12/27/2015 Wiley CMA Test Bank Part 1

Question 1:
(1E1-AT13)

Which one of the following is an example of monitoring controls?

I. Internal audits
II. Audit committee reviews
III. Management reviews

I only.
III only.
II only
I, II, and III.

The purpose of monitoring controls is to ascertain whether the control system is

functioning as designed. Its functioning is monitored by management, the audit
committee, and the internal auditors.

Question 2:
(1E1-LS38)

The basic concepts implicit in internal accounting controls include the following:

• The cost of the system should not exceed benefits expected to be attained.
• The overall impact of the control procedure should not hinder operating efficiency.

Which one of the following recognizes these two factors?

* Source: Retired ICMA CMA Exam Questions.

Reasonable assurance.
Limitations.
Management responsibility.
Methods of data processing.

Reasonable assurance recognizes that the cost of the system should not exceed the
benefits expected to be attained, and the overall impact of the control procedure
should not hinder operating efficiency.

Question 3:
(1E1-LS28)

What is management's responsibility under Section 302 of the Sarbanes-Oxley Act of

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 1/18
12/27/2015 Wiley CMA Test Bank Part 1

2002?
Management must provide an anonymous hotline for employees to report ethics
violations.
Management must document their assessment of the effectiveness of the
internal control structure and procedures.
Management must require employees to sign a code of conduct.
A corporation's management must design and implement internal controls to
ensure the preparation of reliable financial reports.

Section 302 of the Sarbanes-Oxley Act of 2002 requires that a publicly held
corporation's CEO and CFO verify the corporation's quarterly and annual financial
reports and requires the corporation's management to design and implement
internal controls to ensure the preparation of reliable financial reports. Documenting
the assessment of the effectiveness of the internal control structure and procedures
is a requirement of SOX Section 404, not section 302.

Question 4:
(1E1-LS18)

Detection risk is the risk:

that an internal audit will not uncover incidents where controls have not been
followed.
that the business will naturally experience, regardless of internal controls.
that internal controls will not be followed.
that measures the effectiveness of a firm's internal controls.

Detection risk can also be planned detection risk and is a measure of the risk that
audit evidence will fail to detect misstatements exceeding an acceptable audit risk.

Question 5:
(1E1-LS29)

What is the role of the PCAOB in providing guidance on the auditing of internal
controls?
The PCAOB is responsible for the setting of standards for audits of governmental
organizations.
The PCAOB is responsible for the setting of standards for audits of publicly held
corporations.
The PCAOB is responsible for the setting of standards for audits of both publicly
held and privately held corporations.
The PCAOB is responsible for the setting of standards for audits of privately held
corporations.

The Public Company Accounting Oversight Board (PCAOB) is a private sector,

nonprofit corporation, created by the Sarbanes-Oxley Act of 2002, to oversee the
auditors of (public) companies in order to protect the interests of investors and
further the public interest in the preparation of informative, fair and independent
audit reports. The Act required that auditors of U.S. companies be subject to external
and independent oversight for the first time in history. Previously, the profession was

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 2/18
12/27/2015 Wiley CMA Test Bank Part 1

self-regulated.

Question 6:
(1E1-LS34)

The Internal Control Integrated Framework from 1992 comprises five mutually-
reinforcing components. An organization's management philosophy and ethical values
is a part of the:
control environment.
risk assessment.
Monitoring.
information and communication.

The control environment refers to the organization's management philosophy and

appetite for risk, and includes integrity, ethical values, and the environment in which
an organization operates.

Question 7:
(1E1-AT10)

Which of the following is not a requirement regarding a company's system of internal

control under the Foreign Corrupt Practices Act of 1977?
The recorded accountability for assets is compared with the existing assets at
reasonable intervals, and appropriate action is taken with respect to any
differences.
Management must annually assess the effectiveness of its system of internal
control.
Transactions are executed in accordance with management's general or specific
authorization.
Transactions are recorded as necessary (1) to permit preparation of financial
statements in conformity with GAAP or any other criteria applicable to such
statements, and (2) to maintain accountability for assets.

