Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control

Full screen (f)
exit full mode
Question
The control environment reflects the organization's general awareness and commitment to the importance of control throughout the organization.
Use Space or
up arrow
down arrow
to flip the card.
Question
Opportunities are events that could have a positive impact on organization objectives.
Question
A fraud is a deliberate act or untruth intended to obtain unfair or unlawful gain.
Question
External directives are the policies and procedures that help ensure that management directives are carried out.
Question
Management's legal responsibility to prevent fraud and other irregularities is implied by laws such as
the Foreign Corrupt Practices Act
Question
Establishing a viable internal control system is the responsibility of management.
Question
Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.
Question
The external environment is a system of integrated elements--people, structures, processes, and procedures--acting together to provide reasonable assurance that an organization achieves both its operations system and its information system goals.
Question
Under the Sarbanes Oxley Act of 2002, the section on Auditor Independence establishes an independent board to oversee public company audits.
Question
Monitoring is a process that assesses the quality of internal control performance over time.
Question
Risks are those events that could have a negative impact on organization objectives.
Question
Expected gross risk is a function of the initial expected gross risk, reduced risk exposure due to controls, and cost of controls.
Question
Under the Sarbanes Oxley Act of 2002, the section on Corporate Tax Returns Section 1001, conveys a sense of the Senate that the corporate federal income tax returns be signed by the treasurer.
Question
A major reason management must exercise control over an organization's business processes is to provide reasonable assurance that the company is in compliance with applicable legal and regulatory obligations.
Question
Organizational governance is a process by which organizations select objectives, establish processes to achieve objectives, and monitor performance.
Question
Under the Sarbanes Oxley Act of 2002, the section on Enhanced Financial Disclosures requires each annual report filed with the SEC to include an internal control report.
Question
Fraud is the possibility that an event or action will cause an organization to fail to meet its objectives (or goals).
Question
Management is responsible for establishing and maintaining an adequate system of internal control
Question
SAS No.99 emphasizes auditors should brainstorm fraud risks, increase professional skepticism, use unpredictable audit test patterns, and detect management override of internal controls
Question
Under the Sarbanes Oxley Act of 2002, the section on Corporate Responsibility requires a company's CEO and CFO to certify quarterly and annual reports.
Question
An invalid item is an object or event that is not authorized, never occurred, or is otherwise not genuine.
Question
A sale to a customer is entered into the system properly, but the event does not accurately update the customer's outstanding balance.This type of processing error would be classified as a user error.
Question
A process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

A)enterprise risk management
B)internal control
C)organizational governance
D)risk assessment
Question
The control matrix is a computer virus that takes control of the computer's operating system for malicious purposes.
Question
The ERM framework addresses four categories of management objectives.Which category concerns high-level goals, aligned with and supporting its mission?

A)compliance
B)operations
C)reporting
D)strategic
Question
Salami slicing is program code that can attach itself to other programs (i.e., "infect" those programs), that can reproduce itself, and that operates to alter the programs or to destroy data.
Question
A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.
Question
A manager of a manufacturing plant alters production reports to provide the corporate office with an inflated perception of the plant's cost effectiveness in an effort to keep the inefficient plant from being closed.This action would be classified as a(n):

A)risk
B)hazard
C)fraud
D)exposure
Question
The control goal called efficiency of operations strives to assure that a given operations system is fulfilling the purpose(s) for which it was intended.
Question
The control goal of ensuring input materiality strives to prevent fictitious items from entering an information system.
Question
Ethical behavior and management integrity are products of the corporate culture.
Question
Ensuring the security of resources is the control goal that seeks to provide protection against loss, destruction, disclosure, copying, sale, or other misuse of an organization's resources.
Question
A corrective control plan is designed to discover problems that have occurred.
Question
A batch of business events is accurately entered into a business event data, but the computer operator fails to use the data to update master data.This type of processing error would be classified as an operational error.
Question
The control goal of input accuracy is concerned with the correctness of the transaction data that are entered into a system.
Question
Business process control plans relate to those controls particular to a specific process or subsystem, such as billing or cash receipts, or to a particular technology used to process data.
Question
A process by which organizations select objectives, establish processes to achieve objectives, and monitor performance is

