Beruflich Dokumente
Kultur Dokumente
Question 1
(aq.inte.cont.monit.proces.001)
A change control process would likely not include which of the following?
Approval process.
Outsourcing.
Documentation.
Question 2
(aq.inte.cont.monit.proces.003)
Ashley's Tree and Trim has an automated system that monitors system access events and reports
them, in real time, to the IT security manager. This type of monitoring is:
Continuous.
Self.
XBRL-enabled.
Supervisory.
Question 3
(AICPA.130517BEC-SIM)
According to the 17 COSO control principles, information quality primarily relates to which
fundamental component of internal control:
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 1/37
11/4/2017 Wiley CPAexcel - BEC
Control activities.
Control environment.
Monitoring.
Question 4
(aq.intro.coso.int.ctrl.002)
Kentucky Fried Opossums reports annually on its environmental impact to the Commonwealth of
Kentucky. This is an example of:
Question 5
(aq.inter.cont.roles.respon.003)
Jiffy Grill has an ERP system. It has assigned responsibility for determining who has what access rights
within the ERP system. This assignment mostly likely was to:
Internal auditors.
Other personnel.
Management
Support functions
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 2/37
11/4/2017 Wiley CPAexcel - BEC
Question 6
(AICPA.130522BEC-SIM)
This fundamental component of internal control is the core or foundation of any system of internal
control.
Control activities.
Control environment.
Risk assessment.
Question 7
(CGIC-0037)
According to COSO controls systems fail for all of the following reasons except:
They are properly designed and implemented but environment changes have occurred making
the controls ineffective.
They are properly designed and implemented but management overrides them making them
ineffective.
They are properly designed and implemented but the way they operate has changed making
them ineffective.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 3/37
11/4/2017 Wiley CPAexcel - BEC
Question 8
(AICPA.130516BEC-SIM)
According to the 17 COSO control principles, organizational objectives primarily relate to which
fundamental component of internal control:
Control activities.
Control environment.
Risk assessment.
Monitoring.
Question 9
(AICPA.130518BEC-SIM)
According to the 17 COSO control principles, change management primarily relates to which
fundamental component of internal control:
Control activities.
Control environment.
Risk assessment.
Monitoring.
Question 10
(CGIC-0020)
Which of the following internal control components includes the factor of managements philosophy
and operating style?
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 4/37
11/4/2017 Wiley CPAexcel - BEC
Control activities.
Risk assessment.
Monitoring.
Question 11
(aq.oth.reg.fram.gov.007_2017)
A public company audit committee's financial expert must have all of the following except:
Question 12
(aq.types.limit.acct.cont.002)
Question 13
(IFTC-0107)
ABC, Inc. assessed the overall risks of MIS systems projects on two standard criteria: technology used
and design structure. The following systems projects have been assessed on these risk criteria. Which
of the following projects holds the highest risk to ABC?
Technology Structure
Current Sketchy
New Sketchy
Question 14
(aq.intro.coso.int.ctrl.001)
Gimbly Cricket Corp. created a decision aid, linked to its data warehouse, to enable senior
management to monitor, in real time, changes in oil production at its oil wells in Kazakhstan. This is
an example of:
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 6/37
11/4/2017 Wiley CPAexcel - BEC
Question 15
(aq.inter.cont.roles.respon.002)
The IT department at Piggy Parts BBQ has recently learned of phishing attempts that rely on social
engineering to break into its financial systems. Information about these attempts should be
communicated to:
Internal auditors.
Other personnel.
All personnel.
Support functions.
Question 16
(AICPA.130523BEC-SIM)
In the COSO "cube" model, this component of internal control enables an organization's people to
identify, process, and exchange the information needed to manage and control operations.
Control activities.
Control environment.
Risk assessment.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 7/37
11/4/2017 Wiley CPAexcel - BEC
Question 17
(CGIC-0015)
The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) in
the professional standards includes the reliability of financial reporting, compliance with applicable
laws and
Question 18
(AICPA.101045BEC-SIM)
The original COSO model has _____ control components, while the COSO ERM model has _____
control components.
