An Accounting Associate Sets Up A New Employee in The Payroll System and Directs The Checks To Be Sent To A Post Office Box

An accounting associate sets up a new employee in the payroll system and
directs the checks to be sent to a post office box. What two duties does this
employee have that are incompatible?
*Source: Retired ICMA CMA Exam Questions.
Authorization and record

keeping
Custody and record keeping
Custody and reconciliation
Reconciliation and authorization
A communicable disease has caused a widespread and rapid increase in
infected cases around the globe, pushing households to take shelter and
restricting physical movement. The airline industry is most affected by the
pandemic as most flights were halted and were reduced to only essential
travel. Which of the following statements would describe how this situation
would impact the inherent risk assessment of airlines?
Inherent risk will increase due to changes in market share and competition.
Inherent risk will increase because management lacks experience in managing such a situation.
Inherent risk will increase due to the operation's high sensitivity to external factors such as severe contag
Inherent risk will increase because of the volume and complexity of contracts the airline industry has und
Which of the following accounts of a healthcare entity would be assessed
to have low inherent risk?
Goodwill
Supplies of commonly used medical
supplies
Bad debts expense
Grants and contributions
Which of the following would be the most appropriate reaction to a
company assessing that there is a low likelihood that an internal control
failure will occur and that the potential loss from the failure is low?
Accept the risk of the failure and not do anything
Implement internal controls to prevent or detect the failure
Purchase insurance against failures
Adjust the strategy to avoid failures
company assessing that there is a high likelihood that an internal control
An accounting staff who works at a small family-owned business is in
charge of recordkeeping responsibilities. Because of the limited size and
capacity, he also helps the production manager count inventories. Which of
the following controls could best compensate for the lack of segregation?
Place an additional layer of supervision
Install security cameras in the warehouse
Install a fully automated system that can track the location of all inventory
Use a three-way matching system to compare purchase order, goods receipt note, and supplier invoice
Which of the following best describes how an organization should
safeguard its intellectual property in the current global business
environment?
Securing intellectual property is primarily management’s responsibility, so management should be the on
Because most intellectual property assets are technical in nature, the primary responsibility for safeguard
The internal audit function develops and implements internal controls over all kinds of assets, including i
Intellectual assets are normally secured by legal rights and obligations, so the need for internal controls is
Which of the following statements is not correct concerning the role of the
audit committee of the board of directors in corporate governance?
The audit committee is responsible for overseeing a company’s internal audit function.
The audit committee is responsible for hiring a company’s chief financial officer.
The audit committee is responsible for hiring a company’s independent external auditor.
The audit committee is responsible for reviewing and discussing audited financial statements with compa
Which of the following is the best example of an internal control designed to
safeguard and improve assurance over physical inventory?
Securing the inventory warehouse with cameras and restricting access to the inventory warehouse to cert
Implementing password security measures over inventory records and databases and requiring that the pa
Requiring that an ethics hotline be established to report possible violations of ethical conduct within the o
Mandating that all journal entries be reviewed and verified by at least two layers of management before f
Which of the following is an example of a detective control?
Installing firewalls on a computer system
Reviewing surveillance camera recordings from a warehouse
Keeping cash in a locked drawer before it is deposited
Performing background checks on all prospective employees
Differentiate a top-down (risk-based) approach from a bottom-up approach
to auditing internal controls.
A top-down approach considers all controls as potentially causing misstatement without discrimination o
other hand, a bottom-up approach allows the auditors to gain focus on what to prioritize in their audit bas
accounts and disclosures.
In general, a top-down approach manifests an operative style, given the upward direction of implementin
audit of internal controls since it starts from an entity-wide vantage point.
A top-down approach is scope-oriented and sees the entity holistically (i.e., seeing the bigger picture), es
directly into the source before moving forward in terms of the direction of its audit.
A top-down approach makes auditors less efficient in their auditing of internal controls because it is an a
approach offers auditors a more practical method in the selection of accounts and disclosures that would
How are the five components of COSO's Internal Control–Integrated
Framework correlated with one another?
Control environment and control activities can be considered as essentially strategic in nature, trying to p
communication fall under operative, since they deal with the details of the internal controls system dissem
two, designed to ensure that these two groups are aligned; that the execution (operative) does not deviate
Control environment and information and communication can be considered as essentially strategic in na
and control activities are more operative, since they deal with the details of the internal controls system, d
these two, designed to ensure that these two groups are aligned; that the execution (operative) does not d
Control environment and monitoring activities can be considered as essentially strategic in nature becaus
assessment and control activities fall under operative since they deal with the details of the internal contr
the bridge between these two, designed to ensure that these two groups are aligned; that the execution (op
Control environment and risk assessment can be considered as essentially strategic in nature, trying to pu
information and communication fall under operative, since they deal with the details of the internal contr
between these two, designed to ensure that these two groups are aligned; that the execution (operative) do
Which of the following scenarios would least likely represent a management
philosophy that could pose a risk to the creation of an ethical control
environment?
A management team that believes in investing in employees in order to improve efficiency
A management team that is dominated by one individual
A management team hired to turn around unprofitable operations within the next 12 months
A management team that believes in giving short-term contracts to employees instead of long-term contr
Which of the following most accurately explains the concept of audit
efficiency in the context of an external audit engagement?
Audit efficiency pertains directly to whether an accurate audit report is maintained and how helpful the r
Audit efficiency relates to how effectively the external auditors rely on the work and expertise of interna
Audit efficiency pertains directly to the resources, time, and personnel involved in the audit process, and
Audit efficiency relates to how efficiently the external auditors integrate technology during the audit proc
Which of the following statements about the Foreign Corrupt Practices Act
(FCPA) is not correct?
The FCPA contains provisions concerning anti-bribery and accounting issues.
The FCPA prohibits U.S. companies from making payments (or giving anything of value) to officers of f
A bribe does not actually have to be paid for a violation to occur under the FCPA.
“Grease payments” are allowed under the FCPA.
A company is about to form its audit committee. Which of the following
would least likely be considered in selecting the members of this
committee?
Members of the audit committee should not have family connections within the board of directors, senior
The audit committee should have at least one member who qualifies as a financial expert.
SOX Section 203 requires audit committee members to rotate off every five years to help maintain the co
Members of the audit committee should not have consulting, advisory, or other engagements with the com
Which of the following is an example of a preventive control?
Reconciling the cash on hand balance to the bank statement
