Chapter 4 Transaction Processing and the Internal Control Process

1) The term risk is synonymous with exposure.

Answer: FALSE
Diff: 1
Learning Obj.: 1
2) Selecting the best opportunities and managing uncertainties is part of Enterprise Risk
Management (ERM).
Answer: TRUE
Diff: 1
Learning Obj.: 1
3) COBIT stands for Control Objectives for Businesses in Technology fields.
Answer: FALSE
Diff: 1
Learning Obj.: 2
4) ISO 27002 is a widely accepted international standard for best practices in information
security.
Answer: TRUE
Diff: 1
Learning Obj.: 2
5) Financial accounting is concerned with the prevention and detection of fraud and white-collar
crime.
Answer: FALSE
Diff: 1
Learning Obj.: 1
6) Recent survey results indicate that the most frequent reason frauds are discovered is due to
internal controls.
Answer: TRUE
Diff: 2
Learning Obj.: 2
7) COSO reports contain the most authoritative framework for internal control processes.
Answer: TRUE
Diff: 2
Learning Obj.: 2
8) The production cycle is defined as the events related to the distribution of goods and services
to other entities and the collection of related payments.
Answer: FALSE
Diff: 2
Learning Obj.: 2
1 | Page

9) Typically, an organization's internal control process consists of five components.

Answer: TRUE
Diff: 2
Learning Obj.: 2
10) Management's consideration of the relative costs for benefits of internal controls will often
be subjective in nature.
Answer: TRUE
Diff: 2
Learning Obj.: 2
11) For both public and privately held companies, the Sarbanes-Oxley Act of 2002 (SOA)
imposes certain requirements and restrictions on management, auditors, and company audit
committees.
Answer: FALSE
Diff: 2
Learning Obj.: 2
12) The CEO and CFO must prepare a statement to accompany the audit report to certify that the
company's reported financial statements are presented fairly in all material respects.
Answer: TRUE
Diff: 1
Learning Obj.: 2
13) The Sarbanes-Oxley Act of 2002 (SOA) allows the purchase or sale of stock by officers and
directors and other insiders during blackout periods.
Answer: FALSE
Diff: 1
Learning Obj.: 2
14) Many companies have adopted ethics codes of conduct which provide guidance for
conducting business in an ethical manner.
Answer: TRUE
Diff: 2
Learning Obj.: 2
15) Some believe that every corporation has its own corporate culture, and it is such a culture
that ultimately either promotes or hinders ethical behavior within the corporation.
Answer: TRUE
Diff: 2
Learning Obj.: 2
16) Most control processes can function irrespective of the competence of employees.
Answer: FALSE
Diff: 2
Learning Obj.: 2
2 | Page

17) The board of directors serves as an interface between the stockholders of an organization and
its operating management.
Answer: TRUE
Diff: 1
Learning Obj.: 2
18) Audit committees are usually charged with evaluation and assessment of a corporation's
internal control processes.
Answer: FALSE
Diff: 2
Learning Obj.: 2
19) Control is established in the budgeting process by comparing the results of activity to the
budget for each activity.
Answer: TRUE
Diff: 2
Learning Obj.: 2
20) The third component of internal control is risk assessment.
Answer: FALSE
Diff: 1
Learning Obj.: 2
21) The segregation of authorization from the recording of transactions and custody of assets is
an essential internal control process.
Answer: TRUE
Diff: 2
Learning Obj.: 2
22) Physical theft is only a minor threat to the solvency of most business organizations.
Answer: FALSE
Diff: 2
Learning Obj.: 2
23) Approval (authorization) limits the initiation of a transaction or performance of an activity to
selected individuals.
Answer: FALSE
Diff: 2
Learning Obj.: 3
24) The audit trail concept is basic to the design and audit of an accounting information system.
Answer: TRUE
Diff: 1
Learning Obj.: 3

3 | Page

25) In an internal audit function, the nature of independence is different than that of an external
auditor.
Answer: TRUE
Diff: 2
Learning Obj.: 2
26) General controls can be a substitute for application controls.
Answer: FALSE
Diff: 2
Learning Obj.: 3
27) The computer operations supervisor has a good attendance record, which demonstrates the
general operating procedure of competency of personnel.
Answer: FALSE
Diff: 2
Learning Obj.: 3
28) A list of changes to on-line computer files is stored on magnetic tape to provide a transaction
trail.
Answer: TRUE
Diff: 2
Learning Obj.: 3
29) Application controls are designed to provide assurance that processing has occurred.
Answer: FALSE
Diff: 2
Learning Obj.: 3
30) A hash total is a meaningless number that only is important for internal control purposes.
Answer: TRUE
Diff: 2
Learning Obj.: 3
31) The immediate return of input information to the sender for comparison and approval is
called feedback.
Answer: FALSE
Diff: 2
Learning Obj.: 3
32) A trailer label is the last record of an inventory file, which contains a record count of the
number of records in the file.
Answer: TRUE
Diff: 2
Learning Obj.: 3

