1.

The ethical principle of justice asserts that the benefits of the decision should be distributed
fairly to those who share the risks.
ANS: T
2. The ethical principle of informed consent suggests that the decision should be implemented so
as to minimize all of the risks and to avoid any unnecessary risks.
ANS: F
3. Employees should be made aware of the firms commitment to ethics.
ANS: T
4. Business ethics is the analysis of the nature and social impact of computer technology, and the
corresponding formulation and justification of policies for the ethical use of such technology.
ANS: F
5. Para computer ethics is the exposure of stories and reports found in the popular media
regarding the good or bad ramifications of computer technology.
ANS: F
6. Source code is an example of intellectual property.
ANS: T
7. Copyright laws and computer industry standards have been developed jointly and rarely conflict.
ANS: F
8. Business bankruptcy cases always involve fraudulent behavior.
ANS: F
9. Defalcation is another word for financial fraud.
ANS: T
10. The trend toward distributed data processing increases the exposure to fraud from remote
locations.
ANS: T
11. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F
12. Segregation of duties is an example of internal control procedure.
ANS: T
13. Controls in a computer-based information system are identical to controls in a manual system.
ANS: F
14. Preventive controls are passive techniques designed to reduce fraud.
ANS: T
15. Ethical issues and legal issues are essentially the same.
ANS: F
16. Internal control systems are recommended but not required of firms subject to the Foreign
Corrupt Practices Act.
ANS: F
17. Operations fraud is the misuse or theft of the firms computer resources.
ANS: T
18. The Foreign Corrupt Practices Act requires only that a firm keep good records.
ANS: F
19. A key modifying assumption in internal control is that the internal control system is the
responsibility of management. ANS: T
20. Database management fraud includes altering, updating, and deleting an organizations data.
ANS: F
21. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their
audit clients, they are not prohibited from performing such services for non-audit clients or
privately held companies.
ANS: T
22. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T
23. Section 404 requires that corporate management (including the CEO) certify their organizations
internal controls on a quarterly and annual basis.
ANS: F
24. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organizations internal controls.
ANS: F
25. The objective of SAS 99 is to seamlessly blend the auditors consideration of fraud into all phases
of the audit process.
ANS: T
1. Which ethical principle states that the benefit from a decision must outweigh the risks, and that
there is no alternative decision that provides the same or greater benefit with less risk?
a. Minimize risk
b. Justice
c. Informed Consent
d. Proportionality
2. Individuals who acquire some level of skill and knowledge in the field of computer ethics are
involved in which level of computer ethics?
a. Para computer ethics
b. Pop computer ethics
c. Theoretical computer ethics
d. Practical computer ethics
3. All of the following are issues of computer security except
a. Releasing incorrect data to authorized individuals
b. Permitting computer operations unlimited access to the computer room
c. Permitting access to data by unauthorized individuals
d. Providing correct data to unauthorized individuals
4. Which characteristics is not associated with software as intellectual property?
a. Uniqueness of the product
b. Possibility of exact replication
c. Automated monitoring to detect intruders
d. Ease of dissemination
5. For an action to be called fraudulent, all of the following conditions are required except
a. Poor judgement
b. False representation
c. Intent to deceive
d. Injury or loss
6. One characteristic of employee fraud is that the fraud
a. Is perpetrated at level to which internal controls do not apply
b. Involves misstating financial statements
c. Involves the direct conversion of cash or other assets to the employees personal benefit
d. Involves misappropriating assets in a series of complex transactions involving third parties
7. Forces which may permit fraud to occur do not include
a. A gambling addiction
b. Lack of segregation of duties
c. Centralized decision-making environment
d. Questionable integrity of employees
8. Which of the following best describes lapping?
a. Applying cash receipts to a different customers account in an attempt to conceal previous
thefts of funds
