Вы находитесь на странице: 1из 37

11/4/2017

Wiley CPAexcel - BEC

Custom Assessment Results

11/4/2017

Question 1

(aq.inte.cont.monit.proces.001)

A change control process would likely not include which of the following?

Change request form.

Approval process.

Outsourcing.

Documentation.

You Answered Correctly!

(Correct!) A change control process should include the use of change request forms, an approval

process for changes, and appropriate documentation; however, outsourcing is not part of the

design for a recommended change control process.

Question 2

(aq.inte.cont.monit.proces.003)

Ashley's Tree and Trim has an automated system that monitors system access events and reports

them, in real time, to the IT security manager. This type of monitoring is:

Continuous.

Self.

XBRL-enabled.

Supervisory.

You Answered Correctly!

(Correct!) This monitoring occurs continuously.

Question 3

(AICPA.130517BEC-SIM)

According to the 17 COSO control principles, information quality primarily relates to which

fundamental component of internal control:

11/4/2017

Wiley CPAexcel - BEC

Control activities.

Control environment.

Information and communication.

Monitoring.

You Answered Correctly!

According to the COSO principles, Information and communication primarily relate to the

quality of information supporting controls, and internal and external communications.

Question 4

(aq.intro.coso.int.ctrl.002)

Kentucky Fried Opossums reports annually on its environmental impact to the Commonwealth of

Kentucky. This is an example of:

Internal, financial reporting.

Internal, nonfinancial reporting.

External, financial reporting

External, nonfinancial reporting

You Answered Correctly!

(Correct!) This answer is correct because this is an external report, and it is nonfinancial.

(Environmental impact is not in currency.)

Question 5

(aq.inter.cont.roles.respon.003)

Jiffy Grill has an ERP system. It has assigned responsibility for determining who has what access rights

within the ERP system. This assignment mostly likely was to:

Internal auditors.

Other personnel.

Management

Support functions

11/4/2017

Wiley CPAexcel - BEC

You Answered Correctly!

(Correct!) This answer is correct because support functions are mostly likely to have

responsibility for determining system access.

Question 6

 

(AICPA.130522BEC-SIM)

This fundamental component of internal control is the core or foundation of any system of internal

control.

Control activities.

 

Control environment.

Information and communication.

 

Risk assessment.

 

You Answered Correctly!

The control environment is, "

the

core or foundation of any system of internal control."

Question 7

 

(CGIC-0037)

According to COSO controls systems fail for all of the following reasons except:

They are not designed or implemented properly.

They are properly designed and implemented but environment changes have occurred making

 

the controls ineffective.

They are properly designed and implemented but management overrides them making them

 

ineffective.

They are properly designed and implemented but the way they operate has changed making

 

them ineffective.

You Answered Correctly!

This answer is correct. It is a limitation for all control systems no matter how effectively

designed and implemented.

 

11/4/2017

Wiley CPAexcel - BEC

Question 8

(AICPA.130516BEC-SIM)

According to the 17 COSO control principles, organizational objectives primarily relate to which

fundamental component of internal control:

Control activities.

Control environment.

Risk assessment.

Monitoring.

You Answered Correctly!

According to the COSO principles, risk assessment primarily relates to organizational objectives,

risk assessment, fraud, and change management. Organizational objectives link to risk

assessment since objectives help to define the risks that are to be assessed.

Question 9

(AICPA.130518BEC-SIM)

According to the 17 COSO control principles, change management primarily relates to which

fundamental component of internal control:

Control activities.

Control environment.

Risk assessment.

Monitoring.

You Answered Correctly!

According to the COSO principles, risk assessment primarily relates to organizational objectives,

risk assessment, fraud, and change management.

 

Question 10

(CGIC-0020)

Which of the following internal control components includes the factor of management’s philosophy

and operating style?

11/4/2017

Wiley CPAexcel - BEC

Control activities.

The control environment.

Risk assessment.

Monitoring.

You Answered Correctly!

This answer is correct. Management’s philosophy and operating style is a factor of the control

environment.

Question 11

(aq.oth.reg.fram.gov.007_2017)

A public company audit committee's “financial expert” must have all of the following except:

An understanding of GAAP and financial statements.

Experience in preparing or auditing financial statements of comparable companies and

application of such principles in connection with accounting for estimates, accruals, and

reserves.

Experience with internal auditing controls.

Experience on a public company's compensation committee.

You Answered Correctly!

Correct! SOX does not require that a “financial expert” have experience on a compensation

committee. It does require that she have an understanding of GAAP and GAAS, an ability to

assess the general application of these principles, experience in preparing, auditing, analyzing

or evaluating F/S, an understanding of internal controls and procedures for financial reporting,

and an understanding of audit committee functions.

Question 12

(aq.types.limit.acct.cont.002)

Which of the following is not a limitation of internal control?