2, 4
4, 8
8, 16
5, 8
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 8/37
11/4/2017 Wiley CPAexcel - BEC
Question 19
(AICPA.110533BEC-SIM)
Which of the following are reasons that internal controls need to be monitored?
People forget, quit jobs, get lazy, or come to work hung over.
Machines fail.
Advances in technology.
Question 20
(aq.cosoerm.004)
Devon Company is using an enterprise risk management system. Management of the company has set
the company's objectives, identified events, and assessed risks. What is the next step in the enterprise
risk management process?
Identify opportunities.
Question 21
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 9/37
11/4/2017 Wiley CPAexcel - BEC
(AICPA.101047BEC-SIM)
Which component of the COSO ERM framework is concerned with management's decision to avoid,
accept, reduce, or share risk and to develop a set of actions to align risk with the entity's risk
preferences?
Control activities.
Event identification.
Risk assessment.
Risk response.
Question 22
(CGIC-0019)
Which of the following components of internal control encompass policies and procedures that
ensure that managements directives are carried out?
Monitoring.
Control activities.
Question 23
(IFTC-0082)
An organization relied heavily on e-commerce for its transactions. Evidence of the organizations
security awareness manual would be an example of which of the following types of controls?
Preventive.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 10/37
11/4/2017 Wiley CPAexcel - BEC
Detective.
Corrective.
Compliance.
Question 24
(aq.coso.erm2.002)
Jeffrey Smiggles of Rajon Rondo Sportswear has developed a software application that helps monitor
key production risks at company factories. In order to reduce costs, his approach to monitoring risks
is likely to be:
Monitor more important risks using indirect information and less important risks using direct
information.
Monitor more important risks using direct information and less important risks using indirect
information
Question 25
(AICPA.130526BEC-SIM)
This is the process of identifying, analyzing, and managing the risks involved in achieving the
organization's objectives.
Control activities.
Control environment.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 11/37
11/4/2017 Wiley CPAexcel - BEC
Risk assessment.
Question 26
(AICPA.130515BEC-SIM)
According to the 17 COSO control principles, addressing control deficiencies primarily relates to
which fundamental component of internal control:
Control activities.
Control environment.
Monitoring.
Question 27
(CGIC-0013)
Which of the following factors is not included in the control environment component of internal
control?
Commitment to competence.
Organizational structure.
Question 28
(AICPA.120622BEC)
Which of the following items is one of the eight components of COSO's enterprise risk management
framework?
Operations.
Reporting.
Monitoring.
Compliance.
Question 29
(aq.coso.risk.mgmt.001)
Which of the following components of internal control would encompass the routine controls over
business processes and transactions?
Control activities.
Risk assessment.
Question 30
(AICPA.120621BEC)
In a large public corporation, evaluating internal control procedures should be the responsibility of
Question 31
(IFTC-0112)
Controls in the information technology area are classified into the preventive, detective, and
corrective categories. Which of the following is a preventive control?
Contingency planning.
Hash total.
Echo check.
Question 32
(CGIC-0023)
Which of the following bodies has developed a framework for enterprise risk management?
Question 33
(aq.coso.17prcpls.001)
Technology can identify conditions and circumstances that indicate that controls have failed
or risks are present.
Question 34
(AICPA.110538BEC)
According to COSO, the use of ongoing and separate evaluations to identify and address changes in
internal control effectiveness can best be accomplished in which of the following stages of the
monitoring-for-change continuum?
Control baseline.
Change identification.
Change management.
Control revalidation/update.
Change Identification is the monitoring for change process that would include ongoing and
separate evaluations intended to identify and address changes in internal control effectiveness.
Question 35
(aq.coso.erm2.001)
According to the COSO framework, evaluators who monitor controls within an organization should
have which of the following sets of characteristics?
Question 36
(AICPA.101052BEC-SIM)
Question 37
(aq.types.limit.acct.cont.001)
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 16/37
11/4/2017 Wiley CPAexcel - BEC
Which of the following is a general control rather than a transaction control activity?