Keeping unused checks in a locked room
Comparing expenses in the general ledger to approved invoices
Which level of assurance over the financial reporting process and internal
control environment is provided during an annual external audit?
Complete assurance over both the financial reporting process and the internal control environment in pla
Reasonable assurance over the financial reporting process and complete assurance over the internal contr
Reasonable assurance over the internal control environment in place at the organization and complete ass
Reasonable assurance over both the financial reporting process and the internal control environment in p
Which of the following statements is correct concerning responsibility for
corporate governance?
The audit committee is responsible for hiring the external auditor while the board of directors is responsi
Senior management is responsible for overseeing the internal audit function while the board of directors
Senior management is responsible for managing the day-to-day operations of a company while the audit
Senior management is responsible for approving a company’s strategy while the board of directors is resp
Which of the following is a requirement of the Foreign Corrupt Practices Act
concerning internal control systems?
An issuer should maintain a system of internal controls that provide reasonable assurance that financial o
Key executives must attest that they have reviewed the financial statements, and to their knowledge, the
The audit committee shall have at least one member with accounting or related financial management ex
Public companies must establish and maintain a system of internal controls that external auditors audit.
Internal controls are designed to provide reasonable assurance that entities
can achieve effective and efficient operations, reliable financial reporting,
and compliance with laws and regulations. All of the following are inherent
limitations of internal controls except:
The ability of management to authorize exceptions to internal controls
Employees who work together to undermine an otherwise effective internal control system
Some controls may be too costly to implement
Reliance of auditors on sampling method to test transactions
To create a business environment that is ethical in nature, and supportive
of employees reporting possible unethical behavior, a control system is
necessary. To this end, to whom should internal audit report?
The internal audit function should report to the audit subcommittee of the Board.
The internal audit function should report to the CFO to facilitate communication and efficiency.
The internal audit function should report to and work directly with external consultants to maintain confi
The internal audit function should not report directly to anyone because the best way to create and develo
behavior.
What is the legal documentation of a company's formation?
Articles of
incorporation
By-laws
Policies and
procedures
Internal controls
What should be the goal of internal controls at an organization?
Internal controls should control, verify, and optimize information within the organization for business de
Internal controls should provide management with complete assurance over the accuracy of internal infor
Internal controls should exclusively verify the financial information generated by the organization.
Internal controls should form the basis for the work performed by the external auditors during the externa
How does the level of control risk associated with physical cash compare
with the level of control risk for other types of current assets?
The level of control risk for cash is the same as other current assets because all current assets are liquid a
The level of control risk associated with cash is greater than the control risk for other current assets, but t
because fewer and fewer organizations use cash in today’s business environment.
The level of control risk associated with cash is higher than the control risk for other current assets becau
The level of control risk associated with cash is lower than other current assets, because cash is a fungibl
At times, in compliance with the FCPA, entities are challenged by lack of a
clear line of demarcation between what act constitutes a violation (a bribe)
and what act does not (a facilitation payment). How can entities manage
the potential risk arising from this ambiguity?
Entities can opt not to make any kind of payment at all to avoid the risk of violation as much as possible.
Conducting internal or outsourced due diligence in foreign territories, especially regarding the political la
Given the sensitivity of these payments, being susceptible to misinterpretation as bribes, effective interna
strong ethical control environment.
All of the above are valid risk management strategies.
Which of the following is an example of a control environment and
management philosophy that might create an environment where ethics are
subordinated to other needs?
An organization that is characterized by long-term investing in contracts, physical assets, and R&D activ
An organization where management professionals emphasize meeting and exceeding periodic financial g
An organization that has recently streamlined its operations to improve efficiency, including a reduction
An organization that has recently launched a new employee development and training program at the sam
Which of the following statements is correct concerning a company’s
articles of incorporation?
Articles of incorporation are not available to the public.
Articles of incorporation cover the day-to-day internal rules of a corporation.
Articles of incorporation contain information on the number of shares of stock the corporation can issue.
Articles of incorporation include information on how the board of directors will be elected.
Which of the following forms part of the board of directors' responsibilities?
The board ensures the company operates in the best interest of significant shareholders.
The board is responsible for establishing corporate policies and appointing senior management of the com
The board can pass on hiring decisions for top or senior management to the human resources department
Deciding who replaces retiring members of the board of directors is also the responsibility of the remaini
Which of the following management characteristics would most
likely indicate an increase in inherent risk?
Key decisions should be made by majority vote, but in practice, only one person dominates the decision-
Management is composed of experienced individuals in the industry who can address emerging issues an
Management places emphasis on meeting performance targets to achieve healthy and sustainable growth
A large volume of transactions needs to be processed, but staff receives sufficient training to use availabl
A communicable disease has caused a widespread and rapid increase in
infected cases around the globe, pushing households to take shelter and
companies to reevaluate how they do business. Which of the following
personnel hiring procedures are essential in this situation to maintain an
efficient control environment?
Ensure personnel have the required skills to perform control activities, especially in undertaking manage
Identify and coach staff as back-up for critical responsibilities such as IT, operations, legal, and HR in ca
Increase mandatory time-offs that will help staff to recover from fatigue and will allow another employee
Employee onboarding of hires to help them understand how to use communication tools and applications
Which of the following provides the most accurate description of the risk to
internal control policies and procedures posed by automating journal
entries and other processes?
Automation will inevitably lead to business process improvement and efficiency, so there is not really an
Automation could eventually lead to the loss of accounting jobs which could cause employees to act une
Automation may, either by accident or through collusion, lead to violations of internal control policies an
If the automation is led by the internal technology function, there is not any additional risk to internal con
All other things being equal, would a management team most want to see
detective or preventive controls implemented throughout the organization?
Detective controls are preferred because detective controls mean that internal auditors are actively engag
Neither control is preferred because technology tools like artificial intelligence will automate and stream
Preventive controls are usually preferred by management teams because these controls will enable the or
Preventive controls are always preferred because once unethical activity has occurred, it is not worth unc
An auditing firm is concluding its audit of a publicly traded company in the

