Could I get the answers to the multiple choice section of this? Thanks!

Chapter 11 Introduction to Internal Control Systems True-False Questions 1. Controls that specifically encourage operating efficiency are often called preventive controls. 2. Controls that attempt to safeguard asset resources are often called detective controls. 3. For a specific internal control to be effective, both the preventive and the detective aspect of the control must exist and be interrelated. 4. Preventive and corrective controls are established solely to discourage fraud and embezzlement by an organization's employees. 5. A good internal control system will contribute towards detecting accidental errors made by employees. 6. An organization should always attempt to implement ideal controls into its system. 7. It is normally considered good organizational design to establish the internal audit function within the accounting subsystem. 8. The introduction of a computer into an organization's data processing system will normally eliminate problems associated with following the organization's audit trail. 9. A good audit trail is an important element within a company's internal control system. 10. An audit trail problem associated with computerized data processing is that certain financial data processed by the computer may never be seen by the company's management. 11. Operational audits are performed by a company's internal audit staff. 12. The separation of duties control would not be violated if a company's cashier was also responsible for recording cash transactions. 13. The separation of duties control does not eliminate completely the possibility of embezzlement by employees. 14. The personnel subsystem has the important function of matching job qualifications to people qualifications. 15. The COSO report failed to define internal control. 16. An effective approach for maintaining a good audit trail for cash disbursements is to utilize a voucher system with coins and currency issued for each disbursement. TB 11.1 17. COBIT extensively examined the internal control area. 18. Risk assessment is an important component of an internal control system. 19. A company's control environment is unimportant when developing an internal control system. 20. Timely performance reports contribute towards achieving the monitoring component of an internal control system. 21. Control activities and monitoring are one and the same. 22. The Basle Committee published a framework for the evaluation of internal control systems in banking organizations. Multiple-Choice Questions 23. Three objectives of a company's internal control system should be safeguarding assets, checking the accuracy and reliability of accounting data, and promoting operational efficiency. A fourth objective of a company's internal control system should be: a) Preventing embezzlement of assets b) Encouraging adherence to prescribed managerial policies c) Avoiding the payment of overtime to company employees d) Revising standards for production costs on a weekly basis 24. The control environment is a component of a company's internal control system that: a) Influences the control awareness of a company's employees b) Stresses the development of control procedures in a company c) Directly affects the accuracy and reliability of a company's accounting data d) Can be ignored when establishing a company's internal control system 25. The preventative controls within a company's internal control system: a) Form the foundation for all of a company's other internal control components b) Focus on management's philosophy and operating style c) Ignore the risk factor associated with a company's control procedures d) Relate to safeguarding a company's assets and checking the accuracy and reliability of the company's accounting data 26. A general rule that should be followed when developing control procedures for a company's assets is: a) The cost of the control procedure will likely exceed the procedure's benefit b) The procedure should not be designed and implemented unless an asset's cost exceeds $5,000 c) The more liquid an asset is, the greater the risk of its misappropriation d) The procedure should not be designed and implemented in situations where a risk assessment has been previously performed TB 11.2 27. Assume that a company designs and implements a control procedure whereby the accountant that is responsible for recording cash receipts transactions does not have access to the cash itself. This control procedure is an example of a: a) Detective control b) Preventive control c) Corrective control d) Feedback control 28. Control procedures that provide feedback to management regarding the achievement of operational efficiency and adherence to prescribed managerial policies are called: a) Corrective controls b) Preventive controls c) Policy controls d) Detective controls 29. Those control procedures that are designed to remedy problems discovered through detective controls are called: a) Corrective controls b) Preventive controls c) Before-the-fact controls d) Management-by-exception controls 30. The maintenance of backup copies of a company's important transaction and master files is an example of a: a) Preventive control procedure b) Detective control procedure c) Corrective control procedure d) Management-by-exception control procedure 31. A control procedure that may be established within the sales department of a company's marketing subsystem is the addition of the sales invoice amounts before these invoices are sent to the information processing subsystem. This control total of invoice amounts is called a: a) Checksum b) Random total check c) Redundant control amount d) Batch control total 32. Which of the following statements is true regarding preventive control procedures and detective control procedures? a) They should be interrelated b) If preventive controls exist, detective controls are unnecessary c) If detective controls exist, preventive