Reconciliations.
Question 38
(AICPA.130719BEC)
Question 39
(aq.inter.cont.roles.respon.001)
According to the COSO internal control framework, if an organization outsources certain activities
within the business to an outside party:
The responsibilities only transfer if the outside party explicitly agrees to accept responsibility.
Question 40
(CGIC-0025)
Which of the following is not an advantage of the employment of an enterprise risk management
(ERM) system?
Question 41
(aq.cosoerm.003)
In the COSO enterprise risk management framework, the term risk tolerance refers to
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 18/37
11/4/2017 Wiley CPAexcel - BEC
Question 42
(IFTC-0067)
Which of the following types of control plans is particular to a specific process or subsystem, rather
than related to the timing of its occurrence?
Preventive.
Corrective.
Application.
Detective.
Question 43
(AICPA.101049BEC-SIM)
Recognizing potential impediments to communication between system user and system designer can
be useful in
Question 44
(AICPA.040213BEC-SIM)
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 19/37
11/4/2017 Wiley CPAexcel - BEC
Employing a file librarian to maintain custody of the program and data files.
Question 45
(AICPA.101043BEC-SIM)
In the COSO (2011) "cube" model, each of the following are components of internal control except
Monitoring.
Control activities.
Operations control.
Risk assessment.
Question 46
(AICPA.101265BEC)
A manufacturing firm noted that it would have difficulty sourcing raw materials locally, so it decided
to relocate its production facilities. According to COSO, this decision represents which of the following
responses to the risk?
Risk reduction.
Prospect theory.
Risk sharing.
Risk acceptance.
This best describes the risk management approach taken by the firm. Specifically, because the
firm cannot locally source its raw materials, it is relocating its production facility to reduce the
risk of stock-outs.
Question 47
(CGIC-0030)
Collusion among two or more individuals can result in enterprise risk management failure.
Question 48
(AICPA.090774.BEC)
Controls in the information technology area are classified into the categories of preventive, detective,
and corrective. Which of the following is a preventive control?
Contingency planning.
Hash total.
Echo check.
Question 49
(aq.inte.cont.monit.proces.002)
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 21/37
11/4/2017 Wiley CPAexcel - BEC
Jim is responsible for setting system access parameters in Kentucky Fried Opossums' ERP system.
Each month, he reviews any issues related to setting access parameters and writes a report about
them. This type of monitoring is:
Continuous.
Self.
Oversight.
Supervisory.
Question 50
(AICPA.101044BEC-SIM)
In the COSO "cube" model, each of the following is a control objective except
Compliance.
Monitoring.
Operations.
Reporting.
Question 51
(CGIC-0021)
If internal control is properly designed, the same employee should not be permitted to
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 22/37
11/4/2017 Wiley CPAexcel - BEC
Question 52
(aq.oth.reg.fram.gov.005_2017)
CFO Mar has been complicit in her public company's accounting fraud. She consults a lawyer as it
becomes time for filing her firm's 10-K with the SEC. She is a little uncomfortable about what she
might have to do. The lawyer will likely tell her that she will have to certify (and be potentially
criminally liable for lying about) all of the following matters except:
That she, along with the CEO, is responsible for establishing and maintaining her company's
internal controls.
That she has recently evaluated the effectiveness of the firm's internal controls.
Question 53
(aq.oth.reg.fram.gov.003_2017)
Financial statements.
Internal controls.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 23/37
11/4/2017 Wiley CPAexcel - BEC
Correct! SOX requires the auditors of public companies to audit both their financial statements
and their internal controls.
Question 54
(aq.oth.reg.fram.gov.010_17)
Copyright 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or
adapted with permission.
Which of the following situations most clearly illustrates a breach of fiduciary duty by one or more
members of the board of directors of a corporation?
A corporation previously has distributed 50% of its earnings as dividends. This year it has
annual earnings per share of $2, and the board of directors voted 4 to 1 against paying any
dividend to finance growth.
Two directors of a corporation favor business expansion, two oppose it, and the fifth did not
attend the meeting. During the five years that the fifth person has been a director, the
individual did notattend two other meetings.