Human judgment in decision making may be faulty.

External forces may attack the system.

11/4/2017

Wiley CPAexcel - BEC

Management may override internal control.

Controls may be circumvented by collusion.

You Answered Incorrectly.

This answer is incorrect because this is an acknowledged limitation of internal control.

Question 13

(IFTC-0107)

ABC, Inc. assessed the overall risks of MIS systems projects on two standard criteria: technology used

and design structure. The following systems projects have been assessed on these risk criteria. Which

of the following projects holds the highest risk to ABC?

Technology

Structure

Current

Sketchy

New

Sketchy

Current

Well defined

New

Well defined

You Answered Correctly!

This answer is correct because the project involves both new (more risky than current)

technology and sketchy (more risky than well-defined) structure.

Question 14

(aq.intro.coso.int.ctrl.001)

Gimbly Cricket Corp. created a decision aid, linked to its data warehouse, to enable senior

management to monitor, in real time, changes in oil production at its oil wells in Kazakhstan. This is

an example of:

Internal, financial reporting

Internal, nonfinancial reporting.

11/4/2017

Wiley CPAexcel - BEC

External, financial reporting.

External, nonfinancial reporting.

You Answered Correctly!

(Correct!) This answer is correct because this is an internal report, and it is nonfinancial. (Oil

production is not in currency.)

Question 15

(aq.inter.cont.roles.respon.002)

The IT department at Piggy Parts BBQ has recently learned of phishing attempts that rely on social

engineering to break into its financial systems. Information about these attempts should be

communicated to:

Internal auditors.

Other personnel.

All personnel.

Support functions.

You Answered Correctly!

(Correct!). This answer is correct because information about social engineering efforts to break

into systems should be communicated to all personnel.

Question 16

(AICPA.130523BEC-SIM)

In the COSO "cube" model, this component of internal control enables an organization's people to

identify, process, and exchange the information needed to manage and control operations.

Control activities.

Control environment.

Information and communication.

Risk assessment.

11/4/2017

Wiley CPAexcel - BEC

You Answered Correctly!

Information and communication enables an organization's people to identify, process, and

exchange the information needed to manage and control operations.

Question 17

 

(CGIC-0015)

The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) in

the professional standards includes the reliability of financial reporting, compliance with applicable

laws and

Effectiveness and efficiency of operations.

Effectiveness of prevention of fraudulent occurrences.

Incorporation of ethical business practice standards.

Safeguarding of entity assets.

 

You Answered Correctly!

This answer is correct. The requirement is to identify the reply, which is part of the definition of

internal control developed by the Committee of Sponsoring Organizations (COSO). COSO

defines internal control as a process—effected by an entity’s board of directors, management,

and other personnel—designed to provide reasonable assurance regarding the achievement of

objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and

efficiency of operations, and (3) compliance with applicable laws and regulations.

Question 18

 

(AICPA.101045BEC-SIM)

The original COSO model has

control components, while the COSO ERM model has

control components.

2, 4

4, 8

8, 16

5, 8

11/4/2017

Wiley CPAexcel - BEC

You Answered Correctly!

This answer is correct because the COSO model has 5 control objectives and the COSO ERM

model has 8 control objectives.

 

Question 19

(AICPA.110533BEC-SIM)

Which of the following are reasons that internal controls need to be monitored?

People forget, quit jobs, get lazy, or come to work hung over.

Machines fail.

Advances in technology.

All of the above.

You Answered Correctly!

All of the above are reasons internal controls need to be monitored.

 

Question 20

(aq.cosoerm.004)

Devon Company is using an enterprise risk management system. Management of the company has set

the company's objectives, identified events, and assessed risks. What is the next step in the enterprise

risk management process?

Establish control activities to manage the risks.

Monitor the risks.

Determine responses to the risks.

Identify opportunities.

You Answered Correctly!

(Correct!) This answer is correct because the next step in the process is to determine the risk

responses to the assessed risks.

 

Question 21

11/4/2017

Wiley CPAexcel - BEC

(AICPA.101047BEC-SIM)

Which component of the COSO ERM framework is concerned with management's decision to avoid,

accept, reduce, or share risk and to develop a set of actions to align risk with the entity's risk

preferences?

Control activities.

Event identification.

Risk assessment.

Risk response.

You Answered Incorrectly.

Risk assessment does not include management's decision to avoid, accept, reduce, or share risk

and to develop a set of actions to align risk with the entity's risk preferences.

Question 22

(CGIC-0019)

Which of the following components of internal control encompass policies and procedures that

ensure that management’s directives are carried out?

The control environment.

Monitoring.

Control activities.

Information and communication.

You Answered Incorrectly.

This answer is incorrect. Control activities encompass policies and procedures that ensure that

management’s directives are carried out.

Question 23

(IFTC-0082)

An organization relied heavily on e-commerce for its transactions. Evidence of the organization’s

security awareness manual would be an example of which of the following types of controls?