4 | Page

33) Detective controls are not considered transaction processing controls, but rather internal
audit controls.
Answer: FALSE
Diff: 2
Learning Obj.: 3
34) Internal control should be looked upon as part of a larger process within the organization.
Answer: TRUE
Diff: 2
Learning Obj.: 3
35) Collusion occurs when a white-collar individual attempts to commit fraud within an
organization.
Answer: FALSE
Diff: 1
Learning Obj.: 4
36) A negative answer given to a question on an internal control questionnaire almost always
indicates a weakness in an internal control process area.
Answer: FALSE
Diff: 2
Learning Obj.: 5
37) A structured form of analysis relevant to internal control reviews is an applications control
matrix.
Answer: TRUE
Diff: 2
Learning Obj.: 5
38) Someone who has personally observed the activities under review should complete an
internal control questionnaire.
Answer: TRUE
Diff: 2
Learning Obj.: 5
39) Ratings of the relative strength or reliability of controls may be entered in a control matrix.
Answer: TRUE
Diff: 2
Learning Obj.: 3
40) Corrective controls act to prevent errors and fraud before they happen.
Answer: FALSE
Diff: 2
Learning Obj.: 3

5 | Page

41) An example of a suspense file is a file of back-ordered items awaiting shipment to customers.
Answer: TRUE
Diff: 2
Learning Obj.: 3
42) The chief goal of an information system is productivity.
Answer: TRUE
Diff: 2
Learning Obj.: 4
43) Controls increase productivity and the reliability of resulting output.
Answer: FALSE
Diff: 2
Learning Obj.: 4
44) Informal pressure from employees does not cause collusion.
Answer: FALSE
Diff: 1
Learning Obj.: 4
45) COSO's next report to be published will pertain to the monitoring of internal control systems
in order to keep them current and effective.
Answer: FALSE
Diff: 1
Learning Obj.: 2
46) ________ tend to reduce ________, but they rarely affect the causes.
Answer: Controls; exposures
Diff: 2
Learning Obj.: 1
47) An exposure is a(n) ________ times its ________ consequences.
Answer: risk; financial
Diff: 3
Learning Obj.: 1
48) Deficient revenues and excessive costs reduce ________.
Answer: profits
Diff: 1
Learning Obj.: 1
49) The diversion or misrepresentation of assets from either employees or third parties is known
as ________ ________.
Answer: management fraud
Diff: 2
Learning Obj.: 1
6 | Page

50) Fraud examination draws on the fields of ________, ________, and ________.
Answer: accounting; law; criminology
Diff: 3
Learning Obj.: 1
51) White-collar crime that benefits an organization rather than individuals is ________ crime.
Answer: corporate
Diff: 2
Learning Obj.: 1
52) The ________ cycle involves events related to the acquisition and management of capital
funds, including ________.
Answer: finance; cash
Diff: 3
Learning Obj.: 1
53) The concept of internal control is based on ________ major premises: ________ and
reasonable ________.
Answer: two; responsibility; assurance
Diff: 3
Learning Obj.: 2
54) Commitment and competence are factors included in the ________ environment.
Answer: control
Diff: 2
Learning Obj.: 2
55) All companies whose stock is traded on the New York Stock Exchange are required to have
a(n) ________ ________ composed of outside directors.
Answer: audit committee
Diff: 2
Learning Obj.: 2
56) The ________ budget is the budget for the entire organization.
Answer: master
Diff: 1
Learning Obj.: 3
57) ________ bonding is common for employees who are directly responsible for the custody of
assets.
Answer: Fidelity
Diff: 1
Learning Obj.: 3

7 | Page

58) Employees can check and verify the operations of other employees when the employees are
forced to take a(n) ________.
Answer: vacation
Diff: 2
Learning Obj.: 2
59) Closely related to direct supervision is the concept of ________ ________ the assignment
of two individuals to perform the same work task in unison.
Answer: dual control
Diff: 1
Learning Obj.: 2
60) ________ controls affect all transaction processing, while ________ controls are specific to
individual applications.
Answer: General; application
Diff: 2
Learning Obj.: 3
61) In cases of ________, "the procedures did not fail, the people did."
Answer: defalcations
Diff: 2
Learning Obj.: 2
62) ERM is defined by ________ as a process applied in strategy setting and across the
enterprise, to manage risk.
Answer: COSO
Diff: 2
Learning Obj.: 1
63) ISO 27002 aids companies with Section ________ compliance.
Answer: 404
Diff: 2
Learning Obj.: 1
64) Businesses without an IT department or IT expertise can rely on outside ________ ________
________ for their accounting, software and IT needs.
Answer: application service providers
Diff: 3
Learning Obj.: 1