Management's annual assessment of internal control is not a requirement of the

Foreign Corrupt Practices Act. It became a requirement with the passage of the 2002
Sarbanes-Oxley Act.

Question 8:
(1E1-LS16)

Which of the following is true of control risk?

Control risk is an assessment of the likelihood that misstatements exceeding an
acceptable level will not be detected or prevented by internal controls.
Control risk is measured in combination with safeguarding risk to determine
overall risk.
Control risk is an assessment of the likelihood that misstatements exceeding an
acceptable level will not be detected by an internal audit.
Control risk is dependent on detection risk.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 3/18
12/27/2015 Wiley CMA Test Bank Part 1

Control risk is an assessment of the effectiveness of a firm's internal controls in

preventing or detecting misstatements.

Question 9:
(1E1-LS36)

The Internal Control Integrated Framework from 1992 comprises five mutually-
reinforcing components including control activities. Control activities include all of the
following except:
Adequate separation of duties.
Risk Management.
Independent verifications.
Adequate documentation and records.

Control activities are policies and procedures established and implemented to help
ensure that the risk responses are effectively carried out. The Internal Control
Integrated Framework from 1992 model lists six control activities:

1. The assignment of authority and responsibility (job descriptions)

2. A system of transaction authorizations
3. Adequate documentation and records
4. Security of assets
5. Independent verifications
6. Adequate separation of duties

Question 10:
(1E1-LS21)

Locked doors, security systems, ID badges, passwords, and similar controls are
designed to:
safeguard the firm's assets.
lower production costs.
protect the firm's reputation.
ensure that internal controls are followed.

The most visible safeguarding controls are designed and implemented to protect an
organization's assets.

Question 11:
(1E1-AT08)

Preventive controls are:

found only in general accounting controls.
usually more costly to use than detective controls.
usually more cost beneficial than detective controls.
found only in accounting transaction controls.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 4/18
12/27/2015 Wiley CMA Test Bank Part 1

The three types of controls designed into information systems are preventive,
detective, and corrective. Preventive controls are designed to prevent threats, errors,
and irregularities from occurring. They are more cost beneficial than detecting and
correcting the problems that threats, errors and irregularities can cause.

Question 12:
(1E1-LS22)

Which of the following is not an internal control?

Pre-numbered forms.
Requirements for accurate recording of vacations.
Employee pay records.
Required dress code.

All of the choices except required dress code are internal controls.

Question 13:
(1E1-LS23)

Which of the following are responsibilities of the audit committee?

I. Aid in the choice of accounting methods and policies.

II. Document internal control procedures.
III. Sign quarterly and annual financial reports.
IV. Choose the auditor and approve auditor compensation.
V. Review the auditor's suggestions for improved internal control.

I, III, IV, and V only.

I, II, III, IV, and V.
I, II, and III only.
I, IV, and V only.

The audit committee performs the following tasks:

Reviews the company's internal control structure

Aids in the choice of accounting methods and policies
Reviews quarterly reports
Chooses the auditor and approves auditor compensation
Reviews the audit plan
Reviews the auditor's suggestions for improved internal control
Reviews the audit report and the audited annual report.

Question 14:
(1E1-LS35)

The Internal Control Integrated Framework from 1992 comprises five mutually-
reinforcing components. An organization's ongoing management activities,
evaluations, and internal audits are a part of:
monitoring.
information and communication.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 5/18
12/27/2015 Wiley CMA Test Bank Part 1

control environment.
risk assessment.

Monitoring is accomplished through ongoing management activities, separate

evaluations, or both. Internal auditors, the audit committee, and the disclosure
committee, as well as management, may all be involved in monitoring controls.

Question 15:
(1E1-LS19)

Which of the following statements is false?

Internal controls can be most effective if they are supported by word and
example of management.
Thorough and well documented internal controls can guarantee that fraud
cannot be committed.
Thorough and well-documented internal controls can result in fewer
misstatements of information.
The auditor will examine internal controls to determine control risk.

