Tải bản đầy đủ

Test bank accounting information system by turner 03 chapter

To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

ACCOUNTING INFORMATION SYSTEMS
CONTROLS AND PROCESSES
TURNER / WEICKGENANNT
CHAPTER 3: Fraud, Ethics, and Internal Control
TEST BANK – CHAPTER 3 – TRUE / FALSE
1. When management does not act ethically, fraud is more likely to occur.
2. In the Phar-Mor fraud case, management did not write or adopt a code of ethics.
3. Maintaining high ethics can help prevent fraud but will not help to detect fraud.
4. Due to management’s responsibility to monitor operations by examining reports that
summarize the results of operations, it is necessary that the system provide timely and
accurate information.
5. In order to fulfill the obligations of stewardship and reporting, management has to create a
code of ethics.
6. In most cases, a fraud will include altering accounting records to conceal the fact that a theft
has occurred.
7. According to the 2004 Report to the Nation by the Association of Certified Fraud Examiners,
the estimate of losses due to fraud would total approximately $2,800 per employee.
8. The most common method for detecting occupational fraud is a tip – from an employee, a
customer, vendor, or anonymous source.

9. Defalcation and internal theft are names that refer to the misstatement of financial records.
10. The three conditions that make up the fraud triangle are theft, concealment, and conversion.
11. A good set of internal controls may not be as effective in reducing the chance of management
fraud as it would be in reducing the change of fraud committed by an employee.
12. The most effective measure to prevent management fraud is to establish a professional
internal audit staff that periodically checks up on management and reports directly to the audit
committee of the board of directors.
13. Collusion between employees is one of the easiest frauds to detect and prevent.
14. Collusion can make it much easier to commit and conceal a fraud or theft, even when proper
internal controls are in place.
15. Customer fraud is a common problem for companies that sell merchandise online.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

16. Collusion can occur only when two employees who work for the same firm conspire to
circumvent the internal controls to commit fraud or theft.
17. A vendor audit occurs when a vendor examines the books and records of a customer.
18. Industrial espionage can occur with or without the use of a computer.
19. It is necessary to use a computer to accomplish software piracy.
20. A hacker is someone who has gained unauthorized access to the computer and must be
someone outside the organization.
21. If an organization has the policy of allowing employees to work from home via
telecommunications, they could be opening themselves up to an opportunity for a hacker to
break-in to their network.
22. E-mail spoofing is more of an irritation to an organization that a fraud threat.
23. In order for a code of ethics to reduce opportunities for managers and employees to commit
fraud, it is necessary that management emphasizes this code. Punishment related to violations
of the code are not necessary.
24. It is not always possible to avoid all mistakes and frauds because there will always be human
error, human nature, and it is not always cost-effective to close all the holes.
25. The risk assessment is the foundation for all other components of internal control and provides
the discipline and structure of all other components.
26. Companies that reward management with incentives to achieve a growth in earnings is
running the risk that management will also have more motivation and pressure to falsify the
financial statements to show the higher amounts.
27. The tone at the top of the organization tends to flow through the entire organization and
affects behavior at all levels.
28. A poor control environment can be overcome if the remaining components of internal control
are strong.


29. The difference between a general authorization and a specific authorization is that with a
general authorization, a transaction is allowed if it falls within specified parameters, whereas
with a specific authorization, explicit authorization is needed for that singe transaction to be
completed.
30. When safeguarding assets, there is no trade-off between access and efficiency.
31. Independent checks can serve as a preventive control in that they uncover problems in the
data or the processing.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

32. Feedback needed by management to assess, manage, and control the efficiency and
effectiveness of the operations of an organization relates to both financial and operational
information.
33. A sophisticated accounting system will provide the necessary accurate and effective feedback
needed by management to assess, manage and control the operations of an organization.
34. Auditing, a monitoring activity, takes place only on a periodic basis.
35. It is not possible to have an internal control system that will provide absolute assurance.
36. Computer systems increase the efficiency and effectiveness of an organization but also
increases their vulnerability.
37. The risks related to computerized systems are adequately covered by the COSO internal
control report.
38. The acronym COBIT stands for Control Objectives for Information Technology, an extensive
framework of information technology controls developed by Information Systems Audit and
Control Association.
39. The AICPA and the Canadian Institute of Chartered Accountants worked together to develop
IT guidelines, commonly referred to as COBIT.
40. The risk related to confidentiality category of Trust Principles is that confidential information
about the company or its business partners may be subject to unauthorized access during its
transmission or storage in the IT system.
ANSWERS TO TEST BANK - CHAPTER 3 – TRUE / FALSE:
1.
2.
3.
4.
5.
6.
7.
8.

T
F
F
T
F
T
F
T

9.
10.
11.
12.
13.
14.
15.
16.

F
F
T
T
F
T
T
F

17.
18.
19.
20.
21.
22.
23.
24.

F
T
T
F
T
T
F
T

25.
26.
27.
28.
29.
30.
31.
32.

