Coso Print

11/4/2017 Wiley CPAexcel - BEC
Custom Assessment Results 11/4/2017
Question 1
(aq.inte.cont.monit.proces.001)
A change control process would likely not include which of the following?
Change request form.
Approval process.
Outsourcing.
Documentation.
You Answered Correctly!

(Correct!) A change control process should include the use of change request forms, an approval
process for changes, and appropriate documentation; however, outsourcing is not part of the
design for a recommended change control process.
Question 2
Ashley's Tree and Trim has an automated system that monitors system access events and reports
them, in real time, to the IT security manager. This type of monitoring is:
Continuous.
Self.
XBRL-enabled.
Supervisory.

(Correct!) This monitoring occurs continuously.
Question 3
(AICPA.130517BEC-SIM)
According to the 17 COSO control principles, information quality primarily relates to which
fundamental component of internal control:
https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder 1/37
Control activities.
Control environment.
Information and communication.
Monitoring.

According to the COSO principles, Information and communication primarily relate to the
quality of information supporting controls, and internal and external communications.
Question 4
(aq.intro.coso.int.ctrl.002)
Kentucky Fried Opossums reports annually on its environmental impact to the Commonwealth of
Kentucky. This is an example of:
Internal, financial reporting.
Internal, nonfinancial reporting.
External, financial reporting
External, nonfinancial reporting

(Correct!) This answer is correct because this is an external report, and it is nonfinancial.
(Environmental impact is not in currency.)
Question 5
(aq.inter.cont.roles.respon.003)
Jiffy Grill has an ERP system. It has assigned responsibility for determining who has what access rights
within the ERP system. This assignment mostly likely was to:
Internal auditors.
Other personnel.
Management
Support functions

(Correct!) This answer is correct because support functions are mostly likely to have
responsibility for determining system access.
Question 6
This fundamental component of internal control is the core or foundation of any system of internal
control.
Control activities.
Risk assessment.

The control environment is, "...the core or foundation of any system of internal control."
Question 7
(CGIC-0037)
According to COSO controls systems fail for all of the following reasons except:
They are not designed or implemented properly.
They are properly designed and implemented but environment changes have occurred making
the controls ineffective.
They are properly designed and implemented but management overrides them making them
ineffective.
They are properly designed and implemented but the way they operate has changed making
them ineffective.

This answer is correct. It is a limitation for all control systems no matter how effectively
designed and implemented.
Question 8
According to the 17 COSO control principles, organizational objectives primarily relate to which
Control activities.
Risk assessment.
Monitoring.

According to the COSO principles, risk assessment primarily relates to organizational objectives,
risk assessment, fraud, and change management. Organizational objectives link to risk
assessment since objectives help to define the risks that are to be assessed.
Question 9
According to the 17 COSO control principles, change management primarily relates to which
Control activities.
Risk assessment.
Monitoring.

According to the COSO principles, risk assessment primarily relates to organizational objectives,
risk assessment, fraud, and change management.
Question 10
(CGIC-0020)
Which of the following internal control components includes the factor of managements philosophy
and operating style?
Control activities.
The control environment.
Risk assessment.
Monitoring.

This answer is correct. Managements philosophy and operating style is a factor of the control
environment.
Question 11
(aq.oth.reg.fram.gov.007_2017)
A public company audit committee's financial expert must have all of the following except:
An understanding of GAAP and financial statements.
Experience in preparing or auditing financial statements of comparable companies and

application of such principles in connection with accounting for estimates, accruals, and
reserves.
Experience with internal auditing controls.
Experience on a public company's compensation committee.

Correct! SOX does not require that a financial expert have experience on a compensation
committee. It does require that she have an understanding of GAAP and GAAS, an ability to
assess the general application of these principles, experience in preparing, auditing, analyzing
or evaluating F/S, an understanding of internal controls and procedures for financial reporting,
and an understanding of audit committee functions.
Question 12
(aq.types.limit.acct.cont.002)
Which of the following is not a limitation of internal control?
Human judgment in decision making may be faulty.
External forces may attack the system.