8 | Page

65) Which of the items below would not be considered a possible common exposure for a
corporation?
A) Excessive prices are paid for goods for use in the organization.
B) The corporation never was billed for a sale of merchandise shipped to a customer.
C) A flash flood destroys the merchandise contained in a warehouse.
D) Certain equipment was accidentally misplaced and not depreciated.
Answer: C
Diff: 1
Learning Obj.: 1
66) Intentional or reckless conduct, whether intentional or not, and which results in materially
misleading financial statements, is called
A) fraudulent financial reporting.
B) corporate crime.
C) management fraud.
D) None of these answers are correct.
Answer: A
Diff: 2
Learning Obj.: 1
67) DWB Corporation suffered a loss due to the spoilage of certain raw materials used in the
manufacturing of its products. The business transaction cycle in which this loss occurred is the
A) revenue cycle.
B) expenditure cycle.
C) finance cycle.
D) production cycle.
Answer: D
Diff: 1
Learning Obj.: 1
68) Which of the objectives listed below is not considered part of the internal control process?
A) Compliance with applicable laws and regulations
B) The prevention of fraud and embezzlement
C) Effectiveness and efficiency of operations
D) Reliability of financial reporting
Answer: B
Diff: 2
Learning Obj.: 2

9 | Page

69) "Amounts due to vendors should be accurately and promptly classified, summarized, and
reported" is a representative control objective of the
A) revenue cycle.
B) finance cycle.
C) production cycle.
D) expenditure cycle.
Answer: A
Diff: 2
Learning Obj.: 1
70) The internal control premise that concerns the relative costs and benefits of controls is known
as
A) responsibility.
B) risk.
C) reasonable assurance.
D) exposure.
Answer: C
Diff: 2
Learning Obj.: 2
71) Section 102 of the Federal Foreign Corrupt Practices Act of 1977 (FCPA) applies to
A) all public and privately held U.S.-based companies.
B) all companies subject to the Securities Exchange Act of 1934.
C) any publicly held company, whether it is a for-profit or non-profit entity.
D) all foreign-owned companies currently operating in the United States.
Answer: B
Diff: 2
Learning Obj.: 2
72) The Omnibus Trade and Competitiveness Act of 1988 (OTCA) amends the
A) Securities Exchange Act of 1934.
B) accounting provisions of the FCPA.
C) antibribery provisions of the FCPA.
D) accounting and antibribery provisions of the FCPA.
Answer: D
Diff: 2
Learning Obj.: 2
73) The Sarbanes-Oxley Act of 2002 imposes certain requirements and restrictions on
A) management.
B) auditors.
C) audit committees.
D) All of these answers are correct.
Answer: A
Diff: 2
Learning Obj.: 2
10 | P a g e

74) The Sarbanes-Oxley Act of 2002 explicitly deals with the non-audit services which auditors
can provide to their audit clients. Certain non-audit services may be permissible, without prior
approval of a company's audit committee, if the non-audit services
A) constitute less than 5% of the audit fees for the corporation.
B) constitute less than 5% of the audit fees for the corporation and are not specifically identified
as being barred by SOA 2002.
C) constitute less than 20% of the audit fees for the corporation.
D) Auditors are barred from any and all non-audit services for their audit clients according to
SOA 2002.
Answer: B
Diff: 3
Learning Obj.: 2
75) The component of internal control that is the foundation for all other components is
A) risk assessment.
B) information and communication.
C) control activities.
D) control environment.
Answer: D
Diff: 2
Learning Obj.: 2
76) One way in which a company can produce a corporate culture that supports ethical behavior
is through
A) emphasis on sales quotas and deadlines.
B) emphasis on short-run goals and objectives.
C) a cultural audit to bring to light the corporation's true culture and ethical behavior.
D) All of these answers are correct.
Answer: C
Diff: 2
Learning Obj.: 2
77) The formal communications patterns within an organization can be communicated using
A) a specific, precise management philosophy.
B) an organizational chart.
C) a cultural audit.
D) an ethical code of conduct.
Answer: B
Diff: 2
Learning Obj.: 2

11 | P a g e

78) Assets fraudulently appropriated for one's own use from an organization is considered
A) fraud.
B) theft.
C) embezzlement.
D) a corporate loan.
Answer: C
Diff: 1
Learning Obj.: 1
79) An interesting aspect of white-collar crime is that
A) it often seems to be victimless.
B) it usually amounts to less than $1,000 per organization per year on average.
C) internal controls almost never reveal the perpetrators of such crimes.
D) None of these answers are correct.
Answer: A
Diff: 2
Learning Obj.: 1
80) Many aspects of computer processing tend to significantly
A) decrease an organization's exposure to undesirable events.
B) strengthen the corporate culture's ethical behavior in the long-term analysis.
C) increase employee productivity through the use of monitoring software.
D) increase an organization's exposure to undesirable events.
Answer: D
Diff: 2
Learning Obj.: 3
81) The department or division of larger organizations which is responsible for monitoring and
evaluating controls on an ongoing basis is
A) internal auditing.
B) external auditing.
C) internal affairs.
D) division monitoring.
Answer: A
Diff: 1
Learning Obj.: 3
82) The two broad categories of transaction control are
A) general controls and specific controls.
B) general controls and application controls.
C) general controls and basic controls.
D) basic controls and application controls.
Answer: B
Diff: 1
Learning Obj.: 3
12 | P a g e