F
T
T
F
T
F
F
T

33.
34.
35.
36.
37.
38.
39.
40.

F
F
T
T
F
T
F
T


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

TEST BANK – CHAPTER 3 – MULTIPLE CHOICE
41. The
A.
B.
C.
D.

chance for fraud or ethical lapses will not be reduced if management:
Emphasizes ethical behavior.
Models ethical behavior.
Hires ethical employees.
Is unethical.

42. The
A.
B.
C.
D.

Phar-Mor fraud began when management:
Forgot to change the budgeted figures that had been incorrectly computed.
Attempted to make the actual net income match the budgeted amounts.
Overstated their expenses to cover amounts embezzled from the company.
Understated the revenue in order to reduce the tax payable to the IRS.

43. Each of the following companies was involved in fraudulent financial reporting during 2001 and
2002, except:
A. Adelphia Communications Corporation.
B. Microsoft Corporation.
C. Enron Corporation.
D. Xerox Corporation.
44. In addition to ethical practices, management has an obligation to maintain a set of processes
and procedures to assure accurate financial reporting and protection of company assets. This
obligation arises because:
A. Many groups have expectations of management.
B. Management has a stewardship obligation to investors.
C. Management has an obligation to provide accurate reports to non-investors.
D. All of the above are reasons for the obligation.
45. The careful and responsible oversight and use of the assets entrusted to management is
referred to as:
A. Ethics.
B. Internal Control.
C. Stewardship.
D. Confidentiality.
46. A process, effected by an entity’s board of directors, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives related to
the effectiveness and efficiency of operations, reliability of financial reporting, and compliance
with applicable laws and regulations is:
A. COSO’s definition of internal control.
B. AICPA’s definition of stewardship.
C. ACFE’s definition of confidentiality.
D. IMA’s definition of competency.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

47. If an organization’s IT systems are not properly controlled, they may become exposed to the
risks of:
A. Unauthorized access.
B. Erroneous processing.
C. Service interruption.
D. All of the above.
48. A set of documented guidelines for moral and ethical behavior within an organization is termed
a(n):
A. Accounting Information System.
B. Code of Ethics.
C. Internal Control.
D. Sarbannes-Oxley.
49. Which individual or group has the responsibility to establish, enforce, and exemplify the
principles of ethical conduct within an organization?
A. Board of Directors
B. Securities and Exchange Commission
C. Management
D. Audit Committee
50. The theft, concealment, and conversion of personal gain of another’s money, physical assets,
or information is termed:
A. Defalcation.
B. Skimming.
C. Larceny.
D. Fraud.
51. An example of concealment would include:
A. Changing the payee on a check improperly paid by the organization.
B. Selling a piece of inventory that has been stolen.
C. Stealing money from an organization before the related sale and cash receipt has been
recorded.
D. All of the above are examples of concealment.
52. Changing the accounting records to hide the existence of a fraud is termed:
A. Theft.
B. Conversion.
C. Collusion.
D. Concealment.
53. The
A.
B.
C.
D.

definition of fraud includes the theft of:
Assets.
Money.
Information.
All of the above.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

54. The
A.
B.
C.
D.

theft of any item of value is referred to as:
Fraudulent financial reporting.
Misappropriation of assets.
Misstatement of financial records.
Earnings management.

55. Financial pressures, market pressures, job-related failures, and addictive behaviors are all
examples of which condition of the Fraud Triangle?
A. Opportunity
B. Conversion
C. Incentive
D. Rationalization
56. Circumstances that provide access to the assets or records that are the objects of the
fraudulent activity describes which condition of the Fraud Triangle?
A. Rationalization
B. Incentive
C. Concealment
D. Opportunity
57. Fraudsters typically try to justify their behavior by telling themselves that they intend to repay
the amount stolen or that they believe the organization owes them the amount stolen. This
justification is referred to as:
A. Opportunity.
B. Rationalization.
C. Incentive.
D. Concealment.
58. According to the authors of this textbook, which of the following is not one of general
categories of people who commit fraud?
A. Employees
B. Government Agencies
C. Customers
D. Management
59. The
A.
B.
C.
D.

falsification of accounting reports is referred to as:
Defalcation.
Internal Theft.
Misappropriation of Assets.
Earnings Management.

60. Management fraud may involve:
A. Overstating expenses.
B. Understating assets.
C. Overstating revenues.
D. Overstating liabilities.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

61. Management misstatement of financial statements often occurs in order to receive indirect
benefits such as:
A. Decreased income taxes.
B. Delayed cash flows.
C. Increased stock prices.
D. Increased dividends.
62. Management circumvention of systems or internal controls that are in place is termed:
A. Management override.
B. Management collusion.
C. Management stewardship.
D. Management manipulations.
63. The
A.
B.
C.
D.

theft of assets by a non-management employee is termed:
Inventory theft.
Employee fraud.
Expense account fraud.
Skimming.

