Chapter 3—Ethics, Fraud, and Internal Control

TRUE/FALSE

1. The ethical principle of justice asserts that the benefits of the decision should be distributed fairly to
those who share the risks.

ANS: T

2. The ethical principle of informed consent suggests that the decision should be implemented so as to
minimize all of the risks and to avoid any unnecessary risks.

ANS: F

3. Employees should be made aware of the firm’s commitment to ethics.

ANS: T

4. Business ethics is the analysis of the nature and social impact of computer technology, and the
corresponding formulation and justification of policies for the ethical use of such technology.

ANS: F

5. Para computer ethics is the exposure to stories and reports found in the popular media regarding the
good or bad ramifications of computer technology.

ANS: F

6. Source code is an example of intellectual property.

ANS: T

7. Copyright laws and computer industry standards have been developed jointly and rarely conflict.

ANS: F

8. Business bankruptcy cases always involve fraudulent behavior.

ANS: F

9. Defalcation is another word for financial fraud.

ANS: T

10. The trend toward distributed data processing increases the exposure to fraud from remote locations.

ANS: T

11. The external auditor is responsible for establishing and maintaining the internal control system.

ANS: F

12. Segregation of duties is an example of an internal control procedure.

 ANS: T

13. Controls in a computer-based information system are identical to controls in a manual system.

ANS: F

14. Preventive controls are passive techniques designed to reduce fraud.

ANS: T

15. Ethical issues and legal issues are essentially the same.

ANS: F

16. Internal control systems are recommended but not required of firms subject to the Foreign Corrupt
Practices Act.

ANS: F

17. Operations fraud is the misuse or theft of the firm’s computer resources.

ANS: T

18. The Foreign Corrupt Practices Act requires only that a firm keep good records.

ANS: F

19. A key modifying assumption in internal control is that the internal control system is the responsibility
of management.

ANS: T

20. Database management fraud includes altering, updating, and deleting an organization’s data.

ANS: F

21. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.

ANS: T

22. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.

ANS: T

23. Section 404 requires that corporate management (including the CEO) certify their organization’s
internal controls on a quarterly and annual basis.

ANS: F

24. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.

ANS: F
 25. The objective of SAS 99 is to seamlessly blend the auditor’s consideration of fraud into all phases of
the audit process.

ANS: T

MULTIPLE CHOICE

1. Which ethical principle states that the benefit from a decision must outweigh the risks, and that there is
no alternative decision that provides the same or greater benefit with less risk?
a. minimize risk
b. justice
c. informed consent
d. proportionality
ANS: D

2. Individuals who acquire some level of skill and knowledge in the field of computer ethics are involved
in which level of computer ethics?
a. para computer ethics
b. pop computer ethics
c. theoretical computer ethics
d. practical computer ethics
ANS: A

3. All of the following are issues of computer security except

a. releasing incorrect data to authorized
individuals
b. permitting computer operators unlimited
access to the computer room
c. permitting access to data by unauthorized
individuals
d. providing correct data to unauthorized
individuals
ANS: B

4. Which characteristic is not associated with software as intellectual property?

a. uniqueness of the product
b. possibility of exact replication
c. automated monitoring to detect intruders
d. ease of dissemination
ANS: C

5. For an action to be called fraudulent, all of the following conditions are required except
 a. poor judgment
b. false representation
c. intent to deceive
d. injury or loss
ANS: A

6. One characteristic of employee fraud is that the fraud

a. is perpetrated at a level to which internal
controls do not apply
b. involves misstating financial statements
c. involves the direct conversion of cash or
other assets to the employee’s personal
benefit
d. involves misappropriating assets in a series of
complex transactions involving third parties
ANS: C

7. Forces which may permit fraud to occur do not include

a. a gambling addiction
b. lack of segregation of duties
c. centralized decision making environment
d. questionable integrity of employees
ANS: C

8. Which of the following best describes lapping?

a. applying cash receipts to a different
customer’s account in an attempt to conceal
previous thefts of funds
b. inflating bank balances by transferring money
among different bank accounts
c. expensing an asset that has been stolen
d. creating a false transaction
ANS: A

9. Operations fraud includes

a. altering program logic to cause the
application to process data incorrectly
b. misusing the firm’s computer resources
c. destroying or corrupting a program’s logic
using a computer virus
d. creating illegal programs that can access data
files to alter, delete, or insert values
 ANS: B

10. Who is responsible for establishing and maintaining the internal control system?
a. the internal auditor
b. the accountant
c. management
d. the external auditor
ANS: C

11. The concept of reasonable assurance suggests that

a. the cost of an internal control should be less
than the benefit it provides
b. a well-designed system of internal controls
will detect all fraudulent activity
c. the objectives achieved by an internal control
system vary depending on the data processing
method
d. the effectiveness of internal controls is a
function of the industry environment
ANS: A

12. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
b. fraud occurs because of collusion between
two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to
make fraudulent journal entries
ANS: C

13. The most cost-effective type of internal control is

a. preventive control
b. accounting control
c. detective control
d. corrective control
ANS: A

14. Which of the following is a preventive control?

a. credit check before approving a sale on
account
b. bank reconciliation
c. physical inventory count
 d. comparing the accounts receivable subsidiary
ledger to the control account
ANS: A

15. A well-designed purchase order is an example of a

a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: A

16. A physical inventory count is an example of a

a. preventive control
b. detective control
c. corrective control
d. feedforward control
ANS: B

17. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: B

18. In balancing the risks and benefits that are part of every ethical decision, managers receive guidance
from each of the following except
a. justice
b. self interest
c. risk minimization
d. proportionality
ANS: B