Preventive.

11/4/2017

Wiley CPAexcel - BEC

Detective.

Corrective.

Compliance.

You Answered Correctly!

This answer is correct because the use of such a manual is designed to prevent breaches of

security.

Question 24

(aq.coso.erm2.002)

Jeffrey Smiggles of Rajon Rondo Sportswear has developed a software application that helps monitor

key production risks at company factories. In order to reduce costs, his approach to monitoring risks

is likely to be:

Monitor all risks using indirect information.

Monitor all risks using direct information.

Monitor more important risks using indirect information and less important risks using direct

information.

Monitor more important risks using direct information and less important risks using indirect

information

You Answered Correctly!

(Correct!) Collecting direct information is often costlier than collecting indirect information.

Hence, to reduce costs, less important risks are likely to be monitored with indirect information.

Question 25

(AICPA.130526BEC-SIM)

This is the process of identifying, analyzing, and managing the risks involved in achieving the

organization's objectives.

Control activities.

Control environment.

Information and communication.

11/4/2017

Wiley CPAexcel - BEC

Risk assessment.

You Answered Correctly!

 

Risk assessment is, "

the

process of identifying, analyzing, and managing the risks involved in

achieving the organization's objectives."

Question 26

 

(AICPA.130515BEC-SIM)

According to the 17 COSO control principles, addressing control deficiencies primarily relates to

which fundamental component of internal control:

Control activities.

 

Control environment.

 

Information and communication.

Monitoring.

 

You Answered Correctly!

 

According to the COSO principles, monitoring primarily relates to establishing ongoing and

periodic evaluations, and addressing control deficiencies.

Question 27

 

(CGIC-0013)

Which of the following factors is not included in the control environment component of internal

control?

 

Commitment to competence.

 

Organizational structure.

Integrity and ethical values.

Information and communication.

You Answered Correctly!

 

This answer is correct. Information and communication is a separate component of internal

control.

 

11/4/2017

Wiley CPAexcel - BEC

 

Question 28

(AICPA.120622BEC)

Which of the following items is one of the eight components of COSO's enterprise risk management

 

framework?

Operations.

Reporting.

Monitoring.

Compliance.

You Answered Correctly!

Monitoring is one of the eight components of COSO's enterprise risk management framework.

 

Question 29

(aq.coso.risk.mgmt.001)

Which of the following components of internal control would encompass the routine controls over

business processes and transactions?

The control environment.

Information and communication.

Control activities.

Risk assessment.

You Answered Correctly!

(Correct!) This answer is correct because control activities, policies, and procedures are

designed to ensure that management's directives are followed.

 

Question 30

(AICPA.120621BEC)

In a large public corporation, evaluating internal control procedures should be the responsibility of

Accounting management staff who report to the CFO.

11/4/2017

Wiley CPAexcel - BEC

Internal audit staff who report to the board of directors.

Operations management staff who report to the chief operations officer.

Security management staff who report to the chief facilities officer.

You Answered Correctly!

The key to recognizing the correctness of this answer is that the question asks who should

engage in "evaluating" internal control procedures (not design or implement control

procedures). Among the offered choices, an independent internal audit staff, i.e., who report to

the board of directors or an audit committee, but not the CFO, are best qualified to monitor and

evaluate internal control procedures.

Question 31

(IFTC-0112)

Controls in the information technology area are classified into the preventive, detective, and

corrective categories. Which of the following is a preventive control?

Contingency planning.

Hash total.

Echo check.

Access control software.

You Answered Correctly!

This answer is correct. A preventive control is designed to prevent a misstatement from

occurring. Access control software prevents unauthorized individuals from gaining access to a

system or application and therefore prevents unauthorized transactions or changes in data.

Question 32

(CGIC-0023)

Which of the following bodies has developed a framework for enterprise risk management?

The Committee of Sponsoring Organizations (COSO).

The American Institute of Certified Public Accountants (AICPA).

The Public Company Accounting Oversight Board (PCAOB).

11/4/2017

Wiley CPAexcel - BEC

The Institute of Risk Management Professionals (IRMP).

You Answered Correctly!

This answer is correct. COSO has developed a framework for enterprise risk management.

 

Question 33

(aq.coso.17prcpls.001)

Management of Johnson Company is considering implementing technology to improve the

monitoring of internal control. Which of the following best describes how technology may be effective

at improving internal control monitoring?

Technology can identify conditions and circumstances that indicate that controls have failed

 

or risks are present.

Technology can ensure that items are processed accurately.

Technology can provide information more quickly.

Technology can control access to terminals and data.

You Answered Correctly!

(Correct!) This answer is correct because monitoring involves collecting information to

determine that controls are working.