Internal controls are not a guarantee against fraud.

Question 16:
(1E1-LS44)

The principal impetus for the enactment of the Foreign Corrupt Act by the U.S.
Congress was to:

* Source: Retired ICMA CMA Exam Questions.

discourage unethical behavior by foreigners employed by U.S. firms.

promote the mandates issued by the United Nations with regard to global trade
between its member nations.
prevent the bribery of foreign officials by U.S. firms seeking to do business
overseas.
require mandatory documentation of the evaluation of internal controls by the
independent auditors.

The enactment of the Foreign Corrupt Act by the U.S. Congress was implemented to
prevent the bribery of foreign officials by U.S. firms seeking to do business overseas.

Question 17:
(1E1-LS26)

The Sarbanes-Oxley Act has multiple sections that outline management's

responsibility regarding:
required education for chief financial officers.
internal controls and external reporting.
long-term strategic planning.
the purchase of securities.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 6/18
12/27/2015 Wiley CMA Test Bank Part 1

The Sarbanes-Oxley Act concentrates on management's responsibility in

maintaining internal controls so that external reports become more reliable.

Question 18:
(1E1-LS14)

Which of the following is a reason for independent checks?

To assess an employee and determine whether he or she is following control
procedures
To ensure that management appears compliant with external audit standards
To detect and correct errors and misappropriation of assets
To ensure that mistakes can be corrected within the fiscal year they are made

The correct answer is: To detect and correct errors and misappropriation of assets
Independent checks are a preventive measure. They try to catch mistakes before
they become integrated into the financial system, thus providing a higher level of
assurance of financial integrity.

Question 19:
(1E1-LS10)

Which of the following is true regarding the board of directors?

The board of directors must act in the best interest of management.
The board of directors must establish an audit committee to oversee all internal
controls.
The board of directors must act in the best interest of the employees.
The board of directors must act in the best interest of the shareholders.

The board of directors' primary responsibility is to act in the best interest of the
shareholders. It is not required to establish an audit committee.

Question 20:
(1E1-AT09)

Segregation of duties controls are examples of:

compensating controls.
preventive controls.
detective controls.
administrative controls.

Proper segregation of duties is a control designed to prevent threats, errors and

irregularities by separating the incompatible functions of authorization, execution,
recording, and custody of assets between four people.

Question 21:
(1E1-LS09)

Which of the following has the most effect on the control environment?
Whether controls are changed on a regular basis.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 7/18
12/27/2015 Wiley CMA Test Bank Part 1

Management philosophy and operating style.

Organizational structure.
Size of the company.

Management's philosophy and operating style send signals to employees about the
importance of establishing and following internal controls. The size of the company,
the frequency with which controls are changed, and the organizational structure by
themselves do not impact the control environment as much as management's
philosophy.

Question 22:
(1E1-AT06)

In designing systems of internal control, which of the following types of controls are
the best to include in the design in order to be fully effective?
systems development, operations, and access controls.
management, personnel, and administrative controls.
preventative, detective, and corrective controls.
edit, input verification, and output controls.

There are five types of internal controls. They are preventive, detective, corrective,
directive, and compensating. The first three are the ones designed into the system.

Question 23:
(1E1-AT04)

Segregation of duties is a fundamental concept in an effective system of internal

control. Nevertheless, the internal auditor must be aware that this safeguard can be
compromised through:
absence of internal auditing.
collusion among employees.
irregular employee reviews.
lack of training of employees.

Effective segregation of duties means that no single employee has control over
authorization, recording and custody. If two or more employees are in collusion,
these controls can be overridden.

Question 24:
(1E1-LS15)

Which of the following is an example of a completeness control?

Pre-numbered forms that allow for reconciliation of form numbers against
shipping reports.
Facilities utilization reports.
Thorough training on proper accounting classes to which transactions should be
posted.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 8/18
12/27/2015 Wiley CMA Test Bank Part 1

Employees time sheets that must be completed before employees can receive
their paychecks.

