Accounting Information Systems 13th Edition By Marshall-B.-Romney Test Bank

<< Administration And Management In Criminal Justice 2nd Edition By Jennifer M. Test Bank Accounting Information Systems The Processes And Control 2nd Edition By Leslie Turner Test Bank >>
Product Code: 222
Availability: In Stock
Price: $24.99
Qty:     - OR -   Add to Wish List
Add to Compare

Accounting Information Systems 13th Edition By Marshall-B.-Romney Test Bank

Description

WITH ANSWERS
Accounting Information Systems 13th Edition By Marshall-B.-Romney Test Bank

Accounting Information Systems, 13e (Romney/Steinbart)

Chapter 5   Computer Fraud

 

5.1   Explain the threats faced by modern information systems.

 

1) Perhaps the most striking fact about natural disasters in relation to AIS controls is that

  1. A) many companies in one location can be seriously affected at one time by a disaster.
  2. B) losses are absolutely unpreventable.
  3. C) there are a large number of major disasters every year.
  4. D) disaster planning has largely been ignored in the literature.

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

2) Which of the following is the greatest risk to information systems and causes the greatest dollar losses?

  1. A) human errors and omissions
  2. B) physical threats such as natural disasters
  3. C) dishonest employees
  4. D) fraud and embezzlement

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

3) Identify the threat below that is not one of the four types of threats faced by accounting information systems.

  1. A) natural and political disasters
  2. B) software errors and equipment malfunctions
  3. C) unintentional acts
  4. D) system inefficiency

Answer:  D

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

4) A power outage is an example of a(n) ________ threat.

  1. A) natural and political disasters
  2. B) software errors and equipment malfunctions
  3. C) unintentional acts
  4. D) system inefficiency

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

5) Excessive heat is an example of a(n) ________ threat.

  1. A) natural and political disasters
  2. B) software errors and equipment malfunctions
  3. C) unintentional acts
  4. D) system inefficiency

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

6) What was the first known cyber-attack intended to harm a real-world physical target?

  1. A) Sasser
  2. B) Stuxnet
  3. C) Michelangelo
  4. D) Doomsday

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Difficult

AACSB:  Analytic

 

7) What agency did the United States create to use cyber weapons and to defend against cyber attacks?

  1. A) U.S. Cyber Command
  2. B) Department of Network Security
  3. C) Department of Cyber Defense
  4. D) Department of Technology Strategy

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Difficult

AACSB:  Analytic

 

8) Which type of threat causes the greatest dollar losses?

  1. A) software errors and equipment malfunctions
  2. B) unintentional acts
  3. C) intentional acts
  4. D) system inefficiency

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

 

9) True or False: A disgruntled employee in Australia hacked into a sewage system, causing a quarter of a million gallons of raw sewage to flood a hotel and a park.

Answer:  TRUE

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

10) True or False:  A 16 year old hacker was able to access the systems of U.S. Missile Command and accidently launched a small nuclear missile, which fortunately, failed to detonate.

Answer:  FALSE

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

11) Logic errors are an example of which type of threat?

  1. A) natural and political disasters
  2. B) software errors and equipment malfunctions
  3. C) unintentional acts
  4. D) system inefficiency

Answer:  C

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

5.2   Define fraud and describe both the different types of fraud and the process one follows to perpetuate a fraud.

 

1) Seble wants to open a floral shop in a downtown business district. She doesnt have funds enough to purchase inventory and pay six months rent up front. Seble approaches a good friend, Zhou, to discuss the possibility of Zhou investing funds and becoming a 25% partner in the business. After a lengthy discussion Zhou agrees to invest. Eight months later, Zhou and Seble have a major argument. In order for Zhou to sue Seble for fraud, all the following must be true except

  1. A) Zhous decision to invest was primarily based on Sebles assertion that she had prior floral retail experience.
  2. B) Seble told Zhou she had worked at a floral shop for several years, when in fact she did not have any prior experience in floral retail.
  3. C) before Zhou invested, Seble prepared a detailed business plan and sales forecasts, and provided Zhou with copies.
  4. D) Zhous 25% share of the business is worth substantially less than her initial investment.

Answer:  C

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

 

2) Perpetrators do not typically

  1. A) attempt to return or pay back stolen amounts soon after the initial theft, but find they are unable to make full restitution.
  2. B) use trickery or lies to gain the confidence and trust of others at the organization they defraud.
  3. C) become bolder and more greedy the longer the theft remains undetected.
  4. D) begin to rely on stolen amounts as part of their income.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

3) Cooking the books is typically accomplished by all the following except

  1. A) overstating inventory.
  2. B) accelerating recognition of revenue.
  3. C) inflating accounts payable.
  4. D) delaying recording of expenses.