controls are unnecessary d) Preventive controls should be cost effective, but detective controls do not need to be cost effective TB 11.3 33. Which of the following statements is true? a) The COSO report failed to define internal control b) The COSO report emphasized that an internal control system is a tool of management c) SAS 78 rejected the definition of internal control provided in the COSO report d) COBIT concluded that a company's management is not responsible for establishing and monitoring a company's internal control system 34. Regarding the cost-benefit concept, which of the following statements is true? a) Every control procedure that offers benefits to a company should be implemented into the company's system b) An optimal internal control package is developed for a company's system by implementing a standardized package of control procedures c) A control procedure is considered cost effective if it can be determined that the cost of operating the procedure will be cheaper in the current period compared to the previous period d) A control procedure is considered cost effective when its anticipated benefits exceed its anticipated costs 35. An ideal control is: a) A control procedure that reduces to practically zero the risk of an error or an irregularity taking place and not being detected b) A control procedure that is anticipated to have the lowest possible cost in relation to its benefits c) A control procedure that should always be implemented into a company's system due to the efficiency and effectiveness that will result from its implementation d) A control procedure that is always cost effective 36. Due to data errors occurring from time to time in processing the Albert Company's payroll, the company's management is considering the addition of a data validation control procedure that is projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is estimated to be $11,000. If the data validation control procedure is implemented, the cost of this procedure is expected to be $700 per pay period (employees are paid biweekly). Based on the above data, which of the following statements is true? a) The data validation control procedure should be implemented because its net estimated benefit is $1,210 b) The data validation control procedure should be implemented because its net estimated benefit is $510 c) The data validation control procedure should not be implemented because the $700 expected cost per pay period exceeds the procedure's expected benefit d) The data validation control procedure should not be implemented because its net estimated benefit is a negative $1,210, thereby causing the control procedure to fail in terms of being cost effective TB 11.4 37. Which of the following frameworks is widely used by managers to organize and evaluate their corporate governance structure? a) CobiT b) COSO c) NIST d) SAS No. 94 38. Which of the following fundamental concepts is stressed by the COSO report? a) Internal control is not affected by people b) Internal control is geared to the achievement of a company's objectives in the financial reporting area only c) Internal control is designed to detect all errors and irregularities that occur within a company's system d) Internal control is a process 39. A periodic review by internal auditors that stresses the evaluation of the efficiency and effectiveness of a department's procedures is called a (an): a) Operational audit b) Financial audit c) Management-by-exception audit d) Audit by exception 40. Regarding the internal audit function, which of the following statements is true? a) Since many internal auditors have accounting backgrounds, the internal audit function should ideally be included within a company's accounting subsystem b) It is not proper for internal auditors to perform a fraud investigation within any part of their company's system c) Because of the independence of external auditors, they should never accept previous work of evaluating controls performed by a company's internal auditors d) Within a company's system, it is preferable to establish the internal audit function as a separate subsystem 41. Regarding a company's audit trail, which of the following statements is true? a) Because of the complexities involved in establishing an audit trail, a good audit trail normally makes it more difficult for an individual to follow the flow of a company's business transactions through the company's information system b) In actuality, the audit trail established within a company's information system is an unimportant element of the company's internal control system c) When a company's audit trail becomes more difficult to follow, this causes an increase in the risk of errors or irregularities taking place in the processing of accounting transactions and not being detected d) A company's policies and procedures manual should not be part of its audit trail since confidential information is included within this manual 42. An approach used by many companies to reduce the risk of loss caused by the theft of assets by employees is to: a) Utilize polygraphs b) Acquire arbitrage loss protection c) Acquire fidelity bond coverage TB 11.5 d) Institute punitive management 43. If the same employee is responsible for authorizing a business transaction and recording the transaction in the accounting records, this indicates a weakness in which element of a company's internal control system? a) A good audit trail b) Separation of duties c) Internal review of controls d) Competent employees 44. Which of the following control procedures provides physical protection for a company's cash asset? a) Majority of authorized cash disbursements made by check b) Daily cash receipts deposited intact at bank c) Voucher system for cash disbursements d) all of the above 45. Which of the following statements is true regarding timely performance reports? a) In many companies, these reports are the major means of providing information