A)enterprise risk management
B)internal control
C)organizational governance
D)risk assessment
Question
A computer crime technique called worm involves the systematic theft of very small amounts from a number of bank or other financial accounts.
Question
A logic bomb is a computer abuse technique in which unauthorized code is inserted in a program, which, when activated, may cause a disaster such as shutting down a system or destroying data.
Question
According to the 2008 Report to the Nation on Occupational Fraud and Abuse, frauds are more likely to be detected by audits or internal controls than through tips.
Question
Events that could have a positive impact on organizational objectives:

A)controls
B)fraud
C)opportunities
D)profit
Question
The ERM framework addresses four categories of management objectives.Which category of objectives concerns laws and regulations?

A)compliance
B)operations
C)reporting
D)strategic
Question
The section of Sarbanes Oxley that prohibits a CPA firm that audits a public company from engaging in certain non-audit services with the same client is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Question
Risk assessment is best described by:

A)Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities.
B)Management selects whether to avoid, accept, reduce, or share risk - developing a set of actions to align risks with the entity's risk tolerances and risk appetite.
C)The entirety of enterprise risk management is monitored and modifications made as necessary.
D)The likelihood and impact of risks are analyzed, as a basis for determining how they should be managed.
Question
The section of Sarbanes Oxley that requires each annual report filed with the SEC to include an internal control report is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Question
Which component of the ERM framework is best described here: Management selects whether to avoid, accept, reduce, or share risk - developing a set of actions to align risks with the entity's risk tolerances and risk appetite.

A)control activities
B)event identification
C)risk assessment
D)risk response
Question
The section of Sarbanes Oxley that requires a company's CEO and CFO to certify quarterly and annual reports is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Question
The section of Sarbanes Oxley that requires financial analysts to properly disclose in research reports any conflicts of interest they might hold with the companies they recommend.:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Question
This component of the ERM framework concerns the entirety of enterprise risk management and is accomplished through ongoing management activities, separate evaluations, or both.

A)control activities
B)monitoring
C)objective setting
D)risk response
Question
Events that could have a negative impact on organizational objectives:

A)controls
B)embezzlement
C)fraud
D)risks
Question
Approvals, authorizations, verifications, reconciliations, reviews of operating performance, security procedures, and segregation of duties are examples of:

A)control activities
B)event identification
C)monitoring
D)risk response
Question
The ERM framework addresses four categories of management objectives.Which category ensures the reliability of the financial statements?

A)compliance
B)operations
C)reporting
D)strategic
Question
The major reasons for exercising control of the organization's business processes include:

A)to provide reasonable assurance that the goals of the business are being achieved
B)to mitigate risks of fraud and other intentional and unintentional acts
C)to provide reasonable assurance that the company is in compliance with applicable legal and regulatory obligations
D)all of the above
Question
This component of the ERM framework encompasses the tone of an organization and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values.

A)control activities
B)internal environment
C)risk assessment
D)risk response
Question
Which component of the ERM framework is best described here: Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities.Opportunities are channeled back to management's strategy or objective-setting processes.

A)control activities
B)event identification
C)risk assessment
D)risk response
Question
Who is legally responsible for establishing and maintaining an adequate system of internal control?

A)the board of directors
B)stakeholders
C)investors
D)management
Question
The effect of an event's occurrence is:

A)control
B)impact
C)risk
D)opportunity
Question
The ERM framework addresses four categories of management objectives.Which category addresses the effective and efficient use of resources?

A)compliance
B)operations
C)reporting
D)strategic
Question
The ERM framework is comprised of eight components.Which component includes the policies and procedures established and implemented to help ensure the risk responses are effectively carried out?

A)control activities
B)event identification
C)risk assessment
D)risk response
Question
The section of Sarbanes Oxley that establishes an independent board to oversee public company audits is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Question
____ is a process that assesses the quality of internal control performance over time.