Answer:  C

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

4) SAS No. 99 requires that auditors

  1. A) plan audits based on an analysis of fraud risk.
  2. B) detect all material fraud.
  3. C) alert the Securities and Exchange Commission of any fraud detected.
  4. D) take all of the above actions.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Difficult

AACSB:  Analytic

 

5) Intentional or reckless conduct that results in materially misleading financial statements is called

  1. A) financial fraud.
  2. B) misstatement fraud.
  3. C) fraudulent financial reporting.
  4. D) audit failure fraud.

Answer:  C

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

 

 

6) Which of the following is not an example of one of the basic types of fraud?

  1. A) While straightening the store at the end of the day, a shoe store employee finds and keeps an expensive pair of sunglasses left by a customer.
  2. B) An executive devised and implemented a plan to accelerate revenue recognition on a long-term contract, which will allow the company to forestall filing for bankruptcy. The executive does not own any stock, stock options or grants, and will not receive a bonus or perk because of the overstated revenue.
  3. C) A purchasing agent places a large order at higher-than-normal unit prices with a vendor that gave the agent tickets to several football games.
  4. D) A salesperson approves a large sales discount on an order from a company owned partially by the salespersons sister.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Reflective Thinking

7) Describe two kinds of fraud.

Answer:  Misappropriation of assets, or theft, by a person or group for personal financial gain is usually committed by employees. Fraudulent financial reporting is intentional or reckless conduct that results in materially misleading financial statements.

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

 

8) Explain the impact of SAS No. 99 on auditors responsibilities.

Answer:  SAS No. 99, effective December 2002, requires that auditors explicitly consider fraud risks when planning and performing an audit. Auditors must understand types and characteristics of fraud. Audit teams must review clients financial statements for areas susceptible to fraud and communicate with each other during planning of the audit. Auditors must ask management and audit committee members about any past or current instances of fraud. Since many frauds involve revenue recognition, auditors must exercise special care and testing in examining revenue accounts. Audit procedures and testing must be tailored in response to fraud risk assessment. Auditors must evaluate the risk of management override of controls and any other indications of fraud occurrences. All audit procedures, testing and findings must be documented and communicated to management and the audit committee. Auditors must evaluate and recognize the impact of technology on fraud risks, as well as opportunities technology may provide to design fraud-auditing procedures.

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

 

9) All of the following are required for an act to be legally classified as fraudulent except

  1. A) a falsehood is made.
  2. B) about a material fact.
  3. C) to inflict pain.
  4. D) resulting in a financial loss.

Answer:  C

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

10) Misappropriation of assets is a fraudulent act that involves

  1. A) dishonest conduct by those in power.
  2. B) misrepresenting facts to promote an investment.
  3. C) using computer technology to perpetrate.
  4. D) theft of company property.

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

5.3   Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.

 

1) Lapping is best described as the process of

  1. A) applying cash receipts to a different customers account in an attempt to conceal previous thefts of cash receipts.
  2. B) inflating bank balances by transferring money among different bank accounts.
  3. C) stealing small amounts of cash, many times over a period of time.
  4. D) increasing expenses to conceal that an asset was stolen.

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

2) Which of the following is not an example of the fraud triangle characteristic concerned with rationalization?

  1. A) revenge against the company
  2. B) intent to repay borrowed funds in the future
  3. C) sense of entitlement as compensation for receiving a lower than average raise
  4. D) belief that the company wont suffer because an insurance company will reimburse losses

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

 

3) Insiders are frequently the ones who commit fraud because

  1. A) they are more dishonest than outsiders.
  2. B) they need money more than outsiders.
  3. C) they are less likely to get caught than outsiders.
  4. D) they know more about the system and its weaknesses than outsiders.

Answer:  D

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

4) Which of the following is not a management characteristic that increases pressure to commit fraudulent financial reporting?

  1. A) close relationship with the current audit engagement partner and manager
  2. B) pay for performance incentives based on short-term performance measures
  3. C) high management and employee turnover
  4. D) highly optimistic earnings projections

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

5) Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that

  1. A) few differences exist between white-collar criminals and the general public.
  2. B) white-collar criminals eventually become violent criminals.
  3. C) most white-collar criminals invest their illegal income rather than spend it.
  4. D) most white-collar criminals are older and not technologically proficient.

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

6) Identify the opportunity below that could enable an employee to commit fraud.

  1. A) An employees spouse loses her job.
  2. B) An employee has a close association with suppliers or customers.
  3. C) An employee suddenly acquires lots of credit cards.
  4. D) An employee is upset that he was passed over for a promotion.

Answer:  B

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

 

7) Which of the following is a financial pressure that could cause an employee to commit fraud?

  1. A) a feeling of not being appreciated
  2. B) failing to receive a deserved promotion
  3. C) believing that their pay is too low relative to others around them
  4. D) having a spouse injured in a car accident and in the hospital for several weeks

Answer:  D

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

8) Which of the following fraudulent acts generally takes most time and effort?

  1. A) lapping accounts receivable
  2. B) selling stolen inventory to get cash
  3. C) stealing inventory from the warehouse
  4. D) creating false journal entries to overstate revenue

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

9) In many cases of fraud, the ________ takes more time and effort than the ________.