Completeness controls are measures taken to account for all transactions. Poor
control over blank forms, blank checks, or unnumbered forms can provide access to
assets and allow transfers to unauthorized personnel.

Question 25:
(1E1-LS24)

Which of the following are responsibilities of management?

I. Aid in the choice of accounting methods and policies.

II. Document internal control procedures.
III. Sign quarterly and annual financial reports.
IV. Choose the auditor and approve auditor compensation.
V. Review the auditor's suggestions for improved internal controls.

I, II, III, and V only.

I, III, IV, and V only.
I, II, III, IV, and V.
I and IV only.

Management must document internal control procedures and provide a written

assessment within 90 days prior to the publication of annual reports on the
effectiveness of the internal control structure and procedures. In addition,
management must sign quarterly and annual financial reports, and the chief
executive officer must sign tax returns. The audit committee of the board of
directors, not management, chooses the auditor and approves auditor
compensation.

Question 26:
(1E1-LS40)

In order to properly segregate duties, which function within the computer department
should be responsible for reprocessing the errors detected during the processing of
data?

* Source: Retired ICMA CMA Exam Questions.

Computer programmer.
Systems analyst.
Department manager.
Data control group.

To properly segregate duties, the data control group should be responsible for
reprocessing the errors detecting during the processing of data within the computer
department.

Question 27:
(1E1-LS20)

Which of the following are required under the Foreign Corrupt Practices Act (FCPA)?
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 9/18
12/27/2015 Wiley CMA Test Bank Part 1

I. A firm must design internal control procedures.

II. A firm must have an internal audit department.
III. Transactions must be executed with management's authorization.
IV. Access to assets must be authorized.

I, II, III, and IV.

I, III, and IV only.
I and III only.
I and II only.

The FCPA does not require a firm to have an internal audit department.

Question 28:
(1E1-AT05)

A company's management is concerned about computer data eavesdropping and

wants to maintain the confidentiality of its information as it is transmitted. The
company should utilize:
data encryption.
password codes.
dial back systems.
message acknowledgment procedures.

Data encryption, which uses secret codes, ensures that data transmissions are
protected from unauthorized tampering or electronic eavesdropping.

Question 29:
(1E1-LS11)

Which of the following are objectives of internal controls?

I. Reliability of financial reports

II. Guarantees against fraud
III. Effectiveness of operations
IV. Efficiency of operations
V. Compliance with applicable laws and regulations

I, II, III, IV, and V.

I, III, IV, and V only.
I, III, and V only.
I, II, and IV only.

Internal controls cannot guarantee that fraud will not be perpetrated.

Question 30:
(1E1-LS12)

Which of the following statements is true?

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 10/18
12/27/2015 Wiley CMA Test Bank Part 1

Control procedures can completely make up for careless employees.

Control procedures are ineffective if employees are not all highly educated and
trained.
Hiring, promoting, and training competent personnel are integral to an efficient
control environment.
Higher-paid employees tend to follow control procedures more carefully and
consistently.

Hiring, promoting, and training competent personnel are integral to an efficient

control environment. However, control procedures will not be ineffective without
this, and adherence to control procedures does not necessarily follow with higher
levels of education or pay.

Question 31:
(1E1-AT07)

Which of the following best describe the interrelated components of a system of

internal control?
organizational structure, management philosophy, and planning.
control environment, risk assessment, control activities, information and
communication systems, and monitoring.
risk assessment, backup facilities, responsibility accounting, and natural laws.
personnel practices and policies, authorization, and segregation of duties.

The five interrelated components or elements of internal control as defined in the

1992 Committee of Sponsoring Organizations Model are the control environment,
risk assessment, control activities, information and communication, and monitoring.

Question 32:
(1E1-LS41)

Which one of the following methods, for the distribution of employees' paychecks,
would provide the best internal control for the organization?

* Source: Retired ICMA CMA Exam Questions.