83) Application controls are often classified as

A) general, processing, and specific.
B) basic, specific, and accounting.
C) general, application, and output.
D) input, processing, and output.
Answer: D
Diff: 1
Learning Obj.: 3
84) An agreement or conspiracy among two or more people to commit fraud is known as
A) embezzlement.
B) misappropriation.
C) collusion.
D) misrepresentation.
Answer: C
Diff: 1
Learning Obj.: 4
85) An analytical technique commonly used to analyze and examine an internal control process
is known as a(n)
A) control flowchart.
B) internal control questionnaire.
C) exposure checklist.
D) segregation of duties.
Answer: B
Diff: 1
Learning Obj.: 5
86) An exposure is
A) synonymous with risk.
B) equal to risk multiplied by the likelihood of detection.
C) equal to risk multiplied by the financial consequences.
D) not possible with a good system of internal controls in place.
Answer: C
Diff: 2
Learning Obj.: 1
87) Fraudulent financial reporting
A) involves intentional or reckless conduct.
B) may be due to an act of omission or commission.
C) results in misleading financial statements.
D) All of these answers are correct.
Answer: D
Diff: 2
Learning Obj.: 1
13 | P a g e

88) Internal control is affected by an organization's

A) board of directors, management, and other personnel.
B) management and internal auditors.
C) management and external auditors.
D) board of directors, management, and shareholders.
Answer: A
Diff: 2
Learning Obj.: 2
89) Management's philosophy and operating style are part of which component of internal
control?
A) Control activities
B) Control environment
C) Information and communication
D) Monitoring
Answer: B
Diff: 2
Learning Obj.: 2
90) Organizational structure is part of which component of internal control?
A) Control activities
B) Control environment
C) Information and communication
D) Monitoring
Answer: B
Diff: 2
Learning Obj.: 2
91) An audit committee is required by
A) the AICPA.
B) the Securities and Exchange Commission.
C) generally accepted accounting principles.
D) both the New York Stock Exchange and the Sarbanes-Oxley Act of 2002.
Answer: D
Diff: 2
Learning Obj.: 2
92) Which of the following are examples of risks that are relevant to the financial reporting
process?
A) Changes in the operating environment
B) Changes in personnel
C) Changes in the information system
D) All of these answers are correct.
Answer: D
Diff: 2
Learning Obj.: 1
14 | P a g e

93) The three types of functions that normally should be segregated to promote internal control
are
A) recording transactions, authorizing transactions, and approval.
B) authorizing transactions, approving transactions, and custody of assets.
C) authorizing transactions, recording transactions, and custody of assets.
D) authorizing transactions, inputting data, and outputting data.
Answer: C
Diff: 2
Learning Obj.: 3
94) A computer-produced document that is intended for resubmission into the system, such as the
part of the utility bill that the customer returns with payment, is a(n)
A) invoice.
B) dual-submit document.
C) turnaround document.
D) automated input document.
Answer: C
Diff: 2
Learning Obj.: 3
95) The marking of a form or document to direct or restrict its further processing is called
A) an endorsement.
B) a restriction.
C) blocking.
D) a cancellation.
Answer: A
Diff: 2
Learning Obj.: 3
96) Identifying transaction documents to prevent their further or repeated use after they have
performed their function is known as
A) cancellation.
B) restriction.
C) blocking.
D) endorsement.
Answer: A
Diff: 2
Learning Obj.: 3

15 | P a g e

97) The general term for any type of control total or count applied to a number of transaction
documents is
A) amount control total.
B) line control total.
C) hash total.
D) batch control total.
Answer: D
Diff: 2
Learning Obj.: 3
98) Totals of homogeneous amounts for a group of transactions or records, usually expressed in
dollars or quantities, is known as a(n)
A) batch control total.
B) hash total.
C) amount control total.
D) line total.
Answer: C
Diff: 2
Learning Obj.: 3
99) The reentry of transaction data with machine comparison of the initial entry to the second
entry to detect errors is called
A) batch balancing.
B) key verification.
C) validity checking.
D) a run-to-run comparison.
Answer: B
Diff: 2
Learning Obj.: 3
100) A repetition of processing and an accompanying comparison of individual results for
equality is called
A) redundant processing.
B) matching.
C) run-to-run comparison.
D) readback.
Answer: A
Diff: 2
Learning Obj.: 3

16 | P a g e

101) The identification and analysis of differences between the values contained in two
substantially identical files or between a detail file and a control file is
A) validity checking.
B) verification.
C) reconciliation.
D) clearing.
Answer: C
Diff: 2
Learning Obj.: 3
102) The identification of unprocessed or retained items in files according to their date, usually
the transaction date, is
A) clearing.
B) aging.
C) periodic auditing.
D) summary processing.
Answer: B
Diff: 2
Learning Obj.: 3
103) Research indicates that the most frequent type of fraud is
A) misappropriation of funds.
B) check forgery.
C) false invoices.
D) credit card fraud.
Answer: A
Diff: 3
Learning Obj.: 1
104) Research indicates that the most expensive type of fraud is
A) patent infringement.
B) false financial statements.
C) credit card fraud.
D) All of these types of fraud are equally expensive.
Answer: D
Diff: 3
Learning Obj.: 1
105) An audit committee
A) is composed only of an organization's shareholders.
B) should be primarily composed of only external board members (a NYSE requirement).
C) ideally should be composed only of members who are also high-level executives in the
organization.
D) ideally should report directly to the controller.
Answer: B
Diff: 3
Learning Obj.: 1
17 | P a g e

