Professional Documents
Culture Documents
E1 Governance, Risk, and Compliance
E1 Governance, Risk, and Compliance
E1 Governance, Risk, and Compliance
Question 1:
(1E1-AT13)
I. Internal audits
II. Audit committee reviews
III. Management reviews
I only.
III only.
II only
I, II, and III.
Question 2:
(1E1-LS38)
The basic concepts implicit in internal accounting controls include the following:
• The cost of the system should not exceed benefits expected to be attained.
• The overall impact of the control procedure should not hinder operating efficiency.
Reasonable assurance.
Limitations.
Management responsibility.
Methods of data processing.
Reasonable assurance recognizes that the cost of the system should not exceed the
benefits expected to be attained, and the overall impact of the control procedure
should not hinder operating efficiency.
Question 3:
(1E1-LS28)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 1/18
12/27/2015 Wiley CMA Test Bank Part 1
2002?
Management must provide an anonymous hotline for employees to report ethics
violations.
Management must document their assessment of the effectiveness of the
internal control structure and procedures.
Management must require employees to sign a code of conduct.
A corporation's management must design and implement internal controls to
ensure the preparation of reliable financial reports.
Section 302 of the Sarbanes-Oxley Act of 2002 requires that a publicly held
corporation's CEO and CFO verify the corporation's quarterly and annual financial
reports and requires the corporation's management to design and implement
internal controls to ensure the preparation of reliable financial reports. Documenting
the assessment of the effectiveness of the internal control structure and procedures
is a requirement of SOX Section 404, not section 302.
Question 4:
(1E1-LS18)
Detection risk can also be planned detection risk and is a measure of the risk that
audit evidence will fail to detect misstatements exceeding an acceptable audit risk.
Question 5:
(1E1-LS29)
What is the role of the PCAOB in providing guidance on the auditing of internal
controls?
The PCAOB is responsible for the setting of standards for audits of governmental
organizations.
The PCAOB is responsible for the setting of standards for audits of publicly held
corporations.
The PCAOB is responsible for the setting of standards for audits of both publicly
held and privately held corporations.
The PCAOB is responsible for the setting of standards for audits of privately held
corporations.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 2/18
12/27/2015 Wiley CMA Test Bank Part 1
self-regulated.
Question 6:
(1E1-LS34)
The Internal Control Integrated Framework from 1992 comprises five mutually-
reinforcing components. An organization's management philosophy and ethical values
is a part of the:
control environment.
risk assessment.
Monitoring.
information and communication.
Question 7:
(1E1-AT10)
Question 8:
(1E1-LS16)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 3/18
12/27/2015 Wiley CMA Test Bank Part 1
Question 9:
(1E1-LS36)
The Internal Control Integrated Framework from 1992 comprises five mutually-
reinforcing components including control activities. Control activities include all of the
following except:
Adequate separation of duties.
Risk Management.
Independent verifications.
Adequate documentation and records.
Control activities are policies and procedures established and implemented to help
ensure that the risk responses are effectively carried out. The Internal Control
Integrated Framework from 1992 model lists six control activities:
Question 10:
(1E1-LS21)
Locked doors, security systems, ID badges, passwords, and similar controls are
designed to:
safeguard the firm's assets.
lower production costs.
protect the firm's reputation.
ensure that internal controls are followed.
The most visible safeguarding controls are designed and implemented to protect an
organization's assets.
Question 11:
(1E1-AT08)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 4/18
12/27/2015 Wiley CMA Test Bank Part 1
The three types of controls designed into information systems are preventive,
detective, and corrective. Preventive controls are designed to prevent threats, errors,
and irregularities from occurring. They are more cost beneficial than detecting and
correcting the problems that threats, errors and irregularities can cause.
Question 12:
(1E1-LS22)
All of the choices except required dress code are internal controls.
Question 13:
(1E1-LS23)
Question 14:
(1E1-LS35)
The Internal Control Integrated Framework from 1992 comprises five mutually-
reinforcing components. An organization's ongoing management activities,
evaluations, and internal audits are a part of:
monitoring.
information and communication.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 5/18
12/27/2015 Wiley CMA Test Bank Part 1
control environment.
risk assessment.
Question 15:
(1E1-LS19)
Question 16:
(1E1-LS44)
The principal impetus for the enactment of the Foreign Corrupt Act by the U.S.
Congress was to:
The enactment of the Foreign Corrupt Act by the U.S. Congress was implemented to
prevent the bribery of foreign officials by U.S. firms seeking to do business overseas.