Distribution of paychecks directly to each employee by a representative of the

Human Resource department.
Direct deposit in each employee's personal bank account.
Delivery of the paychecks to each department supervisor, who in turn would
distribute paychecks directly to the employees in his/her department.
Distribution of paychecks directly to each employee by the payroll manager.

The best internal control procedure for the distribution of employee paychecks
would be the direct deposit of the paychecks into each employee's personal bank
account. This would allow the organization to maintain control of the payroll
processing function.

Question 33:
(1E1-LS33)

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 11/18
12/27/2015 Wiley CMA Test Bank Part 1

The Sarbanes-Oxley Act of 2002 (SOX) established increased requirements for audit
committees. These requirements include all of the following except:
the audit committee is responsible for selecting the external auditor.
the audit committee must consist of independent directors.
the audit committee must have at least one financial expert.
the CEO of the company can be a member of the audit committee.

Audit committees need independent directors with sophisticated financial

backgrounds. SOX requires that the audit committee consist entirely of directors
who are independent of the issuer, meaning that they cannot accept any consulting,
advisory, or other compensatory fee from the issuer or be affiliated with the issuer or
any of its subsidiaries. At least one of the audit committee members should qualify
as a "financial expert."

Question 34:
(1E1-LS30)

Which statement is not a requirement of PCAOB Auditing Standard No. 5?

Requires auditors to follow a rules-based approach to determine the extent of
audit testing.
Requires auditors to follow a risk-based approach to the development of auditing
procedures.
Requires the auditors to follow prescribed approaches to perform the audit.
Requires auditors to scale the audit to the size of the organization.

PCAOB Auditing Standard No. 5 requires auditors to follow a risk-based approach to

the development of auditing procedures and performing a Section 404 audit. It also
requires the auditor to scale the audit to the size of the organization under audit, and
to follow a principles-based approach to determine when and to what extent he or
she can rely on the work of others.

Question 35:
(1E1-CQ01)

A firm is constructing a risk analysis to quantify the exposure of its data center to
various types of threats. Which one of the following situations would represent the
highest annual loss exposure after adjustment for insurance proceeds?
Frequency of occurrence: 100 years, Loss Amount: $400,000, Insurance coverage:
50%.
Frequency of occurrence: 8 years, Loss Amount: $75,000, Insurance coverage:
80%.
Frequency of occurrence: 20 years, Loss Amount: $200,000, Insurance coverage:
80%.
Frequency of occurrence: 1 year, Loss Amount: $15,000, Insurance coverage: 85%.

The exposure is the same as the expected loss, which is calculated by taking the
"Frequency of Occurrence," multiplying it by the loss amount, and then multiplying
that by one minus the "Insurance % coverage" rate.
Expected loss = (frequency of occurrence) (loss amount) (1 — % insurance coverage)

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 12/18
12/27/2015 Wiley CMA Test Bank Part 1

For the 1 year frequency: the expected loss = (1/1)($15,000)(1 — 0.85) = $2,250.
For the 8 year frequency: the expected loss = (1/8)($75,000)(1 — 0.8) = $1,875.
For the 20 year frequency: the expected loss = (1/20)($200,000)(1 — 0.8) = $2,000.
For the 100 year frequency: the expected loss = (1/100)($400,000)(1 — 0.5) = $2,000.
$2,250 represents the highest annual loss exposure after adjusting for insurance
proceeds.

Question 36:
(1E1-LS17)

Inherent risk is the risk

that internal controls will not be followed.
that an internal audit will not uncover incidents where controls have not been
followed.
that the business will naturally experience, regardless of internal controls.
that measures the effectiveness of a firm's internal controls.

Inherent risk is the normal risk of the business, such as the risk of droughts for
farmers or the risk of a recession.

Question 37:
(1E1-AT12)

When management of the sales department has the opportunity to override the
system of internal controls of the accounting department, a weakness exists in:
information and communication.
monitoring.
risk management.
the control environment.

The control environment includes the attitude of management toward the concept
of controls.