106) The FCPA requires that a system of internal accounting controls

A) guarantee that profits are correctly stated in a firm's audited financial statements.
B) provide absolute assurance that transactions are executed only in accordance with
management's authorization.
C) provide reasonable assurance that access to assets is permitted only in accordance with
management's authorization.
D) ensure the long-run profitability of an organization.
Answer: C
Diff: 3
Learning Obj.: 1
107) If the treasury and controller functions are independent, which of the following should be
assigned to the controller to maintain effective control?
A) Approval of disbursements
B) Responsibility for check signing
C) Custody of short-term investment securities
D) Authorization of write-offs of accounts receivable
Answer: A
Diff: 3
Learning Obj.: 2
108) A clerk accidentally posts a prenumbered sales invoice of $625 as $265 to a customer's
account. What control would detect this error?
A) A hash total of the invoice numbers
B) A sequence check of the numbers of the invoices which are to be posted
C) A document count of the invoices
D) A control total of the amounts to be posted
Answer: D
Diff: 3
Learning Obj.: 3
109) Which of the following would impair the effectiveness of the separation of incompatible
functions in an organization?
A) The personnel director reports to the vice president for administration.
B) The controller reports to the vice president of sales.
C) The cashier reports to the treasurer.
D) The director of budgeting reports to the controller.
Answer: B
Diff: 3
Learning Obj.: 3

18 | P a g e

110) A well planned system of internal accounting control normally would include procedures
that are designed to provide reasonable assurance that
A) employees act with integrity when performing their assigned tasks.
B) decisions leading to management's authorization of transactions are sound.
C) collusive activities would be detected by segregation of employee duties.
D) transactions are executed in accordance with management's general or specific authorization.
Answer: D
Diff: 3
Learning Obj.: 3
111) Monitoring, the fifth component of internal control, involves
A) assessing the quality of internal controls over time and taking corrective actions if necessary.
B) studying the methods used and records established to identify, assemble, analyze, classify,
record, and report the organization's transactions.
C) maintaining accountability for the financial structure (i.e., assets and liabilities) of the
organization.
D) assessing and managing the risks that affect the organization's objectives.
Answer: A
Diff: 3
Learning Obj.: 2
112) ERM contains eight components. Which one of the following is not a component of ERM?
A) Internal environment
B) Risk assessment
C) Risk response
D) Risk elimination
Answer: D
Diff: 2
Learning Obj.: 1
113) Which one of the following is not an element of the internal control process?
A) Control environment
B) Risk assessment
C) Risk response
D) Monitoring
Answer: C
Diff: 2
Learning Obj.: 2
114) Guidance for Section 404 compliance can be found in
A) COSO reports.
B) ISO 27002.
C) the United States Federal Sentencing Guidelines.
D) Guidance can be found in all of the above.
Answer: D
Diff: 2
Learning Obj.: 1
19 | P a g e

115) COSO's Guidance on Monitoring Internal Control Systems includes the following phases
except
A) establishing a foundation for monitoring.
B) designing and executing monitoring procedures that are based on risk.
C) developing the objectives for the level of risk that can be tolerated by management.
D) assessing and reporting the results.
Answer: C
Diff: 2
Learning Obj.: 1
116) The problems small businesses encounter with internal control that are addressed by COSO
include the following except
A) effective boards of directors.
B) limited segregation of duties and increased focus on monitoring.
C) compensating for limitations in information technology.
D) outsourcing increased reporting requirements.
Answer: D
Diff: 2
Learning Obj.: 1
117) Small and large companies can gain cost efficiencies in internal control by
A) focusing financial items that have changed the most from period to period.
B) managing reporting objectives.
C) effectively managing the amount and types of documentation on adequate controls.
D) All of the above will enable small companies to gain cost efficiencies.
Answer: D
Diff: 2
Learning Obj.: 5

20 | P a g e

118) Presented below is a list of terms relating to accounting information systems, followed by
definitions of those terms.
Required: Match the letter next to each definition with the appropriate term. Each answer will be
used only once.
________ 1. Fidelity bond
________ 2. Tickler file
________ 3. Suspense account
________ 4. Anticipation
________ 5. Corrective controls
________ 6. Input controls
________ 7. Authorization
________ 8. Batch sequence
________ 9. Forensic accounting
________ 10. Managerial audit
A. A synonym for batch serial numbers
B. The expectation of a given transaction or event at a particular time
C. A contract with an insurance company that provides a financial guarantee of the honesty of
the individual who is named in the bond contract
D. A synonym for a managerial audit
E. A control total for items awaiting further processing
F. Designed to prevent or detect errors in the beginning stage of processing
G. An activity concerned with preventing and detecting fraud
H. A control file consisting of items sequenced by age used for processing or follow-up purposes
I. These act to correct errors
J. Limits the initiation of a transaction or performance of an activity to selected individuals
Answer: 1. C, 2. H, 3. E, 4. B, 5. I, 6. F, 7. J, 8. A, 9. G, 10. D
Diff: 2
Learning Obj.: 3