Management may override internal control.
Controls may be circumvented by collusion.
You Answered Incorrectly.

This answer is incorrect because this is an acknowledged limitation of internal control.
Question 13
(IFTC-0107)
ABC, Inc. assessed the overall risks of MIS systems projects on two standard criteria: technology used
and design structure. The following systems projects have been assessed on these risk criteria. Which
of the following projects holds the highest risk to ABC?
Technology Structure
Current Sketchy
New Sketchy
Current Well defined
New Well defined

This answer is correct because the project involves both new (more risky than current)
technology and sketchy (more risky than well-defined) structure.
Question 14
(aq.intro.coso.int.ctrl.001)
Gimbly Cricket Corp. created a decision aid, linked to its data warehouse, to enable senior
management to monitor, in real time, changes in oil production at its oil wells in Kazakhstan. This is
an example of:
Internal, financial reporting
Internal, nonfinancial reporting.
External, financial reporting.
External, nonfinancial reporting.

(Correct!) This answer is correct because this is an internal report, and it is nonfinancial. (Oil
production is not in currency.)
Question 15
The IT department at Piggy Parts BBQ has recently learned of phishing attempts that rely on social
engineering to break into its financial systems. Information about these attempts should be
communicated to:
Internal auditors.
Other personnel.
All personnel.
Support functions.

(Correct!). This answer is correct because information about social engineering efforts to break
into systems should be communicated to all personnel.
Question 16
In the COSO "cube" model, this component of internal control enables an organization's people to
identify, process, and exchange the information needed to manage and control operations.
Control activities.
Risk assessment.

Information and communication enables an organization's people to identify, process, and
exchange the information needed to manage and control operations.
Question 17
(CGIC-0015)
The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) in
the professional standards includes the reliability of financial reporting, compliance with applicable
laws and
Effectiveness and efficiency of operations.
Effectiveness of prevention of fraudulent occurrences.
Incorporation of ethical business practice standards.
Safeguarding of entity assets.

This answer is correct. The requirement is to identify the reply, which is part of the definition of
internal control developed by the Committee of Sponsoring Organizations (COSO). COSO
defines internal control as a processeffected by an entitys board of directors, management,
and other personneldesigned to provide reasonable assurance regarding the achievement of
objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and
efficiency of operations, and (3) compliance with applicable laws and regulations.
Question 18
The original COSO model has _____ control components, while the COSO ERM model has _____
control components.
2, 4
4, 8
8, 16
5, 8

This answer is correct because the COSO model has 5 control objectives and the COSO ERM
model has 8 control objectives.
Question 19
Which of the following are reasons that internal controls need to be monitored?
People forget, quit jobs, get lazy, or come to work hung over.
Machines fail.
Advances in technology.
All of the above.

All of the above are reasons internal controls need to be monitored.
Question 20
(aq.cosoerm.004)
Devon Company is using an enterprise risk management system. Management of the company has set
the company's objectives, identified events, and assessed risks. What is the next step in the enterprise
risk management process?
Establish control activities to manage the risks.
Monitor the risks.
Determine responses to the risks.
Identify opportunities.

(Correct!) This answer is correct because the next step in the process is to determine the risk
responses to the assessed risks.
Question 21
Which component of the COSO ERM framework is concerned with management's decision to avoid,
accept, reduce, or share risk and to develop a set of actions to align risk with the entity's risk
preferences?
Control activities.
Event identification.
Risk assessment.
Risk response.

Risk assessment does not include management's decision to avoid, accept, reduce, or share risk
and to develop a set of actions to align risk with the entity's risk preferences.
Question 22
(CGIC-0019)
Which of the following components of internal control encompass policies and procedures that
ensure that managements directives are carried out?
Monitoring.
Control activities.

This answer is incorrect. Control activities encompass policies and procedures that ensure that
managements directives are carried out.
Question 23
(IFTC-0082)
An organization relied heavily on e-commerce for its transactions. Evidence of the organizations
security awareness manual would be an example of which of the following types of controls?
Preventive.
Detective.
Corrective.
Compliance.