64. A situation where the organization’s cash is stolen before it is entered in the accounting
records is termed:
A. Kickback.
B. Larceny.
C. Collusion.
D. Skimming.
65. A situation where the organization’s cash is stolen after it is entered in the accounting records
is termed:
A. Kickback.
B. Larceny.
C. Collusion.
D. Skimming.
66. A cash payment made by a vendor to an organization’s employee in exchange for a sale to the
organization by the vendor is termed:
A. Bribery.
B. Collusion.
C. Kickback.
D. Payment Fraud.
67. When two or more people work together to commit a fraud, it is called:
A. Collusion.
B. Larceny.
C. Skimming.
D. Override.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

68. Jamie Stark, a sales employee, stole merchandise from her employer and Frank Adams, the
accounting clerk, covered it up by altering the inventory records. This is an example of:
A. Inventory theft.
B. Financial journal fraud.
C. Skimming.
D. Collusion.
69. When a customer improperly obtains cash or property from a company, or avoids liability
through deception, it is termed:
A. Check fraud.
B. Customer fraud.
C. Credit card fraud.
D. Refund fraud.
70. Which of the following would be considered a vendor fraud?
A. The submission of duplicate or incorrect invoices.
B. A customer tries to return stolen goods to collect a cash refund.
C. The use of stolen or fraudulent credit cards.
D. Inflating hours worked.
71. The
A.
B.
C.
D.

theft of proprietary company information is called:
Vendor fraud.
Customer fraud.
Espionage.
Management fraud.

72. Which of the following is a characteristic of computer fraud?
A. A computer is used in some cases to conduct a fraud more quickly and efficiently.
B. Computer fraud can be conducted by employees within the organization.
C. Computer fraud can be conducted by users outside an organization.
D. All of the above are characteristics
73. A fraudster uses this to alter a program to slice a small amount from several accounts,
crediting those small amounts to the perpetrator’s benefit.
A. Trap door alteration
B. Salami technique
C. Trojan horse program
D. Input manipulation
74. A small, unauthorized program within a larger legitimate program, used to manipulate the
computer system to conduct a fraud is referred to as a(n):
A. Trap door alteration.
B. Salami technique.
C. Trojan horse program.
D. Input manipulation.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

75. When a person alters a system’s checks or reports to commit fraud it is referred to as:
A. Input manipulation.
B. Output manipulation.
C. Program manipulation.
D. Collusion.
76. This type of external computer fraud is intended to overwhelm an intended target computer
system with so much bogus network traffic so that the system is unable to respond to valid
traffic.
A. DoS Attack
B. Hacking
C. Spoofing
D. Phishing
77. When a person, using a computer system, pretends to be someone else, it is termed:
A. DoS Attack.
B. Hacking.
C. Spoofing.
D. Phishing.
78. Which of the following is not one of the three critical actions that a company can undertake to
assist with fraud prevention and fraud detection?
A. Maintain and enforce a cost of ethics.
B. Maintain an accounting information system.
C. Maintain a system of accounting internal controls.
D. Maintain a system of information technology controls.
79. The Sarbanes-Oxley act was passed in 2002 as a Congress’s response to the many situations
of fraudulent financial reporting discovered during 2001. The intention of the Act was:
A. Police the accounting firms responsible for auditing the corporations.
B. Punish the companies that had been involved in the cases of fraudulent financial
reporting.
C. Establish accounting standards that all companies are to follow.
D. Reform accounting, financial reporting, and auditing functions of companies that are
publicly traded.
80. The
A.
B.
C.
D.

types of concepts commonly found in a code of ethics would not include:
Obeying applicable laws and regulations that govern business.
Avoiding all conflicts of interest.
Operating at a profit in all reporting periods.
Creating and maintaining a safe work environment.

81. The
A.
B.
C.
D.

objectives of an internal control system include all of the following except:
Maintain ongoing education.
Safeguard assets.
Maintain accuracy and integrity of accounting data.
Ensure compliance with management directives.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

82. The authors presented their “picture” of internal control as a series of umbrellas which
represent different types of controls. Which of the following is not one of those types of
controls?
A. Prevention
B. Investigation
C. Detection
D. Correction
83. This type of control is designed to avoid errors, fraud, or events not authorized by
management.
A. Prevention
B. Judicial
C. Detection
D. Correction
84. This type of control is included in the internal control system because it is not always possible
to prevent all frauds. They help employees to discover or uncover errors, fraud, or
unauthorized events.
A. Investigation
B. Judicial
C. Detection
D. Correction
85. The accounting profession has accepted this report as the standard definition and description
of internal control.
A. Sarbanes-Oxley Report
B. FCPA Report
C. ERI Report
D. COSO Report
86. According to the COSO report, there are five different interrelated components of internal
control. Which of the following is not one of those five components?
A. Code of Ethics
B. Control Environment
C. Information and Communication
D. Monitoring
87. The component of internal control, identified in the COSO report, that sets the tome of an
organization and includes the consciousness of its employees is:
A. Risk Assessment.
B. Control Activities.
C. Control Environment.
D. Information and Communication.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