to management concerning the actual operations of the companies' internal control systems b) These reports should only include monetary data c) Since these reports fail to provide feedback to management on the operations of previously implemented internal control procedures, other techniques are needed to provide this feedback to managers d) The complexity that a computer introduces into a company's information system will typically prevent the preparation of timely performance reports for the company's management 46. A responsibility that should be assigned to a specific employee and not shared jointly is that of: a) Access to the company's safe deposit box b) Placing orders and maintaining relationships with a prime supplier c) Attempting to collect a particular delinquent account d) Custodianship of the petty cash fund 47. For control purposes, the quantities of materials ordered may be omitted from the copy of the purchase order which is: a) Forwarded to the accounting department b) Retained in the purchasing department's files c) Returned to the requisitioner d) Forwarded to the receiving department 48. Freije Refrigeration Company has an inventory of raw materials and parts consisting of thousands of different items which are of small dollar value individually but significant in total. A fundamental control requirement of Freije's inventory system is that: a) Perpetual inventory records be maintained for all inventory items b) The taking of physical inventories be conducted on a cycle basis rather than at year-end c) The storekeeping function not be combined with the production and inventory record-keeping functions TB 11.6 d) 49. Material requisitions be approved by an officer of the company The sales department bookkeeper has been crediting house-account sales to her brother-in-law, an outside salesman. Commissions are paid on outside sales but not on house-account sales. This might have been prevented by requiring that: a) Sales order forms be prenumbered and accounted for by the sales department bookkeeper b) Sales commission statements be supported by sales order forms and approved by the sales manager c) Aggregate sales entries be prepared by the general accounting department d) Disbursement vouchers for sales commissions be reviewed by the internal audit department and checked to sales commission statements In each one of the following four questions (questions 50-53), you are given a well-recognized procedure of internal control. You are to identify the irregularity that will be discovered or prevented by each procedure. 50. The voucher system requires that invoices be compared with receiving reports and express bills before a voucher is prepared and approved for payment. a) Unrecorded checks appear in the bank statement b) The treasurer takes funds by preparing a fictitious voucher charging "Miscellaneous General Expenses" c) An employee in the purchasing department sends through fictitious invoices and receives payment d) A cash shortage is covered by underfooting outstanding checks on the bank reconciliation e) A cash shortage is covered by omitting some of the outstanding checks from the bank reconciliation 51. Both cash and credit customers are educated to expect a sales ticket. Tickets are serially numbered. All numbers are accounted for daily. a) Customers complain that their monthly bills contain items that have been paid b) Some customers have the correct change for the merchandise purchased; they pay and do not wait for a sales ticket c) Customers complain that they are billed for goods they did not purchase d) Customers complain that goods ordered are not received e) Salesclerks destroy duplicate sales tickets for the amount of cash stolen 52. At a movie-theater box office, all tickets are prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to give the number of tickets sold. Cash is counted and compared with the number of tickets sold. a) The box office gives too much change b) The ticket taker admits his friends without a ticket c) The manager gives theater passes for personal expenses, which is against company policy d) A test check of customers entering the theater does not reconcile with ticket sales e) Tickets from a previous day are discovered in the ticket taker's stub box despite the fact that tickets are stamped "Good on Date of Purchase Only" TB 11.7 53. The duties of cashier and accounts-receivable bookkeeper should be separated. a) There are two cashiers. At the end of a certain day, there is a sizable cash shortage; each cashier blames the other and it is impossible to fix responsibility b) A cash shortage is covered by overfooting (overadding) cash in transit on the bank reconciliation c) A cash shortage is covered by charging it to "Miscellaneous General Expenses" d) Customers who paid their accounts in cash complain that they still receive statements of balances due e) The accounts-receivable bookkeeper charges off the accounts of friends to "Allowance for Uncollectible Accounts" 54. The COSO report stresses that: a) Internal control is a process b) An internal control system, if properly designed, can become a substitute for management c) People only at high levels of an organization are an important part of an internal control system d) An internal control system should consist of three interrelated components: the control environment, risk assessment, and control activities 55. Regarding COBIT, which of the statements is true? a) COBIT means Cost Objectives for Information and Related Technology b) COBIT rejects the definition of internal control from the COSO report c) COBIT states that a company's management should play a minor role in establishing an internal control system d) COBIT classifies people as one of the primary resources managed by various IT processes 56. The component of an internal control system that concerns itself with the way a company's management assigns authority and responsibility is called: a) Monitoring