  1. A) concealment; theft
  2. B) theft; concealment
  3. C) conversion; theft
  4. D) conversion; concealment

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

10) Which of the following is the best way to hide theft of assets?

  1. A) creating cash through the transfer of money between banks
  2. B) conversion of stolen assets into cash
  3. C) stealing cash from customer A and then using customer Bs balance to pay customer As accounts receivable
  4. D) charging the stolen asset to an expense account

Answer:  D

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

 

11) Which fraud scheme involves stealing customer receipts and applying subsequent customer cash payments to cover the theft?

  1. A) kiting
  2. B) laundering
  3. C) lapping
  4. D) bogus expense

Answer:  C

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

12) One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as

  1. A) lapping.
  2. B) misappropriation of assets.
  3. C) kiting.
  4. D) concealment.

Answer:  C

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

13) Which characteristic of the fraud triangle often stems from a lack of internal controls within an organization?

  1. A) pressure
  2. B) opportunity
  3. C) rationalization
  4. D) concealment

Answer:  B

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

14) Which situation below makes it easy for someone to commit a fraud?

  1. A) placing excessive trust in key employees
  2. B) inadequate staffing within the organization
  3. C) unclear company policies
  4. D) All of the above situations make it easy for someone to commit a fraud.

Answer:  D

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

15) What is the most prevalent opportunity within most companies to commit fraud?

  1. A) lack of any internal controls
  2. B) failure to enforce the internal controls
  3. C) loopholes in the design of internal controls
  4. D) managements failure to believe employees would commit fraud

Answer:  B

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

16) This component of the fraud triangle explains how perpetrators justify their (illegal) behavior.

  1. A) pressure
  2. B) rationalization
  3. C) concealment
  4. D) opportunity

Answer:  B

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

17) The most efficient way to conceal asset misappropriation is to

  1. A) write-off a customer receivable as bad debt.
  2. B) alter monthly bank statements before reconciliation.
  3. C) alter monthly physical inventory counts to reconcile to perpetual inventory records.
  4. D) record phony payments to vendors.

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

18) What are some of the distinguishing characteristics of fraud perpetrators?

Answer:  Some distinguishing characteristics of fraud perpetrators are: they tend to spend their illegal income to support their lifestyle; once they begin it becomes harder to stop and they become bolder as each incident happens; once they start to rely on the ill-gotten gains, they become more greedy and sometimes careless and overconfident. In the case of computer criminals, they are often young and have substantial computer knowledge. About two-thirds are men and likely to be an employee of the firm from which they steal. Many are unhappy or disgruntled with their employer because they feel unappreciated and underpaid. Most have no previous criminal record.

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

5.4   Define computer fraud and discuss the different computer fraud classifications.

 

1) Which of the following is least likely to result in computer fraud?

  1. A) releasing data to unauthorized users
  2. B) allowing computer users to test software upgrades
  3. C) allowing computer operators full access to the computer room
  4. D) storing backup tapes in a location where they can be quickly accessed

Answer:  C

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

2) How does the U.S. Justice Department define computer fraud?

  1. A) as any crime in which a computer is used
  2. B) as any act in which cash is stolen using a computer
  3. C) as an illegal act in which a computer is an integral part of the crime
  4. D) as an illegal act in which knowledge of computer technology is essential

Answer:  D

Objective:  Learning Objective 4

Difficulty:  Moderate

AACSB:  Analytic

 

3) Why is computer fraud often much more difficult to detect than other types of fraud?

  1. A) because massive fraud can be committed in only seconds, leaving little-to-no evidence
  2. B) because most perpetrators invest their illegal income rather than spend it, concealing key evidence
  3. C) because most computer criminals are older and more cunning than perpetrators of other types of fraud
  4. D) because perpetrators usually only steal very small amounts of money at a time, requiring a long period of time to pass before discovery

Answer:  A

Objective:  Learning Objective 4

Difficulty:  Moderate

AACSB:  Analytic

 

4) Why is computer fraud often more difficult to detect than other types of fraud?

  1. A) Rarely is cash stolen in computer fraud.
  2. B) The fraud may leave little or no evidence it ever happened.
  3. C) Computers provide more opportunities for fraud.
  4. D) Computer fraud perpetrators are just more clever than other types of criminals.

Answer:  B

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

5) Why do many fraud cases go unreported and unprosecuted?

  1. A) Major fraud is a public relations nightmare.
  2. B) Fraud is difficult, costly, and time-consuming to investigate and prosecute.
  3. C) Law enforcement and the courts are often so busy with violent crimes that little time is left for fraud cases.
  4. D) all of the above

Answer:  D

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

6) The fraud that requires the least computer knowledge or skill involves

  1. A) altering or falsifying source data.
  2. B) unauthorized use of computers.
  3. C) tampering with or copying software.
  4. D) forging documents like paychecks.