Question 17:
(1E1-LS26)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 6/18
12/27/2015 Wiley CMA Test Bank Part 1
Question 18:
(1E1-LS14)
The correct answer is: To detect and correct errors and misappropriation of assets
Independent checks are a preventive measure. They try to catch mistakes before
they become integrated into the financial system, thus providing a higher level of
assurance of financial integrity.
Question 19:
(1E1-LS10)
The board of directors' primary responsibility is to act in the best interest of the
shareholders. It is not required to establish an audit committee.
Question 20:
(1E1-AT09)
Question 21:
(1E1-LS09)
Which of the following has the most effect on the control environment?
Whether controls are changed on a regular basis.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 7/18
12/27/2015 Wiley CMA Test Bank Part 1
Management's philosophy and operating style send signals to employees about the
importance of establishing and following internal controls. The size of the company,
the frequency with which controls are changed, and the organizational structure by
themselves do not impact the control environment as much as management's
philosophy.
Question 22:
(1E1-AT06)
In designing systems of internal control, which of the following types of controls are
the best to include in the design in order to be fully effective?
systems development, operations, and access controls.
management, personnel, and administrative controls.
preventative, detective, and corrective controls.
edit, input verification, and output controls.
There are five types of internal controls. They are preventive, detective, corrective,
directive, and compensating. The first three are the ones designed into the system.
Question 23:
(1E1-AT04)
Effective segregation of duties means that no single employee has control over
authorization, recording and custody. If two or more employees are in collusion,
these controls can be overridden.
Question 24:
(1E1-LS15)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 8/18
12/27/2015 Wiley CMA Test Bank Part 1
Employees time sheets that must be completed before employees can receive
their paychecks.
Completeness controls are measures taken to account for all transactions. Poor
control over blank forms, blank checks, or unnumbered forms can provide access to
assets and allow transfers to unauthorized personnel.
Question 25:
(1E1-LS24)
Question 26:
(1E1-LS40)
In order to properly segregate duties, which function within the computer department
should be responsible for reprocessing the errors detected during the processing of
data?
Computer programmer.
Systems analyst.
Department manager.
Data control group.
To properly segregate duties, the data control group should be responsible for
reprocessing the errors detecting during the processing of data within the computer
department.
Question 27:
(1E1-LS20)
Which of the following are required under the Foreign Corrupt Practices Act (FCPA)?
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 9/18
12/27/2015 Wiley CMA Test Bank Part 1
The FCPA does not require a firm to have an internal audit department.
Question 28:
(1E1-AT05)
Data encryption, which uses secret codes, ensures that data transmissions are
protected from unauthorized tampering or electronic eavesdropping.
Question 29:
(1E1-LS11)
Question 30:
(1E1-LS12)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 10/18
12/27/2015 Wiley CMA Test Bank Part 1
Question 31:
(1E1-AT07)
Question 32:
(1E1-LS41)
Which one of the following methods, for the distribution of employees' paychecks,
would provide the best internal control for the organization?
The best internal control procedure for the distribution of employee paychecks
would be the direct deposit of the paychecks into each employee's personal bank
account. This would allow the organization to maintain control of the payroll
processing function.
Question 33:
(1E1-LS33)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 11/18
12/27/2015 Wiley CMA Test Bank Part 1
The Sarbanes-Oxley Act of 2002 (SOX) established increased requirements for audit
committees. These requirements include all of the following except:
the audit committee is responsible for selecting the external auditor.
the audit committee must consist of independent directors.
the audit committee must have at least one financial expert.
the CEO of the company can be a member of the audit committee.
Question 34:
(1E1-LS30)
Question 35:
(1E1-CQ01)
A firm is constructing a risk analysis to quantify the exposure of its data center to
various types of threats. Which one of the following situations would represent the
highest annual loss exposure after adjustment for insurance proceeds?
Frequency of occurrence: 100 years, Loss Amount: $400,000, Insurance coverage:
50%.
Frequency of occurrence: 8 years, Loss Amount: $75,000, Insurance coverage:
80%.
Frequency of occurrence: 20 years, Loss Amount: $200,000, Insurance coverage:
80%.
Frequency of occurrence: 1 year, Loss Amount: $15,000, Insurance coverage: 85%.
The exposure is the same as the expected loss, which is calculated by taking the
"Frequency of Occurrence," multiplying it by the loss amount, and then multiplying
that by one minus the "Insurance % coverage" rate.
Expected loss = (frequency of occurrence) (loss amount) (1 — % insurance coverage)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 12/18
12/27/2015 Wiley CMA Test Bank Part 1
For the 1 year frequency: the expected loss = (1/1)($15,000)(1 — 0.85) = $2,250.
