts receivable ledger.
5. Accounts receivable ledger clerks write-off accounts as uncollectible when they are more
than 90 days past due.
6. The shipping department orally notifies the billing department that goods have been
shipped.
7. The treasurer approves bills for payment, prepares the checks, and signs the checks.
8. Petty cash counts are made periodically by the petty cash custodian.
9. The company does not have a chart of accounts.
10. Each employee has direct access to his/her payroll records.
15
REQUIRED: For each circumstance, indicate from the list below, which category the control
procedure that has been violated belongs to:
1. Briefly identify the important aspects that would be expected as part of computer general
controls.
2. What is meant by the notion that general controls have a pervasive effect on computer
application controls?
16
d. Access controls should prevent unauthorized use of IT equipment, data files, and
computer programs. The specific controls include physical, software, and
procedural safeguards.
e. Data and procedural controls provide a framework for controlling daily computer
operations, minimizing the likelihood of processing errors, and assuring the
continuity of operations in the event of a physical disaster or computer failure.
2. If the auditor is able to obtain evidence that general controls function effectively, then the
auditor also has assurance that individual applications may be properly designed and
operate effectively. Alternatively, deficiencies in general controls may affect many
applications and may prevent the auditor from assessing control risk below the
maximum for many applications and transaction cycles.
17
Another random document with
no related content on Scribd:
vowing
vows
voyage
voyages
Vroublevsky
Vryburg
Vryheids
vs
Vuitch
vulgar
vulnerable
vultures
Vágó
vérité
W
Wad
WADAI
Wade
Wadi
WADSWORTH
Wady
Wagandas
wage
waged
wager
wages
waggon
waging
Wagner
wagon
wagoner
wagons
Wahis
waifs
wailed
waist
waists
Wait
waited
waiting
waive
waived
wake
wakening
Wakhan
waking
Waldeck
Waldersee
WALDO
WALES
Walfisch
walk
walked
Walker
walketh
Walking
walks
Wall
Wallace
Wallachs
walled
Waller
Walls
Walpole
Walter
Wan
WANA
wander
wandered
Wanderer
Wandering
waned
Wang
wangtao
Wano
want
wanted
wanting
wanton
wantonly
wantonness
wants
war
WARD
wardrobe
wards
Wardwell
warehouses
warehousing
wares
warfare
Waring
Warka
warlike
Warm
Warmbath
warmer
warmest
warmly
warmth
warn
warned
Warner
warning
warnings
Warrant
warranted
warrants
warren
warring
warrior
warriors
wars
warship
warships
Warthe
Was
Washburn
washed
washhouses
washing
WASHINGTON
washtub
Wasp
waste
wasted
wasteful
wastes
wasting
watch
watched
watchers
watchful
watchfulness
watching
watchman
WATER
watered
waterfalls
watering
Waterloo
waterproof
waters
watershed
waterspout
waterway
waterways
waterworks
Watson
Watt
Wattenbach
Wauchope
wave
waved
Waverley
waves
waving
wavy
way
wayfarers
Ways
Wazir
Waziri
WAZIRIS
we
weak
weaken
weakened
weakening
weaker
weakest
weakling
weaklings
weakly
weakness
weaknesses
weal
wealth
wealthiest
wealthy
weapon
Weapons
wear
weariness
wearing
wears
weary
weather
weave
weaving
Weber
Webster
wedded
Weddell
wedding
wedge
wedging
Wednesday
weeded
week
weekly
weeks
weels
ween
weep
weeping
WEI
weigh
weighed
weighing
weighs
weight
weighted
weightier
Weights
weighty
Weih
weir
weird
welcome
welcomed
welcoming
welding
Weldon
welfare
well
Wellington
Wellman
wells
Welsh
weltering
Welti
wen
Wenamu
wended
went
wept
Were
Weser
Wesley
Wessels
west
Westchester
Westcott
westerly
WESTERN
westernmost
Westfälische
Westlake
Westminster
Weston
Westphalia
