BUSINESS ENVIRONMENT AND CONCEPTS 1 Corporate Rights, Responsibilities, and AuthorityWhich of the following did SOX NOT do to protect whistleblowers? A.
... [Show More] Require public company audit committees to install procedures to receive whistleblowers’ complaints. B. Provide a civil damages action for public company whistleblowers who suffer retaliation for providing information regarding a violation of federal securities laws. C. Provide whistleblowers with the right to sue immediately in federal court. D. Make it a crime punishable by a fine and/or imprisonment to retaliate against an informant who provides truthful information relating to the commission of any federal offense.Which of the following is necessary to be an audit committee financial expert, according to the criteria specified in the Sarbanes-Oxley Act of 2002? A. A limited understanding of generally accepted auditing standards. B. Education and experience as a certified financial planner. C. Experience with internal accounting controls. D. Experience in the preparation of tax returns.Under SOX, it is a crime to punish a public company whistleblower who provides truthful information relating to which of the following: A. Federal securities law violations. B. Federal tax law violations.Dan provided original information to authorities regarding a securities fraud in his company. It led the SEC to impose penalties of $2 million. Which of the following is most likely to be Dan’s award under Dodd-Frank? A. $50,000. B. $150,00 0. C. $350,00 0. D. $750,00 0Dan provided original information to authorities regarding a securities fraud in his company. It led the SEC to impose penalties of $2 million. Which of the following is most likely to be Dan’s award under Dodd-Frank? A. $50,000. B. $150,00 0. C. $350,00 0. D. $750,00 0Mar has been complicit in her public company’s accounting fraud. She consults a lawyer as the time comes to file her firm’s 10-K with the SEC. She is a little uncomfortable with what she might have to do. The lawyer will likely tell her that she will have to certify (and be potentially criminally liable for lying about) these matters: A. That she has reviewed the 10-K. B. That to her knowledge the 10-K does not contain any materially untrue statements. C. That she, along with the CEO, is responsible for establishing and maintaining her company’s internal controls. D. All of the above. Answer: D All three of the previous choices are examples, and not the only examples, of things that Mar must certify when her firm files a 10-K. 6. Public company audit committees must contain which of the following? A. A majority of independent directors B. An accounting expert C. A financial expert D. A legal expert Answer: C SOX requires that every audit committee of a public company have at least one “financial expert” with (a) an understanding of GAAP and financial statements; (b) experience in preparing or auditing F/S; (c) experience with internal auditing controls; and (d) an understanding of audit committee functions. 7. A public company audit committee’s “financial expert” must have all of the following except: A. An understanding of GAAP and financial statements. B. Experience in preparing or auditing financial statements of comparable companies and application of such principles in connection with accounting for estimates, accruals, and reserves. C. Experience with internal auditing controls. D. Experience on a public company’s compensation committee. Answer: D SOX does not require that the financial expert have experience on a compensation committee. 8. Which of the following did Dodd-Frank do regarding a whistleblower’s right to sue for retaliation accorded by SOX? A. It extended the time to file a complaint with OSHA from 90 days to 180 days. B. It extended the right to sue to whistleblowing employees of private subsidiaries controlled by public companies. C. It granted whistleblowers the right to a jury trial in retaliation cases that are properly filed in federal court.. D. All of the above. Answer: D All of the first three choices are correct. 9. Fang provided original information to authorities regarding a securities fraud in his company. The information led to an imposition of penalties of $500,000. It also led to Fang being fired in retaliation by his public company employer. Which of the following is true? A. Fang must receive a bounty for his whistleblowing. B. Fang may sue to seek compensation for the retaliation he suffered. C. A and B. D. None of the above. Answer: B Even if Fang’s tip had not led to any sanctions, Fang is still protected by the anti-retaliation provision of Dodd-Frank. Types and Principles of Accounting Controls 10. Which of the following statements presents an example of a general control for a computerized system? A. Limiting entry of sales transactions to only valid credit customers. B. Creating hash totals from Social Security numbers for the weekly payroll. C. Restricting entry of accounts payable transactions to only authorized users. D. Restricting access to the computer center by use of biometric devices. Answer: D Restricting access to the computer center is an example of a general control. 11. Which of the following is an example of a detective control? A. Use of pre-formatted screens for data entry. B. Comparison of data entry totals to batch control totals. C. Restricting access to the computer operations center to data-processing staff only. D. Employing a file librarian to maintain custody of the program and data files. Answer: B Reconciliation of data entry totals with batch control totals will detect errors made by the data entry clerks. 12. Review of the audit log is an example of which of the following types of security control? A. Governance. B. Detective. C. Preventive. D. Corrective. Answer: B Reviewing an audit log is an example of a detective control since such reviews are useful in “detecting” problems in the system that have already occurred. 13. Milo Corp. maintains daily backups of its accounting system in a fireproof vault in the file library. Weekly, monthly, and annual backups are stored in a secure, fireproof vault at an off-site location. Maintenance of the backup files is an example of A. a detective control. B. a feedback control. C. a corrective control. D. a preventive control. Answer: C Corrective controls allow the user to recover from a problem once it has been identified. 