 

Question 34

(AICPA.110538BEC)

According to COSO, the use of ongoing and separate evaluations to identify and address changes in

internal control effectiveness can best be accomplished in which of the following stages of the

monitoring-for-change continuum?

Control baseline.

Change identification.

Change management.

Control revalidation/update.

You Answered Correctly!

11/4/2017

Wiley CPAexcel - BEC

Change Identification is the monitoring for change process that would include ongoing and

separate evaluations intended to identify and address changes in internal control effectiveness.

 

Question 35

(aq.coso.erm2.001)

According to the COSO framework, evaluators who monitor controls within an organization should

have which of the following sets of characteristics?

Competence and objectivity.

Respect and judgment.

Judgment and objectivity.

Authority and responsibility.

You Answered Correctly!

(Correct!) COSO indicates that the evaluator must have competence and objectivity. The other

answers are incorrect because they do not describe the desired characteristics.

 

Question 36

(AICPA.101052BEC-SIM)

The goals of risk management include:

aligning risk appetite with strategy.

seizing opportunities through better identification and management.

reducing operational surprises and losses.

all of the above.

You Answered Correctly!

All of the above is the best answer because risk management goals include all of these

 

alternatives.

 

Question 37

(aq.types.limit.acct.cont.001)

11/4/2017

Wiley CPAexcel - BEC

Which of the following is a general control rather than a transaction control activity?

Technology development policies and procedures.

Reconciliations.

Physical controls over assets.

Controls over standing data.

You Answered Correctly!

(Correct!) This answer is correct because technology development policies and procedures are

part of the general controls.

Question 38

(AICPA.130719BEC)

According to COSO, which of the following is a compliance objective?

To maintain adequate staffing to keep overtime expense within budget.

To maintain a safe level of carbon dioxide emissions during production.

To maintain material price variances within published guidelines.

To maintain accounting principles that conform to GAAP.

You Answered Incorrectly.

This answer is incorrect since conforming to GAAP is not a compliance objective; it is a reporting

objective.

Question 39

(aq.inter.cont.roles.respon.001)

According to the COSO internal control framework, if an organization outsources certain activities

within the business to an outside party:

Responsibility also transfers to the outside party.

The responsibilities never transfer to the outsourced party.

The responsibilities only transfer if the outside party explicitly agrees to accept responsibility.

The organization is no longer accountable for the outsourced activities.

11/4/2017

Wiley CPAexcel - BEC

You Answered Correctly!

(Correct!) Activities of an organization may be outsourced, but the responsibilities never transfer

to the outsourced party. Management is never relieved of ultimate responsibility or

accountability.

Question 40

(CGIC-0025)

Which of the following is not an advantage of the employment of an enterprise risk management

(ERM) system?

Helps an organization seize opportunities.

Allows an organization to eliminate all risks.

Improves the deployment of capital.

Reduces operational surprises.

You Answered Correctly!

This answer is correct. An ERM system does not eliminate all risks.

Question 41

(aq.cosoerm.003)

In the COSO enterprise risk management framework, the term risk tolerance refers to

The level of risk an organization is willing to accept.

The acceptable variation with respect to a particular objective.

The risk of an event after considering management's response.

Events that require no risk response.

You Answered Correctly!

(Correct!) This answer is correct because the COSO ERM framework defines risk tolerance as the

acceptable variation with respect to a particular organizational objective.

11/4/2017

Wiley CPAexcel - BEC

 

Question 42

(IFTC-0067)

Which of the following types of control plans is particular to a specific process or subsystem, rather

than related to the timing of its occurrence?

Preventive.

Corrective.

Application.

Detective.

You Answered Correctly!

This answer is correct because application controls apply to a particular application or process.

 

Question 43

(AICPA.101049BEC-SIM)

Recognizing potential impediments to communication between system user and system designer can

be useful in

monitoring control effectiveness.

the tone at the top.

complying with Sarbanes-Oxley section 404.

managing change in the system of internal control.

You Answered Correctly!

This is the best answer because user and design communication issues are more important to

managing changes in the system of internal control than to the processes mentioned in any of

the other answers.

 

Question 44

(AICPA.040213BEC-SIM)

Which of the following is an example of a detective control?

Use of pre-formatted screens for data entry.

11/4/2017

Wiley CPAexcel - BEC

Comparison of data entry totals to batch control totals.

Restricting access to the computer operations center to data-processing staff only.

Employing a file librarian to maintain custody of the program and data files.

You Answered Correctly!

Reconciliation of data entry totals with batch control totals will detect errors made by the data

 

entry clerks.

 

Question 45

(AICPA.101043BEC-SIM)

In the COSO (2011) "cube" model, each of the following are components of internal control except

Monitoring.

Control activities.

Operations control.

Risk assessment.

You Answered Correctly!

Operations control is not a component of internal control in the COSO model.