21 | P a g e

119) Presented below is a list of terms relating to accounting information systems, followed by
definitions of those terms.
Required: Match the letter next to each definition with the appropriate term. Each answer will be
used only once.
________ 1. FCPA
________ 2. Audit committee
________ 3. Collusion
________ 4. Application controls matrix
________ 5. Internal auditing
________ 6. Control environment
________ 7. Cancellation
________ 8. Statutory sanction
________ 9. Format check
________ 10. Endorsement
A. Has responsibility for reviewing the reports of the company's external auditors
B. The identification of documents to prevent their repeated use
C. A type of exposure
D. A law which requires publicly held companies to maintain adequate accounting systems
E. One of the main components of internal control
F. Agreement or conspiracy among two or more people to commit fraud
G. An example of this procedure is: all characters in the vendor number field are numeric
H. A technique for internal control analysis
I. Marking a form or document to restrict its further processing
J. An example of the monitoring component
Answer: 1. D, 2. A, 3. F, 4. H, 5. J, 6. E, 7. B, 8. C, 9. G, 10. I
Diff: 2
Learning Obj.: 3

22 | P a g e

120) Listed below is a list of terms relating to internal control processes, followed by definitions
of those terms.
Required: Match the letter next to each definition with the appropriate term. Each answer will be
used only once.
________ 1. Check digit
________ 2. Upstream resubmission
________ 3. Exposure
________ 4. Control register
________ 5. Hash total
________ 6. Internal control questionnaire
________ 7. Physical controls
________ 8. Preventive controls
________ 9. Run-to-run totals
________ 10. General controls
A. These affect all transaction processing
B. An internal control analysis technique
C. A detective control used to determine if input is correct
D. A log indicating the disposition and control values of batches or transactions
E. A detective control use to determine if processing is complete
F. The sum of a batch's preprinted check numbers is an example
G. Segregation of duties is an example
H. A limited access area, for example
I. Business interruption is an example
J. This is an example of a corrective control
Answer: 1. C, 2. J, 3. I, 4. D, 5. F, 6. B, 7. H, 8. G, 9. E, 10. A
Diff: 2
Learning Obj.: 3

23 | P a g e

121) Listed below are various controls found in a system of internal control.
Required: Label each of the following controls as preventive (P), detective (D), or corrective (C).
________ 1. Transaction trail
________ 2. Rotation of duties
________ 3. Reconciliation
________ 4. Visual verification
________ 5. Batch controls
________ 6. Endorsement
________ 7. Redundant processing
________ 8. Training of Personnel
________ 9. Batch balancing
________ 10. Automatic error correction
Answer: 1. C, 2. P, 3. D, 4. D, 5. D, 6. P, 7. D, 8. P, 9. D, 10. C
Diff: 2
Learning Obj.: 3

24 | P a g e

122) Presented below are ten control features, followed by ten statements describing either the
achievement of a control feature (i.e., a system success) or a system deficiency.
Required: On the answer line to the left of each control feature, insert the capital letter from the
list of the most closely related system success or deficiency. Each letter will be used only once.
________ 1. Backup and recovery
________ 2. Check digit
________ 3. Batch balancing
________ 4. Format check
________ 5. Suspense file
________ 6. Hash total
________ 7. Password
________ 8. Turnaround document
________ 9. Forms design
________ 10. Reasonableness test
A. This helps control input accuracy by ensuring that dates are properly entered using the format
MM/DD/YYYY.
B. Many customer account numbers entered into the billing transaction file are invalid.
C. This could help prevent the entry of inconsistent data elements, such as entering a tax code
for a customer for whom sales should be nontaxable.
D. In entering a batch of invoices into the computer, an operator made several errors in keying
the invoice numbers. As a result, the computer program updated computer accounts with
incorrect invoice information.
E. A new field salesperson omitted several data elements when completing the sales order
forms.
F. The vendor master file was damaged in yesterday's update, and cannot be used for today's
update.
G. A former employee gained access to the computer system and damaged the customer master
file.
H. A computer operator discovered that he had not input all items in a batch.
I. This feature speeds up data entry because some of the input data is prerecorded on the source
document and can be scanned.
J. A supervisor reviews this document frequently to dispose of partially processed transactions.
Answer: 1. F, 2. B, 3. H, 4. A, 5. J, 6. D, 7. G, 8. I, 9. E, 10. C
Diff: 2
Learning Obj.: 3

25 | P a g e

123) Listed below are several examples of internal control procedures.