Answer:  A

Objective:  Learning Objective 4

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

7) The simplest and most common way to commit a computer fraud is to

  1. A) alter computer input.
  2. B) alter computer output.
  3. C) modify the processing.
  4. D) corrupt the database.

Answer:  A

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

8) Downloading a master list of customers and selling it to a competitor is an example of

  1. A) data fraud.
  2. B) output theft.
  3. C) download fraud.
  4. D) fraudulent financial reporting.

Answer:  A

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

 

9) Why is computer fraud on the rise?

Answer:  Not everyone agrees on what constitutes computer fraud and some people may commit computer fraud unwittingly and not be aware of it. Many computer frauds go undetected. The belief that it just cant happen to us. Most networks have a low level of security. Many Internet sites provide guidance on how to commit computer crimes. Law enforcement is unable to keep up with the number of computer frauds. Most frauds are not reported. The total dollar value of losses is difficult to calculate.

Objective:  Learning Objective 4

Difficulty:  Moderate

AACSB:  Reflective Thinking

10) Why do fraudulent acts often go unreported and are therefore not prosecuted?

Answer:  Most fraud cases go unreported and are not prosecuted for several reasons. Many cases of computer fraud are as yet still undetected. As new technology and methods become available to organizations, prior undetected fraud may be revealed in the future. A second reason is that companies are reluctant to report computer fraud and illegal acts simply because of bad publicitya highly visible case can undermine consumer confidence in an organization such as a financial institution. Also, the fact that a fraud has occurred may indeed encourage others to attempt to commit further acts against the organization. It would seem that unreported fraud creates a false sense of security, as people think systems are more secure than they are in reality. Another reason for not reporting fraudulent acts is the fact that the court system and law enforcement is busy with violent crimes and criminals in its system. There is little time left to go after a crime where no physical harm is present. Also, the court system tends to treat teen hacking and cracking as acts of childhood rather than as serious crimesthis leads to many plea bargains when a computer fraud is brought to trial. Another reason is that a computer fraud case is difficult, costly, and time-consuming to investigate and prosecute. Before 1986 no federal law existed governing computer fraud. Law enforcement officials, lawyers, and judges generally lack the computer skills necessary to properly evaluate, investigate, and prosecute computer crimes. Sadly, when all is said and done a successful prosecution and conviction of computer fraud results in a very light sentence. All of these factors contribute to the under reporting and lack of prosecution of computer fraud crimes. Not everyone agrees on what constitutes computer fraud:

  • Many networks have a low level of security
  • Many Internet pages give instruction on how to carry out computer crimes
  • Law enforcement has difficulty keep up with the growing number of computer frauds
  • The total dollar value of losses from computer fraud is difficult to estimate.

Objective:  Learning Objective 4

Difficulty:  Moderate

AACSB:  Analytic

 

 

5.5   Explain how to prevent and detect computer fraud and abuse.

 

1) Most frauds are detected by

  1. A) external auditors.
  2. B) hotline tip.
  3. C) internal auditors.
  4. D) the police.

Answer:  B

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Analytic

2) Which of the following will not reduce the likelihood of an occurrence of fraud?

  1. A) encryption of data and programs
  2. B) use of forensic accountants
  3. C) adequate insurance coverage
  4. D) required vacations and rotation of duties

Answer:  C

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Analytic

 

3) On Tuesday morning, Chen Lee, Chief Information Officer at American Trading Corporation (ATC), got some bad news. The hard drive use to store system data backups was lost while it was being transported to an offsite storage location. Chen called a meeting of her technical staff to discuss the implications of the loss. Which of the following is most likely to relieve her concerns over the potential cost of the loss?

  1. A) ATC has a comprehensive disaster recovery plan.
  2. B) The hard drive was encrypted and password protected.
  3. C) The shipper has insurance that will reimburse ATC for the cost of the hard drive.
  4. D) ATC has a copy of the hard drive onsite, so a new copy for storage offsite can easily be prepared.

Answer:  B

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Reflective Thinking

 

 

4) ________ is a simple, yet effective, method for catching or preventing many types of employee fraud.

  1. A) Requiring all employees to take annual vacations
  2. B) Monitoring employee bank accounts and net worth
  3. C) Monitoring employee behavior using video cameras
  4. D) Explaining that fraud is illegal and will be severely punished to employees

Answer:  A

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Analytic

 

5) What are the actions recommended by the Treadway Commission to reduce the possibility of fraudulent financial reporting?

Answer:  Establish an organizational environment that contributes to the integrity of the financial reporting process. Identify and understand the factors that lead to fraudulent financial reporting. Assess the risk of fraudulent financial reporting within the company. Design and implement internal controls to provide reasonable assurance that the fraudulent financial reporting is prevented.

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Analytic

6) Describe at least four ways a company can make fraud less likely to occur.