b) Control environment c) Risk assessment d) Information 57. _________________ describes the policies, plans, and procedures implemented by a firm to protect its assets. a) Internal control b) SAS No. 94 c) SOX, Section 404 d) Enterprise risk management TB 11.8 58. The 1992 COSO report identifies five components for an effective internal control system. These are: a) Control environment, risk assessment, control activities, information and communication, and monitoring b) Control environment, control procedures, control activities, communication, and monitoring c) Control procedures, control activities, information, communication, and monitoring d) Control procedures, risk assessment, control activities, information and communication, and monitoring 59. The 1992 COSO report identifies five components for an effective internal control system. Which of those five establishes the tone of a company and influences the control awareness of the company's employees? a) Control procedures b) Control environment c) Control activities d) Information and communication 60. The 1992 COSO report identifies five components for an effective internal control system. Which of those five includes the methods used to record, process, summarize, and report a company's transactions? a) Control procedures b) Control environment c) Control activities d) Information and communication 61. The Enterprise Risk Management (ERM) framework is based on the 1992 COSO report and adds three additional components for an effective internal control system. Which of the following is not one of those three? a) Objective setting b) Event identification c) Control assessment d) Risk response 62. Suppose a company established training programs that teach employees to perform their job functions more efficiently and effectively. This is an example of which type of control? a) Detective b) Preventive c) Corrective d) none of the above 63. Many organizations have an internal audit function that makes periodic reviews of each department within the organization. The focus of these reviews is to: a) Conduct an investigation of each department to be sure fraud is not taking place b) Evaluate the efficiency and effectiveness of the department c) Evaluate the performance of the manager of the department d) Report to the organization's top managers and board of directors TB 11.9 64. firm? b) c) d) e) Which of the following factors best describes the \"control environment\" of a a) The integrity, ethical values, and competence of employees Management's philosophy and operating style The way management assigns authority and responsibility The direction and attention provided by the board of directors all of the above 65. The purpose of ________________ is to identify organizational risks, analyze their potential in terms of costs and likelihood of occurrence, and install those controls whose projected benefits outweigh their costs. a) Internal controls b) A control environment c) Risk assessment d) Management consultants 66. Which of the following personnel policies would be the most useful in mitigating fraud or embezzlement? a) Fidelity bonds for key employees b) Careful hiring procedures for key employees c) Having a Code of Conduct d) Required vacations for key employees TB 11.10 Matching Questions For the following terms find the correct definition below and place the letter of that response in the blank space next to the term. Each definition is used only once - there are two terms that are not used. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. ______ ______ ______ ______ ______ ______ ______ ______ ______ ______ ______ ______ ______ ______ ______ ideal control scenario planning COBIT detective controls SOX, Section 404 control activities fidelity bond risk matrix preventive controls Val IT control environment separation of duties corporate governance internal control corrective controls TB 11.11 Definitions: A. Managing an organization in a fair, transparent and accountable manner to protect the interests of all the stakeholder groups B. A framework for IT governance C. The purpose of this control is to reduce the risk of loss caused by employee theft D. The policies, plans, and procedures management uses to protect company assets E. Software that interfaces with suppliers and customers F. A control procedure that reduces to practically zero the risk of an undetected error or irregularity G. A process whereby management identifies possible events that represent a problem to the firm and then identifies appropriate responses to those problems H. Establishes the tone of a company and influences the control awareness of the company's employees I. An example of this control is to assign these three functions to different employees: authorizing transactions, recording transactions, and maintaining custody of assets J. An example of this type of control is a firewall to prevent unauthorized access to the company's network K. An example of this type of control is a change to the company's procedures for creating backup copies of important business files L. When companies have production or work completed in countries like India, China, Canada, Mexico, or Malaysia M. Examples of this type of control are: log monitoring and review, system audits, file integrity checkers, and motion detection N. The purpose of this procedure is to classify each potential risk by mitigation cost and also by likelihood of occurrence O. The purpose of this framework is to achieve effective governance of IT P. Reaffirms that management is responsible for an adequate internal control structure Q. Includes a combination of manual and automated controls - such as approvals, authorizations, verifications, reconciliations, reviews of operating performance, and segregation of duties Short Answer Questions 82. What do the acronyms COSO and COBIT stand for? 83. Define preventive, detective, and corrective controls. Give an example of each. TB 11.12