Question 38:
(1E1-AT11)

Under the Sarbanes-Oxley Act of 2002, companies are now required to implement anti-
fraud programs and controls that they evaluate on an annual basis as part of their
integrated audit. A common component of such anti-fraud programs and controls is
the effective design and implementation of codes of ethics and conduct. Which one of
the following is not a characteristic of the operating effectiveness of a code of
conduct?
The existence of a plan to communicate the code of conduct to all (or covered)
employees of the company.
Audit committee involvement and oversight of non-compliance with the
company's code of conduct.
Lack of employee training in the company's code of conduct upon hiring and
periodically thereafter.
The existence of an appropriate "hot-line" or whistle blowing to report any
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 13/18
12/27/2015 Wiley CMA Test Bank Part 1

violations with the company's code of conduct.

Lack of employee training in the company's code of conduct upon hiring and
periodically thereafter is not a characteristic of operating effectiveness of a code of
conduct.

Question 39:
(1E1-LS25)

Which of the following are provisions of the Sarbanes-Oxley Act?

I. The board of directors of an issuer must appoint an audit committee.

II. Management must certify financial statements.
III. Management must provide a written report on the effectiveness of
internal control procedures within 90 days of the publication of the annual
report.
IV. A public accounting firm may not audit the books of an issuer of public
securities if any officer or director of the issuer was employed by the public
accounting firm and participated in any audit activity with the issuer
within one year.

I, II, and IV only.

I, II, III, and IV.
II and IV only.
IV only.

All of the listed requirements are provisions of the Sarbanes-Oxley Act.

Question 40:
(1E1-LS39)

Time Spent: 3:08 48 Answered Score 25% Restart End

Which one of the following functions performed in an organization is a violation of
0
internal control?
Unanswered

* Source: Retired ICMA CMA Exam Questions.

The General Ledger clerk compares the summary journal entry, received from the
Cashier for cash receipts applicable to outstanding accounts, with the batch total
for posting to the Subsidiary Ledger by the Accounts Receivable clerk.
A mail clerk opening the mail compares the check received with the source
document accompanying the payment, noting the amount paid, then forwards
the checks daily (along with a listing of the cash receipts) to the Cashier for
deposit.
A mail clerk opening the mail compares the check received with the source
document accompanying the payment, noting the amount paid, then forwards
the source documents that accompany the payments (along with a listing of the
cash receipts) to Accounts Receivable, on a daily basis, for posting to the
subsidiary ledger.
At the end of the week the Cashier prepares a deposit slip for all of the cash
receipts received during the week.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 14/18
12/27/2015 Wiley CMA Test Bank Part 1

Internal controls should have effective separation of duties to prevent fraudulent

activities to occur. From the examples provided, a cashier preparing a deposit slip for
all of the cash receipts received during the week is a clear violation of internal
control.

Question 41:
(1E1-AT14)

The Sarbanes-Oxley Act has multiple sections that outline management's

responsibility regarding:
required education for chief financial officers.
the purchase of securities.
long-term strategic planning.
internal controls and external reporting.

Section 404 of the 2002 Sarbanes-Oxley Act requires management to establish and
document internal control procedures and to provide a written assessment within 90
days prior to publication of annual reports of the effectiveness of the internal control
structure and procedures. Section 906 of the act requires management certification
of the financial statements.

Question 42:
(1E1-LS27)

The Sarbanes-Oxley Act of 2002 increased management's responsibility for accurate

financial reporting. Which of the following is not a requirement of Section 404 of the
Sarbanes-Oxley Act?
Document management's assessment of the effectiveness of the internal control
structure and procedures.
Document management's responsibility for establishing adequate internal
control policies.
Document management's responsibility to refuse to accept contracts or business
through the payment of bribes.
Document management's responsibility for maintaining adequate internal
control policies.

The 1977 Foreign Corrupt Practices Act forbids companies from accepting contracts
or business through the payment of bribes to foreign governments. The other
answers are all requirements of SOX Section 404.

