AIS Chapter 10 Control & Accounting Information Systems

Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework?

Monitoring

A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)

preventive control

Which of the following is an example of a preventive control?

Approving customer credit prior to approving a sales order

Independent checks on performance include all the following except

data input validation checks

A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem?

Yes, the computer operator could alter the payroll program to increase her salary

One of the objectives of the segregation of duties is to

make sure that different people handle different parts of the same transaction.

According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for

hiring and firing the external auditors

Which of the following is a control related to design and use of documents and records?

sequentially pre-numbering sales invoices

Which of the following duties could be performed by the same individual without violating segregation of duties controls?

Approving accounting software change requests and testing production scheduling software changes

With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?

Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal

Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?

Analyzing past financial performance and reporting

Which of the following statements about internal environment is false?

Management's attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions.

One reason why many organizations do not adequately protect their systems is because

Productivity and cost cutting cause management to forgo implementing and maintain internal controls

Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken?

take proactive approach to eliminate threats

detect threats that do occur

correct and recover from threats that do occur

The process that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as

internal control

Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities.

process

Which of the following is accomplished by corrective controls?

identify the cause of the problem

correct the resulting errors

modify the system to prevent future occurrences of the problem

Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions is an example of a ________ control.

detective; corrective

________ controls prevent, detect and correct transaction errors and fraud

Application

The primary purpose of the Foreign Corrupt Practices Act of 1977 was

to prevent the bribery of foreign officials by American Companies

Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.

Sarbanes-Oxley Act of 2002

This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes.

ISACA's control objectives for information and related technology