This answer is correct because the use of such a manual is designed to prevent breaches of
security.
Question 24
(aq.coso.erm2.002)
Jeffrey Smiggles of Rajon Rondo Sportswear has developed a software application that helps monitor
key production risks at company factories. In order to reduce costs, his approach to monitoring risks
is likely to be:
Monitor all risks using indirect information.
Monitor all risks using direct information.
Monitor more important risks using indirect information and less important risks using direct
information.
Monitor more important risks using direct information and less important risks using indirect
information

(Correct!) Collecting direct information is often costlier than collecting indirect information.
Hence, to reduce costs, less important risks are likely to be monitored with indirect information.
Question 25
This is the process of identifying, analyzing, and managing the risks involved in achieving the
organization's objectives.
Control activities.
Risk assessment.

Risk assessment is, "...the process of identifying, analyzing, and managing the risks involved in
achieving the organization's objectives."
Question 26
According to the 17 COSO control principles, addressing control deficiencies primarily relates to
which fundamental component of internal control:
Control activities.
Monitoring.

According to the COSO principles, monitoring primarily relates to establishing ongoing and
periodic evaluations, and addressing control deficiencies.
Question 27
(CGIC-0013)
Which of the following factors is not included in the control environment component of internal
control?
Commitment to competence.
Organizational structure.
Integrity and ethical values.

This answer is correct. Information and communication is a separate component of internal
control.
Question 28
(AICPA.120622BEC)
Which of the following items is one of the eight components of COSO's enterprise risk management
framework?
Operations.
Reporting.
Monitoring.
Compliance.

Monitoring is one of the eight components of COSO's enterprise risk management framework.
Question 29
(aq.coso.risk.mgmt.001)
Which of the following components of internal control would encompass the routine controls over
business processes and transactions?
Control activities.
Risk assessment.

(Correct!) This answer is correct because control activities, policies, and procedures are
designed to ensure that management's directives are followed.
Question 30
(AICPA.120621BEC)
In a large public corporation, evaluating internal control procedures should be the responsibility of
Accounting management staff who report to the CFO.

Internal audit staff who report to the board of directors.
Operations management staff who report to the chief operations officer.
Security management staff who report to the chief facilities officer.

The key to recognizing the correctness of this answer is that the question asks who should
engage in "evaluating" internal control procedures (not design or implement control
procedures). Among the offered choices, an independent internal audit staff, i.e., who report to
the board of directors or an audit committee, but not the CFO, are best qualified to monitor and
evaluate internal control procedures.
Question 31
(IFTC-0112)
Controls in the information technology area are classified into the preventive, detective, and
corrective categories. Which of the following is a preventive control?
Contingency planning.
Hash total.
Echo check.
Access control software.

This answer is correct. A preventive control is designed to prevent a misstatement from
occurring. Access control software prevents unauthorized individuals from gaining access to a
system or application and therefore prevents unauthorized transactions or changes in data.
Question 32
(CGIC-0023)
Which of the following bodies has developed a framework for enterprise risk management?
The Committee of Sponsoring Organizations (COSO).
The American Institute of Certified Public Accountants (AICPA).
The Public Company Accounting Oversight Board (PCAOB).

The Institute of Risk Management Professionals (IRMP).

This answer is correct. COSO has developed a framework for enterprise risk management.
Question 33
(aq.coso.17prcpls.001)
Management of Johnson Company is considering implementing technology to improve the

monitoring of internal control. Which of the following best describes how technology may be effective
at improving internal control monitoring?
Technology can identify conditions and circumstances that indicate that controls have failed
or risks are present.
Technology can ensure that items are processed accurately.
Technology can provide information more quickly.
Technology can control access to terminals and data.

(Correct!) This answer is correct because monitoring involves collecting information to
determine that controls are working.
Question 34
(AICPA.110538BEC)
According to COSO, the use of ongoing and separate evaluations to identify and address changes in
internal control effectiveness can best be accomplished in which of the following stages of the
monitoring-for-change continuum?
Control baseline.
Change identification.
Change management.
Control revalidation/update.