U.S. After obtaining sufficient audit evidence, an external auditor concludes
that misstatements in the aggregate are material but not pervasive to the
financial statements. What type of opinion should the external auditor issue
on the company's financial statements?
Unmodified opinion
Qualified opinion
Adverse opinion
Disclaimer of opinion
The internal audit function is seeking to improve controls over the posting
and approval of fraudulent journal entries in the accounting system. Which
of the following options would best mitigate risk in this area?
Automate and standardize entries so that employees are not involved in this process.
Institute a two-step posting system, where no single employee can post and review/approve his or her ow
Place one department or person in charge of posting and approving all entries.
Focusing resources in this area is not an effective use of resources because this is not an area for high am
Which of the following correctly describes the level of internal controls that
an organization should implement to ensure correct valuation and
documentation of its physical assets?
Since physical assets can be easily appraised by an external third party, the organization should not use o
Physical assets are depreciated as a matter of course, so the current market valuation of physical assets is
Physical assets should be subject to controls and valuation procedures similar to those put in place over o
The organization should only have controls to ensure that the current year depreciation and accumulated
Is it important for journal entry systems to designate an independent
reviewer of journal entries in the context of an organization’s internal
control environment?
No, because journal entry systems are becoming increasingly automated; therefore, the necessity for revi
No, an independent reviewer of journal entries is not necessary if the organization has established a robu
Yes, because review controls help organizations ensure that data is accurate and approved in the correct m
Yes, the organization should have an independent reviewer if the external auditors have found any issues
Reconciling the cash on hand balance to the bank statement
Which of the following statements is not correct concerning responsibility
for corporate governance?
Senior management is responsible for executing a company’s strategy while the board of directors is resp
Senior management is responsible for approving the issuance of stock by a company while the audit com
The board of directors is responsible for declaring dividends and the audit committee is responsible for re
Senior management is responsible for managing the day-to-day operations of a company while the audit
Management assesses risks to design and implement appropriate internal
control systems to minimize errors and irregularities. All of the following
activities will help them achieve the objectives of risk assessment except:
The entity considers the potential for fraud in assessing risks to the achievement of objectives.
The entity reassesses risks regularly and as soon as changes in its operating environment transpire.
The entity adopts a policy to guide employees on how to assess and manage risk.
The entity selects and develops control activities that can reduce risk to acceptable levels.
Which of the following best describes the primary benefit or benefits of
cross-training for employees and organizations?
The primary benefit of cross-training is to help employees better understand what their colleagues deal w
The primary benefit of cross-training is that during times of high employee turnover, the existing employ
The primary benefits of cross-training are that it helps spread organizational best practices, and it allows
The primary benefit of cross-training employees is that it allows access to all internal information across
Which statement best describes the role of the engagement letter during
the audit process?
The engagement letter merely serves as the introduction to the audit process and does not pertain specific
The engagement letter is only applicable for compilations and reviews, and not full audits, so it is infrequ
The engagement letter outlines the scope, work, and processes to be undertaken by external auditors duri
When the external auditors sign and verify the engagement letter, the terms and processes outlined in the
Which of the following controls over cash can detect material
misstatements?
Regular bank reconciliations
Bonding employees who handle cash
Segregation of duties in the cash receipts process
Safes and vaults where cash can be stored securely
What level of information and data would necessitate a disclosure in the
external audit report upon conclusion of the annual audit?
Any errors, misstatements, or omissions that are present in the financial statements should be disclosed d
Material misstatements, errors, and omissions should be communicated and disclosed to stakeholders and
If the external auditors have performed all the necessary substantive procedures and examinations, there
Since internal auditors manage and run most of the audit testing and processes, external auditors usually
How does an ethics hotline help an organization create a good tone at the
top and operate in an ethical manner?
Since employees are not likely to submit reports or information to management, an ethics hotline will no
An ethics hotline provides employees a method to report possible unethical activity, and to hold other em
If the organization has invested significantly in technology and automation, an ethics hotline is not a requ
An ethics hotline will address many of the needs of an organization and eliminate the need for some train
What is the connection between virtual currencies like Bitcoin and the audit
evidence necessary to successfully complete an annual audit process?
Bitcoin and other virtual currencies will not have any impact on the audit evidence necessary since these
Bitcoin and other virtual currencies will change both the nature of the evidence collected during the audi
Since these assets are digital in nature, these components of the audit process should be delegated to the t
The only way to successfully test these virtual assets is to hire an expert external firm and rely on the find
One day, a petty cash custodian realized he had forgotten his wallet at
home and decided to borrow a few dollars from the petty cash fund to buy
lunch. When he was about to return the money, he realized he could write
a petty cash voucher for himself and attach the receipt. After that time, he
never had to buy his lunch with his own money.
Which of the following controls would detect such employee theft?
Prenumber petty cash vouchers

