MULTIPLE-CHOICE QUESTIONS
1. Segregation of duties is best achieved in which of the following scenarios?
a. Employees perform only one job, even though they might have access to other records.
b. The internal audit department performs an independent test of transactions throughout the year and reports any errors to departmental managers.
c. The person responsible for reconciling the bank account is responsible for cash disbursements but not for cash receipts.
d. The payroll department cannot add employees to the payroll or change pay rates without the explicit authorization of the personnel department.
2. Which of the following statements about application controls is true?
a. Organizations can have manual application controls or automated application controls, but not a combination of the two.
b. Application controls are intended to mitigate risks associated with data input, data processing, and data output.
c. Application controls are a part of the monitoring component of internal control.
d. Self-checking digits are an output control.
3. Which of the following would be considered an effective implementation of the information and communication component of COSO's updated Internal Control-Integrated Framework?
a. The organization has one-way communication with parties external to the organization.
b. The organization has a whistleblower function that allows parties internal and external to the organization to communicate concerns about possible inappropriate actions in the organization's operations.
c. The organization has a robust process for assessing risks internal and external to the organization.
d. The organization builds in edit checks to determine whether all purchases are made from authorized vendors.
e. All of the above.
4. Which of the following is not a principle of the information and communication component of COSO's updated Internal Control-Integrated Framework?
a. The organization identifies, obtains, and uses relevant information.
b. The organization communicates internally.
c. The organization communicates externally.
d. All of the above.
5. Which of the following would not be considered an effective implementation of the monitoring component of COSO's updated Internal Control-Integrated Framework?
a. Internal audit periodically performs an evaluation of internal controls that have been documented and tested in prior years.
b. Management reviews current economic performance against expectations and investigates to determine causes of significant deviations from the expectations.
c. The company implements software that captures all instances in which the underlying program is designed to capture processed transactions that exceed company-authorized limits.
d. The company builds in edit checks to determine whether all purchases are made from authorized vendors.
6. Which of the following is the most accurate statement related to the monitoring component of COSO's updated Internal Control-Integrated Framework?
a. Monitoring is a process that is relevant only to the control activities component of COSO's updated Internal Control-Integrated Framework.
b. Separate evaluations are more timely than ongoing evaluations in identifying control deficiencies.
c. Monitoring is a process that provides feedback on the effectiveness of each component of internal control.
d. Monitoring includes automated edit checks to determine whether all purchases are made from authorized vendors.
7. Assume that an organization sells software. The sales contracts with the customers often have nonstandard terms that impact the timing of revenue recognition. Thus, there is a risk that revenue may be recorded inappropriately. To mitigate that risk, the organization has implemented a policy that requires all nonstandard contracts greater than $1 million to be reviewed on a timely basis by an experienced and competent revenue accountant for appropriate accounting, prior to the recording of revenue. Management tested this control and found several instances in which the control was not working. Management has classified this deficiency as a material weakness. Which of the following best describes the conclusion made by management?
a. There is more than a remote possibility that a material misstatement could occur.
b. The likelihood of misstatement is reasonably possible.
c. There is more than a remote possibility that a misstatement could occur.
d. There is a reasonable possibility that a material misstatement could occur.
e. There is a reasonable possibility that a misstatement could occur.
8. Which one of the following represents a control deficiency?
a. A missing control that is required for achieving objectives.
b. A control that operates as designed.
c. A control that provides reasonable, but not absolute assurance, about the reliability of financial reporting.
d. An immaterial individual misstatement in internal control.