A director who learned that the corporation is thinking of buying retail space in a city
personally purchased a vacant building in the same city that would have been suitable for use
by the corporation.
Question 55
(aq.oth.reg.fram.gov.006_2017)
An accounting expert
A financial expert
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 24/37
11/4/2017 Wiley CPAexcel - BEC
A legal expert
Question 56
(aicpa.aq.intro.coso.int.ctrl.003_17)
Which of the following statements is true regarding internal control objectives of information
systems?
Primary responsibility of viable internal control rests with the internal audit division.
A secure system may have inherent risks due to management's analysis of trade-offs identified
by cost-benefit studies.
Question 57
(AICPA.130717BEC)
Expected value.
Uncontrollable risks.
This is the best answer of the choices given. An expected value calculates (and integrates) the
likelihood of losses with the amount of losses. Hence, an expected value combines the
information in low and high probability exposures and low and high-degree loss exposures into
a decision-relevant, single, valuable (for decision analysis) number.
Question 58
(AICPA.120613BEC)
Which of the following statements presents an example of a general control for a computerized
system?
Creating hash totals from Social Security numbers for the weekly payroll.
Question 59
(aq.cosoerm.001)
Enterprise risk management considers how much risk the entity is willing to accept in pursuit of its
goals, how the risks are created and mitigated, and how emerging risks will impact the entity.
The amount of risk the entity is willing to accept in pursuit of its goals is referred to as an entity's:
Risk tolerance.
Risk philosophy.
Risk analysis.
Risk appetite.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 26/37
11/4/2017 Wiley CPAexcel - BEC
achievement of objectives. In setting risk tolerance levels, management will consider the
importance of the related objectives and align risk tolerance with risk appetite.
Question 60
(CGIC-0018)
Which of the following components of internal control are characterized by ongoing activities and
separate evaluations?
Risk assessment.
Monitoring.
Question 61
(AICPA.130723BEC)
Within the COSO Internal ControlIntegrated Framework, which of the following components is
designed to ensure that internal controls continue to operate effectively?
Control environment.
Risk assessment.
Monitoring.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 27/37
11/4/2017 Wiley CPAexcel - BEC
Question 62
(aicpa.aq.inter.cont.roles.respon.004_17)
According to COSO, the presence of a written code of conduct provides for a control environment that
can
Ensure that competent evaluators are implementing and monitoring internal controls.
Verify that information systems are providing persuasive evidence of the effectiveness of
internal controls.
Question 63
(aicpa.aq.coso.erm2.004_17)
The materials manager of a warehouse is given a new product line to manage with new inventory
control procedures. Which of the following sequences of the COSO internal control monitoring-for-
change continuum is affected by the new product line?
Question 64
(aq.oth.reg.fram.gov.009_17)
Copyright 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or
adapted with permission.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 28/37
11/4/2017 Wiley CPAexcel - BEC
Which of the following organizations was established by the Sarbanes-Oxley Act of 2002 to control the
auditing profession?
Question 65
(aq.oth.reg.fram.gov.004_2017)
Legal expert who understands the liabilities that public companies can face if they misreport
financial information.
Accounting expert who is familiar with the AICPA Code of Professional Conduct.
Question 66
(aicpa.aq.coso.erm2.003_17)
According to COSO, a primary purpose of monitoring internal control is to verify that the internal
control system remains adequate to address changes in
Risks.
The law.
Technology.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 29/37
11/4/2017 Wiley CPAexcel - BEC
Operating procedures.
Question 67
(aq.cosoerm.005)
Kelly Inc. is considering establishing an enterprise risk management system. In advising them in
relation to this initiative, which of the following would you indicate is not a limitation of ERM?
Question 68
(aq.cosoerm.002)
Jarrett Corporation is considering establishing an enterprise risk management system and seeks to
better understand the benefits that they may realize from these efforts. In advising them, which of the
following would you describe as not a benefit of enterprise risk management?