Demand receipts to back up expenses being claimed before issuing the petty cash voucher
Another staff should review and approve the petty cash log and reconciliation form before replenishment
Secure the petty cash fund in a secure lockbox to keep the fund separate from other cash on hand
What is the correct level of assurance and insight that external auditors
should provide in their findings and reports over the organization’s financial
information?
The external auditors must provide complete and total assurance in their findings over the financial infor
The external auditors must assert that the financial information is presented in absolute precision accordi
The external auditors must provide reasonable assurance that the financial information is presented in a m
The external auditors do not provide any level of assurance over the organization’s financial information
Which of the following correctly interprets the provisions outlined in Auditing
Standard No. 5, An Audit of Internal Control over Financial Reporting that is
Integrated with An Audit of Financial Statements?
Since the auditing of internal controls is an embedded compliance requirement incorporated with financi
controls can also be given the same unqualified opinion.
The audit is not directed toward the group of internal controls involved in financial reporting itself, but ra
continuously functioning effectively.
Considering that auditing of internal controls is different from the auditing of financial statements, audito
expressing opinions for each type of audit.
Auditors must establish different materiality thresholds or criteria for auditing of internal controls and fo
An oil company is looking to expand its operations in another country.
However, after careful assessment, they discovered that the plan is too
risky because of the geopolitical risk involved in the expansion. Which of
the following risk mitigation strategy should the company employ?
Accept
risk
Reduce
risk
Transfer
risk
Avoid risk
How is the concept of corporate governance linked to internal controls and
the method by which management implements certain control and other
operational decisions?
Corporate governance is an idea and concept that is purely assigned to senior leadership and the Board of
Corporate governance only pertains to qualitative information; therefore, corporate governance is only lin
The relationship between corporate governance and internal controls goes back and forth between establi
With the increased globalization of business, corporate governance measures and issues are not as impor
once were.
Because of the global nature of business, auditing and issuing audit
statements can become very complex. What is the most accurate
statement about how financial reports should be prepared?
Every organization’s financial statements must be prepared in accordance with U.S. GAAP because the U
Because IFRS is used by the majority of nation-states, the financial statements should be prepared under
Due to the numerous requirements and disclosures necessary for each specific industry, there is no standa
An organization may prepare and present the information related to financial statement disclosures under
Which of the following statements about inherent risk is true?
Inherent risk increases when the business environment rarely changes.
Inherent risk cannot be reduced by implementing internal controls.
As inherent risk increases, the auditor will need to accumulate a larger sample size to reduce detection ris
Inherent risk is the possibility of material misstatement due to the absence or failure of relevant internal c
Which of the following is not a reason why using prenumbered purchase
order forms with sequential numbers is a form of internal control?
Using prenumbered forms with sequential numbers eliminates the chance that an employee will forget to
Using prenumbered forms with sequential numbers eliminates the chance of having multiple purchase or
Using prenumbered forms with sequential numbers allows a company to know exactly how many purcha
Using prenumbered forms with sequential numbers saves time when filling out the form since the numbe
During an annual integrated external audit, which of the following best
summarizes the scope of the work that the external audit team should
perform?
The external audit team should examine 100% of all transactions, journal entries, and associated docume
The external audit team should perform basic samples during this audit because the internal audit team al
The external audit function should conduct risk assessment procedures, and then conduct appropriate lev
The external audit function should conduct risk assessment procedures, and then conduct appropriate lev
What is the goal and objective of the annual audit performed by external
auditors and consultants?
To issue their findings that the financial statements and internal controls are free from error or mistakes a
To conduct testing and sampling procedures of the internal control environment and advise management
To provide reasonable assurance over the external financial reporting functions and processes
To provide reasonable assurance, and possible suggestions for improvement over both financial reporting
All of the following statements in regard to management's report on internal

controls over financial reporting in accordance with the Sarbanes-Oxley Act
are true except that the report must
include a statement of management's responsibility for establishing effective internal controls over financ
include a statement that the design of the internal controls is the responsibility of the company's audit com
assess the effectiveness of the company's internal controls over financial reporting, as of the end of the pe
be attested to by an independent auditor.
Installing firewalls on a computer system
Keeping cash in a locked drawer before it is deposited
Performing background checks on all prospective employees
What is the best definition of an unqualified audit opinion as issued by
external auditors for a U.S.-based organization?
The financial statements and disclosures are fair and transparent when analyzed through the lens of IFRS
The financial statements and internal controls are materially correct when analyzed under U.S. GAAP.
The financial statements provided to external users and analysts are free from error and can be used with
The external auditors agree with the information and findings put forth by internal auditors regarding aud
failure will occur and that the potential loss from the failure is high?
What is the most appropriate definition of internal control structure as it
pertains to the internal audit processes?
Internal control structure pertains to the number of tests and examinations performed during the internal
Internal control structure is linked to the number and type of internal controls established by managemen
Internal control structure is only linked to the testing and procedures over cash and cash management pro
Internal control structure pertains to the technology assets and systems put into place to prevent and unco
A company is in the process of evaluating its auditor for the past five years
to decide whether to hire it again. Incidentally, the CFO also hired the same
firm for tax preparation services. Which of the following, identifies the right
course of action with proper reasoning?
Replace the audit firm because it is also doing tax preparation services.
Keep the audit firm and have it continue the engagement as is. This way, the efficiency and effectiveness
Negotiate a discounted price with the audit firm, as there will be two engagements with it. This should be
Retain the current auditor but demand that a new lead partner undertake the audit engagement, even thou
Which of the following is not true about the audit committee?
The audit committee should also have independence.
The audit committee is responsible for the oversight of the financial reporting process.
The audit committee is required to have at least one member who qualifies as a financial expert.
The audit committee is responsible for hiring the CFO and the independent external auditors.
Which of the following statements most accurately demonstrates
safeguarding intellectual assets?
Instituting a comprehensive policy about emails, passwords, and communicating information to external
Always purchasing the most cutting-edge technology tools.
Because it is so difficult to keep pace and remain well informed on changes in technology trends, safegua
Maintaining a robust and comprehensive password policy.
Which of the following statements is correct concerning the role of senior
management in corporate governance?
Senior management is responsible for nominating people to serve on the board of directors.
Senior management is responsible for appointing the company’s external auditor.
Senior management is responsible for declaring dividends.
Senior management is responsible for implementing changes recommended by the company’s internal au
A company implemented the policies enumerated below. Which would help
the company strengthen its SOX compliance?
Policies state that management shall be responsible for the internal controls and financial statements of th
for such findings.
The board of directors included corporate social responsibility (CSR) activities in their policies, making s
Because the company is a chemical firm, the audit committee it created did not include a financial expert
prevent spillage and quality control risks.
Given the influence of top management on the overall organization, the board included in its policies tha
Which of the following scenarios would possibly represent a management
environment?
A management team focused on generating long-term growth and increases in earnings power for shareh
A management team focused on exceeding short-term financial results so they can pay bonuses to all em
An organization that was previously cited for unethical behavior and illegal actions, but with a new mana
A management team that is focused on risk management and conservative management policies and cont
Which of the following statements is correct concerning the difference
between corporate bylaws and articles of incorporation?
Corporate bylaws cover how board members are to be notified of board meetings and articles of incorpor
Corporate bylaws are available to the public and articles of incorporation are not available to the public.
Corporate bylaws cover the specific responsibilities of board committees and articles of incorporation co
Corporate bylaws cover the par value of common shares and articles of incorporation cover whether the c
The Foreign Corrupt Practices Act (FCPA) of 1977:
Requires certain records be kept for a minimum amount of time.
Forbids the bribing of foreign officials.
Requires companies maintain a reasonable set of internal controls.
All of the above.
Which of the following is not a responsibility of the entire board of
directors?
Oversee risk management
Manage the company on a day-to-day basis
Monitor the CEO’s performance
Approve the company’s strategic plan
What is the best definition of “tone at the top” as it pertains to internal
auditing, corporate governance, and management philosophy?
Tone at the top represents the actions undertaken by management to establish ethics and the importance o
Tone at the top means that the management team has established an ethics hotline and reporting policy to
Tone at the top is under the purview of external auditors and consultants recommending actions and polic
Tone at the top is fulfilled and demonstrated by the implementation of training led by external experts an
A company is faced with some corporate governance challenges. The
board is proactive in its role of governing the company, especially when
management is making decisions that may influence the future of the
company. As such, senior management and the board became quite
unsure of how to delineate their roles and sometimes have disagreements
about how the company should conduct operations. What would work best
to solve this issue?
Replace senior management and appoint other executives who would agree with you.
As an ethical practice, step down as a board and let someone else fill the role.
Review the company's by-laws to see if it has guidance on the role of the board and senior management.
Inform senior management that the board is on a larger scale regarding the corporate governance hierarch
Requiring that all purchases be made with approved vendors
Installing theft prevention tags on merchandise
Which of the following is the most appropriate example of a control put in
place over payroll?
The payroll accounts and information should be combined with the other business accounts.
Human resources should delegate the payroll process to the treasury department.
The payroll accounts and authorizations should be distinct and separate from other business payments an
Payroll should be outsourced to an external third party.
SOX requires that the audit committee have at least one financial expert. A
person can be deemed a financial expert through all of the following
means except:
having education and experience as a principal financial officer or of a similar function.
having experience actively supervising a principal financial officer or person performing similar function
having experience overseeing or assessing the preparation, auditing, or evaluation of financial statements
having experience in managing a corporation on a day-to-day basis.
Which of the following SOX provisions would prevent familiarity risk
between the audit firm and the company being audited?
SOX Section 301 requires the audit committee's independence.
SOX Section 407 requires audit committees to have at least one member who qualifies as a financial exp
SOX Section 404 requires public companies to establish and maintain a system of internal controls.
SOX Section 203 requires lead audit partners to rotate off engagements.
During an external audit, management must make certain assertations and
statements related to both the internal control environment and financial
information. What is the most accurate summarization of these
assertations?
That all financial information is stated without any errors or omissions whatsoever.
That all technology tools and upgrades over financial reporting that have been implemented are disclosed
Management assertions are only linked to the internal control environment, and the proposed effectivene
That all accounts shown exist, and that all financial information has been reported and disclosed.
How does establishing an ethics hotline or some other method for
employees to report possible ethics issues impact an organization’s control
environment?
Setting up an ethics hotline has not provided any meaningful benefit to the culture and governance of org
Because employees must identify themselves when they report possible unethical activity, an ethics hotli
An anonymous employee hotline or portal helps improve culture and governance since employees can re
An anonymous hotline helps improve culture and governance because ethical issues are always reported
How do auditors take the importance of internal controls into account
during the testing and auditing process?
Since internal controls are the sole responsibility of management and internal auditors, controls do not pl
Controls are taken into account to help identify risks and help plan the other audit testing and processes w
Controls form the basis of the annual audit process and are the focus of external audit testing and procedu
Controls are only taken into account during an external audit when auditors are completely sure that exam
An accounting staff received an email urgently asking for the passcode to
access the accounts payable module. Because the staff did not know who
the person was and the address it was sent from, she found the email
suspicious and decided to report it. Which of the following threats to
security did the staff experience?
Phishing
IT
sabotage
Virus
Trojan
horse
Which of the following best summarizes what an engagement letter is and
how it is used during the external audit process?
An engagement letter explains and outlines the terms and conditions of the audit, but it does not include a
procedures to be conducted are chosen.
An engagement letter explains and outlines the terms and conditions of the audit, including an explanatio
An engagement letter is merely a formality in the current business environment, so it is standardized and
An engagement letter is usually written by the management team in coordination with legal experts to en
Requiring that someone other than the person who approves new employees distribute direct deposit pay
Requiring two approvals for wire transfers
Requiring employees to scan ID cards to access company facilities
Requiring a credit score before granting credit to a customer
Which of the following statements is not correct concerning corporate
bylaws?
Corporate bylaws typically include information on the qualifications for serving on the board of directors
Corporate bylaws typically include information on the proper handling of potential conflicts of interest in
Corporate bylaws stipulate how many board of director members are needed to establish a quorum at boa
Corporate bylaws stipulate the voting rights of each shareholder class.
Which one of the following actions would most effectively address the issue