14. Controls in the information technology area are classified into the categories of preventive, detective, and corrective. Which of the following is a preventive control? A. Contingency planning. B. Hash total. C. Echo check. D. Access control software. Answer: D Access control software is a preventive control. 15. A company’s new time clock process requires hourly employees to select an identification number and then choose the clock-in or clock-out button. A video camera captures an image of the employee using the system. Which of the following exposures can the new system be expected to change the least? A. Fraudulent reporting of employees’ own hours. B. Errors in employees’ overtime computation. C. Inaccurate accounting of employees’ hours. D. Recording of other employees’ hours. Answer: B This is the best answer. Computing overtime requires a calculation (total hours - normal hours = overtime hours) that is independent of the system described. That is, the addition of a time clock and video camera will not directly help in allocating hours worked between normal and overtime hours. In addition, the other answers are bad choices. Therefore, this is the best answer of the available choices. Introduction to COSO and COSO ERM Models 16. Which component of the COSO ERM framework is concerned with management’s decision to avoid, accept, reduce, or share risk and to develop a set of actions to align risk with the entity’s risk preferences? A. Control activities. B. Event identification. C. Risk assessment. D. Risk response. Answer: D Risk response does include management’s decision to avoid, accept, reduce, or share risk and to develop a set of actions to align risk with the entity’s risk preferences. 17. This component of internal control concerns the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives. A. Control activities. B. Control environment. C. Monitoring. D. Risk assessment. Answer: A Control activities are, “...the policies and procedures that ensure that actions are taken to address the risks related to the achievement of management’s objectives.” 18. Strategic, operations, reporting, and compliance objectives are a part of which of the following models of internal control? A. COBIT. B. COSO. C. COSO ERM. D. All of the above. Answer: C This answer is correct because strategic, operations, reporting, and compliance objectives are part of this model. 19. Which of the following items is one of the eight components of COSO’s enterprise risk management framework? A. Operations. B. Reporting. C. Monitoring. D. Compliance. Answer: C Monitoring is one of the eight components of COSO’s enterprise risk management framework. 20. This component of internal control concerns testing the system and its data. A. Control activities. B. Control environment. C. Monitoring. D. Risk assessment. Answer: C Monitoring ensures the ongoing reliability of information by monitoring and testing the system and its data. 21. In the COSO model, each of the following is a control objective except A. Compliance. B. Monitoring. C. Operations. D. Reporting. Answer: B Monitoring is correct because it is not a control objective in the COSO model. 22. According to COSO, which of the following is a compliance objective? A. To maintain adequate staffing to keep overtime expense within budget. B. To maintain a safe level of carbon dioxide emissions during production. C. To maintain material price variances within published guidelines. D. To maintain accounting principles that conform to GAAP. Answer: B Maintaining a safe level of carbon dioxide emissions during production is, in the U.S.A., required for compliance with law or regulation. 23. This is the process of identifying, analyzing, and managing the risks involved in achieving the organization’s objectives. A. Control activities B. Control environment C. Information and communication D. Risk assessment Answer: D Risk assessment is, “...the process of identifying, analyzing, and managing the risks involved in achieving the organization’s objectives.” 24. This fundamental component of internal control is the core or foundation of any system of internal control. A. Control activities. B. Control environment. C. Information and communication. D. Risk assessment. Answer: B The control environment is, “...the core or foundation of any system of internal control.” 25. The original COSO model has _____ control components, while the COSO ERM model has _____ control components. A. 2, 4 B. 4, 8 C. 8, 16 D. 5, 8 Answer: D This answer is correct because the COSO model has 5 control objectives and the COSO ERM model has 8 control objectives. 26. This component of internal control enables an organization’s people to identify, process, and exchange the information needed to manage and control operations. A. Control activities. B. Control environment. C. Information and communication. D. Risk assessment. Answer: C Information and communication enables an organization’s people to identify, process, and exchange the information needed to manage and control operations. 27. In the COSO (2011) “cube” model, each of the following are components of internal control except A. Monitoring. B. Control activities. C. Operations control. D. Risk assessment. Answer: C Operations control is not a component of internal control in the COSO model. Introduction to International Professional Practices Framework 28. One of the Rules of Conduct in the IIA’s Code of Ethics states, “Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.” To which Principle of the Code of Ethics does this Rule of Conduct relate? A. Integrity. B. Objectivity. C. Confidentiality. D. Competency. Answer: D That particular Rule of Conduct is designated Rule #4.2, in connection with “Competency.” 29. The IIA’s International Professional Practices Framework includes among its “mandatory” guidance each of the following elements except A. Definition of Internal Auditing. B. Code of Ethics. C. Practice Guides. D. International Standards. Answer: C Mandatory guidance consists of: (1) Definition of Internal Auditing; (2) Code of Ethics; and (3) International Standards. The “strongly recommended” guidance consists of (1) position papers; (2) practice advisories; and (3) practice guides [Show Less]