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 30/37
11/4/2017 Wiley CPAexcel - BEC
(Correct!) This answer is correct because sharing risk is only one way of responding, and this
technique cannot be used for all risks, nor should it be.
Question 69
(aicpa.aq.coso.erm.006_17)
According to COSO, which of the following identifies the group directly responsible for the
implementation and development of the enterprise risk management framework?
Management
External auditors
Internal auditors
Question 70
(aq.coso.risk.mgmt.002)
Management of Warren Company has decided to respond to a particular risk by hedging the risk with
futures contracts. This is an example of risk
Avoidance.
Acceptance.
Reduction.
Sharing.
Question 71
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 31/37
11/4/2017 Wiley CPAexcel - BEC
(CGIC-0024)
Question 72
(CGIC-0017)
Commitment to competence.
Monitoring.
Organizational structure.
Question 73
(CGIC-0028)
Layton Company has implemented an enterprise risk management system and has responded to a
particular risk by purchasing insurance. Such a response is characterized by COSOs Enterprise Risk
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 32/37
11/4/2017 Wiley CPAexcel - BEC
Avoidance.
Sharing.
Acceptance.
Reduction.
Question 74
(AICPA.130716BEC)
A company's new time clock process requires hourly employees to select an identification number
and then choose the clock-in or clock-out button. A video camera captures an image of the employee
using the system. Which of the following exposures can the new system be expected to change the
least?
Question 75
(aq.oth.reg.fram.gov.001_2017)
In a public company, which of the following officers must certify that the accuracy of their firms'
financial statements as filed with the SEC?
Question 76
(aicpa.aq.coso.17prcpls.003_17)
Employees of an entity feel peer pressure to do the right thing; management appropriately deals with
signs that problems exist and resolves the issues; and dealings with customers, suppliers, employees,
and other parties are based on honesty and fairness. According to COSO, the above scenario is
indicative of which of the following?
Strategic goals
Operational excellence
Reporting reliability
Question 77
(aq.oth.reg.fram.gov.002_2017)
They are responsible for establishing and maintaining their firm's internal financial controls.
They have hired an excellent auditing firm and have delegated to that firm ultimate
responsibility for the accuracy of financial statements.
They have taken lie detector tests regarding the accuracy of the financial statements.
They are subject to firm codes of ethics policing the accuracy of financial statements.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 34/37
11/4/2017 Wiley CPAexcel - BEC
Question 78
(aq.coso.17prcpls.002)
Henry Higgins of Jiffy Grill has learned that the controller is likely embezzling money to fund an
expensive drug and gambling habit. Ideally, Henry should communicate this information to:
The controller.
His boss.
His employees.
Question 79
(CGIC-0035)
The component of COSOs framework for internal control that includes the goal of proper
measurement of transactions is
Control activities.
Monitoring.
This answer is correct. This is one of the goals of the information and communication system.
Question 80
(CGIC-0014)
Which statement is not one of the objectives of internal control as included in the definition of
internal control developed by the Committee of Sponsoring Organizations (COSO)?
Asset safeguarding.
Compliance.
Financial reporting.
Operations.
Question 81
(AICPA.110534BEC-SIM)
The targets against which the effectiveness of internal control are evaluated.
Question 82
(aicpa.aq.oth.reg.fram.gov.008_17)
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 36/37
11/4/2017 Wiley CPAexcel - BEC
Copyright 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or
adapted with permission.
Which of the following statements is correct regarding the requirements of the Sarbanes-Oxley Act of
2002 for an issuer's board of directors?
Each member of the board of directors must be independent from management influence,
based on the member's prior and current activities, economic and family relationships, and
other factors.
The board of directors must have an audit committee entirely composed of members who are
independent from management influence.
The majority of members of the board of directors must be independent from management
influence.
The board of directors must have a compensation committee, a nominating committee, and
an audit committee, each of which is composed entirely of independent members.
Question 83
(AICPA.101046BEC-SIM)
Strategic, operations, reporting, and compliance objectives are a part of which of the following
models of internal control?
COBIT.
COSO.
COSO ERM.
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 37/37