Answer:  A company can decrease fraud by: good hiring and firing practices; good management of unhappy employees; training in fraud awareness; manage and track computer licenses; implement signed confidentiality agreements; maintain visible security; educate the workforce in ethics and the penalties for illegal acts.

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Analytic

 

7) Describe four ways companies can reduce losses from fraud.

Answer:  Maintain adequate insurance. Keep a current backup copy of all program and data files in a secure off-site location. Develop a contingency plan for fraud occurrences and other disasters that might occur. Use special software designed to monitor system activity and help companies recover from frauds and malicious actions.

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Analytic

 

 

8) A teller at a savings and loan drive-through accepted a cash payment from customer #1 for an auto loan. The teller appeared to process the payment, but told the customer the printer was jammed and she cant print a receipt. The customer accepted the excuse and drove away. The teller pocketed the cash and wrote down customer #1s loan number and payment amount for future reconciling. A couple of days before customer #1s monthly statement was printed, the teller recorded a cash payment from customer #2 as if it were made by customer #1. The teller pocketed the difference between the two payments. The teller continued to steal and misapply customer payments for the next two years without detection.

 

Identify the type of fraud scheme described. Describe five controls you would implement to address the fraud risk, and label each control as preventive or detective.

Answer:  The fraud appears to be misappropriation of assets that is being concealed with a lapping scheme. Controls would include:

  1. rotation of duties (primarily detective)
  2. mandatory vacations (primarily detective)
  3. surveillance with cameras (primarily detective)
  4. staggered statement printing schedules, unknown to tellers (detective)
  5. sequentially prenumbered, duplicate receipts (detective)
  6. segregation of duties between cash handling and recording (preventive)
  7. encourage customers to utilize on-line banking for loan payments and to frequently check balances (detective)

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

9) Which of the following is not a way to make fraud less likely to occur?

  1. A) Adopt an organizational structure that minimizes the likelihood of fraud.
  2. B) Create an organizational culture that stresses integrity and commitment to ethical values.
  3. C) Create an audit trail so individual transactions can be traced.
  4. D) Effectively supervise employees.

Answer:  C

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Analytic

10) Which of the following is not a way to reduce fraud losses?

  1. A) Conduct periodic external and internal audits.
  2. B) Maintain adequate insurance.
  3. C) Use software to monitor system activity.
  4. D) Store backup copies of program and data files.

Answer:  A

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Analytic

 

 

11) Which of the following is not a way to improve fraud detection?

  1. A) Install fraud detection software.
  2. B) Implement a fraud hotline.
  3. C) Employ a computer security officer.
  4. D) Implement computer-based controls over input, processing, storage, and output activities.

Answer:  D

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Analytic

 

Accounting Information Systems, 13e (Romney/Steinbart)

Chapter 7   Control and Accounting Information Systems

 

7.1   Explain basic control concepts and explain why computer control and security are important.

 

1) Why are threats to accounting information systems increasing?

  1. A) Many companies do not realize that data security is crucial to their survival.
  2. B) LANs and client/server systems are easier to control than centralized, mainframe systems.
  3. C) Many companies believe that protecting information is a strategic requirement.
  4. D) Computer control problems are often overestimated and overly emphasized by management.

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

2) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)

  1. A) preventive control.
  2. B) detective control.
  3. C) corrective control.
  4. D) authorization control.

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

3) Identify the preventive control below.

  1. A) reconciling the bank statement to the cash control account
  2. B) approving customer credit prior to approving a sales order
  3. C) maintaining frequent backup records to prevent loss of data
  4. D) counting inventory on hand and comparing counts to the perpetual inventory records

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

4) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for

  1. A) hiring and firing the external auditors.
  2. B) performing tests of the companys internal control structure.
  3. C) certifying the accuracy of the companys financial reporting process.
  4. D) overseeing day-to-day operations of the internal audit department.

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

5) Which of the following measures can protect a company from AIS threats?

  1. A) Take a proactive approach to eliminate threats.
  2. B) Detect threats that do occur.
  3. C) Correct and recover from threats that do occur.
  4. D) All of the above are proper measures for the accountant to take.

Answer:  D

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

6) Internal control is often referred to as a(n) ________, because it permeates an organizations operating activities and is an integral part of management activities.

  1. A) event
  2. B) activity
  3. C) process
  4. D) system

Answer:  C

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

7) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control.

  1. A) corrective; detective
  2. B) detective; corrective
  3. C) preventive; corrective
  4. D) detective; preventive

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

8) Which type of control is associated with making sure an organizations control environment is stable?

  1. A) general
  2. B) application
  3. C) detective
  4. D) preventive

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

 

9) Which type of control prevents, detects, and corrects transaction errors and fraud?

  1. A) general
  2. B) application
  3. C) detective
  4. D) preventive

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

10) The primary purpose of the Foreign Corrupt Practices Act of 1977 was

  1. A) to require corporations to maintain a good system of internal control.
  2. B) to prevent the bribery of foreign officials by American companies.
  3. C) to require the reporting of any material fraud by a business.
  4. D) All of the above are required by the act.