Change Identification is the monitoring for change process that would include ongoing and
separate evaluations intended to identify and address changes in internal control effectiveness.
Question 35
(aq.coso.erm2.001)
According to the COSO framework, evaluators who monitor controls within an organization should
have which of the following sets of characteristics?
Competence and objectivity.
Respect and judgment.
Judgment and objectivity.
Authority and responsibility.

(Correct!) COSO indicates that the evaluator must have competence and objectivity. The other
answers are incorrect because they do not describe the desired characteristics.
Question 36
The goals of risk management include:
aligning risk appetite with strategy.
seizing opportunities through better identification and management.
reducing operational surprises and losses.
all of the above.

All of the above is the best answer because risk management goals include all of these
alternatives.
Question 37
(aq.types.limit.acct.cont.001)
Which of the following is a general control rather than a transaction control activity?
Technology development policies and procedures.
Reconciliations.
Physical controls over assets.
Controls over standing data.

(Correct!) This answer is correct because technology development policies and procedures are
part of the general controls.
Question 38
(AICPA.130719BEC)
According to COSO, which of the following is a compliance objective?
To maintain adequate staffing to keep overtime expense within budget.
To maintain a safe level of carbon dioxide emissions during production.
To maintain material price variances within published guidelines.
To maintain accounting principles that conform to GAAP.

This answer is incorrect since conforming to GAAP is not a compliance objective; it is a reporting
objective.
Question 39
According to the COSO internal control framework, if an organization outsources certain activities
within the business to an outside party:
Responsibility also transfers to the outside party.
The responsibilities never transfer to the outsourced party.
The responsibilities only transfer if the outside party explicitly agrees to accept responsibility.
The organization is no longer accountable for the outsourced activities.


(Correct!) Activities of an organization may be outsourced, but the responsibilities never transfer
to the outsourced party. Management is never relieved of ultimate responsibility or
accountability.
Question 40
(CGIC-0025)
Which of the following is not an advantage of the employment of an enterprise risk management
(ERM) system?
Helps an organization seize opportunities.
Allows an organization to eliminate all risks.
Improves the deployment of capital.
Reduces operational surprises.

This answer is correct. An ERM system does not eliminate all risks.
Question 41
(aq.cosoerm.003)
In the COSO enterprise risk management framework, the term risk tolerance refers to
The level of risk an organization is willing to accept.
The acceptable variation with respect to a particular objective.
The risk of an event after considering management's response.
Events that require no risk response.

(Correct!) This answer is correct because the COSO ERM framework defines risk tolerance as the
acceptable variation with respect to a particular organizational objective.
Question 42
(IFTC-0067)
Which of the following types of control plans is particular to a specific process or subsystem, rather
than related to the timing of its occurrence?
Preventive.
Corrective.
Application.
Detective.

This answer is correct because application controls apply to a particular application or process.
Question 43
Recognizing potential impediments to communication between system user and system designer can
be useful in
monitoring control effectiveness.
the tone at the top.
complying with Sarbanes-Oxley section 404.
managing change in the system of internal control.

This is the best answer because user and design communication issues are more important to
managing changes in the system of internal control than to the processes mentioned in any of
the other answers.
Question 44
Which of the following is an example of a detective control?
Use of pre-formatted screens for data entry.
Comparison of data entry totals to batch control totals.
Restricting access to the computer operations center to data-processing staff only.
Employing a file librarian to maintain custody of the program and data files.

Reconciliation of data entry totals with batch control totals will detect errors made by the data
entry clerks.
Question 45
In the COSO (2011) "cube" model, each of the following are components of internal control except
Monitoring.
Control activities.
Operations control.
Risk assessment.

Operations control is not a component of internal control in the COSO model.
Question 46
(AICPA.101265BEC)
A manufacturing firm noted that it would have difficulty sourcing raw materials locally, so it decided
to relocate its production facilities. According to COSO, this decision represents which of the following
responses to the risk?
Risk reduction.
Prospect theory.
Risk sharing.
Risk acceptance.