Required: For the following internal control procedures, give the reason or objective of the
control:
a. Checks are mailed by someone other than the person who prepares and signs a check.
b. The accounting department matches invoices received to receiving reports prior to recording
the payable.
c. The cashier deposits cash and mails checks to vendors, but does not record any information in
the accounting system.
d. The employee performing the bank reconciliation does not perform any cash handling or
recording activities.
Answer:
a. This prevents an employee from processing phony payables and diverting the signed check to
himself/herself.
b. This prevents the company from recording and subsequently paying for goods and services not
actually received.
c. The cashier cannot conceal cash thefts with accounting entries.
d. The employee performing the reconciliation cannot perpetrate a theft by stealing cash, and
cannot conceal a theft by recording it. The employee's reconciliation serves as a check on the
activities of others.
Diff: 2
Learning Obj.: 2
124) Listed below are examples of several internal control procedures.
Required: For the following internal control procedures, give the objective of the control:
a. The stock of unused checks is kept under lock and key.
b. "Surprise" counts of cash funds are conducted periodically.
c. All purchases must be made by the purchasing department.
d. The accounting department matches invoices to copies of purchase orders.
Answer:
a. This prevents checks from being stolen and forged.
b. This prevents a theft of cash.
c. This prevents unauthorized parties from purchasing goods.
d. This prevents the company from paying for unauthorized purchases.
Diff: 2
Learning Obj.: 2

26 | P a g e

125) Listed below are four examples of possible exposures found in the various business cycles
of a certain business.
Required: For each example, identify the transaction cycle control objective and give a solution
which will help to reduce the possible exposure found in each example.
a. There is no written policy regarding access to the securities the company purchases as an
investment. The securities are in a file in the bottom drawer of a file cabinet in the office.
b. The office supervisor makes "spur of the moment" decisions regarding the hiring and use of
vendors for office supplies and maintenance of the office and warehouse building.
c. A sales representative sent out a shipment of merchandise to a customer on Friday afternoon,
telling the warehouse supervisor that he would write up the paperwork the following Monday
morning.
d. The clerk who prepares and sends statements to customers was hurt in an auto accident and is
on sick leave. As a result, the sales representative now prepares and sends out customer
statements when he has some free time.
Answer:
a. Finance cycle. "Access to cash and securities should be permitted only in accordance with
management's criteria." Management of the company should create a policy regarding access to
securities or cash, and then implement the policy by training employees and limiting physical
access to securities (probably by using a safe or a safety deposit box at a bank).
b. Expenditure cycle. "Vendors should be authorized in accordance with management's criteria."
Management of the company should create and implement a policy regarding the use of vendors.
Management should authorize vendors before they are hired or used by the company. The office
manager may be given some authorization to buy office supplies and necessary items under a
certain dollar amount.
c. Revenue cycle. "All shipments of goods should result in a billing to the customer." The
problem here is that the shipment may not be billed if the sales representative and warehouse
manager fail to prepare the paperwork. Paperwork should be prepared prior to the shipment of
any merchandise sold to customers.
d. Revenue cycle. "Billings to customers should be accurately and promptly classified,
summarized, and reported." Since it appears that the designated employee who handles customer
billing will be off work in the foreseeable future, a temporary employee should be hired and
trained. The sales representative should not be sending out customer statements when he has
"some free time." The temporary employee must be held accountable for preparing and sending
out statements, which need to be properly recorded in a timely manner.
Diff: 2
Learning Obj.: 1

27 | P a g e

126) Metaluna, Inc., is a new software company that recently began operations in 2003.
Metaluna's stock is publicly traded. Listed below are several statements made recently by the
CEO and Chairman of the Board of Metaluna at a directors meeting.
Required: Please comment on each statement in light of the requirements imposed by the
Sarbanes-Oxley Act (SOA) of 2002.
a. "I would like our external auditors to have a major role in our financial systems design and
implementation in the future. They seem like a good group of knowledgeable individuals who I
believe can help us in this area."
b. "As you know, our controller resigned from her position this week. I would like to see if
someone from the auditing firm who worked on our most recent audit would be interested in
coming 'on board' with us."
c. "I am ready to approve a $20,000 company loan to our CIO to help him send his daughter to
Stanford in the fall."
d. "The audit committee has suggested that a new auditing firm be hired after completion of our
current audit. I would like the board to make a resolution giving me sole discretion and
authorization in this matter, since I believe I am better qualified to make such a decision."
Answer: The CEO and Chairman of Metaluna, Inc., has made several statements, which if acted
upon by the board and company, are serious violations of the Sarbanes-Oxley Act of 2002.
a. The SOA severely restricts the non-audit services that auditors can provide to their clients. In
the case of Metaluna, the auditing firm is expressly barred from offering its services in the area
of financial systems design and implementation. Metaluna should find a competent third-party
consultant with a high degree of expertise in this area.
b. Metaluna cannot hire someone from the auditing firm as controller if the individual has
worked on the audit of the company during a one-year period preceding the audit. SOA prohibits
such hiring as a conflict of interest. Metaluna should hire a controller either from another
company in the same industry, or seek someone from another auditing firm who has no
connection with Metaluna's current external auditor.
c. The SOA specifically prohibits Metaluna from making a personal loan to its CIO (an executive
officer of the company).
d. Under SOA, the audit committee is given the sole responsibility for selecting, hiring, and
overseeing the auditor of a company. In this situation, if the board votes to give the CEO "sole
discretion and authorization in this matter," it will be violating the law, and undermining the role
of the audit committee of Metaluna, Inc.
Diff: 3
Learning Obj.: 1