A)Control environment
B)Risk assessment
C)Control activities
D)Monitoring
Question
Elements of a control environment might include the following except:

A)organization values and norms
B)management philosophy and operating style
C)means of communications
D)reward systems
Question
The section of Sarbanes Oxley that sets forth criminal penalties applicable to CEOs and CFOs of up to $5 million and up to 20 years imprisonment if they knowingly or willfully certify false or misleading information contained in periodic reports:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Question
Which of the following is not a requirement of SOX Section 404?

A)Evaluate the design of the company's controls to determine if they adequately address the risk that a material misstatement of the financial statements would not
Be prevented or detected in a timely manner.
B)Gather and evaluate evidence about the operation of controls.
C)Implement key controls to determine their operating efficiency.
D)Present a written assessment of the effectiveness of internal control over financial reporting.
Question
This framework was issued in 1996 (and updated in 2007) by the Information Systems Audit and Control Association because of the influence of IT over information systems, financial reporting and auditing.

A)COBIT
B)COSO
C)ERM
D)All of the above.
Question
A business event which is not properly authorized is an example of:

A)an invalid item
B)an inaccurate item
C)an incomplete item
D)an unusual item
Question
A computer abuse technique called a ____ involves inserting unauthorized code in a program, which, when activated, may cause a disaster, such as shutting the system down or destroying files.

A)salami slicing
B)back door
C)logic bomb
D)Trojan horse
Question
A computer abuse technique where unauthorized instructions are inserted into a program to systemati- cally steal very small amounts, usually by rounding to the nearest cent in financial transactions

A)worm
B)salami slicing
C)logic bomb
D)Trojan horse
Question
A computer abuse technique called a ____ involves a virus that replicates itself on disks, in memory, or across networks.

A)worm
B)back door
C)logic bomb
D)Trojan horse
Question
____ sets the tone of the organization, influencing the control consciousness of its people.

A)Control environment
B)Risk assessment
C)Control activities
D)Monitoring
Question
The information system control goal which relates to preventing fictitious events from being recorded is termed:

A)ensure input validity
B)ensure input accuracy
C)ensure input completeness
D)ensure effectiveness of operations
Question
A measure of success in meeting a set of established goals is called system:

A)effectiveness
B)monitoring
C)efficiency
D)control goals
Question
As a result of an inadequate design, a production process yields an abnormally high amount of raw material scrapped.Which control goal is being violated?

A)ensure effectiveness of operations
B)ensure efficient employment of resources
C)ensure security of resources
D)ensure input accuracy
Question
The section of Sarbanes Oxley that provides for fines and imprisonment of up to 20 years to individuals who corruptly alter, destroy, mutilate, or conceal documents with the intent to impair the document's integrity or availability for use in an official proceeding, or to otherwise obstruct, influence or impede any official proceeding is:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Question
A deliberate act or untruth intended to obtain unfair or unlawful gain is a(n)

A)audit
B)embezzlement
C)fraud
D)theft
Question
____ are the policies and procedures that help ensure that management directives are carried out.

A)Control environment
B)Risk assessment
C)Control activities
D)Monitoring
Question
Which of the following statements regarding internal controls systems is false?

A)Effective internal control systems provide complete assurance against the occurrence of material frauds and embezzlements.
B)Internal control systems depend largely on the competency and honesty of people.
C)Because internal control systems have a cost, management should evaluate the cost/benefit of each control plan.
D)The development of an internal control system is the responsibility of management.
Question
The section of Sarbanes Oxley that makes it a felony to knowingly destroy, alter, or create records and or documents with the intent to impede, obstruct, or influence an ongoing or contemplated federal investigation and offers legal protection to whistle blowers is:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Question
Establishing a viable internal control system is primarily the responsibility of:

A)the external auditors
B)management
C)programmers
D)government authorities
Question
According to the 2008 Report to the Nation on Occupational Fraud and Abuse, frauds are more likely to be detected by:

A)audits
B)internal controls
C)managers
D)tips
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/161
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control
1
The control environment reflects the organization's general awareness and commitment to the importance of control throughout the organization.
True
2
Opportunities are events that could have a positive impact on organization objectives.
True
3
A fraud is a deliberate act or untruth intended to obtain unfair or unlawful gain.
True
4
External directives are the policies and procedures that help ensure that management directives are carried out.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
5
Management's legal responsibility to prevent fraud and other irregularities is implied by laws such as
the Foreign Corrupt Practices Act
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
6
Establishing a viable internal control system is the responsibility of management.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
7
Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
8
The external environment is a system of integrated elements--people, structures, processes, and procedures--acting together to provide reasonable assurance that an organization achieves both its operations system and its information system goals.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
9
Under the Sarbanes Oxley Act of 2002, the section on Auditor Independence establishes an independent board to oversee public company audits.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
10
Monitoring is a process that assesses the quality of internal control performance over time.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
11
Risks are those events that could have a negative impact on organization objectives.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
12
Expected gross risk is a function of the initial expected gross risk, reduced risk exposure due to controls, and cost of controls.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
13
Under the Sarbanes Oxley Act of 2002, the section on Corporate Tax Returns Section 1001, conveys a sense of the Senate that the corporate federal income tax returns be signed by the treasurer.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
14
A major reason management must exercise control over an organization's business processes is to provide reasonable assurance that the company is in compliance with applicable legal and regulatory obligations.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
15
Organizational governance is a process by which organizations select objectives, establish processes to achieve objectives, and monitor performance.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
16
Under the Sarbanes Oxley Act of 2002, the section on Enhanced Financial Disclosures requires each annual report filed with the SEC to include an internal control report.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
17
Fraud is the possibility that an event or action will cause an organization to fail to meet its objectives (or goals).
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
18
Management is responsible for establishing and maintaining an adequate system of internal control
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
19
SAS No.99 emphasizes auditors should brainstorm fraud risks, increase professional skepticism, use unpredictable audit test patterns, and detect management override of internal controls
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
20
Under the Sarbanes Oxley Act of 2002, the section on Corporate Responsibility requires a company's CEO and CFO to certify quarterly and annual reports.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
21
An invalid item is an object or event that is not authorized, never occurred, or is otherwise not genuine.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
22
A sale to a customer is entered into the system properly, but the event does not accurately update the customer's outstanding balance.This type of processing error would be classified as a user error.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
23
A process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

A)enterprise risk management
B)internal control
C)organizational governance
D)risk assessment
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
24
The control matrix is a computer virus that takes control of the computer's operating system for malicious purposes.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
25
The ERM framework addresses four categories of management objectives.Which category concerns high-level goals, aligned with and supporting its mission?

A)compliance
B)operations
C)reporting
D)strategic
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
26
Salami slicing is program code that can attach itself to other programs (i.e., "infect" those programs), that can reproduce itself, and that operates to alter the programs or to destroy data.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
27
A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
28
A manager of a manufacturing plant alters production reports to provide the corporate office with an inflated perception of the plant's cost effectiveness in an effort to keep the inefficient plant from being closed.This action would be classified as a(n):

A)risk
B)hazard
C)fraud
D)exposure
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
29
The control goal called efficiency of operations strives to assure that a given operations system is fulfilling the purpose(s) for which it was intended.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
30
The control goal of ensuring input materiality strives to prevent fictitious items from entering an information system.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
31
Ethical behavior and management integrity are products of the corporate culture.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
32
Ensuring the security of resources is the control goal that seeks to provide protection against loss, destruction, disclosure, copying, sale, or other misuse of an organization's resources.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
33
A corrective control plan is designed to discover problems that have occurred.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
34
A batch of business events is accurately entered into a business event data, but the computer operator fails to use the data to update master data.This type of processing error would be classified as an operational error.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
35
The control goal of input accuracy is concerned with the correctness of the transaction data that are entered into a system.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
36
Business process control plans relate to those controls particular to a specific process or subsystem, such as billing or cash receipts, or to a particular technology used to process data.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
37
A process by which organizations select objectives, establish processes to achieve objectives, and monitor performance is

A)enterprise risk management
B)internal control
C)organizational governance
D)risk assessment
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
38
A computer crime technique called worm involves the systematic theft of very small amounts from a number of bank or other financial accounts.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
39
A logic bomb is a computer abuse technique in which unauthorized code is inserted in a program, which, when activated, may cause a disaster such as shutting down a system or destroying data.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
40
According to the 2008 Report to the Nation on Occupational Fraud and Abuse, frauds are more likely to be detected by audits or internal controls than through tips.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
41
Events that could have a positive impact on organizational objectives:

A)controls
B)fraud
C)opportunities
D)profit
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
42
The ERM framework addresses four categories of management objectives.Which category of objectives concerns laws and regulations?