This best describes the risk management approach taken by the firm. Specifically, because the
firm cannot locally source its raw materials, it is relocating its production facility to reduce the
risk of stock-outs.
Question 47
(CGIC-0030)
Which of the following is not a limitation of an enterprise risk management system?
Risk relates to the future that is uncertain.
Collusion among two or more individuals can result in enterprise risk management failure.
Companies cannot avoid risk.
Enterprise risk management is subject to management override.

This answer is correct. This is a fact that results in the need to have enterprise risk management.
Question 48
(AICPA.090774.BEC)
Controls in the information technology area are classified into the categories of preventive, detective,
and corrective. Which of the following is a preventive control?
Contingency planning.
Hash total.
Echo check.
Access control software.

Access control software is a preventive control.
Question 49
Jim is responsible for setting system access parameters in Kentucky Fried Opossums' ERP system.
Each month, he reviews any issues related to setting access parameters and writes a report about
them. This type of monitoring is:
Continuous.
Self.
Oversight.
Supervisory.

(Correct!) This is self-assessment or self-monitoring.
Question 50
In the COSO "cube" model, each of the following is a control objective except
Compliance.
Monitoring.
Operations.
Reporting.

Monitoring is correct because it is not a control objective in the COSO model.
Question 51
(CGIC-0021)
If internal control is properly designed, the same employee should not be permitted to
Sign checks and cancel supporting documents.
Receive merchandise and prepare a receiving report.
Prepare disbursement vouchers and sign checks.
Initiate a request to order merchandise and approve merchandise received.

This answer is incorrect because the person requesting the merchandise will be able to
determine whether the appropriate merchandise has been received and should, therefore,
approve its receipt.
Question 52
CFO Mar has been complicit in her public company's accounting fraud. She consults a lawyer as it
becomes time for filing her firm's 10-K with the SEC. She is a little uncomfortable about what she
might have to do. The lawyer will likely tell her that she will have to certify (and be potentially
criminally liable for lying about) all of the following matters except:
That she has reviewed the 10-K.
That her CPA license is active.
That she, along with the CEO, is responsible for establishing and maintaining her company's
internal controls.
That she has recently evaluated the effectiveness of the firm's internal controls.

Correct. This is the one of these four choices that need not be certified. It is a fine thing if Mar is a
CPA and if her license is active, but neither is required by SOX.
Question 53
Public company external audit firms must audit their clients':
Financial statements.
Internal controls.
Financial statements and internal controls.
Neither financial statements nor internal controls.
Correct! SOX requires the auditors of public companies to audit both their financial statements
and their internal controls.
Question 54
Copyright 2017 by the American Institute of Certified Public Accountants, Inc., is reprinted and/or
adapted with permission.
Which of the following situations most clearly illustrates a breach of fiduciary duty by one or more
members of the board of directors of a corporation?
A corporation previously has distributed 50% of its earnings as dividends. This year it has
annual earnings per share of $2, and the board of directors voted 4 to 1 against paying any
dividend to finance growth.
A director of a corporation who co-owns a computer vendor negotiated the purchase of a

computer system by the corporation from the vendor, making a disclosure to the corporation
and the other board members. The purchase price was competitive, and the board (absent the
vendor co-owner) unanimously approved the purchase.
Two directors of a corporation favor business expansion, two oppose it, and the fifth did not
attend the meeting. During the five years that the fifth person has been a director, the
individual did notattend two other meetings.
A director who learned that the corporation is thinking of buying retail space in a city
personally purchased a vacant building in the same city that would have been suitable for use
by the corporation.

Correct! This director has breached a fiduciary duty by appropriating a business opportunity (to
acquire retail space) for himself or herself.
Question 55
Public company audit committees must contain which of the following?
A majority of independent directors
An accounting expert
A financial expert
A legal expert

Correct! SOX requires that every audit committee of a public company have at least one
financial expert with (a) an understanding of GAAP and financial statements; (b) experience in
preparing or auditing financial statements; (c) experience with internal auditing controls; and (d)
an understanding of audit committee functions.
Question 56
(aicpa.aq.intro.coso.int.ctrl.003_17)
Which of the following statements is true regarding internal control objectives of information
systems?
Primary responsibility of viable internal control rests with the internal audit division.
A secure system may have inherent risks due to management's analysis of trade-offs identified
by cost-benefit studies.
Control objectives primarily emphasize output distribution issues.
An entity's corporate culture is irrelevant to the objectives.