88. The control environment component of internal control was identified to have a number of
different factors. Which of the following is not one of those factors?
A. Management’s philosophy and operating style
B. The identification of sources of risk
C. The integrity, ethical values, and competence of the entity’s people
D. The attention and direction provided by the board of directors
89. One of the components of internal control identified by COSO required that management must be
considering threats and the potential for risks, and stand ready to respond should these events
occur. This component is referred to as:
A. Control Environment.
B. Control Activities.
C. Risk Assessment.
D. Communication.
90. The process of risk assessment would include all of the following actions, except:
A. Identify sources of risk.
B. Determine the impacts of identified risks.
C. Estimate the chance of such risks occurring.
D. Report the risks to the audit committee.
91. The COSO report identified a component of internal control as the policies and procedures that
help ensure that management directives are carried out and that management directives are
achieved The component is:
A. Control activities.
B. Risk assessment.
C. Monitoring.
D. Information and communication.
92. The range of activities that make up the component of internal control referred to as control
activities includes each of the following, except:
A. Segregation of duties.
B. Risk assessment.
C. Independent checks and reconciliations.
D. Authorization of transactions.
93. The approval or endorsement from a responsible person or department of an organization that
has been sanctioned by top management is the process of:
A. Securing assets.
B. Segregating duties.
C. Authorizing transactions.
D. Adequate recording.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

94. The category of control activities referred to as segregation of duties requires that certain
activities should be the responsibility of different person or department. The three duties that are
to be separated are:
A. Authorizing, recording, and paying.
B. Recording, custody, and disposition.
C. Authorizing, paying, and custody.
D. Authorizing, recording, and custody.
95. If an accounting supervisor were allowed to hire employees, approve the hours worked, prepare
the paychecks, and deliver the paychecks, which of the categories of control activities would be
violated?
A. Adequate records
B. Segregation of duties
C. Authorization of transactions
D. Independent checks
96. A good system of internal control includes many types of documentation. Which of the following
types of documentation is not part of the adequate records and documents category of internal
control?
A. Schedules and analyses of financial information
B. Supporting document for all significant transactions
C. Accounting cycle reports
D. All of the following are types of documentation
97. The existence of verifiable information about the accuracy of accounting records is called a(n):
A. Audit trail.
B. Internal control.
C. Risk assessment.
D. Supporting documentation.
98. When discussing the security of assets and documents, there are many actions that can be taken.
Which of the following would not be related to this category of internal control?
A. Securing the assets and records so that they are not misused or stolen.
B. Limiting access to certain assets to the extent that is practical.
C. Identifying sources of risk and estimating the possibility of that risk.
D. Enacting physical safeguards, such as security cameras, to protect some assets.
99. Independent checks on the performance of others is one of the categories of internal control.
These independent checks would include all of the following, except:
A. Reviewing batch totals.
B. Reconciliation.
C. Comparison of physical assets with records.
D. Use of appropriate ID to enter restricted areas.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

100. Which of the following objectives were not identified as necessary to be provided by an effective
accounting system?
A. Prepare the appropriate documents
B. Identify all relevant financial events
C. Capture the important data
D. Proper recording and processing of the data
101. The ongoing review and evaluation of a system of internal control is referred to as:
A. Risk assessment.
B. Monitoring.
C. Segregating.
D. Communication.
102. This level of assurance means that controls achieve a sensible balance of reducing risk when
compared with the cost of the control.
A. Absolute assurance
B. Probable assurance
C. Reasonable assurance
D. Convincing assurance
103. Factors that limit the effectiveness of internal controls include all of the following except:
A. Flawed judgment applied in decision making.
B. Human error.
C. Controls can be circumvented or ignored.
D. All of the above are factors that limit the effectiveness of internal controls.
104. In order to have the segregation of duties recommended by COSO, it would be necessary for a
small organization to hire two additional individuals. At this time, there is not enough work for
the one office employee to stay busy. The reason for not hiring the additional people would
have to do with:
A. Human error.
B. Cost versus benefit.
C. Collusion.
D. Authorization.
105. In response to the need for internal controls above and beyond what was described by COSO,
the Information Systems Audit and Control Association developed an extensive framework of IT
controls entitled:
A. Trust Principles.
B. Control Objectives for Information Technology (COBIT).
C. Control Instrument for Certified Accountants (CICA).
D. American Internal Control Practice Association (AICPA).