A)compliance
B)operations
C)reporting
D)strategic
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
43
The section of Sarbanes Oxley that prohibits a CPA firm that audits a public company from engaging in certain non-audit services with the same client is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
44
Risk assessment is best described by:

A)Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities.
B)Management selects whether to avoid, accept, reduce, or share risk - developing a set of actions to align risks with the entity's risk tolerances and risk appetite.
C)The entirety of enterprise risk management is monitored and modifications made as necessary.
D)The likelihood and impact of risks are analyzed, as a basis for determining how they should be managed.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
45
The section of Sarbanes Oxley that requires each annual report filed with the SEC to include an internal control report is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
46
Which component of the ERM framework is best described here: Management selects whether to avoid, accept, reduce, or share risk - developing a set of actions to align risks with the entity's risk tolerances and risk appetite.

A)control activities
B)event identification
C)risk assessment
D)risk response
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
47
The section of Sarbanes Oxley that requires a company's CEO and CFO to certify quarterly and annual reports is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
48
The section of Sarbanes Oxley that requires financial analysts to properly disclose in research reports any conflicts of interest they might hold with the companies they recommend.:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
49
This component of the ERM framework concerns the entirety of enterprise risk management and is accomplished through ongoing management activities, separate evaluations, or both.

A)control activities
B)monitoring
C)objective setting
D)risk response
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
50
Events that could have a negative impact on organizational objectives:

A)controls
B)embezzlement
C)fraud
D)risks
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
51
Approvals, authorizations, verifications, reconciliations, reviews of operating performance, security procedures, and segregation of duties are examples of:

A)control activities
B)event identification
C)monitoring
D)risk response
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
52
The ERM framework addresses four categories of management objectives.Which category ensures the reliability of the financial statements?

A)compliance
B)operations
C)reporting
D)strategic
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
53
The major reasons for exercising control of the organization's business processes include:

A)to provide reasonable assurance that the goals of the business are being achieved
B)to mitigate risks of fraud and other intentional and unintentional acts
C)to provide reasonable assurance that the company is in compliance with applicable legal and regulatory obligations
D)all of the above
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
54
This component of the ERM framework encompasses the tone of an organization and sets the basis for how risk is viewed and addressed by an entity's people, including risk management philosophy and risk appetite, integrity and ethical values.

A)control activities
B)internal environment
C)risk assessment
D)risk response
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
55
Which component of the ERM framework is best described here: Internal and external events affecting achievement of an entity's objectives must be identified, distinguishing between risks and opportunities.Opportunities are channeled back to management's strategy or objective-setting processes.

A)control activities
B)event identification
C)risk assessment
D)risk response
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
56
Who is legally responsible for establishing and maintaining an adequate system of internal control?

A)the board of directors
B)stakeholders
C)investors
D)management
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
57
The effect of an event's occurrence is:

A)control
B)impact
C)risk
D)opportunity
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
58
The ERM framework addresses four categories of management objectives.Which category addresses the effective and efficient use of resources?

A)compliance
B)operations
C)reporting
D)strategic
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
59
The ERM framework is comprised of eight components.Which component includes the policies and procedures established and implemented to help ensure the risk responses are effectively carried out?

A)control activities
B)event identification
C)risk assessment
D)risk response
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
60
The section of Sarbanes Oxley that establishes an independent board to oversee public company audits is:

A)Title I - Public Company Accounting Oversight Board
B)Title II - Auditor Independence
C)Title III - Corporate Responsibility
D)Title IV - Enhanced Financial Disclosures
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
61
____ is a process that assesses the quality of internal control performance over time.