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

11) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.

  1. A) Foreign Corrupt Practices Act of 1977
  2. B) The Securities Exchange Act of 1934
  3. C) The Sarbanes-Oxley Act of 2002
  4. D) The Control Provision of 1998

Answer:  C

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

12) Which of the following was not an important change introduced by the Sarbanes-Oxley Act of 2002?

  1. A) new roles for audit committees
  2. B) new rules for auditors and management
  3. C) new rules for information systems development
  4. D) the creation of the Public Company Accounting Oversight Board

Answer:  C

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

 

13) A(n) ________ measures company progress by comparing actual performance to planned performance.

  1. A) boundary system
  2. B) diagnostic control system
  3. C) interactive control system
  4. D) internal control system

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

14) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.

  1. A) boundary system
  2. B) diagnostic control system
  3. C) interactive control system
  4. D) internal control system

Answer:  C

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

 

15) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Oanez Dinnerware

  1. A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process.
  2. B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
  3. C) selected the companys Chief Financial Officer to chair the audit committee.
  4. D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year.

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

16) The Sarbanes-Oxley Act (SOX) applies to

  1. A) all companies with gross annual revenues exceeding $500 million.
  2. B) publicly traded companies with gross annual revenues exceeding $500 million.
  3. C) all private and public companies incorporated in the United States.
  4. D) all publicly traded companies.

Answer:  D

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

17) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her companys budgeting practices. It seems that as a result of controls put in place by the company,her ability to creatively manage his departments activities have been curtailed. The level of control that the company is using in this case is a(n)

  1. A) boundary system.
  2. B) diagnostic control system.
  3. C) interactive control system.
  4. D) belief system.

Answer:  B

Objective:  Learning Objective 1

Difficulty:  Easy

AACSB:  Analytic

18) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her work environment. Recently, every employee of the firm was required to attend a sexual harassment workshop. The level of control that the company is using in this case is a(n)

  1. A) boundary system.
  2. B) diagnostic control system.
  3. C) interactive control system.
  4. D) belief system.

Answer:  A

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

19) Explain why the Foreign Corrupt Practices Act was important to accountants.

Answer:  The act is important to accountants because it incorporates the language of the AICPA pronouncement on internal controls. The Act mandates that corporations should keep records that accurately and fairly reflect their transactions and assets in reasonable detail. The internal control system of these organizations should be able to provide reasonable assurance that: a) transactions are properly authorized and recorded; b) assets are safeguarded and protected from unauthorized access; and c) recorded asset values are periodically compared with actual assets and any differences are corrected. The act requires corporations to maintain good systems of internal accounting control.

Objective:  Learning Objective 1

Difficulty:  Moderate

AACSB:  Analytic

 

 

7.2   Compare and contrast the COBIT, COSO, and ERM control frameworks.

 

1) Which of the below is not a component of the COSO ERM?

  1. A) monitoring
  2. B) control environment
  3. C) risk assessment
  4. D) compliance with federal, state, or local laws

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

 

2) The COSO Enterprise Risk Management Integrated Framework stresses that

  1. A) risk management activities are an inherent part of all business operations and should be considered during strategy setting.
  2. B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities.
  3. C) risk management is the sole responsibility of top management.
  4. D) risk management policies, if enforced, guarantee achievement of corporate objectives.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

3) Nolwenn Limited has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. Nolwenn Limited is transitioning from a ________ to a ________ control framework.

  1. A) COSO-Integrated Framework; COBIT
  2. B) COBIT; COSO-Integrated Framework
  3. C) COBIT; COSO-ERM
  4. D) COSO-Integrated Framework; COSO-ERM
  5. E) COSO-ERM; COBIT

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

 

4) Discuss the weaknesses in COSOs internal control framework that led to the development of the COSO Enterprise Risk Management framework.

Answer:  COSOs internal control framework 1. had too narrow a focus. 2. examined controls without first addressing purposes and risks of business processes 3. existing internal control systems often have controls that protect against items that are no longer risks or are no longer important. 4. focusing on controls first has an inherent bias toward past problems and concerns.

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

5) True or False:  The COSO ERM contains all five of the same COSO-Integrated Framework components.

Answer:  TRUE

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

 

6) How many principles are there in the 2013 updated COSO Internal Control Framework?

  1. A) 5
  2. B) 8
  3. C) 17
  4. D) 21

Answer:  C

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

7) Why was the original 1992 COSO Integrated Control framework updated in 2013?

  1. A) Congress required COSO to modernize.
  2. B) U.S. stock exchanges required more disclosure.
  3. C) to more effectively address technological advancements
  4. D) to comply with International accounting standards

Answer:  C

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

8) Which internal control framework is widely accepted as the authority on internal controls?

  1. A) COBIT
  2. B) COSO Integrated Control
  3. C) COSO Enterprise Risk Management
  4. D) Sarbanes-Oxley Control Framework

Answer:  B

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

9) Identify the statement below that is not true of the 2013 COSO Internal Control updated framework.