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

106. The Trust Principles document divided the risks and controls in IT into five categories. Which of
the following is not one of those categories?
A. Certification
B. Security
C. Processing Integrity
D. Confidentiality
107. The
A.
B.
C.
D.

main risk related to this category of Trust Principles is unauthorized access.
Online privacy
Confidentiality
Processing integrity
Security

108. The risk related to this category of Trust Principles could be inaccurate, incomplete, or
improperly authorized information.
A. Online privacy
B. Confidentiality
C. Processing integrity
D. Security
109. The risk related to this category of Trust Principles is that personal information about customers
may be used inappropriately or accessed by those either inside or outside the company.
A. Confidentiality
B. Online privacy
C. Security
D. Availability
110. The risk related to this category of Trust Principles is system or subsystem failure due to
hardware or software problems.
A. Availability
B. Security
C. Integrity
D. Confidentiality


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

ANSWERS TO TEST BANK - CHAPTER 3 - MULTIPLE CHOICE:
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.

D
B
B
D
C
A
D
B
C
D
A
D
D
B

55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.

C
D
B
B
D
C
C
A
B
D
B
C
A
D

69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.

B
A
C
D
B
C
B
A
C
B
D
C
A
B

83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.

A
C
D
A
C
B
C
D
A
B
C
D
B
D

97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.

A
C
D
A
B
C
D
B
B
A
D
C
B
A

TEXTBOOK – CHAPTER 3 – END OF CHAPTER QUESTIONS
111. The
A.
B.
C.
D.

careful and responsible oversight and use of the assets entrusted to management is called:
Control environment.
Stewardship.
Preventive control.
Security.

112. Which of the following is not a condition in the fraud triangle?
A. Rationalization
B. Incentive
C. Conversion
D. Opportunity
113. There are many possible indirect benefits to management when management fraud occurs.
Which of the following in not an indirect benefit of management fraud?
A. Delayed exercise of stock options.
B. Delayed cash flow problems.
C. Enhanced promotion opportunities.
D. Increased incentive-based compensation.
114. Which of the following is not an example of employee fraud?
A. Skimming
B. Larceny
C. Kickbacks
D. Earnings management


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

115. Which of the following is not a common form of employee fraud?
A. Inventory theft
B. Expense account fraud
C. Payroll fraud
D. Refund fraud
116. Segregation of duties is a fundamental concept in an effective system of internal controls.
Nevertheless, the effectiveness of this control can be compromised through which situation?
A. A lack of employee training
B. Collusion among employees
C. Irregular employee reviews
D. The absence of an internal audit function
117. The
A.
B.
C.
D.

most difficult type of misstatement to discover is fraud that is concealed by:
Over-recording the transactions.
Nonrecorded transactions.
Recording the transactions in subsidiary records.
Related parties.

118. The
A.
B.
C.
D.

review of amounts charged to the company from a seller that is purchased from is called a:
Vendor audit.
Seller review.
Collusion.
Customer review.

119. Which of the following is generally an external computer fraud, rather than an internal computer
fraud?
A. Spoofing
B. Input manipulation
C. Program manipulation
D. Output manipulation
120. Which control activity is intended to serve as a method to confirm the accuracy or completeness
of data in the accounting system?
A. Authorization
B. Segregation of duties
C. Security of assets
D. Independent checks and reconciliations
121. COSO describes five components of internal control. Which of the following terms is best
described as “policies and procedures that help ensure management directives are carried out
and management objectives are achieved”?
A. Risk assessment
B. Information and communication
C. Control activities
D. Control environment


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

122. Proper segregation of functional responsibilities calls for separation of the functions of:
A. Authorization, execution, and payment.
B. Authorization, recording, and custody.
C. Custody, execution, and reporting.
D. Authorization, payment, and recording.
123. AICPA Trust Principles identify five categories of risks and controls. Which category is best
described by the statement, “Information process could be inaccurate, incomplete, or not
properly authorized”?
A. Security
B. Availability
C. Processing integrity
D. Confidentiality
124. A company’s cash custody function should be separated from the related cash recordkeeping
function in order to:
A. Physically safeguard the cash.
B. Establish accountability for the cash.
C. Prevent the payment of cash disbursements from cash receipts.
D. Minimize opportunities for misappropriations of cash.
ANSWERS TO TEXTBOOK – CHAPTER 13 – END OF CHAPTER QUESTIONS
111. B
112. C
113. A

114. D
115. D
116. B

117. B
118. A
119. A

120. D
121. C
122. B

123. C
124. D

TEXTBOOK – CHAPTER 3 – SHORT ANSWER QUESTIONS
125. Management is held accountable to various parties, both internal and external to the business
organization. To whom does management have a stewardship obligation and to whom does it
have reporting responsibilities?
Answer: Management has a stewardship obligation to the shareholders, investors, and creditors of
the company, i.e., any parties who have provided funds or invested in the company. Management
has a reporting responsibility to business organizations and governmental units with whom the
company interacts.
126. If an employee made a mistake that resulted in a loss of company funds and misstated financial
reports, would the employee be guilty of fraud? Discuss.
Answer: No, a mistake, or unintentional error, does not constitute fraud. In this situation, there is
no theft or concealment, so fraud does not exist.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