Question 43:
(1E1-LS43)

A public corporation that must meet the provisions of the Foreign Corrupt Practices
Act of 1977 should have a compliance program that includes all of the following steps
except:

* Source: Retired ICMA CMA Exam Questions.

a cost/benefit analysis of the controls and the risks that are being minimized.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 15/18
12/27/2015 Wiley CMA Test Bank Part 1

an authorized and properly signed agreement that it will abide by the Act.
a system of quality checks to evaluate the internal accounting control system.
documentation of the corporation's existing internal accounting control systems.

A compliance program to meet the provisions provided in the Foreign Corrupt

Practices Act of 1977 include documentation of the corporation's existing internal
accounting control systems, a cost/benefit analysis of the controls and the risks that
are being minimized, and a system of quality checks to evaluate the internal
accounting control system.

Question 44:
(1E1-LS13)

Which of the following is an example of segregation of duties?

The person who takes the order from a customer enters the order into the system
and supervises the shipment of the product.
The president of a small company is able to access payroll records and adjust
entries.
A clerk in the order department does not have access to the products and
therefore cannot ship products to customers.
The shipping manager can access the order-entry computer software and enter
an order.

One of the purposes of segregation of duties is to safeguard assets. If the same

person can enter an order and then ship it, he or she may be able to steal product by
shipping to him or herself or an accomplice.

Question 45:
(1E1-LS31)

PCAOB Auditing Standard No. 5 requires auditors to follow a top-down, risk

assessment (TDRA) approach to auditing financial statements and internal controls.
Which item is not one of the steps in TDRA?
Identifying insignificant accounts or disclosures.
Identifying material misstatement risks within these accounts or disclosures.
Determining which transaction-based controls compensate for possible entity-
level control failures.
Determining which entity-level controls sufficiently address the risks.

TDRA is a hierarchical approach that applies specific risk factors to determine the
scope of work and evidence required in the assessment of internal controls. The
steps in TDRA are:

1. Identifying significant accounts or disclosures.

2. Identifying material misstatement risks within these accounts or disclosures.
3. Determining which entity-level controls sufficiently address the risks.
4. Determining which transaction-based controls compensate for possible entity-
level control failures.
5. Determining the nature, extent, and timing of evidence gathering tests needed

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 16/18
12/27/2015 Wiley CMA Test Bank Part 1

to complete the assessment of the internal controls.

Question 46:
(1E1-LS37)

When assessing a company's internal control structure policies and procedures, the
primary consideration is whether they:

* Source: Retired ICMA CMA Exam Questions.

affect the financial statement assertions.

reflect management's philosophy and operating style.
prevent management override.
relate to the control environment.

The primary consideration when assessing a company's internal control structure

policies and procedures is whether they affect the financial statement assertions.

Question 47:
(1E1-LS42)

Which one of the following would be most effective in deterring the commission of
fraud?

* Source: Retired ICMA CMA Exam Questions.

Hiring ethical employees, employee training, and segregation of duties.

Policies of strong internal control and punishments for unethical behavior.
Employee training, segregation of duties, and punishment for unethical behavior.
Policies of strong internal control, segregation of duties, and requiring
employees to take vacations.

The most effective policy to deter the commission of fraud is to provide policies of
strong internal control, segregation of duties, and requiring employees to take
vacations.

Question 48:
(1E1-LS32)

Internal controls are designed to provide reasonable assurance of achieving a

corporation's control objectives. Several factors may present inherent limitations to
otherwise well-designed policies and procedures. Which one of the following is not a
factor that limits the effectiveness of internal controls?
Management override.
Segregation of duties.
Carelessness.
Collusion.

Certain human factors or exceptions may present inherent limitations to otherwise

well-designed and well-supported control policies and procedures. The major ones
are management override of controls and collusion between employees and

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 17/18
12/27/2015 Wiley CMA Test Bank Part 1

between employees and outsiders. Other inherent weaknesses are carelessness,

misunderstandings, and the cost/benefit nature of controls.

Back to Top Restart Study Session End Study Session

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 18/18