of internal control risk related to the custody of cash receipts?
Establishing a lockbox deposit system at a regional bank

Assigning a single employee to be responsible for the receipt and posting of cash receipts to customer ac
Preparing a control total of cash receipts immediately upon opening incoming payments
Installing a surveillance system to monitor the processing of cash receipts and custody of cash
What types of errors and misstatements should be disclosed and reported
as a result of an external audit?
All errors should be reported and documented, regardless of the size and scope of the errors.
Errors and misstatements that are material in nature must be reported and documented in the audit report
The errors and misstatements that are linked to financial reporting and statements
Misstatements that management does not have an explanation for because if management has an explana
Which of the following COSO principles are relevant to monitoring
activities?
The organization evaluates and communicates internal control deficiencies promptly to those parties resp
The board of directors demonstrates independence from management and exercises oversight of the deve
The organization considers the potential for fraud in assessing risks to the achievement of objectives.
The organization obtains or generates and uses relevant, quality information to support the functioning of
Segregation of duties is one of the basic rules applied and maintained in
designing business and accounting processes. All of statements about
segregation of duties are correct except:
Failure to properly separate conflicting functions will always result in misstatements due to fraud or erro
In cases where segregation of duties would be impractical, the entity must assess its current level of risk
Technology nowadays has favorably contributed to enhancing segregation of duties by limiting viewing
In spite of implementing this control effectively, there is no absolute assurance of its efficacy, since collu
Which of the following best describes a possible risk to the internal control
environment when a merger, acquisition, or other business combination
occurs?
Since these activities are led by senior management teams with the advice of consultants, there is very lim
Due to the many changes in the reporting process that occur during a merger or acquisition, there is a ser
The primary risk during a merger or business combination is that information may be leaked by disgruntl
The greatest risk to the internal control environment during a merger is that because the ledgers of differe
than normal which increases the chance of mistakes during the closing process.
Which of the following statements related to corporate governance is
correct?
Shareholders elect the board of directors to be responsible for the day-to-day management of the compan
Corporate governance refers to the system of rules and procedures by which a company should be overse
Corporate governance provides the employees with the ability to direct the affairs of the company.
The governance structure need not meet the requirements set by federal or state regulators as long as it ha
What is the most accurate difference between positive and negative
confirmations in the external audit examination and testing process?
Negative confirmations require a response, while positive confirmations can be validated even without a
Positive confirmations require a response, while negative confirmations can be validated even without a
Positive confirmations are only used for multinational organizations, and negative confirmations are used
Negative confirmations are used more than positive confirmations in audits today due to the increased di
Segregation of duties is a critical element of control activities that can
prevent fraud from taking place. Which of the following statements is not
true about segregation of duties?
The fundamental functions that must be separated are authorization, recording, and custody.
Segregation of duties must always be practiced regardless of cost.
In an IT environment, the programmer, operator, librarian, and data reviewer must be segregated.
In handling cash, the person who opens the envelopes containing checks should not enter the payments in
Periodically comparing the list of all computers a company owns to the actual computers on hand in the o
Randomly reviewing employee website activity
Examining a random sample of paid expense filings every month
Requiring employees to change computer passwords every 60 days
Which of the following scenarios would least likely represent a management
environment?
A management team that believes in investing in employees in order to improve efficiency
A management team that is dominated by one individual
A management team hired to turn around unprofitable operations within the next 12 months
A management team that believes in giving short-term contracts to employees instead of long-term contr
You Answered Correctly!
Which of the following statements concerning internal control objectives
based on the COSO framework is not correct?
Internal controls are designed to provide reasonable assurance that a company produces reliable, transpar
Internal controls are designed to provide reasonable assurance that a company complies with applicable l
Internal controls are designed to provide reasonable assurance that a company runs efficiently and effecti
Internal controls are designed to provide reasonable assurance that a company will be profitable.
Which of the following best describes how internal controls relate to the
tone at the top of an organization?
Because tone at the top is a qualitative idea and internal controls are quantitative tools for management, t
The internal controls that are established at an organization should reinforce and support the tone at the to
Tone at the top and internal controls are distinct ideas, but they are related because the tone at the top ma
These two concepts are inversely related because as internal controls become increasingly automated and
Doing a “surprise audit” of petty cash
Requiring two signatures on checks over a predetermined amount
Performing variance analysis comparing actual spending to budgeted spending
Doing a physical inventory count
The control environment is a set of standards, processes, and structures
that provide the basis for carrying out internal controls across the
organization. How should companies consider employee competence in
relation to their control environment?
Companies only need to hire competent employees to make an effective control environment, so they do
Hiring employees is not relevant to create an effective control environment, so conducting adequate back
Companies must hire and retain competent employees who can carry out their functions and provide them
Employee competence does not matter as long as the board of directors is competent.
Which of the following assertions does the use of prenumbered sales
invoices support?
Valuation
Existence
Completeness
Rights and
obligations
Which of the following would be classified as a preventive control related to
technology and data management?
Following an attempted data breach, management institutes a review of control policies over the passwor
Prior to any evidence of attempted cyber hacks, management institutes a mandatory password changing p
Management implements new controls and security measures over assets and inventory to prevent unethi
The organization invests in cutting-edge software, which will ensure security and up-to-the-minute proto
Which organization and standard setting body oversees and enforces
accounting standards for government accounting entities?
The Financial Accounting Standard Board (FASB)
The Public Company Accounting Oversight Board
(PCAOB)
The Governmental Accounting Oversight Board (GASB)
The International Accounting Standards Board (IASB)
When an organization is experiencing rapid growth, how important are
internal controls?
Since rapid growth is a good thing for organizations, internal controls can be put on the back burner until
Growth and generating value are the main fiduciary duties of management, so internal controls are a seco
Even in a period of high growth, internal controls, and control policies should always come before growt
Even during periods of high growth, there should be a balance of control and growth opportunities. This
Among the following, which best describes the overall characteristics and
nature of internal controls over financial reporting and safeguarding of
assets?
Internal controls are checkpoints built into the processes intended to capture intentional fraud and errors.
related to financial reporting and safeguarding of assets.
As the entity grows, management becomes more reliant on the efficacy of its internal controls to help ens
even with an increasing volume of transactions and compliance requirements.
The mere existence of internal controls is sufficient proof to provide assurance that financial reporting an
wealth.
It is considered to be a more effective approach if an entity strengthens the internal controls procedures in
concerns only top management.
As part of the minority interest in a publicly listed company, which of the
following can be viewed as a favorable corporate governance exercise?
Conducting quarterly investors' briefings and updating the stakeholders on the status of the company
Subsidiary company lending the parent company some form of a loan at an interest rate at par to treasurie
Company swapping shares to a significant shareholder for an asset when the share price is low, producin
A member of senior management actively engaged in trading shares of the company in the open market
The accounting controls surrounding the revenue cycle should provide