 

Question 46

(AICPA.101265BEC)

A manufacturing firm noted that it would have difficulty sourcing raw materials locally, so it decided

to relocate its production facilities. According to COSO, this decision represents which of the following

responses to the risk?

Risk reduction.

Prospect theory.

Risk sharing.

Risk acceptance.

You Answered Correctly!

11/4/2017

Wiley CPAexcel - BEC

This best describes the risk management approach taken by the firm. Specifically, because the

firm cannot locally source its raw materials, it is relocating its production facility to reduce the

risk of stock-outs.

 

Question 47

(CGIC-0030)

Which of the following is not a limitation of an enterprise risk management system?

Risk relates to the future that is uncertain.

Collusion among two or more individuals can result in enterprise risk management failure.

Companies cannot avoid risk.

Enterprise risk management is subject to management override.

You Answered Correctly!

This answer is correct. This is a fact that results in the need to have enterprise risk management.

 

Question 48

(AICPA.090774.BEC)

Controls in the information technology area are classified into the categories of preventive, detective,

and corrective. Which of the following is a preventive control?

Contingency planning.

Hash total.

Echo check.

Access control software.

You Answered Correctly!

Access control software is a preventive control.

 

Question 49

(aq.inte.cont.monit.proces.002)

11/4/2017

Wiley CPAexcel - BEC

Jim is responsible for setting system access parameters in Kentucky Fried Opossums' ERP system.

Each month, he reviews any issues related to setting access parameters and writes a report about

them. This type of monitoring is:

Continuous.

Self.

Oversight.

Supervisory.

You Answered Correctly!

(Correct!) This is self-assessment or self-monitoring.

 

Question 50

(AICPA.101044BEC-SIM)

In the COSO "cube" model, each of the following is a control objective except

Compliance.

Monitoring.

Operations.

Reporting.

You Answered Correctly!

Monitoring is correct because it is not a control objective in the COSO model.

 

Question 51

(CGIC-0021)

If internal control is properly designed, the same employee should not be permitted to

Sign checks and cancel supporting documents.

Receive merchandise and prepare a receiving report.

Prepare disbursement vouchers and sign checks.

Initiate a request to order merchandise and approve merchandise received.

11/4/2017

Wiley CPAexcel - BEC

You Answered Incorrectly.

This answer is incorrect because the person requesting the merchandise will be able to

determine whether the appropriate merchandise has been received and should, therefore,

approve its receipt.

 

Question 52

(aq.oth.reg.fram.gov.005_2017)

CFO Mar has been complicit in her public company's accounting fraud. She consults a lawyer as it

becomes time for filing her firm's 10-K with the SEC. She is a little uncomfortable about what she

might have to do. The lawyer will likely tell her that she will have to certify (and be potentially

criminally liable for lying about) all of the following matters except:

That she has reviewed the 10-K.

That her CPA license is active.

That she, along with the CEO, is responsible for establishing and maintaining her company's

 

internal controls.

That she has recently evaluated the effectiveness of the firm's internal controls.

You Answered Correctly!

Correct. This is the one of these four choices that need not be certified. It is a fine thing if Mar is a

CPA and if her license is active, but neither is required by SOX.

 

Question 53

(aq.oth.reg.fram.gov.003_2017)

Public company external audit firms must audit their clients':

Financial statements.

Internal controls.

Financial statements and internal controls.

Neither financial statements nor internal controls.

You Answered Correctly!

11/4/2017

Wiley CPAexcel - BEC

Correct! SOX requires the auditors of public companies to audit both their financial statements

and their internal controls.

 

Question 54

(aq.oth.reg.fram.gov.010_17)

Copyright © 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or

adapted with permission.

Which of the following situations most clearly illustrates a breach of fiduciary duty by one or more

members of the board of directors of a corporation?

A corporation previously has distributed 50% of its earnings as dividends. This year it has

 

annual earnings per share of $2, and the board of directors voted 4 to 1 against paying any

dividend to finance growth.

A director of a corporation who co-owns a computer vendor negotiated the purchase of a

 

computer system by the corporation from the vendor, making a disclosure to the corporation

and the other board members. The purchase price was competitive, and the board (absent the

vendor co-owner) unanimously approved the purchase.

Two directors of a corporation favor business expansion, two oppose it, and the fifth did not

 

attend the meeting. During the five years that the fifth person has been a director, the

individual did not attend two other meetings.

A director who learned that the corporation is thinking of buying retail space in a city

 

personally purchased a vacant building in the same city that would have been suitable for use

by the corporation.

You Answered Correctly!

Correct! This director has breached a fiduciary duty by appropriating a business opportunity (to

acquire retail space) for himself or herself.

 

Question 55

(aq.oth.reg.fram.gov.006_2017)

Public company audit committees must contain which of the following?

A majority of independent directors

An accounting expert

A financial expert

11/4/2017

Wiley CPAexcel - BEC

A legal expert

You Answered Correctly!