Correct! This is an accurate description. Internal control provides reasonable, not absolute,
assurance. Internal control investments are limited by cost-benefit trade-offs.
Question 57
(AICPA.130717BEC)
Which of the following is most useful when risk is being prioritized?
Low and high probability exposures.
Low and high-degree loss exposures.
Expected value.
Uncontrollable risks.

This is the best answer of the choices given. An expected value calculates (and integrates) the
likelihood of losses with the amount of losses. Hence, an expected value combines the
information in low and high probability exposures and low and high-degree loss exposures into
a decision-relevant, single, valuable (for decision analysis) number.
Question 58
(AICPA.120613BEC)
Which of the following statements presents an example of a general control for a computerized
system?
Limiting entry of sales transactions to only valid credit customers.
Creating hash totals from Social Security numbers for the weekly payroll.
Restricting entry of accounts payable transactions to only authorized users.
Restricting access to the computer center by use of biometric devices.

Restricting access to the computer center is an example of a general control.
Question 59
(aq.cosoerm.001)
Enterprise risk management considers how much risk the entity is willing to accept in pursuit of its
goals, how the risks are created and mitigated, and how emerging risks will impact the entity.
The amount of risk the entity is willing to accept in pursuit of its goals is referred to as an entity's:
Risk tolerance.
Risk philosophy.
Risk analysis.
Risk appetite.

(Correct!) The amount of risk the entity is willing to accept in pursuit of its goals is referred to as
an entity's risk appetite. Risk appetite serves as a guide in strategy setting and selecting related
objectives. Risk tolerance is the acceptable level of variation in performance relative to
achievement of objectives. In setting risk tolerance levels, management will consider the
importance of the related objectives and align risk tolerance with risk appetite.
Question 60
(CGIC-0018)
Which of the following components of internal control are characterized by ongoing activities and
separate evaluations?
Risk assessment.
Monitoring.

This answer is correct. Monitoring is characterized by ongoing activities and separate
evaluations.
Question 61
(AICPA.130723BEC)
Within the COSO Internal ControlIntegrated Framework, which of the following components is
designed to ensure that internal controls continue to operate effectively?
Risk assessment.
Monitoring.

Monitoring is the core, underlying control component in the COSO ERM model. Its position at the
foundation is not accidental and reflects the importance of monitoring to achieving strong
internal control and effective risk management. Ensuring that internal controls continue to
operate effectively is the primary purpose of monitoring.
Question 62
(aicpa.aq.inter.cont.roles.respon.004_17)
According to COSO, the presence of a written code of conduct provides for a control environment that
can
Override an entity's history and culture.
Encourage teamwork in the pursuit of an entity's objectives.
Ensure that competent evaluators are implementing and monitoring internal controls.
Verify that information systems are providing persuasive evidence of the effectiveness of
internal controls.

Correct! A code of conduct helps facilitate shared goals and encourages teamwork.
Question 63
(aicpa.aq.coso.erm2.004_17)
The materials manager of a warehouse is given a new product line to manage with new inventory
control procedures. Which of the following sequences of the COSO internal control monitoring-for-
change continuum is affected by the new product line?
Control baseline but not change management
Change management but not control baseline
Neither control baseline nor change management
Both control baseline and change management

Correct! This is a substantial change; hence it will affect both the assessment of the control
baseline and assessment of changes in that baseline (i.e., change management).
Question 64
Which of the following organizations was established by the Sarbanes-Oxley Act of 2002 to control the
auditing profession?
Information Systems Audit and Control Foundation (ISACF)
IT Governance Institute (ITGI)
Public Company Accounting Oversight Board (PCAOB)
Committee of Sponsoring Organizations (COSO)

Correct! SOX did create the PCAOB to govern the audit profession.
Question 65
Every audit committee of a public company must have at least one:
Legal expert who understands the liabilities that public companies can face if they misreport
financial information.
Financial expert who understands GAAP and financial statements.
Ethics expert who is familiar with Immanuel Kant's writings.
Accounting expert who is familiar with the AICPA Code of Professional Conduct.