b. Inflating bank balances by transferring money among different bank accounts
c. Expensing an asset that has been stolen
d. Creating a false transaction
9. Operations fraud includes
a. Altering a program logic to cause the application to process data incorrectly
b. Misusing the firms computer resources
c. Destroying or corrupting a programs logic using a computer virus
d. Creating illegal programs that can access data files to alter, delete, or insert values
10. Who is responsible for establishing and maintaining the internal control system?
a. The internal auditor
b. The accountant
c. Management
d. The external auditor
11. The concept of reasonable assurance suggests that
a. The cost of internal control should be less than the benefit it provides
b. A well-designed system of internal controls will detect all fraudulent activity
c. The objectives achieved by and internal control system vary depending on the data
processing method
d. The effectiveness of internal controls is a function of the industry environment
12. Which of the following is not a limitation of the internal control system?
a. Errors are made due to employee fatigue
b. Fraud occurs because of collusion between two employees
c. The industry is inherently risky
d. Management instructs the bookkeeper to make fraudulent journal entries
13. The most cos-effective type of internal control is
a. Preventive control
b. Accounting control
c. Detective control
d. Corrective control
14. Which of the following is a preventive control?
a. Credit check before approving a sale on account
b. Bank reconciliation
c. Physical inventory count
d. Comparing the accounts receivable subsidiary ledger to the control account
15. A well-designed purchase order is an example of a
a. Preventive control
b. Detective control
c. Corrective control
d. None of the above
16. A physical inventory count is an example of
a. Preventive control
b. Detective control
c. Corrective control
d. Feedforward control
17. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. Preventive control
b. Detective control
c. Corrective control
d. None of the above
18. In balancing the risks and benefits that are part of every ethical decision, managers receive
guidance from each of the following except
a. Justice
b. Self interest
c. Risk minimization
d. Proportionality
19. Which of the following is not an element of the internal control environment?
a. Management philosophy and operating style
b. Organizational structure of the firm
c. Well-designed documents and records
d. The functioning of the board of directors and the audit committee
20. Which of the following suggests a weakness in the internal control environment?
a. The firm has an up-to-date organizational chart
b. Monthly reports comparing actual performance to budget are distributed to managers
c. Performance evaluations are prepared every three years
d. The audit committee meets quarterly with the external auditors
21. Which of the following indicates a strong internal control environment?
a. The internal audit group reports to the audit committee of the board of directors
b. There is no segregation of duties between organization functions
c. There are questions about the integrity of management
d. Adverse business conditions exist in the industry
22. According to SAS 78, an effective accounting system performs all of the following except
a. Identifies and records all valid financial transactions
b. Records financial transactions in the appropriate accounting period
c. Separates the duties of data entry and report generation
d. Records all financial transactions promptly
23. Which of the following is the best reason to separate duties in manual system?
a. To avoid collusion between the programmer and the computer operator
b. To ensure that supervision is not required
c. To prevent the record keeper from authorizing transactions
d. To enable the firm to function more efficiently
24. Segregation of duties in the computer-based information system includes
a. Separating the programmer from the computer operator
b. Preventing management override
c. Separating the inventory process from the billing process
d. Performing independent verifications by the computer operator
25. Which of the following is not an internal control procedure?
a. Authorization
b. Managements operating style
c. Independent verification
d. Accounting records
26. The decision to extend credit beyond the normal credit limit is an example of
a. Independent verification
b. Authorization
c. Segregation functions
d. Supervision
27. When duties cannot be segregated, the most important internal control procedure is
a. Supervision
b. Independent verification
c. Access controls