Correct! SOX requires that every audit committee of a public company have at least one

“financial expert” with (a) an understanding of GAAP and financial statements; (b) experience in

preparing or auditing financial statements; (c) experience with internal auditing controls; and (d)

an understanding of audit committee functions.

 

Question 56

(aicpa.aq.intro.coso.int.ctrl.003_17)

Which of the following statements is true regarding internal control objectives of information

systems?

Primary responsibility of viable internal control rests with the internal audit division.

A secure system may have inherent risks due to management's analysis of trade-offs identified

 

by cost-benefit studies.

Control objectives primarily emphasize output distribution issues.

An entity's corporate culture is irrelevant to the objectives.

You Answered Correctly!

Correct! This is an accurate description. Internal control provides reasonable, not absolute,

assurance. Internal control investments are limited by cost-benefit trade-offs.

 

Question 57

(AICPA.130717BEC)

Which of the following is most useful when risk is being prioritized?

Low and high probability exposures.

Low and high-degree loss exposures.

Expected value.

Uncontrollable risks.

You Answered Correctly!

11/4/2017

Wiley CPAexcel - BEC

This is the best answer of the choices given. An expected value calculates (and integrates) the

likelihood of losses with the amount of losses. Hence, an expected value combines the

information in low and high probability exposures and low and high-degree loss exposures into

a decision-relevant, single, valuable (for decision analysis) number.

 

Question 58

(AICPA.120613BEC)

Which of the following statements presents an example of a general control for a computerized

system?

Limiting entry of sales transactions to only valid credit customers.

Creating hash totals from Social Security numbers for the weekly payroll.

Restricting entry of accounts payable transactions to only authorized users.

Restricting access to the computer center by use of biometric devices.

You Answered Correctly!

Restricting access to the computer center is an example of a general control.

 

Question 59

(aq.cosoerm.001)

Enterprise risk management considers how much risk the entity is willing to accept in pursuit of its

goals, how the risks are created and mitigated, and how emerging risks will impact the entity.

The amount of risk the entity is willing to accept in pursuit of its goals is referred to as an entity's:

Risk tolerance.

Risk philosophy.

Risk analysis.

Risk appetite.

You Answered Correctly!

(Correct!) The amount of risk the entity is willing to accept in pursuit of its goals is referred to as

an entity's risk appetite. Risk appetite serves as a guide in strategy setting and selecting related

objectives. Risk tolerance is the acceptable level of variation in performance relative to

11/4/2017

Wiley CPAexcel - BEC

achievement of objectives. In setting risk tolerance levels, management will consider the

importance of the related objectives and align risk tolerance with risk appetite.

 

Question 60

(CGIC-0018)

Which of the following components of internal control are characterized by ongoing activities and

separate evaluations?

The control environment.

Risk assessment.

Monitoring.

Information and communication.

You Answered Correctly!

This answer is correct. Monitoring is characterized by ongoing activities and separate

 

evaluations.

 

Question 61

(AICPA.130723BEC)

Within the COSO Internal Control—Integrated Framework, which of the following components is

designed to ensure that internal controls continue to operate effectively?

Control environment.

Risk assessment.

Information and communication.

Monitoring.

You Answered Correctly!

Monitoring is the core, underlying control component in the COSO ERM model. Its position at the

foundation is not accidental and reflects the importance of monitoring to achieving strong

internal control and effective risk management. Ensuring that internal controls continue to

operate effectively is the primary purpose of monitoring.

11/4/2017

Wiley CPAexcel - BEC

Question 62

(aicpa.aq.inter.cont.roles.respon.004_17)

According to COSO, the presence of a written code of conduct provides for a control environment that

can

Override an entity's history and culture.

Encourage teamwork in the pursuit of an entity's objectives.

Ensure that competent evaluators are implementing and monitoring internal controls.

Verify that information systems are providing persuasive evidence of the effectiveness of

internal controls.

You Answered Correctly!

Correct! A code of conduct helps facilitate shared goals and encourages teamwork.

Question 63

(aicpa.aq.coso.erm2.004_17)

The materials manager of a warehouse is given a new product line to manage with new inventory

control procedures. Which of the following sequences of the COSO internal control monitoring-for-

change continuum is affected by the new product line?

Control baseline but not change management

Change management but not control baseline

Neither control baseline nor change management

Both control baseline and change management

You Answered Correctly!

Correct! This is a substantial change; hence it will affect both the assessment of the control

baseline and assessment of changes in that baseline (i.e., “change management”).

Question 64

(aq.oth.reg.fram.gov.009_17)

Copyright © 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or

adapted with permission.

11/4/2017

Wiley CPAexcel - BEC

Which of the following organizations was established by the Sarbanes-Oxley Act of 2002 to control the

auditing profession?