19. Which of the following is not an element of the internal control environment?
a. management philosophy and operating style
b. organizational structure of the firm
c. well-designed documents and records
d. the functioning of the board of directors and
the audit committee
ANS: C
20. Which of the following suggests a weakness in the internal control environment?
a. the firm has an up-to-date organizational
chart
b. monthly reports comparing actual
performance to budget are distributed to
managers
c. performance evaluations are prepared every
three years
d. the audit committee meets quarterly with the
external auditors
ANS: C

21. Which of the following indicates a strong internal control environment?

a. the internal audit group reports to the audit
committee of the board of directors
b. there is no segregation of duties between
organization functions
c. there are questions about the integrity of
management
d. adverse business conditions exist in the
industry
ANS: A

22. According to SAS 78, an effective accounting system performs all of the following except
a. identifies and records all valid financial
transactions
b. records financial transactions in the
appropriate accounting period
c. separates the duties of data entry and report
generation
d. records all financial transactions promptly
ANS: C

23. Which of the following is the best reason to separate duties in a manual system?
a. to avoid collusion between the programmer
and the computer operator
b. to ensure that supervision is not required
c. to prevent the record keeper from authorizing
transactions
d. to enable the firm to function more efficiently
ANS: C

24. Segregation of duties in the computer-based information system includes

 a. separating the programmer from the
computer operator
b. preventing management override
c. separating the inventory process from the
billing process
d. performing independent verifications by the
computer operator
ANS: A

25. Which of the following is not an internal control procedure?

a. authorization
b. management’s operating style
c. independent verification
d. accounting records
ANS: B

26. The decision to extend credit beyond the normal credit limit is an example of
a. independent verification
b. authorization
c. segregation of functions
d. supervision
ANS: B

27. When duties cannot be segregated, the most important internal control procedure is
a. supervision
b. independent verification
c. access controls
d. accounting records
ANS: A

28. An accounting system that maintains an adequate audit trail is implementing which internal control
procedure?
a. access controls
b. segregation of functions
c. independent verification
d. accounting records
ANS: D

29. Employee fraud involves three steps. Of the following, which is not involved?
a. concealing the crime to avoid detection
 b. stealing something of value
c. misstating financial statements
d. converting the asset to a usable form
ANS: C

30. Which of the following is not an example of independent verification?

a. comparing fixed assets on hand to the
accounting records
b. performing a bank reconciliation
c. comparing the accounts payable subsidiary
ledger to the control account
d. permitting authorized users only to access the
accounting system
ANS: D

31. The importance to the accounting profession of the Foreign Corrupt Practices Act of 1977 is that
a. bribery will be eliminated
b. management will not override the company’s
internal controls
c. firms are required to have an effective
internal control system
d. firms will not be exposed to lawsuits
ANS: C

32. The board of directors consists entirely of personal friends of the chief executive officer. This indicates
a weakness in
a. the accounting system
b. the control environment
c. control procedures
d. this is not a weakness
ANS: B

33. Computer fraud can take on many forms, including each of the following except
a. theft or illegal use of computer-readable
information
b. theft, misuse, or misappropriation of
computer equipment
c. theft, misuse, or misappropriation of assets by
altering computer-readable records and files
d. theft, misuse, or misappropriation of printer
supplies
ANS: D
34. When certain customers made cash payments to reduce their accounts receivable, the bookkeeper
embezzled the cash and wrote off the accounts as uncollectible. Which control procedure would most
likely prevent this irregularity?
a. segregation of duties
b. accounting records
c. accounting system
d. access controls
ANS: A

35. The office manager forgot to record in the accounting records the daily bank deposit. Which control
procedure would most likely prevent or detect this error?
a. segregation of duties
b. independent verification
c. accounting records
d. supervision
ANS: B

36. Business ethics involves

a. how managers decide on what is right in
conducting business
b. how managers achieve what they decide is
right for the business
c. both a and b
d. none of the above
ANS: C

37. All of the following are conditions for fraud except

a. false representation
b. injury or loss
c. intent
d. material reliance
ANS: D

38. The four principal types of fraud include all of the following except
a. bribery
b. gratuities
c. conflict of interest
d. economic extortion
ANS: B
39. The characteristics of useful information include
a. summarization, relevance, timeliness,
accuracy, and completeness
b. relevance, summarization, accuracy,
timelessness, and completeness
c. timeliness, relevance, summarization,
accuracy, and conciseness
d. disaggregation, relevance, timeliness,
accuracy, and completeness
ANS: A

40. Internal control system have limitations. These include

a. possibility of honest error
b. circumvention
c. management override
d. stability of systems
ANS: D

41. Management can expect various benefits to follow from implementing a system of strong internal
control. Which of the following benefits is least likely to occur?
a. reduced cost of an external audit.
b. prevents employee collusion to commit fraud.
c. availability of reliable data for decision-
making purposes.
d. some assurance of compliance with the
Foreign Corrupt Practices Act of 1977.
e. some assurance that important documents and
records are protected.
ANS: B

42. Which of the following situations is not a segregation of duties violation?

a. The treasurer has the authority to sign checks
but gives the signature block to the assistant
treasurer to run the check-signing machine.
b. The warehouse clerk, who has the custodial
responsibility over inventory in the
warehouse, selects the vendor and authorizes
purchases when inventories are low.
c. The sales manager has the responsibility to
approve credit and the authority to write off
accounts.
d. The department time clerk is given the
undistributed payroll checks to mail to absent
employees.
 e. The accounting clerk who shares the record
keeping responsibility for the accounts
receivable subsidiary ledger performs the
monthly reconciliation of the subsidiary
ledger and the control account.
ANS: B

43. Which of the following is not an issue to be addressed in a business code of ethics required by the
SEC?
a. Conflicts of interest
b. Full and Fair Disclosures
c. Legal Compliance
d. Internal Reporting of Code Violations
e. All of the above are issues to be addressed
ANS: E