d. Accounting records
28. An accounting system that maintains and adequate audit trail is implementing which internal
control procedure?
a. Access controls
b. Segregation of functions
c. Independent verification
d. Accounting records
29. Employee fraud involves three steps. Of the following, which is not involved?
a. Concealing the crime to avoid detection
b. Stealing something of value
c. Misstating financial statements
d. Converting asses to a usable form
30. Which of the following is not an example of independent verification?
a. Comparing fixed assets on hand to the accounting records
b. Performing a bank reconciliation
c. Comparing the accounts payable subsidiary ledger to the control account
d. Permitting authorized users only to access the accounting system
31. The importance to the accounting profession of the Foreign Corrupt Practices Act of 1977 is that
a. Bribery will be eliminated
b. Management will not override the companys internal controls
c. Firms are required to have an effective internal control system
d. Firms will not be exposed to lawsuits
32. The board of directors consists entirely of personal friends of the chief executive officer. This
indicates a weakness in
a. The accounting system
b. The control environment
c. Control procedure
d. This is not a weakness
33. Computer fraud can take on many forms, including each of the following except
a. Theft or illegal use of computer-readable information
b. Theft, misuse, or misappropriation of computer equipment
c. Theft, misuse, or misappropriation of assets by altering computer-readable records and files
d. Theft, misuse, or misappropriation of printer supplies
34. When certain customers made cash payments to reduce their accounts receivable, the
bookkeeper embezzled the cash and wrote off the accounts as uncollectible. Which control
procedure would most likely prevent this irregularity?
a. Segregation of duties
b. Accounting records
c. Accounting system
d. Access controls
35. The office manager forgot to record in the accounting records the daily bank deposit. Which
control procedure would most likely prevent or detect this error?
a. Segregation of duties
b. Independent verification
c. Accounting records
d. Supervision
36. Business ethics involves
a. How managers decide on what is right in conducting business
b. How managers achieve what they decide is right for the business
c. Both a and b
d. None of the above
37. All of the following are conditions for fraud except
a. Fales representation
b. Injury or loss
c. Intent
d. Material reliance
38. The four principal types of fraud include all of the following except
a. Bribery
b. Gratuities
c. Conflict of interest
d. Economic extortion
39. The characteristics of useful information include
a. Summarization, relevance, timeliness, accuracy, and completeness
b. Relevance, summarization, accuracy, timelessness, and completeness
c. Timeliness, relevance, summarization, accuracy, and conciseness
d. Disaggregation, relevance, timeliness, accuracy, and completeness
40. Internal control system have limitations. These include
a. Possibility of honest error
b. Circumvention
c. Management override
d. Stability of systems
41. Management can expect various benefits to follow from implementing a system of strong
internal control. Which of the following benefits is least likely to occur?
a. Reduced cost of an external audit
b. Prevents employee collusion to commit fraud
c. Availability of reliable data for decision-making purposes
d. Some assurance of compliance with the Foreign Corrupt Practices Act of 1977
e. Some assurance that important documents and records are protected
 42. Which of the following situations is not segregation of duties violation?
a. The treasurer has the authority to sign checks but gives the signature block to the assistant
treasurer to run the check-signing machine.
b. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse,
selects the vendor and authorizes purchases when inventories are low
c. The sales manager has the responsibility to approve credit and the authority to write off
accounts
d. The department time clerk is given the undistributed payroll checks to mail to absent
employees
e. The accounting clerk who shares the record keeping responsibility for the accounts
receivable subsidiary ledger performs the monthly reconciliation of the subsidiary ledger
and the control accounts
43. Which of the following is not an issue to be addresses In a business code of ethics required by
the SEC?
a. Conflicts of interest
b. Full and Fair Disclosures
c. Legal Compliance
d. Internal Reporting of Code Violations
e. All of the above are issues to be addressed