  1. A) It more efficiently deals with control implementation and documentation issues.
  2. B) It more effectively deals with control implementation and documentation issues.
  3. C) It provides users with more precise guidance.
  4. D) It adds many new examples to clarify the framework concepts.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Difficult

AACSB:  Analytic

 

10) Which of the following is not one of the five principles of COBIT5?

  1. A) meeting stakeholder needs
  2. B) covering the enterprise end-to-end
  3. C) enabling a holistic approach
  4. D) improving organization efficiency

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Difficult

AACSB:  Analytic

 

11) The COBIT5 framework primarily relates to

  1. A) best practices and effective governance and management of private companies.
  2. B) best practices and effective governance and management of public companies.
  3. C) best practices and effective governance and management of information technology.
  4. D) best practices and effective governance and management of organizational assets.

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

 

12) Applying the COBIT5 framework, governance is the responsibility of

  1. A) internal audit.
  2. B) external audit.
  3. C) management.
  4. D) the board of directors.

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

13) Applying the COBIT5 framework, monitoring is the responsibility of

  1. A) the CEO.
  2. B) the CFO.
  3. C) the board of directors.
  4. D) all of the above

Answer:  D

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

14) Why did COSO develop the Enterprise Risk Management framework?

  1. A) to improve the audit process
  2. B) to improve the risk management process
  3. C) to improve the financial reporting process
  4. D) to improve the manufacturing process

Answer:  B

Objective:  Learning Objective 2

Difficulty:  Easy

AACSB:  Analytic

 

15) Which of the following is not a basic principle of the COSO ERM framework?

  1. A) Companies are formed to create value for society.
  2. B) Management must decide how much uncertainty it will accept to create value.
  3. C) Uncertainty results in risk.
  4. D) Uncertainty results in opportunity.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

16) The largest differences between the COSO Integrated Control (IC) framework and the COSO Enterprise Risk Management (ERM) framework is

  1. A) IC is controls-based, while the ERM is risk-based.
  2. B) IC is risk-based, while ERM is controls-based.
  3. C) IC is required, while ERM is optional.
  4. D) IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounting principles.

Answer:  A

Objective:  Learning Objective 2

Difficulty:  Moderate

AACSB:  Analytic

 

7.3   Describe the major elements in the internal environment of a company.

 

1) Rauol is a receptionist for The South American Paper Company, which has strict corporate policies on appropriate use of corporate resources. The first week of March, Rauol saw Jim (the branch manager) putting printer paper and toner into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework?

  1. A) integrity and ethical values
  2. B) risk management philosophy
  3. C) restrict access to assets
  4. D) methods of assigning authority and responsibility

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

2) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?

  1. A) analyzing past financial performance and reporting
  2. B) providing sufficient resources to knowledgeable employees to carry out duties
  3. C) disciplining employees for violations of expected behavior
  4. D) setting realistic targets for long-term performance

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

3) The audit committee of the board of directors

  1. A) is usually chaired by the CFO.
  2. B) conducts testing of controls on behalf of the external auditors.
  3. C) provides a check and balance on management.
  4. D) does all of the above.

Answer:  C

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

4) The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the

  1. A) control activities.
  2. B) organizational structure.
  3. C) budget framework.
  4. D) internal environment.

Answer:  B

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

5) Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?

  1. A) organizational structure
  2. B) methods of assigning authority and responsibility
  3. C) management philosophy and operating style
  4. D) commitment to competence

Answer:  A

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

6) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter

  1. A) unintentional errors.
  2. B) employee fraud or embezzlement.
  3. C) fraud by outsiders.
  4. D) disgruntled employees.

Answer:  B

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

7) The SEC and FASB are best described as external influences that directly affect an organizations

  1. A) hiring practices.
  2. B) philosophy and operating style.
  3. C) internal environment.
  4. D) methods of assigning authority.

Answer:  C

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

 

8) Which attribute below is not an aspect of the COSO ERM Framework internal environment?

  1. A) enforcing a written code of conduct
  2. B) holding employees accountable for achieving objectives
  3. C) restricting access to assets
  4. D) avoiding unrealistic expectations

Answer:  C

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

 

9) The amount of risk a company is willing to accept in order to achieve its goals and objectives is

  1. A) inherent risk.
  2. B) residual risk.
  3. C) risk appetite.
  4. D) risk assessment.

Answer:  C

Objective:  Learning Objective 3

Difficulty:  Easy

AACSB:  Analytic

10) Discuss the internal environment and identify the elements that comprise the internal environment.

Answer:  The internal environment embraces individuals and the environment in which they operate in an organization. Individual employees are the engine that drive the organization and form the foundation upon which everything in the organization rests. Elements of the internal environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and operating style of management; 3) organizational structure; 4) the audit committee of the board of directors; 5) methods of assigning authority and responsibility; 6) human resources policies and practices; and 7) various external influences. Each of these elements influences the internal control structure of the organization. Likewise, these elements should be examined and analyzed in detail when implementing or evaluating a system of internal controls.