For the 8 year frequency: the expected loss = (1/8)($75,000)(1 — 0.8) = $1,875.
For the 20 year frequency: the expected loss = (1/20)($200,000)(1 — 0.8) = $2,000.
For the 100 year frequency: the expected loss = (1/100)($400,000)(1 — 0.5) = $2,000.
$2,250 represents the highest annual loss exposure after adjusting for insurance
proceeds.
Question 36:
(1E1-LS17)
Inherent risk is the normal risk of the business, such as the risk of droughts for
farmers or the risk of a recession.
Question 37:
(1E1-AT12)
When management of the sales department has the opportunity to override the
system of internal controls of the accounting department, a weakness exists in:
information and communication.
monitoring.
risk management.
the control environment.
The control environment includes the attitude of management toward the concept
of controls.
Question 38:
(1E1-AT11)
Under the Sarbanes-Oxley Act of 2002, companies are now required to implement anti-
fraud programs and controls that they evaluate on an annual basis as part of their
integrated audit. A common component of such anti-fraud programs and controls is
the effective design and implementation of codes of ethics and conduct. Which one of
the following is not a characteristic of the operating effectiveness of a code of
conduct?
The existence of a plan to communicate the code of conduct to all (or covered)
employees of the company.
Audit committee involvement and oversight of non-compliance with the
company's code of conduct.
Lack of employee training in the company's code of conduct upon hiring and
periodically thereafter.
The existence of an appropriate "hot-line" or whistle blowing to report any
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 13/18
12/27/2015 Wiley CMA Test Bank Part 1
Lack of employee training in the company's code of conduct upon hiring and
periodically thereafter is not a characteristic of operating effectiveness of a code of
conduct.
Question 39:
(1E1-LS25)
Question 40:
(1E1-LS39)
The General Ledger clerk compares the summary journal entry, received from the
Cashier for cash receipts applicable to outstanding accounts, with the batch total
for posting to the Subsidiary Ledger by the Accounts Receivable clerk.
A mail clerk opening the mail compares the check received with the source
document accompanying the payment, noting the amount paid, then forwards
the checks daily (along with a listing of the cash receipts) to the Cashier for
deposit.
A mail clerk opening the mail compares the check received with the source
document accompanying the payment, noting the amount paid, then forwards
the source documents that accompany the payments (along with a listing of the
cash receipts) to Accounts Receivable, on a daily basis, for posting to the
subsidiary ledger.
At the end of the week the Cashier prepares a deposit slip for all of the cash
receipts received during the week.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 14/18
12/27/2015 Wiley CMA Test Bank Part 1
Question 41:
(1E1-AT14)
Section 404 of the 2002 Sarbanes-Oxley Act requires management to establish and
document internal control procedures and to provide a written assessment within 90
days prior to publication of annual reports of the effectiveness of the internal control
structure and procedures. Section 906 of the act requires management certification
of the financial statements.
Question 42:
(1E1-LS27)
The 1977 Foreign Corrupt Practices Act forbids companies from accepting contracts
or business through the payment of bribes to foreign governments. The other
answers are all requirements of SOX Section 404.
Question 43:
(1E1-LS43)
A public corporation that must meet the provisions of the Foreign Corrupt Practices
Act of 1977 should have a compliance program that includes all of the following steps
except:
a cost/benefit analysis of the controls and the risks that are being minimized.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 15/18
12/27/2015 Wiley CMA Test Bank Part 1
an authorized and properly signed agreement that it will abide by the Act.
a system of quality checks to evaluate the internal accounting control system.
documentation of the corporation's existing internal accounting control systems.
Question 44:
(1E1-LS13)
Question 45:
(1E1-LS31)
TDRA is a hierarchical approach that applies specific risk factors to determine the
scope of work and evidence required in the assessment of internal controls. The
steps in TDRA are:
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 16/18
12/27/2015 Wiley CMA Test Bank Part 1
Question 46:
(1E1-LS37)
When assessing a company's internal control structure policies and procedures, the
primary consideration is whether they:
Question 47:
(1E1-LS42)
Which one of the following would be most effective in deterring the commission of
fraud?
The most effective policy to deter the commission of fraud is to provide policies of
strong internal control, segregation of duties, and requiring employees to take
vacations.
Question 48:
(1E1-LS32)
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 17/18
12/27/2015 Wiley CMA Test Bank Part 1
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad06e8409cb57a2650e3c520ef#_assess_studyquestions 18/18