Correct! SOX required financial experts (who often have accounting experience), but not legal
experts or accounting experts familiar with the AICPA Code.
Question 66
(aicpa.aq.coso.erm2.003_17)
According to COSO, a primary purpose of monitoring internal control is to verify that the internal
control system remains adequate to address changes in
Risks.
The law.
Technology.
Operating procedures.

Incorrect. Risks is a better answer because it includes monitoring for changes in technology
since changes in technologies is a risk.
Question 67
(aq.cosoerm.005)
Kelly Inc. is considering establishing an enterprise risk management system. In advising them in
relation to this initiative, which of the following would you indicate is not a limitation of ERM?
Business objectives are not usually articulated.
The system may break down.
Collusion among two or more individuals can result in system failure.
Enterprise risk management is subject to management override.

This answer is incorrect because system breakdown is a limitation of ERM systems that you
should discuss with Kelly Inc. as part of their planning process.
Question 68
(aq.cosoerm.002)
Jarrett Corporation is considering establishing an enterprise risk management system and seeks to
better understand the benefits that they may realize from these efforts. In advising them, which of the
following would you describe as not a benefit of enterprise risk management?
It helps the organization seize opportunities.
It enhances risk response decisions.
It improves the deployment of capital.
It ensures that the organization shares all major risks.
(Correct!) This answer is correct because sharing risk is only one way of responding, and this
technique cannot be used for all risks, nor should it be.
Question 69
(aicpa.aq.coso.erm.006_17)
According to COSO, which of the following identifies the group directly responsible for the
implementation and development of the enterprise risk management framework?
Management
The board of directors
External auditors
Internal auditors

Incorrect. The board of directors is indirectly, but not directly, responsible for the
implementation and development of the enterprise risk management framework.
Question 70
(aq.coso.risk.mgmt.002)
Management of Warren Company has decided to respond to a particular risk by hedging the risk with
futures contracts. This is an example of risk
Avoidance.
Acceptance.
Reduction.
Sharing.

(Correct!) This answer is correct because hedging involves sharing the risk with another party.
Please see the CPAExcel FARs lessons that introduce hedging.
Question 71
(CGIC-0024)
An important benefit of an enterprise risk management system is
Alignment of shareholder returns with management returns.
Alignment of management risk taking with employee risk appetite.
Alignment of management risk taking with shareholder risk appetite.
Alignment of management risk taking with creditor risk appetite.

This answer is correct. A major aspect of an enterprise risk management system is the alignment
of management risk taking with shareholder risk appetite.
Question 72
(CGIC-0017)
Which of the following is not a factor included in the control environment?
Board of directors or audit committee participation.
Commitment to competence.
Monitoring.
Organizational structure.

This answer is correct. Monitoring is one of the five interrelated components of internal control,
not a factor of the control environment. The seven control environment factors are as follows:
(1) integrity and ethical values, (2) commitment to competence, (3) human resource policies and
practices, (4) assignment of authority and responsibility, (5) managements philosophy and
operating style, (6) board of directors or audit committee participation, and (7) organizational
structure.
Question 73
(CGIC-0028)
Layton Company has implemented an enterprise risk management system and has responded to a
particular risk by purchasing insurance. Such a response is characterized by COSOs Enterprise Risk
Management Framework as:
Avoidance.
Sharing.
Acceptance.
Reduction.

This answer is correct. Sharing involves reducing risk likelihood or impact by transferring or
sharing a portion of the risk.
Question 74
(AICPA.130716BEC)
A company's new time clock process requires hourly employees to select an identification number
and then choose the clock-in or clock-out button. A video camera captures an image of the employee
using the system. Which of the following exposures can the new system be expected to change the
least?
Fraudulent reporting of employees' own hours.
Errors in employees' overtime computation.
Inaccurate accounting of employees' hours.
Recording of other employees' hours.