A)Control environment
B)Risk assessment
C)Control activities
D)Monitoring
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
62
Elements of a control environment might include the following except:

A)organization values and norms
B)management philosophy and operating style
C)means of communications
D)reward systems
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
63
The section of Sarbanes Oxley that sets forth criminal penalties applicable to CEOs and CFOs of up to $5 million and up to 20 years imprisonment if they knowingly or willfully certify false or misleading information contained in periodic reports:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following is not a requirement of SOX Section 404?

A)Evaluate the design of the company's controls to determine if they adequately address the risk that a material misstatement of the financial statements would not
Be prevented or detected in a timely manner.
B)Gather and evaluate evidence about the operation of controls.
C)Implement key controls to determine their operating efficiency.
D)Present a written assessment of the effectiveness of internal control over financial reporting.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
65
This framework was issued in 1996 (and updated in 2007) by the Information Systems Audit and Control Association because of the influence of IT over information systems, financial reporting and auditing.

A)COBIT
B)COSO
C)ERM
D)All of the above.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
66
A business event which is not properly authorized is an example of:

A)an invalid item
B)an inaccurate item
C)an incomplete item
D)an unusual item
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
67
A computer abuse technique called a ____ involves inserting unauthorized code in a program, which, when activated, may cause a disaster, such as shutting the system down or destroying files.

A)salami slicing
B)back door
C)logic bomb
D)Trojan horse
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
68
A computer abuse technique where unauthorized instructions are inserted into a program to systemati- cally steal very small amounts, usually by rounding to the nearest cent in financial transactions

A)worm
B)salami slicing
C)logic bomb
D)Trojan horse
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
69
A computer abuse technique called a ____ involves a virus that replicates itself on disks, in memory, or across networks.

A)worm
B)back door
C)logic bomb
D)Trojan horse
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
70
____ sets the tone of the organization, influencing the control consciousness of its people.

A)Control environment
B)Risk assessment
C)Control activities
D)Monitoring
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
71
The information system control goal which relates to preventing fictitious events from being recorded is termed:

A)ensure input validity
B)ensure input accuracy
C)ensure input completeness
D)ensure effectiveness of operations
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
72
A measure of success in meeting a set of established goals is called system:

A)effectiveness
B)monitoring
C)efficiency
D)control goals
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
73
As a result of an inadequate design, a production process yields an abnormally high amount of raw material scrapped.Which control goal is being violated?

A)ensure effectiveness of operations
B)ensure efficient employment of resources
C)ensure security of resources
D)ensure input accuracy
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
74
The section of Sarbanes Oxley that provides for fines and imprisonment of up to 20 years to individuals who corruptly alter, destroy, mutilate, or conceal documents with the intent to impair the document's integrity or availability for use in an official proceeding, or to otherwise obstruct, influence or impede any official proceeding is:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
75
A deliberate act or untruth intended to obtain unfair or unlawful gain is a(n)

A)audit
B)embezzlement
C)fraud
D)theft
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
76
____ are the policies and procedures that help ensure that management directives are carried out.

A)Control environment
B)Risk assessment
C)Control activities
D)Monitoring
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
77
Which of the following statements regarding internal controls systems is false?

A)Effective internal control systems provide complete assurance against the occurrence of material frauds and embezzlements.
B)Internal control systems depend largely on the competency and honesty of people.
C)Because internal control systems have a cost, management should evaluate the cost/benefit of each control plan.
D)The development of an internal control system is the responsibility of management.
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
78
The section of Sarbanes Oxley that makes it a felony to knowingly destroy, alter, or create records and or documents with the intent to impede, obstruct, or influence an ongoing or contemplated federal investigation and offers legal protection to whistle blowers is:

A)Title V - Analysts Conflicts of Interests
B)Title VIII - Corporate and Criminal Fraud Accountability
C)Title IX - White-Collar Crime Penalty Enhancements
D)Title XI - Corporate Fraud and Accountability
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
79
Establishing a viable internal control system is primarily the responsibility of:

A)the external auditors
B)management
C)programmers
D)government authorities
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
80
According to the 2008 Report to the Nation on Occupational Fraud and Abuse, frauds are more likely to be detected by:

A)audits
B)internal controls
C)managers
D)tips
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 161 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree