Multiply Choice
1. Which of the following is NOT a requirement in management’s report on the effectiveness of internal controls over financial reporting?
a. A statement of management’s responsibility for establishing and maintaining adequate internal Control user satisfaction.
b. A statement that the organization’s internal auditors have issued an attestation report on management’s assessment of the company’s internal controls.
c. A statement identifying the framework management uses to conduct its assessment of internal controls.
d. An explicit written conclusion as to the effectiveness of internal control over financial reporting.

2. Which of the following is NOT an implication of Section 302 of SOX?
a. Auditors must determine whether changes in internal control have materially affected, or are likely to materially affect, internal control over financial reporting.
b. Auditors must interview management regarding significant changes in the design or operation of internal control that occurred since the last audit.
c. Corporate management (including the CEO) must certify monthly and annually their organization’s internal controls over financial reporting.
d. Management must disclose any material changes in the company’s internal controls that have occurred during the most recent fiscal quarter.

3. Which of the following statements is true?
a. Both the SEC and the PCAOB require the use of the COSO framework.
b. Both the SEC and the PCAOB require the COBIT framework.
c. The SEC recommends COBIT, and the PCAOB recommends COSO.
d. Any framework can be used that encompass all of COSO’s general themes.
e. Both c and d are true.

4. Which of the following is NOT a control implication of distributed data processing?
a. redundancy
b. user satisfaction
c. incompatibility
d. lack of standards

5. Which of the following disaster recovery techniques may be least optimal in the case of a widespread natural disaster?
a. empty shell
b. ROC
c. internally provided backup
d. they are all equally beneficial

6. Which of the following is NOT a potential threat to computer hardware and peripherals?
a. low humidity
b. high humidity
c. carbon dioxide fire extinguishers
d. water sprinkler fire extinguishers

7. Computer accounting control procedures are referred to as general or application controls. The primary objective of application controls in a computer environment is to
a. ensure tint me computer system operates efficiently.
b. ensure the validity, completeness, and accuracy of financial transactions.
c. provide controls over the electronic functioning of the hardware.
d. plan for the protection of the facilities and backup for the systems.

8. Which of the following is NOT a task performed in the audit planning phase?
a. reviewing an organization’s policies and practices
b. determining the degree of reliance on controls
c. reviewing general controls
d. planning substantive testing procedures

9. Which of the following risks does the auditor least control?
a. inherent risk
b. control risk
c. detection risk
d. all are equally controllable

10. Which of the following would strengthen organizational control over a large-scale data processing center?
a. Requiring the user departments to specify the general control standards necessary for processing transactions.
b. Requiring that requests and instructions for data processing services be submitted directly to the computer operator in the data center.
c. Having the database administrator report to the manager of computer operations.
d. Assigning maintenance responsibility to the original system designer who best knows its logic.
e. None of the above.