127. Do you think it is possible that a business manager may perpetrate fraud and still have the
company’s best interest in mind? Discuss.
Answer: Student responses may vary. Those agreeing that it is possible may refer to the fraud
triangle and note that the incentive may be job-related (such as opportunities to produce
enhanced financial statements, which may increase the company’s stock price, increase
compensation, avoid firings, enhance promotions, and delay bankruptcy) and the rationalization
may involve plans to make restitution. On the other hand, some students may reject the notion
that management fraud could be in a company’s best interest, as it puts the company at great
risk. Hen frauds are discovered, they are often devastating as a result of the financial
restatements and loss of trust.
128. Distinguish between internal and external sources of computer fraud.
Answer: Employees are the source of internal computer fraud. When employees misuse the
computer system to commit fraud (through manipulation of inputs, programs, or outputs), this is
known as internal computer fraud. On the other hand, external sources of computer fraud are
people outside the company or employees of the company who conduct computer network breakins. When an unauthorized party gains access to the computer system to conduct hacking or
spoofing, this is known as external computer fraud.
129. Identify and explain the three types of internal source computer fraud.
Answer: The three types of internal source computer fraud are input manipulation, program
manipulation, and output manipulation. Input manipulation involves altering data that is input into
the computer. Program manipulation involves altering a computer program through the use of a
salami technique, Trojan horse program, trap door alteration, etc. Output manipulation involves
altering reports or other documents generated from the computer system.
130. Describe three popular program manipulation techniques.
Answer: The salami technique accomplishes a fraud by altering small “slices” of computer
information. These slices of fraud are difficult to detect because they are so small, but they may
accumulate to a considerable amount if they are carried out consistently across many accounts.
This is often accomplished by rounding or applying minor adjustments. The perpetrator typically
steals the amounts represented by these slices or uses them to his or her benefit.
A Trojan horse program is a small, unauthorized program within a larger, legitimate program,
used to manipulate the computer system to conduct a fraud. For example, a customer account
may be automatically written off upon the processing of a new batch of transactions.
A trap door alteration involves misuse of a valid programming tool, a trap door, to commit fraud.
Trap doors are unique hidden entrances to computer programs that are written into the software
applications to provide a manner of testing the systems. Although they should be removed prior
to implementation, they may remain to provide a tool for misusing the system to perpetrating
fraud.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

131. Distinguish between Internet spoofing and e-mail spoofing.
Answer: Internet spoofing involves a person working through the Internet to access a computer
network while pretending to be a trusted source. The packet of data containing the Internet
protocol (IP) address contains malicious data such as viruses or programs that capture passwords
and log-in names. E-mail spoofing bombards employee e-mail accounts with junk mail intended to
scam the recipients.
132. What are the objectives of a system of internal control?
Answer: The objectives of an internal control system are as follows:
• To safeguard assets from fraud or errors
• To maintain accuracy and integrity of accounting data
• To promote operational efficiency
• To ensure compliance with management directives
133. Name and distinguish among the three types of internal controls.
Answer: The three types of internal controls are preventative controls, detective controls, and
corrective controls. Preventative controls are designed to avoid fraud and errors by stopping any
undesired acts before they occur. Detective controls help employees uncover or discover problems
that may exist. Corrective controls involve steps undertaken to correct existing problems.
134. Identify the COSO report’s five interrelated components of internal controls.
Answer: According to the COSO report, there are five interrelated components of internal control:
the control environment, risk assessment, control activities, information and communication, and
monitoring.
135. Name the COSO report’s five internal controls activities.
Answer: According to the COSO report, there are five internal control activities: authorization of
transactions, segregation of duties, adequate records and documents, security of records and
documents, and independent checks and reconciliations.
136. Distinguish between general and specific authorization.
Answer: General authorization is a set of guidelines that allows transactions to be completed as
long as they fall within established parameters. Specific authorization means that explicit
authorization is needed for that single transaction to be completed.
137. Due to cost/benefit considerations, many business organizations are unable to achieve complete
segregation of duties. What else could they do to minimize risks?
Answer: Close supervision may serve as a compensating control to lessen the risk of negative
effects when other controls, especially segregation of duties, are lacking.
138. Why is a policies and procedures manual considered an element of internal control?
Answer: Formally written and thorough documentation on policies and procedures should provide
clarity and promote compliance within a business organization, thus providing an important
element of internal control. The policies and procedures should include both manual and
automated processes and control measures, and should be communicated to all responsible
parties within the company.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

