1. Which of the following best explains the relationship between “monitoring” and “information and communication” as the terms are used in the COSO Internal Control framework?
a. Monitoring must be done by an individual, while information and communication must be done by a group.
b. Information and communication must be done by an individual, while monitoring must be done by a group.
c. Monitoring involves ongoing changes to an organization’s internal control plan; information and communication focuses on letting stakeholders know about current internal controls.
d. Information and communication involves ongoing changes to an organization’s internal control plan; monitoring focuses on letting stakeholders know about current internal controls.
2. Which of the following best pairs a specific risk exposure with a category from Brown’s taxonomy?
a. Company sanctions for violation for the Foreign Corrupt Practices Act, legal and regulatory risk
b. Failure to follow proper imprest systems procedures for petty cash, systems risk
c. Failing to give employees proper credit for their accomplishments, credit risk
d. Fundamental flaws in an entity’s marketing plan, market risk
3. A quarterly internal control newsletter published by the CEO’s office would most likely be related to which element(s) of the COSO Internal Control framework?
a. Risk assessment, monitoring
b. Control environment, information, and communication
c. Risk assessment, control environment
d. Monitoring, information, and communication
4. Which of the following is most likely to benefit from a lockbox system as a form internal control?
a. Mortgage lender
b. Convenience store
c. The IRS
d. Home Depot’s corporate office
5. All of the following have a responsibility for promoting strong internal control in organizations except:
a. Independent auditors.
b. Internal auditors.
c. Executive management.
d. Stockholders.