assurances of all of the following except the
accurate recording, shipping, and billing of all valid sales transactions.

approval of all credit sales transactions after they are processed.
proper authorization of all sales returns and allowance transactions.
accurate recording of customer accounts and finished goods inventories.
During the beginning of an annual audit, the external auditors discover that
the accounts receivable balance is understated by 15%, which balance
accounts for 35% of total assets. What is the most appropriate step to take
in this situation?
The auditors should note the difference and move on to the next account, as the amount of testing that ca
The auditors should ask the corporate controller to verify the accuracy and completeness of these items. I
The auditors should note the difference and move on to the next account since accounts receivables are c
The auditors should perform testing using positive confirmations to confirm existence and completeness.
Which of the following provides the best definition of an integrated audit?
An integrated audit is an audit of the effectiveness of the internal controls over financial reporting where
An integrated audit is an audit of the financial statement information integrated with a tax audit.
An integrated audit is a comprehensive audit of both the internal controls and operational compliance at a
An integrated audit is an audit of the effectiveness of the internal controls over financial reporting integra
Which of the following statements is not correct concerning the role of the
board of directors in corporate governance?
The board of directors is responsible for appointing the company’s chief executive officer.
The board of directors is responsible for approving any offer to buy another company before the offer is
The board of directors is responsible for executing a company’s strategy.
The board of directors is responsible for approving stock issuances made by the company.
Periodically comparing the list of all computers a company owns to the actual computers on hand in the o
Randomly reviewing employee website activity
Examining a random sample of paid expense filings every month
Requiring employees to change computer passwords every 60 days
What is the proper way for organizations to approach implementing internal
controls over cash and cash equivalent assets?
If the organization has implemented an independent review of cash on a periodic basis, there is no need f
Organizations should focus on developing and implementing robust internal controls over cash and cash
Since cash is a fungible asset and poses a very high audit risk regardless of the number of internal contro
over the cash process because the resources could be better used in other areas.
The use of cash is being phased out of business processes, so establishing controls over cash is becoming
Which of the following statements about the Foreign Corrupt Practices Act
(FCPA) is not correct?
The FCPA contains provisions concerning anti-bribery and accounting issues.
The FCPA prohibits U.S. companies from making payments (or giving anything of value) to officers of f
A bribe does not actually have to be paid for a violation to occur under the FCPA.
“Grease payments” are allowed under the FCPA.
Jim is a clerk who receives a check from one customer for $500. Because
he needs cash to pay his loans, he cashes the check for himself. Another
customer sends in a check for the same amount, and Jim uses this
payment to credit the first customer's account, thereby hiding his theft.
Which of the following fraud schemes could have been prevented with
proper segregation of duties?
Kiting
Lapping
Skimming
Diversion of payment from slow-paying
customers
What is an appropriate example of an internal control that would effectively
safeguard physical inventory at an organization in the retail industry?
Require all employees to routinely update passwords, log-ins, and other access methods for information.
Take out insurance policies for the valuation and completeness of inventory records and assets within the
Institute a review process for purchasing and approving new vendors for purchasing inventory.
Limit access to physical inventory levels and install cameras and other monitoring processes to track and
How does the concept of internal controls tie into the process of cross-
training at an organization?
There is not an apparent connection between cross-training different employees and the overall internal c
Cross-training can help prevent unethical activity due to additional review processes by various employe
Cross-training employees in different activities only applies to a narrow set of roles and responsibilities,
If an organization has a cross-training program, the need for other controls is reduced significantly since
Within the context of internal control structure and varying management
philosophies, is there a definitive answer as to whether detective or
preventive controls are superior?
Detective controls are clearly superior to preventive controls because fraud can only be uncovered throug
Preventive controls are clearly superior to detective controls because unethical behavior and fraud is not
Neither type of control is inherently superior to the other because of the rise of analytical tools, especially
Neither type of control is inherently superior to the other because a satisfactory internal control environm
Requiring that all purchases be made with approved vendors
Installing theft prevention tags on merchandise
The Sarbanes-Oxley Act can be considered as a reactive initiative in
response to globally known, infamous financial scandals. All of the
following resulted in the following outcomes except:
The audit committee suddenly rising as a significant oversight governing body. There have been significa
board of directors.
Compliance becoming more expensive which has disproportionately had a negative effect on smaller pub
Effectively eradicating fraud and misrepresentations through transparency and due diligence.
An attempt to restore the public’s trust in the auditing and accounting industry.
Auditor A accepts a client in an industry where change is constant and
rapid. Such a client presents an example of:
audit risk.
inherent
risk.
control risk.
detection
risk.
A fast-fashion retailer has expanded operations beyond the United States
and now has stores in key cities in Asia and Europe. Aside from selling, its
overseas operations also involve production because labor and raw
materials are cheaper. To hedge against foreign exchange risk, the retailer
decided to undertake a currency forward contract. Which of the following
risk mitigation strategies did it take?
Accept
risk
Reduce
risk
Transfer
risk
Avoid risk
Would establishing an ethics reporting hotline or other reporting portal
represent a positive or negative trend for the tone at the top of an
organization?
Positive, because an ethics reporting hotline provides employees with a method to report possible unethic
Positive, because employees have an option to report possible unethical activity in a way that requires the
Negative, because by setting up an ethics hotline the organization is essentially admitting that ethical vio
Negative, because ethics hotlines are almost always set up in the aftermath of a fraudulent action at the o
Which of the following is true with regard to corporate governance?
Essentially, corporate governance gives the company's stakeholders the ability to direct the affairs of the
Shareholders hire the board of directors, which, in turn, hire the company's senior management to execut
The company's articles of incorporation contain how business functions operate. In addition, rules and po
The company's by-laws legally document the company's formation. In addition, the by-laws contain the p
In addition to conducting examinations and testing of internal records,
documents, and controls, are there other documents, information sources,
and data that are analyzed during an external audit?
No, as long as the external auditors have access to all requested internal records, documents, and controls
Yes, in addition to internal information and documentation, auditors often scrutinize SEC filings, includi
No, since external auditors only receive information that has already been reviewed by internal auditors,
Yes, in addition to internal information and documentation, external auditors only review external press r
Which of the following controls would likely be introduced by a multinational
company with remote employees to manage access control to its internal
network?
Locks and security cameras
System monitoring and logging tools
Use of a virtual private network (VPN)
Background checks on employees with critical functions
Obtaining confirmation of receivables and payables is an important part of
the auditing process. Which person or function should handle the
confirmation process?
The internal audit function should handle the confirmation process because the internal auditors are most
The external auditors should handle the confirmation process to preserve the chain of audit evidence and
The audit committee should handle the confirmation process to make the process of sending out and rece
The corporate controller should handle the confirmation process because this individual has the best relat
Which of the following statements is not correct concerning provisions of
the Sarbanes-Oxley Act of 2002 designed to improve the financial reporting
process?
All audit committee members must meet the definition of a financial expert.
All audit committee members are required to be independent of the company.
Key executives (typically the CEO and CFO) must certify that they have disclosed all known frauds and
Audit committees must establish procedures for anonymously receiving reports concerning financial repo
The Foreign Corrupt Practices Act (FCPA) emphasizes the prohibition of a
U.S. company or citizen, and certain foreign issuers of securities, of using
bribery to foreign officials in order to gain favor to run or keep a business.
However, the Act exempts from its scope those considered as “facilitation
payments.” Which of the following correctly describes a facilitation payment
and a bribe?
For an act to be considered a bribe, the favor intended for the “gift” must be proven as granted, i.e., obtai
Payments to secure official documents from foreign government agencies as required in applications and
qualified as facilitation payments.
All kinds of gifts, in whatever amount or value, extended to foreign government officials are considered
All foreign countries are unanimous in evaluating whether an act is considered a bribe or simply a facilita
Should organizations have multiple layers of access controls to increase
security over certain physical assets and information?
No, controls and access to information should be uniform and consistent among the physical assets and in
No, the controls that safeguard the firm’s physical assets and information should be equal because all of
Yes, each type of physical asset and category of information should have a customized control and proce
Yes, although all assets and types of data are important, certain assets or information are more important
Requiring that someone other than the person who approves new employees distribute direct deposit pay
Requiring two approvals for wire transfers
Requiring employees to scan ID cards to access company facilities
Requiring a credit score before granting credit to a customer
One of the internal control risks is override of controls by management
and/or those charged with governance. All of the following are possible
reasons why this risk is difficult to address except:
Management has the power to influence the design and execution of the internal controls.
Management performance is sometimes heavily reliant on meeting unrealistic targets and further provoke
In certain instances, the audit committee, who is expected to serve as a check and balance as to managem
governance.
Strengthening and continuously developing a robust culture of trustworthiness and high morale among m
Which of the following best describes the responsibility that external
auditors have to obtain assurance over an organization’s physical assets?
External auditors do not usually have the responsibility to perform testing procedures over an organizatio
valuation experts.
The only responsibility that external auditors have over physical assets during the annual audit process is
The only responsibility that external auditors have over physical assets is to perform testing procedures o
The external auditors have the responsibility to perform testing procedures over existence, valuation, and
Between preventive and detective controls, which type is most desirable in
organizations?
All else being equal, preventive controls are usually preferred because preventing unethical activity is mo
There is not a good distinguishing factor that makes one type of control superior to another.
All else being equal, detective controls are superior because uncovering unethical activity is the primary
organization.
The most desirable type of control is whichever type the external auditors did not find any fault with whe
Doing a “surprise audit” of petty cash
Requiring two signatures on checks over a predetermined amount
Performing variance analysis comparing actual spending to budgeted spending
Doing a physical inventory count
Which of the following is not an example of a safeguarding control?
Cash is locked in a drawer and the controller has the only key.
Access to the room where computer servers are located is restricted.
Randomly reviewing employee website activity.
Prenumbered forms are used.
Which of the following statements is most accurate for describing the
involvement of internal audit in the governance process?
Corporate governance is the responsibility of management, and specifically of senior leadership, so intern
Since governance is related to corporate strategy and other qualitative measures, internal audit controls, p
The only way that internal audit should be involved in the corporate governance process is to advise man
Internal audit is only responsible for controls over the financial reporting process, so its involvement in th
Segregation of critical functions is one type of control that is maintained in
entities. Which of the following correctly describes its nature and
importance?
It is an absolute rule to strictly follow the separation of duties, regardless of any limitations, in order to en
Adhering to the segregation of duties would definitely provide unconditional assurance of being free from
Cost-benefit analysis can be overlooked when applying segregation of duties in designing controls becau
As much as possible, duties must be performed independently to adhere to the objective of avoiding dele
Which of the following conditions will most likely lead to a reduced
assessment of inherent risk?
Financial distress
Strong management ethics
Complex organizational structure
Legacy systems that involve manual processes
In the context of a control environment, which of the following is the best
definition of internal controls for an organization?
Internal controls are technology tools and processes designed to secure information and organizational da
Internal controls are processes and procedures designed to secure information and uncover unethical acti
Internal controls are only linked to the financial reporting process; therefore, they are completely isolated
Internal controls are only linked to improving operational efficiency, not financial data or information.
As determined by standardized frameworks, what level of assurance over
nonfinancial data should be published by external auditors?
Absolute
Reasonable
Probable
Not applicable in the current environment
Which of the following definitions most accurately summarizes the concept