139. Why does a company need to be concerned with controlling access to its records?
Answer: Securing and protecting company records is important to ensure that they are not
misused or stolen. Unauthorized access or use of records and documents allows the easy
manipulation of those records and documents, which can result in fraud or a concealment of
fraud.
140. Many companies have mandatory vacation and periodic job rotation policies. Discuss how these
practices can be useful in strengthening internal controls.
Answer: Mandatory vacations and periodic job rotation policies provide for independent
monitoring of the internal control systems. Internal control responsibilities can be rotated so that
someone is monitoring the procedures performed by someone else, which enhances their
effectiveness.
141. Name the objectives of an effective accounting system.
Answer: An effective accounting system must accomplish the following four objectives:
• Identify all relevant financial transactions of the organization.
• Capture the important data of these transactions.
• Record and process the data through appropriate classification, summarization, and
aggregation.
• Report the summarized and aggregated information to managers.
142. What does it mean when information flows “down, across, and up the organization”?
Answer: A business organization must implement procedures to assure that its information and
reports are communicated to the appropriate management level. This communication is described
by COSO as “flowing down, across, and up that organization”. Such a communication flow assists
management in properly assessing operations and making changes to operations as necessary.
143. Provide examples of continuous monitoring and periodic monitoring.
Answer: Any ongoing review activity may be an example of continuous monitoring, such as a
supervisor’s examination of financial reports and a computer system’s review modules. An
example of periodic monitoring is am annual audit performed by a CPA firm or a cyclical review
performed by internal auditors.
144. What are the factors that limit the effectiveness of internal controls?
Answer: It is not possible for an internal control system to provide absolute assurance because of
the following factors that limit the effectiveness of internal controls:
• Flawed judgments
• Human error
• Circumventing or ignoring established controls
In addition, excessive costs may prevent the implementation of some controls.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

145. Identify and describe the five categories of the AICPA Trust Services Principles.
Answer: The AICPA Trust Services Principles are divided into the following five categories of risks
and controls:
• Security. Security is concerned with the risk of unauthorized physical and logical access, such
as breaking into the company’s facilities or computer network.
• Availability. Availability is concerned with the risk of system interruptions or failures due to
hardware of software problems such as a virus.
• Processing integrity. Processing integrity is concerned with the risk of inaccurate, incomplete,
or improperly authorized information due to error or fraud.
• Online privacy. Online privacy is concerned with the risk of inappropriate access or use of a
customer’s personal information.
• Confidentiality. Confidentiality is concerned with the risk of inappropriate access or use of
company information.
146. Distinguish between the Trust Services Principles of privacy and confidentiality.
Answer: Both privacy and confidentiality are concerned with the risk of in appropriate access or
use of information. However, privacy is focused on protecting the privacy of a customer’s personal
information; whereas confidentiality is focused private information about the company itself and
its business partners.
147. Identify the four domains of high-level internal control.
Answer: As set forth in Appendix B, COBIT establishes four domains of high level control
objectives. These include planning and organization, acquisition and implementation, delivery and
support, and monitoring.
TEXTBOOK – CHAPTER 3 – SHORT ESSAY
148. What possible motivation might a business manager have for perpetrating fraud?
Answer: Management might be motivated to perpetrate fraud in order to improve the financial
statements, which may have the result of increasing the company’s stock price and increasing
incentive-based compensation. Altered financial information might also have the effect of delaying
cash flow problems and/or bankruptcy, as well as improving the potential for business
transactions such as mergers, borrowing, stock offerings, etc.
149. Discuss whether any of the following can be examples of customer fraud:
• An employee billed a customer twice for the same transaction.
Answer: This is not an example of customer fraud; rather, the customer is being defrauded in this
scenario. On the other hand, this is an example of employee fraud (assuming that the doublebilling was intentional and the resulting cash receipts are stolen by employees.
• A customer remitted payment in the wrong amount.
Answer: This may be an example of customer fraud, assuming that the payment was made as a
deceptive tactic to avoid the full amount of the customer’s liability.
• A customer received merchandise in error, but failed to return it or notify the sender.
Answer: Although this scenario involves a customer’s improperly receipt of goods, it would not be
considered customer fraud because it was the result of an error. Regardless of whether the error
was committed by the company or the customer, deception is a required element of fraud.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

150. Explain the relationship between computer hacking and industrial espionage. Give a few
additional examples of how hacking could cause damage in a business.
Answer: Computer hacking is the term commonly used for computer network break-ins. Hacking
may be undertaken for various purposes, including theft of proprietary information, credit card
theft, destruction or alteration of data, or merely thrill-seeking. Industrial espionage is the term
used for theft of proprietary company information. Although computer hacking provides one
method of conducting industrial espionage, a computer is not always required to steal company
information. Fraudsters trying to conduct industrial espionage may also resort to digging through
the trash in order to gain information about a target company.
151. What are some ways in which a business could promote its code of ethics?
Answer: The best way for a company to promote its code of ethics is for its top managers to live
by it on a day-to-day basis. If the code is well documented and adhered to by management,
others in the organization are likely to recognize its importance. Furthermore, if disciplines and/or
discharges are applied to those who violate the code, this will also serve as a strong message
regarding the importance of the ethics code.
152. Describe why the control environment is regarded as the foundation of a business’ system of
internal control.
Answer: The control environment is regarded as the foundation of a system of internal controls
because it sets the tone of an organization and influences the control consciousness of its
employees. Thus, the tone at the top flows through the whole business organization and affects
behavior at every level. It also provides the discipline and structure of all other components of
internal control. COSO identifies the tone set by management as the most important factor related
to providing accurate and complete financial reports.
153. Think of a job you have held, and consider whether the control environment was risky or
conservative. Describe which you chose and why.
Answer: Student responses will vary. Characteristics of a risky control environment include
absence of a code or ethics or lack of enforcement of a code of ethics, aggressive management
philosophy and operating style, overlapping duties and vague lines of authority, lack of employee
training, and an inactive board of directors. On the other hand, a conservative control
environment is characterized by a rigidly enforced code of ethics, a conservative management
philosophy and operating style, clearly established job descriptions and lines of authority, a focus
on employee training and organizational development, and an accountable and attentive board of
directors.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