28 | P a g e

127) The following three questions on an internal control questionnaire relate to comparisons of
one amount to a second amount.
Required: What is the purpose of each of these comparisons?
a. Does the company compare budgeted amounts with actual expenditures?
b. Does the company mail monthly statements of account to all customers?
c. Does the company adjust inventory records to physical counts at least once a year?
Answer:
a. Comparing actual with planned expenditures and investigating any significant differences
helps the company determine if there are errors or irregularities in the accounting records, and
sheds some light on whether the company is operating in an efficient and effective manner.
b. In addition to reminding customers of the amounts due, monthly statements allow the
company to use the customer to determine the validity of invoice amounts. The company
compares its records with the customers' records.
c. Periodically, recorded amounts should be compared with actual physical amounts. These
amounts may be different because of inaccurate recordkeeping or spoiled or stolen inventory.
Diff: 3
Learning Obj.: 3
128) Briefly describe five types of common business exposures and their related causes.
Answer: Suggested answer:
The text lists eight exposures, as follows:
Excessive costs potentially result from every business expenditure.
Deficient revenues result from decreases in sales, failure to record sales, and uncollected
balances from customers.
Loss of assets may result from theft, acts of violence, or natural disaster. The loss may be
intentional or unintentional.
Inaccurate accounting results from errors or intentional misstatements in records and financial
statements.
Business interruption is a temporary or permanent cessation of operations resulting from
natural disasters, physical acts of violence, or other business exposures.
Statutory sanctions result from a company's noncompliance with laws and regulations.
Competitive disadvantage is the inability of an organization to remain viable in the
marketplace and results from ineffective management decisions or business exposures.
Fraud and embezzlement may result from actions of those inside or outside of the organization
to divert the organization's assets or to mislead investors.
Diff: 2
Learning Obj.: 1
29 | P a g e

129) Discuss three behavioral issues that should be considered when implementing an internal
control plan.
Answer: Suggested answer:
Students may mention:
Internal controls may conflict with productivity. For example, an employee may omit a control
in the interest of productivity.
Segregation of duties assumes that employees will not collude with each other.
Many controls are based on the assumption that employees will report irregularities committed
by other employees.
The position/power of an individual in the organization who commits an irregularity may
influence whether or not the irregularity gets reported.
Informal pressures, such as peer pressure, may lead to an irregularity not being reported.
Diff: 2
Learning Obj.: 4
130) Give five examples of ways a company may be exposed to excessive costs.
Answer: Suggested answer:
Students may mention any of the following problems with expenditures:
paying higher prices than necessary for purchases of goods or services
paying employees for work that was not effective
paying employees for inefficient work
buying and using too much raw materials because of inefficient production
incurring excessive advertising, travel, or other expenses
paying penalties due to late payment of taxes
paying penalties or finance charges due to late payment of bills
Diff: 2
Learning Obj.: 1
131) Discuss why a fraud examiner needs to be educated in the fields of accounting, law, and
criminology to properly perform a fraud investigation.
Answer: Suggested answer:
Fraud examination can be termed a multi-disciplinary activity, since it attempts to find fraud
committed by employees or outside individuals. An examiner needs to understand and know
about accounting transactions to understand the nature of fraudulent accounting. Since fraud is a
violation of any number of local, state, and federal laws, the examiner must have an essential
understanding of the related laws that apply to such crimes. An examiner must also possess some
understanding of the nature of criminals and their actions, so a basic knowledge of criminology
is essential. A fraud examiner must also know legal procedures and the rules of evidence to
properly (and legally) conduct an investigation and gather appropriate evidence for later use in a
court of law.
Diff: 2
Learning Obj.: 1
30 | P a g e

132) What is corporate culture? Why might someone argue that the corporate culture has more
influence over ethical behavior in a firm than the corporate ethics code of conduct?
Answer: Suggested answer:
Corporate culture includes the general beliefs, practices, and attitudes of employees. If the
general belief of the company is that complying with safety practices is important, for example,
employees will probably operate safely despite what the code of conduct states about safety. If
management has made it clear that being honest in dealing with customers and suppliers is
important, employees will probably practice honesty. The code of conduct may be more useful in
disciplining inappropriate behavior than it is in encouraging good behavior.
Diff: 2
Learning Obj.: 2
133) Enterprise risk management contains eight components. Identify at least six and explain its
importance to managing risk within a company.
Answer: Suggested answer:
1. Internal Environment - the overall culture, atmosphere, and tone of the organization.
2. Objective Setting - management's process for setting objectives in a way that is consistent with
their tolerance for risk.
3. Event identification - the process of identifying internal and external events that affect the
entity's opportunities and risks as they relate to achieving management objectives.
4. Risk assessment - the process of analyzing risks, the likelihood of identified events, and their
potential impact.
5. Risk response - the process of responding to risks and identified events.
6. Control activities - the policies and procedures that are implemented to effect risk responses.
7. Information and communication - the overall flow of information as it's applied to managing
risks in support of the other ERM components.
8. Monitoring - the process of monitoring the entire ERM process.
Diff: 2
Learning Obj.: 1

31 | P a g e