of tone at the top as it pertains to internal controls and management
responsibility?
Tone at the top pertains specifically to the controls put into place to help safeguard assets and improve ef
Tone at the top is the philosophy of management toward internal controls and how the organization opera
Tone at the top is present in an organization if management implements an ethics hotline to help employe
Tone at the top is not as big a deal for organizations in the current environment since regulators and othe
Which of the following is not attested by the key executives under SOX
Section 302?
They have reviewed the financial statements.
To their knowledge, they give 100% assurance that the financial statements do not contain material inacc
They are responsible for internal controls.
To their knowledge, the financial statements do not contain material inaccuracies and fairly present the c
All of the following types of fraud can be prevented by proper segregation
of duties except:
Lapping of receivables
Employee collusion
Embezzling funds through fictitious employees
Diversion of payments from slow-paying
customers
A clerk is responsible for comparing goods received with vendor shipping
documents. Which of the following responsibilities can the clerk assume
without violating appropriate segregation of duties?
Issuing a purchase requisition
Approving purchase orders
Posting of purchases in the
ledger
Updating inventory record totals
Is tone at the top and the corporate governance policies of the organization
connected in any meaningful way?
No, tone at the top refers to internal actions, whereas corporate governance policies are focused only on e
Yes, the tone at the top and corporate governance policies refer to the same set of activities, and merely r
No, tone at the top is gradually being outsourced by different technology tools, and corporate governance
Yes, tone at the top and corporate governance policies are both reflections of how the organization opera
To what extent, if any, does the perception and evaluation of control risk
play in the external audit process as conducted by external auditors?
Since control risk is the responsibility of internal auditors and management, external auditors do not have
Control risk should be considered by the external auditor when planning and executing analytical proced
External auditors are tasked with assessing and testing the control risk of an organization, so they should
If the internal auditors have assessed control risk as low, external auditors do not need to consider it durin
Would instituting a cross-training program between the employees of the
human resources and accounting functions make sense from an internal
control perspective?
No, because human resources employees have access to confidential information, and they would not no
Yes, cross-training always generates internal efficiencies and benefits, as employees can uncover pain po
No, because cross-training is not as necessary today due to the increased ability of management to review
Yes, allowing accounting professionals to see how human resources handles employee compensation inf
What is the connection between the tone at the top and internal controls?
Since so much of the decision-making process has been automated and/or enhanced by technology, the c
has been.
The tone at the top remains critical for establishing company culture, implementing certain control tools,
The tone at the top really only pertains to financial reporting and information, so the connection to intern
Following recent scandals, tone at the top has been outsourced to external consultants and management p
Which of the following statements concerning internal control objectives
based on the COSO framework is not correct?
Internal controls are designed to provide reasonable assurance that a company produces reliable, transpar
Internal controls are designed to provide reasonable assurance that a company complies with applicable l
Internal controls are designed to provide reasonable assurance that a company runs efficiently and effecti
Internal controls are designed to provide reasonable assurance that a company will be profitable.
Which of the following is least likely to decrease the likelihood of an internal
control failure occurring?
Having one person approve credit applications and a different person approve writing off accounts receiv
Requiring all new vendors to go through a formal approval process
Performing bank reconciliations monthly
Which scenario represents a possible violation of assurance standards
over the safeguarding of cash assets in a retail environment?
If the cash receipts, deposits, and reconciliations are performed by different individuals within the organi
If the bank accounts impacted are reconciled by accounting team members, and reviewed by a third party
If the cash deposit and reconciliation process were performed by the same individual
If the cash records of the organization are only reconciled with support from bank statements and other th
Should the external auditors make sure that controls over the purchasing
and procurement processes are in place at an organization during the
annual audit process?
No, because internal controls are only concerned with internal activities and transactions of the organizat
processes.
External auditors should only ensure that the organization has controls in place for larger or unusual purc
Yes, the external auditors should ensure that controls are in place because external auditors should have f
Yes, the external auditors should ensure that controls are in place over the purchasing of external goods a
Which of the following correctly characterizes inherent, control, and
detection risks in relation to audit risk and audit work?
Inherent and control risks can be manipulated by the auditors through the suitable audit procedures thus c
Inherent and control risks serve as the groundwork on which the audit procedures would try to influence
Inherent and control risks are flexible enough to match and align to the target tolerable audit risk even pr
Detection risk is measured first in order to get a framework of the inherent and control risks exposure of
Given the increasingly global nature of business, management practices,
and supply chain initiatives, which of the following is the most accurate
description of internal control risk as it relates to different ways of doing
business?
Since global standards and methods of doing business are converging rapidly, there is limited internal co
Cultural differences, and different business practices, have not traditionally caused control issues among
Cultural differences and different ways of doing business globally can and often do cause issues, includin
As long as the human resources and legal teams are aware of potential internal control issues, the organiz
Which of the following provides the best definition of the purpose of internal
controls?
The purpose of internal controls is to ensure that financial statements are presented free from error to ext
The purpose of internal controls is to make sure that all technology-related assets and information are saf
Internal controls help safeguard organizational assets, protect information, and assist management in mak
Internal controls are primarily focused on safeguarding information linked to the financial statements.
Internal control systems are designed to ensure that organizations operate
as intended. Which of the following statements describes the internal
control objectives of effectiveness and efficiency of operations?
Controls were put into place so that assets are appropriately deployed and used for their intended purpose
The company accurately and adequately discloses information that may influence an investor's decision.
The company adopts a strict transfer pricing procedure to ensure that intercompany transactions will adeq
A multinational company complies with the Foreign Corrupt Practices Act prohibiting it from paying bri
Cash is the most liquid asset in the balance sheet that makes it susceptible
to fraud. All of the following pairs of cash-handling functions should be
segregated except:
Comparing deposits to ledger entries and reconciling receipts to deposits
Reconciling receipts to deposit and preparing the deposit form
Opening the mail and recording deposits to the ledger
Opening the mail and reconciling receipts to deposit
All of the following are compatible responsibilities in the payroll
process except:
Signing and distributing paychecks
Preparing the payroll and filing payroll tax forms
Hiring employees and authorizing changes to pay rates
Recordkeeping of active employees and approving timesheets
If an organization’s management team seeks to improve safeguards over
physical or digital assets, which category of controls would they most likely
implement?
The controls would most likely be categorized as network controls because assets form part of the busine
The controls would most likely be categorized as preventive controls because the controls would reduce
The controls would most likely be categorized as technology controls because the management team is in
The controls would most likely be categorized as detective controls because organizations prefer detectiv
activity.
Explain how the concept of bonding employees relates to the internal
control environment and security over organizational information.
Bonding employees helps protect the organization in the case of unethical or fraudulent activity by emplo
Bonding employees provides protection to employees in the organization in the case of organizational fra
Since the handling of cash occurs less often in almost every business today, the importance of bonding an
Automating cash reconciliations and instituting a review policy of bank reconciliation are two controls th
What is the most comprehensive explanation of the connection between
internal audit and corporate governance?
Internal audit should have the primary responsibility for communicating with external stakeholders and c
Corporate governance is primarily focused on qualitative information and communicating this data, whil
in any capacity.
With the advent of data analytics and artificial intelligence tools, corporate governance is becoming incre
majority of decision-making tools used by organizations.
Internal audit and corporate governance should work together to ensure that data integrity is maintained t
in a variety of ways.
Which of the following is the most probable control risk related to cash
counts, collections, and reporting in a retail environment?
The most probable risk is that management will not have an accurate assessment of how much cash enter
The most probable risk is that it is becoming increasingly difficult to find customers willing to use cash a
The most probable risk is that since bank transactions can take time to settle, organizational liquidity may
The most probable risk is that if cash is not carefully counted and reviewed, fraudulent activity (including
Which of the following is not a responsibility of the entire board of
directors?
Hire the external auditor
Declare dividends
Appoint the CEO
Establish the company’s
mission
Which of the following is correct?
According to the Sarbanes-Oxley Act (SOX) Section 404, the audit of internal controls is viewed as an in
The Public Company Accounting Oversight Board (PCAOB) has been established to support the existing
Concerns related to the auditor’s independence as associated with his audit clients are outside the scope o
The audit of internal controls aims to seek an independent review of how effectively the management per
financial reporting.
process?
Audit committees are required to either have at least one member who is considered to be a financial exp
Key executives (typically the CEO and CFO) must certify that they have designed internal controls that a
Companies must establish a system of internal controls over financial reporting and have that system aud
Audit firms are prohibited from providing all types of non-audit services to audit clients.
Which of the following is the best definition of control risk as it pertains to
external auditors?
The risk that if there are no internal controls in place at an organization, a material misstatement might oc
The risk that even after undergoing an external audit, errors and misstatements are present in the organiza
The risk that the client's internal controls will not prevent or detect a material misstatement.
The risk that auditors give an unqualified opinion on a firm's financial statements when they contain a m
A real estate company operates a mall in the business district. To protect
against fire and any forms of natural disaster, its management decided to
take property insurance. Which of the following risk mitigation strategies did
the management employ?
Accept
risk
Reduce
risk
Transfer
risk
Avoid risk
Businesses with adequate internal controls can capture and communicate
information accurately, efficiently, and securely. All of the following
processes are positive signs that effective information communication
systems are in place except:
Competent individuals are hired for each function, and background checks are performed.
Access to policies that help clarify responsibilities, guide direction, and set expectations is made availabl
Employees can communicate incidents, failures, and concerns through a well-established mechanism.
Controls are in place to protect data from unauthorized access.
What situation would most likely represent an internal control environment
where the external auditors would greatly increase the control risk while
managing an audit?
An organization where management routinely emphasizes the importance of long-term growth and earnin
An organization that has been previously fined by the SEC for earnings manipulations and has reduced c
An organization where there were ethics violations 10 years ago under previous management, but new m
The control environment is assessed by internal auditors at the organization, so external auditors are not u
Agency problems arise when there are conflicts of interest between the