SHORT ANSWER

1. What are the main issues to be addressed In a business code of ethics required by SEC?
ANS:
Conflicts of interest, Full and Fair Disclosures, Legal Compliance, Internal Reporting of Code
Violations, Accountability
2. List the four broad objectives of the internal control system
ANS:
Safeguard assets, ensure the accuracy and reliability of accounting records, promote
organizational efficiency, comply with managements policies and procedures
3. Explain the purpose of the PCAOB
ANS:
The PCAOB is empowered to set auditing, quality control, and ethics standards; to inspect
registered accounting firms; to conduct investigations; and to take disciplinary actions
4. What are the five internal control components described in the SAS 78 / COSO framework
ANS:
The control environment, risk assessment, information and communication, monitoring, and
control activities
5. What are management responsibilities under section 302 and 404?
ANS:
Section 302 requires that corporate management (including the CEO) certify their organizations
internal controls on a quarterly and annual basis. Section 404 requires the management of
public companies to assess and formally report on the effectiveness of their organizations
internal controls
6. Identify to indicate whether each procedure is a preventive or detective control
a. Authorizing a credit sale Preventive Detective
b. Preparing a bank reconciliation Preventive Detective
c. Locking the warehouse Preventive Detective
d. Preparing a trial balance Preventive Detective
e. Counting inventory Preventive Detective
ANS: A. Preventive, B. Detective, C. Preventive, D. Detective, E. Detective

Use the internal control procedures listed below to complete the statements.

Segregation of duties specific authorization

General authorization accounting records

Access controls independent verification

Supervision

7. A clerk reorders 250 items when the inventory falls below 25 items. This is an example of
_______________________ ANS: General Authorization
8. The internal audit department recalculates payroll for several employees each pay period. This is
an example of ____________________ ANS: Independent Verification
9. Locking petty cash in a safe is an example of _________________ ANS: access controls
10. Approving a price reduction because goods are damage is an example of ___________________
ANS: Specific Authorization
11. Using cameras to monitor the activities of cashiers is an example of _______________________
ANS: Supervision
12. Not permitting the computer programmer to enter the computer room is an example of
______________________ ANS: Segregation of duties
13. Sequentially numbering all sales invoices is an example of ____________________________
ANS: accounting records
14. What are the five conditions necessary for an act to be considered fraudulent?
ANS: False representation, material fact, intent, justifiable reliance, and injury or loss
15. What is the objective of SAS 99?
ANS:
The objective of SAS 99 is to seamlessly blend the auditors consideration of fraud into all phases
of the audit process.
16. Distinguish between exposure and risk
ANS:
Exposure is the absence or weakness of a control which increases the firms risk of financial loss
or injury. Risk is the probability of incurring such a loss or injury
17. Explain the characteristics of management fraud
ANS:
Management fraud typically occurs at levels above where the internal control system is
effective. Financial statements are frequently modified to make the firm appear more healthy
than it actually is. If any misappropriation of assets occurs, it is usually well hidden.
18. The text discusses many questions about personal traits of employees which might help uncover
fraudulent activity. What are three?
ANS:
Executives: with high personal debt, living beyond their means, engaged in habitual gambling,
appear to abuse alcohol or drugs, appear to lack personal codes of ethics, appear to be unstable
 19. Give two examples of employee fraud and explain how the theft might occur.
ANS:
Charges to expense accounts: Cash could be stolen and charged to a miscellaneous expense
account. Once the account is closed, detection would be more difficult.
Lapping: This involves converting cash receipts to personal use. If a customers check is taken,
his/her balance will not reflect a payment and will be detected when a statement is sent. In
order to conceal this fraud, a later payment is used to cover the stolen check. This is in effect a
small-scale Ponzi scheme
20. What are the six broad classes of physical control activities defined by SAS 78?
ANS:
Transaction authorization, segregation of duties, supervision, access controls, accounting
records, independent verification

Multiple Choice:

1. D
2. A
3. B
4. C
5. A
6. C
7. C
8. A
9. B
10. C
11. A
12. C
13. A
14. A
15. A
16. B
17. B
18. B
19. C
20. C
21. A
22. C
23. C
24. A
25. B
26. B
27. A
28. D
29. C
30. D
31. C
32. B
33. D
34. A
35. B
36. C
37. D
38. B
39. A
40. D
41. B
42. B
43. E