Information Systems Audit and Control Foundation (ISACF)

IT Governance Institute (ITGI)

Public Company Accounting Oversight Board (PCAOB)

Committee of Sponsoring Organizations (COSO)

You Answered Correctly!

Correct! SOX did create the PCAOB to govern the audit profession.

Question 65

(aq.oth.reg.fram.gov.004_2017)

Every audit committee of a public company must have at least one:

Legal expert who understands the liabilities that public companies can face if they misreport

financial information.

Financial expert who understands GAAP and financial statements.

Ethics expert who is familiar with Immanuel Kant's writings.

Accounting expert who is familiar with the AICPA Code of Professional Conduct.

You Answered Correctly!

Correct! SOX required financial experts (who often have accounting experience), but not legal

experts or “accounting experts” familiar with the AICPA Code.

Question 66

(aicpa.aq.coso.erm2.003_17)

According to COSO, a primary purpose of monitoring internal control is to verify that the internal

control system remains adequate to address changes in

Risks.

The law.

Technology.

11/4/2017

Wiley CPAexcel - BEC

Operating procedures.

You Answered Incorrectly.

Incorrect. “Risks” is a better answer because it includes monitoring for changes in technology

since changes in technologies is a risk.

 

Question 67

(aq.cosoerm.005)

Kelly Inc. is considering establishing an enterprise risk management system. In advising them in

relation to this initiative, which of the following would you indicate is not a limitation of ERM?

Business objectives are not usually articulated.

The system may break down.

Collusion among two or more individuals can result in system failure.

Enterprise risk management is subject to management override.

You Answered Incorrectly.

This answer is incorrect because system breakdown is a limitation of ERM systems that you

should discuss with Kelly Inc. as part of their planning process.

 

Question 68

(aq.cosoerm.002)

Jarrett Corporation is considering establishing an enterprise risk management system and seeks to

better understand the benefits that they may realize from these efforts. In advising them, which of the

following would you describe as not a benefit of enterprise risk management?

It helps the organization seize opportunities.

It enhances risk response decisions.

It improves the deployment of capital.

It ensures that the organization shares all major risks.

You Answered Correctly!

11/4/2017

Wiley CPAexcel - BEC

(Correct!) This answer is correct because sharing risk is only one way of responding, and this

technique cannot be used for all risks, nor should it be.

 

Question 69

(aicpa.aq.coso.erm.006_17)

According to COSO, which of the following identifies the group directly responsible for the

implementation and development of the enterprise risk management framework?

Management

The board of directors

External auditors

Internal auditors

You Answered Incorrectly.

Incorrect. The board of directors is indirectly, but not directly, responsible for the

implementation and development of the enterprise risk management framework.

 

Question 70

(aq.coso.risk.mgmt.002)

Management of Warren Company has decided to respond to a particular risk by hedging the risk with

futures contracts. This is an example of risk

Avoidance.

Acceptance.

Reduction.

 

Sharing.

You Answered Correctly!

(Correct!) This answer is correct because hedging involves sharing the risk with another party.

Please see the CPAExcel FARs lessons that introduce hedging.

 

Question 71

11/4/2017

Wiley CPAexcel - BEC

(CGIC-0024)

An important benefit of an enterprise risk management system is

Alignment of shareholder returns with management returns.

Alignment of management risk taking with employee risk appetite.

Alignment of management risk taking with shareholder risk appetite.

Alignment of management risk taking with creditor risk appetite.

You Answered Correctly!

This answer is correct. A major aspect of an enterprise risk management system is the alignment

of management risk taking with shareholder risk appetite.

Question 72

(CGIC-0017)

Which of the following is not a factor included in the control environment?

Board of directors or audit committee participation.

Commitment to competence.

Monitoring.

Organizational structure.

You Answered Correctly!

This answer is correct. Monitoring is one of the five interrelated components of internal control,

not a factor of the control environment. The seven control environment factors are as follows:

(1) integrity and ethical values, (2) commitment to competence, (3) human resource policies and

practices, (4) assignment of authority and responsibility, (5) management’s philosophy and

operating style, (6) board of directors or audit committee participation, and (7) organizational

structure.

Question 73

(CGIC-0028)

Layton Company has implemented an enterprise risk management system and has responded to a

particular risk by purchasing insurance. Such a response is characterized by COSO’s Enterprise Risk

11/4/2017

Wiley CPAexcel - BEC

Management Framework as:

Avoidance.

Sharing.

Acceptance.

Reduction.

You Answered Correctly!

This answer is correct. Sharing involves reducing risk likelihood or impact by transferring or

sharing a portion of the risk.

Question 74

(AICPA.130716BEC)

A company's new time clock process requires hourly employees to select an identification number

and then choose the clock-in or clock-out button. A video camera captures an image of the employee

using the system. Which of the following exposures can the new system be expected to change the

least?

Fraudulent reporting of employees' own hours.