trustees (management) and the principals (shareholders). All of the
following are correct when it comes to agency problems and corporate
governance except:
One way to address agency problems is by independent audits checking on management actions and perf
Agency problems can be mitigated by compensating trustees with financial and nonfinancial incentives t
Corporate governance is only focused on how to promote and maximize shareholders’ wealth. Hence, the
Putting limitations on what a trustee can do is another way to address agency problems. As an example, s
Which of the following is not an example of a safeguarding control?
Cash is locked in a drawer and the controller has the only key.
Access to the room where computer servers are located is restricted.
Randomly reviewing employee website activity.
Prenumbered forms are used.
Can internal controls pose a risk to organizational efficiency, even if they
are developed and tested internally by management and the internal audit
function?
No, if the internal controls are developed and tested by the internal audit function there is no risk of them
Yes, controls developed internally will almost always negatively impact efficiency, because even though
impacts organizational efficiency.
Yes, there is always a risk that internal controls could negatively impact operational efficiency, even if th
No, controls do not hinder operational efficiency because being efficient is the most important aspect for
In an external audit, what connection is there between control risk and
subsequent audit procedures?
Control risk is the responsibility of internal auditors and management professionals; therefore, it is not co
The higher the level of assessed control risk, the lower the amount of testing and procedures are required
The lower the level of assessed control risk, the lower the amount of testing and procedures are required.
As artificial intelligence and blockchain technology become more integrated, the necessity of testing and
Which of the following complies with the Sarbanes-Oxley Act of 2002
(SOX)?
Members of the audit committee are allowed to have consulting and advisory engagements with the com
All audit committee members must qualify as financial experts, given the intricacies of the committee's w
Public companies must establish and maintain a system of internal controls, which external auditors mus
SOX requires lead audit partners to rotate off engagements every three years to help maintain the indepen
Which of the following is outside the scope of Section 301 of the Sarbanes-
Oxley Act (SOX)?
It highlights the critical importance of having an independent audit committee in order to empower this g
In the absence of a separate and distinct set of members identified as the audit committee, all members of
the independence rule.
A public entity is required to disclose the presence or absence of a financial expert in its audit committee
qualification as a financial expert.
The audit committee shall be held as primarily responsible for handling whistleblowers, both internal and
process?
Companies must establish a system of internal controls over financial reporting and have that system aud
Companies are prohibited from ever hiring people who worked for their audit firm for key financial posit
Audit committees have the sole authority to hire and fire independent auditors.
The lead audit partner must rotate off engagements every five years.
process?
Key executives (typically the CEO and CFO) must certify that they have designed internal controls that a
The lead audit partner must rotate off engagements every five years.
External auditors are allowed to provide internal audit services for audit clients as long as the client’s aud
Audit committees have the sole authority to hire and fire independent auditors.
A local dollar store sells a wide assortment of merchandise such as
household supplies, cosmetics, and snacks. While the owner recognizes
the risk that items might be shoplifted, he thought putting security tags on
one-dollar merchandise is too cumbersome. In addition, shoplifting does
not happen a lot in the neighborhood. Which of the following risk mitigation
strategies should the store employ?
Retain risk
Reduce
risk
Transfer
risk
Avoid risk
How should intangible assets be treated and tested during an external audit
process?
Since intangible assets do not have a physical presence, there is no reason to audit and examine these ass
Because intangible assets are an increasingly important part of the value associated with the organization
Intangible assets should only be tested with the use of external experts, and management professionals sh
The only way to accurately assess and test intangible assets is to verify that legal ownership has both bee
Which of the following provides the best description of audit effectiveness?
Audit effectiveness only pertains to the external audit process, so it is not a concern for internal auditors
Audit effectiveness relates directly with how audit firms and auditors can use available financial and hum
Audit effectiveness pertains to how accurate and timely the results of the audit process are.
Audit effectiveness relates directly with how timely and efficient auditors are in the production and comm
All of the following are preventive controls over fixed assets except:
Reconciliation of actual depreciation expense against budget.
Installation of radio frequency identification (RFID) tags.
Keeping a log of fixed asset serial numbers.
Requiring approvals for asset disposals.
Should a segregation of duties exist between the individuals who create
and enter journal entries, and the individuals who approve and post these
items?
This segregation of duties should exist to help prevent possible unethical, erroneous, or fraudulent postin
This segregation of duties should exist because it will increase efficiency in the organization, as individu
This segregation of duties is not important if the person creating the entry is at least at the supervisor leve
This segregation of duties is not important because entries have become increasingly automated in nature
Which of the following elements will an auditor use to evaluate the control
environment of an entity?
Inherent and residual risks
Independence checks on performance and adequacy of documents and records
Physical control over assets, segregation of duties, and authorization of transactions
Ethical values, organizational structure, management philosophy, and operating style
Which of the following internal control activities most likely would deter
lapping of collections from customers?
Independent internal verification of dates of entry in the cash receipts journal with dates of daily cash sum
Separation of duties between receiving cash and posting the accounts receivable ledger.
Authorization of write-offs of uncollectible accounts by a supervisor independent of credit approval.
Supervisory comparison of the daily cash summary with the sum of the cash receipts journal entries.
Which of the following can be considered a good corporate governance
practice?
The board of directors has delegated the human resources department to source and hire the chief executi
A company formed an audit committee and appointed the brother of the chief financial officer as the hea
A company hired some well-experienced and certified internal auditors to become part of their internal a
The board established corporate policies and provided corporate social responsibility (CSR) activities ad
In what situation are external auditors required to perform analytic
procedures, substantive examinations, and other verification tests during
the context of an annual audit?
An annual audit should always contain analytical procedures, substantive examinations, and other metho
Auditors are required to perform analytical procedures, substantive examinations, and other verification t
Auditors are required to perform analytical procedures, substantive examinations, and other verification t
Auditors should only conduct testing and other examination procedures if there is reasonable doubt as to
Which of the following would accurately be classified as a control related to
the safeguarding and storage of physical cash and cash equivalent assets?
Mandating that all employees in the treasury department update their passwords every 30 days using spec
Requiring that every cash count conducted within the organization is verified by at least one independent
Implementing a job rotation program between the accounts payable function, and human resources to hel
Hiring an external consulting firm to review the current policies and controls over the organization and re
Which of the following is least likely to decrease the likelihood of an internal
control failure occurring?
Having one person approve credit applications and a different person approve writing off accounts receiv
Requiring all new vendors to go through a formal approval process
Performing bank reconciliations monthly
Management, in designing its internal control system, can choose between
detective and preventive type of controls, among others. Which is the best
guide in their selection?
Detective controls might, in some cases, discover the error or fraud only after incurring significant negati
It is difficult to create a one-size-fits-all type of system design, thus a cost-benefit analysis is recommend
Preventive controls, in general, aim to stop the risk at the earliest point possible, which is from the point
The best design of internal control systems is one with more preventive controls than detective controls,
An accounting staff responsible for accounts receivable has been diverting
customers' payments by offsetting other customers' payments. Which of
the following controls can prevent this lapping fraud from happening?
Enforce mandatory vacation
Audit cash receipt transactions regularly
Send monthly statements to customers
Require customers to pay directly to a
lockbox
process?
Accounting firms are allowed to provide tax services to audit clients as long as the client’s audit committ
Audit committee members cannot accept consulting, advisory, or any other fees from the company (exce
Audit firms must rotate off engagements every five years in order to maintain the independence of the au
Key executives (typically the CEO and CFO) must certify that they have reviewed the financial statemen
A manufacturer receives checks from its customers as payment for orders.
Because of this, the company had to segregate duties to different
personnel to handle its cash receipts. Which of the following risk mitigation
strategies did the company take?
Accept
risk
Reduce
risk
Transfer
risk
Avoid risk
Which of the following is accurate with regard to the updating of
technological controls?
If technology controls are implemented on a rolling period, in alignment with suggested changes from th
Technology, including technology controls, should be updated at a continuous rate to reflect and align w
Internal auditors should delegate the construction and implementation of internal controls to the technolo
Because technology is a rapidly changing area, attempting to establish controls is not the most effective u
Which of the following company practices would likely encourage an
effective internal control environment?
Management can override controls and manipulate accounting records to make performance look better t
The organization adopts a whistleblower policy that protects individuals from retaliation to encourage the
There are no established policies on hiring, compensation, promotion, and evaluation.
Organizational structure is not clearly defined and documented in a chart, so lines of reporting are vague.
Which of the following is not a reason why using prenumbered purchase
order forms with sequential numbers is a form of internal control?
Using prenumbered forms with sequential numbers eliminates the chance that an employee will forget to
Using prenumbered forms with sequential numbers eliminates the chance of having multiple purchase or
Using prenumbered forms with sequential numbers allows a company to know exactly how many purcha
Using prenumbered forms with sequential numbers saves time when filling out the form since the numbe
Which of the following is an example of an internal control that could be
implemented to help reduce the risk of fraudulent payments made to
external vendors?
Designate one person or small department to be in charge of payment approvals.
Internal audit should designate their responsibility of control over payroll processes to the payroll functio
Establish a policy that all payments must go to vendors that are already on the approved vendor list prior
If the organization passes the external audit sufficiently, and has a policy of bonding employees, there is

An Accounting Associate Sets Up A New Employee in The Payroll System and Directs The Checks To Be Sent To A Post Office Box

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

An Accounting Associate Sets Up A New Employee in The Payroll System and Directs The Checks To Be Sent To A Post Office Box

Uploaded by

Copyright:

Available Formats

An accounting associate sets up a new employee in the payroll system and

*Source: Retired ICMA CMA Exam Questions.

Authorization and record

An auditing firm is concluding its audit of a publicly traded company in the

*Source: Retired ICMA CMA Exam Questions.

Which of the following controls would detect such employee theft?

Prenumber petty cash vouchers

All of the following statements in regard to management's report on internal

*Source: Retired ICMA CMA Exam Questions.

Which one of the following actions would most effectively address the issue

*Source: Retired ICMA CMA Exam Questions.

Establishing a lockbox deposit system at a regional bank

The accounting controls surrounding the revenue cycle should provide

*Source: Retired ICMA CMA Exam Questions.

accurate recording, shipping, and billing of all valid sales transactions.

Which of the following definitions most accurately summarizes the concept

*Source: Retired ICMA CMA Exam Questions.

You might also like