westward
westwardly
westwards
Wet
Wetmore
Wettek
Weyler
whale
whaler
Whaling
wharf
wharfage
Wharton
wharves
what
Whatever
whatsoever
Wheat
Wheaton
Wheedon
wheel
wheelbarrow
Wheeler
Wheeling
wheels
when
whence
whenever
where
whereabouts
Whereas
whereby
Wherefore
wherein
whereof
whereon
whereto
Whereunto
whereupon
Wherever
wherewith
whether
Which
whichever
while
whilom
whilst
whip
whipper
whips
whirled
whirling
whiskey
Whisky
whisper
whispered
whistled
whistles
whistling
WHITE
Whiteboyism
Whitehall
Whitehead
Whitelaw
whitened
whites
whitewashing
Whitewatersridge
whither
Whiting
Whitman
WHITNEY
Whittier
Who
whoever
Whole
wholesale
wholesome
wholly
whom
whomsoever
whose
Whosoever
Why
Wick
wicked
wickedness
Wickes
Wide
widely
widened
widening
wider
widespread
widest
widow
widowed
widowhood
widows
width
wielded
wields
Wiener
wife
Wiggins
wigglers
Wight
wigwams
WIIS
Wikoff
Wikoft
Wilberforce
Wilcox
wild
Wilde
wilder
wilderness
wildest
wildfire
wildly
Wildman
Wilford
Wilfred
Wilfrid
wilful
wilfully
Wilhelm
Wilhelmina
Wilhelmshafen
Wilkes
Wilkinsburg
will
Willard
Willcocks
willed
willful
William
Williams
willing
Willingly
willingness
Willis
Williston
wills
Willshire
Willson
WILMINGTON
Wilson
Wimereux
win
Winchester
Winchow
wind
Windhoek
winding
windings
Windom
window
windows
winds
Windsor
Windt
Windward
wine
wines
Winfield
Wing
Wingate
wings
Winifred
winking
Winkler
winning
Winnipeg
Winsor
Winter
Wintered
Winterhalder
wintering
Winthrop
wiped
wiping
wire
wireless
wirepullers
wires
WISCONSIN
wisdom
wise
wisely
wiser
wisest
wish
wished
wishes
wishing
wisps
wistfully
wit
Witfontein
with
withdraw
Withdrawal
withdrawals
withdrawing
withdrawn
withdraws
withdrew
withering
withheld
withhold
withholds
Within
Without
withstand
withstood
witness
Witnessed
witnesses
Witt
Witte
Witu
Witwatersrand
wives
Wm
Wodehouse
woe
WOLCOTT
Wolf
Wolmarans
Wolmeraans
Wolseley
Wolsey
wolves
woman
womanhood
womanly
women
won
wonder
wondered
Wonderful
wondering
wonderment
wonders
WOOD
Woodbury
wooded
wooden
Woodford
woodland
Woodruff
Woods
woodsmen
Woodstock
woodwork
wool
woolen
woollens
Woolley
wools
Woolwich
Woosung
Worcester
word
worded
Worden
wording
WORDS
wore
Work
workable
worked
worker
Workers
workhouses
working
workingman
workingmen
workings
workingwoman
workman
workmen
works
Workshop
workshops
workwomen
world
worldly
worn
worry
worse
worship
worshipping
worst
worth
worthily
worthless
worthy
Wortley
Would
wound
WOUNDED
wounding
wounds
wrap
wrapped
wrath
Wray
wreak
wreaking
wreck
wreckage
wrecked
wreckers
wrecking
wrecks
wrest
wrested
wresting
wretched
wretchedly
wriggling
Wright
wring
writ
write
writer
writers
writes
writhing
Writing
writings
writs
written
wrong
wronged
wrongful
wrongfully
wrongly
wrongs
wrote
wrought
wrung
Wu
Wuch
Wuhu
Wurster
Wyck
Wynberg
WYOMING
Wên
Wêng
Würtemberg
Würzburg
x
XCI
XCII
XCIII
xi
xii
XIII
xiv
XIX
XL
XLI
XLII
XLIII
XLIV
XLIX
XLV
XLVI
XLVII
XLVIII
XV
xvi
XVII
XVIII
xx
XXI
xxii
XXIII
xxiv
xxix
XXV
xxvi
XXVII
XXVIII
xxx
XXXI
XXXII
XXXIII
xxxiv
xxxix
XXXV
xxxvi
XXXVII
xxxviii
y
yacht
yachts
Yafa
Yakub
Yale
Yaloo
Yalu
YAMAGATA
Yamagutchi
Yamen
yamên
Yamêns
Yang
Yangtsun
Yangtsze
Yangtze
Yankee
Yao
Yaos
Yaqui
Yaquis
Yard
yards
Yarkand
Yass
Yauco
Ybayat
ye
yea
year
yearly
yearning
yearns
Years
yeas
Yellow
Yells
Yen
Yendi
Yenesei
Yengtai
Yenisei
yeomanry
Yerkes
Yermak
Yersin
Yes
yesterday
yet
Yeu
Yezo
Yi
Yichow
yield
yielded
yielding
yields
Yin
Ying
Yingkow
Yint
Ylin
Yod
yoke
yoked
yokes
Yokohama
Yokoi
Yola
Yonge
Yonkers
YORK
you
Youmans
young
younger
youngest
Younghusband
Youngstown
Your
Yours
yourself
yourselves
yourt
youth
youthful
youths
Youtsey
Ypsiloritis