






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
coso risk management framework
Typology: Exams
1 / 11
This page cannot be seen from the preview
Don't miss anything!
MT2 Ch 11 Internal Control and COSO Framework
Which of the following is not one of the three primary objectives of effective internal control?
A) assurance of elimination of business risk B) efficiency and effectiveness of operations C) reliability of financial reporting
D) compliance with laws and regulations โโA) assurance of elimination of business risk
"Management typically has three broad objectives in designing an effective internal control system: ... Reliability or reporting... Efficiency and effectiveness of operations... Compliance with laws and regulations." (Pg343, Internal Control Objectives)
Internal controls
A) only apply to SEC companies. B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals. C) are implemented by and are the responsibility of the auditors.
D) guarantee that the company complies with all laws and regulations. โโB) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
"A system of internal control consists of policies and procedures designed to provide management with reasonable assurance that the company achieves its objectives and goals." (Pg343, Internal Control Objectives)
Who is responsible for establishing a private company's internal control?
A) internal auditors B) senior management C) FASB
D) audit committee โโB) senior management
"Management is responsible for establishing and maintaining the entity's internal controls. Management is also required by Section 404 to publicly report on the operating effectiveness of those controls... Management, not the auditor, must establish and maintain the entity's internal controls." (Pg344, Management and Auditor Responsibilities for Internal Control)
Two key concepts that underlie management's design and implementation of internal control are
A) inherent limitations and reasonable assurance. B) absolute assurance and costs. C) costs and materiality.
D) collusion and materiality. โโA) inherent limitations and reasonable assurance.
"Two key concepts underlie management's design and implementation of internal control--reasonable assurance and inherent limitations." (Pg344, Management's Responsibilities for Establishing Internal Control)
The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on
A) the CFO and the independent auditors. B) the company's board of directors. C) the audit committee of the board of directors.
D) management. โโD) management.
Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies? I. Management II. Financial statement auditors
A) Yes, Yes B) Yes, No C) No, Yes
D) No, No โโA) Yes, Yes
A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
An assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company's fiscal year." (Pg345, Management's Section 404 Reporting Responsibilities)
The auditor's primary purpose in auditing the client's system of internal control over financial reporting is
A) to prevent fraudulent financial statements from being issued to the public. B) to report to management that the internal controls are effective in preventing misstatements from appearing on the financial statements. C) to efficiently conduct the Audit of Financial Statements. D) to evaluate the effectiveness of the company's internal controls over all relevant
assertions in the financial statements. โโD) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.
The internal control framework used by most U.S. companies is the ________ framework.
The Sarbanes-Oxley Act requires
A) all public companies to define adequate internal controls. B) all public companies to issue reports on internal controls. C) the auditor of public companies to withdraw from an engagement if internal controls are weak.
D) the auditor of public companies to design effective internal controls. โโB) all public companies to issue reports on internal controls.
An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are
A) the implementation and operating effectiveness of the controls. B) the effectiveness and efficiency of the controls. C) the design and operating effectiveness of the controls.
D) the frequency and effectiveness of the controls. โโC) the design and operating effectiveness of the controls.
Reasonable assurance allows for
A) high likelihood that material misstatements will not be prevented or detected by internal control. B) moderate likelihood that material misstatements will not be prevented or detected by internal control. C) low likelihood that material misstatements will not be prevented or detected by internal controls. D) no likelihood that material misstatements will not be prevented or detected by
internal control. โโC) low likelihood that material misstatements will not be prevented or detected by internal controls.
T/F When a company designs and implements internal controls, the cost of the
controls is not a valid consideration. โโF
Which of the following statements is most correct with respect to separation of duties?
A) Employees who open cash receipts should record the amounts in the subsidiary ledgers. B) Employees who authorize transactions should have recording responsibility for these transactions. C) Employees who authorize transactions should not have custody of the related assets. D) A person who has temporary or permanent custody of an asset should account
for that asset. โโC) Employees who authorize transactions should not have custody of the related assets.
C) develop general controls over technology
D) accountability โโA) consider the potential for fraud
"The four underlying principles related to risk assessment are that the organization should have clear objectives in order to be able to identify and assess the risks relating to those objectives; should determine how the risks should be managed; should consider the potential for fraudulent behavior; and should monitor changes that could impact internal controls." (Pg351; Risk Assessment)
Which of the following is not an underlying principle related to risk assessment?
A) The organization should monitor changes that could impact internal controls. B) The organization should have clear objectives in order to be able to identify and assess the risks relating to the objectives. C) The auditors should determine how the company's risks should be managed.
D) The organization should consider the potential for fraudulent behavior. โโC) The auditors should determine how the company's risks should be managed.
"The four underlying principles related to risk assessment are that the organization should have clear objectives in order to be able to identify and assess the risks relating to those objectives; should determine how the risks should be managed; should consider the potential for fraudulent behavior; and should monitor changes that could impact internal controls." (Pg351; Risk Assessment)
Which of the following is not one of the subcomponents of the control environment?
A) commitment to competence B) adequate separation of duties C) organizational structure
D) management's philosophy and operating style โโB) adequate separation of duties
Proper segregation of functional responsibilities calls for separation of
A) authorization, payment, and recording.
B) authorization, recording, and custody. C) custody, execution, and reporting.
D) authorization, execution, and payment. โโB) authorization, recording, and custody.
Without an effective ________, the other components of the COSO framework are unlikely to result in effective internal control, regardless of their quality.
A) risk assessment policy B) monitoring policy C) system of control activities
D) control environment โโD) control environment
Which of the following statements related to application controls is correct?
A) Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles. B) Application controls relate to all aspects of the IT function. C) Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
D) Application controls relate to the processing of individual transactions. โโD) Application controls relate to the processing of individual transactions.
General controls include all of the following except
A) processing controls. B) online security. C) hardware controls.
D) systems development. โโA) processing controls.
A control that relates to all parts of the IT system is called a(n)
A) systems control. B) general control. C) applications control.
D) universal control. โโB) general control.
A) Application controls are likely to be effective only when general controls are effective. B) Application controls are effective even if general controls are extremely weak. C) General controls have no impact on application controls.
D) None of the above. โโA) Application controls are likely to be effective only when general controls are effective.
The most important output control is
A) review of data for reasonableness by someone who knows what the output should look like. B) control totals, which are used to verify that the computer's results are correct. C) logic tests, which verify that no mistakes were made in processing. D) distribution control, which assures that only authorized personnel receive the
reports generated by the system. โโA) review of data for reasonableness by someone who knows what the output should look like.
"The most important output control is review of the data for reasonableness by someone knowledgeable about the output." (Pg 362; Output Controls)
T/F Auditors must assess the design and implementation of controls for all audits,
including both public and private company audits โโT
Which component does the following principle relate to? "The entity uses relevant, quality information to support the functioning of internal control"
A) Risk assessment B) Information and communication C) Control activities
D) Control environment โโB) Information and communication
Which component does the following principle relate to? "Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action"
A) Information and communication
B) Control environment C) Risk assessment
D) Monitoring โโD) Monitoring
Which component does the following statement relate to? "The entity attracts, develops, and retains competent individuals in alignment with financial reporting and internal control objectives"
A) Control activities B) Control environment C) Risk assessment
D) Monitoring โโB) Control environment
Which of the components does the following statement relate to? "Employees who do not perform assigned internal control responsibilities are held accountable (e.g., fired, demoted, transferred to a new role)"
A) Control environment B) Risk assessment C) Monitoring
D) Control activities โโA) Control environment