154. Identify the steps involved in risk assessment. Do you think it would be effective for an
organization to hire external consultants to develop its risk assessment plan?
Answer: The steps involved in risk assessment include:
• Identification of the sources of risk, both internal and external.
• Determination of the impact of such risks in terms of finances and reputation.
• Estimation of the likelihood of such risks occurring.
• Development of an action plan to reduce the impact and probability of these risks.
• Execution of the action plan on an ongoing basis.
It would not likely be effective for an organization to hire consultants to develop its risk
assessment plan because company-specific experience and expertise are needed in order to do
this work effectively. For instance, members of management who are actively involved in day-today operations and reporting will likely have the best ability to identify risks, determine the impact
of those risks, and estimate the likelihood of occurrence of such risks. Although a consultant may
be useful in assisting with the development and implementation of the action plan, the first three
steps of the risk assessment process would likely depend upon the working knowledge of
members of the company’s management.
155. Discuss the accuracy of the following statements regarding internal control:
• The more computerized applications within a company’s accounting system, the lower the risk
will be that fraud or errors will occur.
Answer: It is not necessarily true that extensive computerized application will lower a company’s
risk of fraud. This is because computerized systems also increase vulnerabilities such as
unauthorized access, business interruptions, and inaccuracies. The technological complexities that
accompany sophisticated computer applications call attention to the need for extensive internal
controls to reduce the risk of fraud and errors.
• The more involved top management is in the day-to-day operations of the business, the lower
the risk will be that fraud or errors will occur.
Answer: It is certainly true that the tone at the top (the tone set by top management) is the most
important factor of internal control. Accordingly, it can be implied that involved managers would
promote strong internal controls. However, although this is often true, it will be true only when
top management acts with integrity, exemplifying and enforcing its code of ethics, maintaining a
conservative approach to operations and financial reporting, and cultivating clear communications
and responsibilities.
TEXTBOOK – CHAPTER 3 – PROBLEMS
156. Identify whether each of the following accounting positions or duties involves authorization,
recording, or custody:
• cashier
Answer: Custody
• payroll processor
Answer: Recording
• credit clerk
Answer: Authorization
• mailroom clerk
Answer: Custody
• data entry clerk
Answer: Recording
• deliver paychecks


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

Answer: Custody
• deliver the bank deposit
Answer: Custody
• prepare the bank reconciliation
Answer: Recording
• check signer
Answer: Authorization
• inventory warehouse supervisor
Answer: Custody
• staff accountant
Answer: Recording
157. Identify whether each of the following activities represents preventative controls, detective
controls, or corrective controls:
• Job rotation –
Answer: Detective
• Preparation of a bank reconciliation –
Answer: Corrective
• Segregation of duties –
Answer: Preventative
• Recalculating totals on computer reports –
Answer: Detective
• Use of passwords –
Answer: Preventative
• Preparing batch totals for check processing –
Answer: Detective
• Establishing a code of ethics –
Answer: Preventative
• Use of a security guard –
Answer: Preventative
• Verifying source documents before recording transactions –
Answer: Preventative
• Matching supporting documents before paying an invoice Answer: Preventative
• Independent review of accounting reports –
Answer: Detective
• Performing comparisons of financial statement items –
Answer: Detective
158. Shown is a list of selected sources of internal control guidelines, given in order of issuance,
followed by a list of primary purposes. Match each guideline with its primary purpose.
• Foreign Corrupt Practices Act –
Answer: B. Prevented bribery and established internal control guidelines.
• COSO –
Answer: A. Established internal control concepts based on comprehensive study.
• SAS 99 –
Answer: A. Required auditors to focus on risks and controls and to conduct audits with skepticism.
• Sarbanes-Oxley Act –
Answer: C. Curbed fraud by requiring additional internal control reporting within annual reports.


To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

• Trust Services Principles –
Answer: E. Established essential criteria for evaluating reliability of business systems.

A.
B.
C.
D.
E.

Required auditors to focus on risks and controls and to conduct audits with skepticism.
Prevented bribery and established internal control guidelines.
Curbed fraud by requiring additional internal control reporting within annual reports.
Established internal control concepts based on comprehensive study.
Established essential criteria for evaluating reliability of business systems.


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×