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

 

11) Explain why managements philosophy and operating style are considered to be the most important element of the internal environment.

Answer:  Management truly sets the tone for the control environment of a business. If top management takes good control seriously and makes this known to everyone in the organization, then employees down the line will tend to do likewise. Managements attitude toward risk taking and the assessment of risk before acting are indications. Willingness to manipulate performance measures or to encourage employees to do likewise is another indication of attitude. Finally, pressure on subordinates to achieve certain results regardless of the methods used can be a very persuasive indicator of problems. Management concerned about control will assess risk and act prudently, manipulation of performance measures will not be tolerated, and ethical behavior will be instilled in and required of employees.

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Reflective Thinking

 

 

12) What are some of the ways to assign authority and responsibility within an organization?

Answer:  It is incumbent on management to identify specific business objectives and assign such objectives to certain departments and individuals. Management must also hold such departments and individuals responsible and accountable for achieving the assigned business objectives. Ways in which management may assign authority and responsibility is through formal job descriptions, employee training, budgets, operating plans, and scheduling. A formal code of conduct also sets the stage for responsible behavior on the part of employees by defining ethical behavior, acceptable business practices, regulatory requirements, and conflicts of interest. Another useful and important tool is a written policy and procedures manual.

Objective:  Learning Objective 3

Difficulty:  Moderate

AACSB:  Analytic

7.4   Describe the four types of control objectives that companies need to set.

 

1) According to the ERM, these help the company address all applicable laws and regulations.

  1. A) compliance objectives
  2. B) operations objectives
  3. C) reporting objectives
  4. D) strategic objectives

Answer:  A

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

2) According to the ERM, high level goals that are aligned with and support the companys mission are

  1. A) compliance objectives.
  2. B) operations objectives.
  3. C) reporting objectives.
  4. D) strategic objectives.

Answer:  D

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

3) According to the ERM, ________ deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.

  1. A) compliance objectives
  2. B) operations objectives
  3. C) reporting objectives
  4. D) strategic objectives

Answer:  B

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

4) ________ objectives help ensure the accuracy, completeness and reliability of internal and external company reports, Applying the ERM framework.

  1. A) Compliance objectives
  2. B) Operations objectives
  3. C) Reporting objectives
  4. D) Strategic objectives

Answer:  C

Objective:  Learning Objective 4

Difficulty:  Easy

AACSB:  Analytic

 

7.5   Describe the events that affect uncertainty and the techniques used to identify them.

 

1) True or False:  Using the COSO definition of an event, an event represents uncertainty.

Answer:  TRUE

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Analytic

2) Identify the most correct statement with regards to an event.

  1. A) An event identified by management will occur.
  2. B) An event identified by management may or may not occur.
  3. C) An event identified by management may not trigger other events.
  4. D) It is easy to determine which events are most likely to occur.

Answer:  B

Objective:  Learning Objective 5

Difficulty:  Easy

AACSB:  Analytic

 

3) Which of the following is not a commonly used technique used to identify potential events?

  1. A) performing internal analysis
  2. B) monitoring leading events
  3. C) conducting interviews
  4. D) none of the above

Answer:  D

Objective:  Learning Objective 5

Difficulty:  Moderate

AACSB:  Analytic

 

 

7.6   Explain how to assess and respond to risk using the Enterprise Risk Management (ERM) model.

 

1) ________ is not a risk responses identified in the COSO Enterprise Risk Management Framework.

  1. A) Acceptance
  2. B) Avoidance
  3. C) Monitoring
  4. D) Sharing

Answer:  C

Objective:  Learning Objective 6

Difficulty:  Easy

AACSB:  Analytic

 

2) Best Friends, Incorporated is a publicly traded company where three BFFs (best friends forever) serve as its key officers. This situation

  1. A) is a violation of the Sarbanes-Oxley Act.
  2. B) violates the Securities and Exchange Act.
  3. C) increases the risk associated with an audit.
  4. D) must be changed before your audit firm could accept the audit engagement.

Answer:  C

Objective:  Learning Objective 6

Difficulty:  Easy

AACSB:  Analytic

3) ________ remains after management implements internal control(s).

  1. A) Inherent risk
  2. B) Residual risk
  3. C) Risk appetite
  4. D) Risk assessment

Answer:  B

Objective:  Learning Objective 6

Difficulty:  Easy

AACSB:  Analytic

 

4) ________ is the risk that exists before management takes any steps to mitigate it.

  1. A) Inherent risk
  2. B

Write a review

Your Name:


Your Review: Note: HTML is not translated!

Rating: Bad           Good

Enter the code in the box below:



 

Once the order is placed, the order will be delivered to your email less than 24 hours, mostly within 4 hours. 

If you have questions, you can contact us here