Errors in employees' overtime computation.

Inaccurate accounting of employees' hours.

Recording of other employees' hours.

You Answered Incorrectly.

This is bad answer since the system is primarily designed to catch employees' over-reporting,

either due to fraud or errors, of their own hours worked. Therefore, if the employees' hours are

inaccurately recorded, the new system should address this error.

Question 75

(aq.oth.reg.fram.gov.001_2017)

In a public company, which of the following officers must certify that the accuracy of their firms'

financial statements as filed with the SEC?

CEO and CAO

11/4/2017

Wiley CPAexcel - BEC

CAO and CFO

CFO and CEO

CEO and COO

You Answered Correctly!

Correct! SOX requires both the CEO and the CFO, but no other officers, to certify the accuracy of

their firms' audited financial statements when filed with the SEC.

Question 76

(aicpa.aq.coso.17prcpls.003_17)

Employees of an entity feel peer pressure to do the right thing; management appropriately deals with

signs that problems exist and resolves the issues; and dealings with customers, suppliers, employees,

and other parties are based on honesty and fairness. According to COSO, the above scenario is

indicative of which of the following?

Strategic goals

Operational excellence

Reporting reliability

Tone at the top

You Answered Correctly!

Correct! Remember rat-a-tat-tat (Tat—tone at the top). Tone at the top is critical to internal

control; this description evidences a strong tone at the top in this organization.

Question 77

(aq.oth.reg.fram.gov.002_2017)

Public company CEOs and CFOs must certify that:

They are responsible for establishing and maintaining their firm's internal financial controls.

They have hired an excellent auditing firm and have delegated to that firm ultimate

responsibility for the accuracy of financial statements.

They have taken lie detector tests regarding the accuracy of the financial statements.

They are subject to firm codes of ethics policing the accuracy of financial statements.

11/4/2017

Wiley CPAexcel - BEC

You Answered Correctly!

Correct! SOX requires the CEO and CFO to certify, among other things, that they are responsible

for establishing and maintaining their firm's internal financial controls. But it does not require lie

detector tests, or that they promise they have hired an excellent audit firm. Or that they are

subject to a code of ethics policing the accuracy of the financial statements.

 

Question 78

(aq.coso.17prcpls.002)

Henry Higgins of Jiffy Grill has learned that the controller is likely embezzling money to fund an

expensive drug and gambling habit. Ideally, Henry should communicate this information to:

The controller.

 

His boss.

An anonymous hotline set up by Jiffy Grill.

His employees.

You Answered Correctly!

(Correct!) If Jiffy Grill has an anonymous hotline set up for this purpose, then this is the best way

to communicate this information.

 

Question 79

(CGIC-0035)

The component of COSO’s framework for internal control that includes the goal of proper

measurement of transactions is

The control environment.

Control activities.

Information and communication.

Monitoring.

You Answered Correctly!

11/4/2017

Wiley CPAexcel - BEC

This answer is correct. This is one of the goals of the information and communication system.

 

Question 80

(CGIC-0014)

Which statement is not one of the objectives of internal control as included in the definition of

internal control developed by the Committee of Sponsoring Organizations (COSO)?

Asset safeguarding.

Compliance.

Financial reporting.

Operations.

You Answered Correctly!

This answer is correct. Auditing standards include objectives to provide reasonable assurance

regarding the achievement of objectives in three categories: (1) reliability of financial reporting,

(2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and

 

regulations.

 

Question 81

(AICPA.110534BEC-SIM)

Which of the following is the best definition of a compensating control?

A control that accomplishes the same objective as another control.

A condition within an internal control system requiring attention.

The targets against which the effectiveness of internal control are evaluated.

Metrics that reflect critical success factors.

You Answered Correctly!

This is the best answer. It is the definition of a compensating control.

 

Question 82

(aicpa.aq.oth.reg.fram.gov.008_17)

11/4/2017

Wiley CPAexcel - BEC

Copyright © 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or

adapted with permission.

Which of the following statements is correct regarding the requirements of the Sarbanes-Oxley Act of

2002 for an issuer's board of directors?

Each member of the board of directors must be independent from management influence,

based on the member's prior and current activities, economic and family relationships, and

other factors.

The board of directors must have an audit committee entirely composed of members who are

independent from management influence.

The majority of members of the board of directors must be independent from management

influence.

The board of directors must have a compensation committee, a nominating committee, and

an audit committee, each of which is composed entirely of independent members.

You Answered Correctly!

Correct! SOX requires that a public company's entire audit committee be independent.

Question 83

(AICPA.101046BEC-SIM)

Strategic, operations, reporting, and compliance objectives are a part of which of the following

models of internal control?

COBIT.

COSO.

COSO ERM.

All of the above.

You Answered Correctly!

This answer is correct because strategic, operations, reporting, and compliance objectives are

part of this model.