This is bad answer since the system is primarily designed to catch employees' over-reporting,
either due to fraud or errors, of their own hours worked. Therefore, if the employees' hours are
inaccurately recorded, the new system should address this error.
Question 75
In a public company, which of the following officers must certify that the accuracy of their firms'
financial statements as filed with the SEC?
CEO and CAO

CAO and CFO
CFO and CEO
CEO and COO

Correct! SOX requires both the CEO and the CFO, but no other officers, to certify the accuracy of
their firms' audited financial statements when filed with the SEC.
Question 76
(aicpa.aq.coso.17prcpls.003_17)
Employees of an entity feel peer pressure to do the right thing; management appropriately deals with
signs that problems exist and resolves the issues; and dealings with customers, suppliers, employees,
and other parties are based on honesty and fairness. According to COSO, the above scenario is
indicative of which of the following?
Strategic goals
Operational excellence
Reporting reliability
Tone at the top

Correct! Remember rat-a-tat-tat (Tattone at the top). Tone at the top is critical to internal
control; this description evidences a strong tone at the top in this organization.
Question 77
Public company CEOs and CFOs must certify that:
They are responsible for establishing and maintaining their firm's internal financial controls.
They have hired an excellent auditing firm and have delegated to that firm ultimate
responsibility for the accuracy of financial statements.
They have taken lie detector tests regarding the accuracy of the financial statements.
They are subject to firm codes of ethics policing the accuracy of financial statements.

Correct! SOX requires the CEO and CFO to certify, among other things, that they are responsible
for establishing and maintaining their firm's internal financial controls. But it does not require lie
detector tests, or that they promise they have hired an excellent audit firm. Or that they are
subject to a code of ethics policing the accuracy of the financial statements.
Question 78
(aq.coso.17prcpls.002)
Henry Higgins of Jiffy Grill has learned that the controller is likely embezzling money to fund an
expensive drug and gambling habit. Ideally, Henry should communicate this information to:
The controller.
His boss.
An anonymous hotline set up by Jiffy Grill.
His employees.

(Correct!) If Jiffy Grill has an anonymous hotline set up for this purpose, then this is the best way
to communicate this information.
Question 79
(CGIC-0035)
The component of COSOs framework for internal control that includes the goal of proper
measurement of transactions is
Control activities.
Monitoring.

This answer is correct. This is one of the goals of the information and communication system.
Question 80
(CGIC-0014)
Which statement is not one of the objectives of internal control as included in the definition of
internal control developed by the Committee of Sponsoring Organizations (COSO)?
Asset safeguarding.
Compliance.
Financial reporting.
Operations.

This answer is correct. Auditing standards include objectives to provide reasonable assurance
regarding the achievement of objectives in three categories: (1) reliability of financial reporting,
(2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and
regulations.
Question 81
Which of the following is the best definition of a compensating control?
A control that accomplishes the same objective as another control.
A condition within an internal control system requiring attention.
The targets against which the effectiveness of internal control are evaluated.
Metrics that reflect critical success factors.

This is the best answer. It is the definition of a compensating control.
Question 82
(aicpa.aq.oth.reg.fram.gov.008_17)
Which of the following statements is correct regarding the requirements of the Sarbanes-Oxley Act of
2002 for an issuer's board of directors?
Each member of the board of directors must be independent from management influence,
based on the member's prior and current activities, economic and family relationships, and
other factors.
The board of directors must have an audit committee entirely composed of members who are
independent from management influence.
The majority of members of the board of directors must be independent from management
influence.
The board of directors must have a compensation committee, a nominating committee, and
an audit committee, each of which is composed entirely of independent members.

Correct! SOX requires that a public company's entire audit committee be independent.
Question 83
Strategic, operations, reporting, and compliance objectives are a part of which of the following
models of internal control?
COBIT.
COSO.
COSO ERM.
All of the above.

This answer is correct because strategic, operations, reporting, and compliance objectives are
part of this model.

Coso Print

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Coso Print

Hochgeladen von

Copyright:

Verfügbare Formate

11/4/2017 Wiley CPAexcel - BEC

Custom Assessment Results 11/4/2017

Change request form.

You Answered Correctly!

You Answered Correctly!

Information and communication.

You Answered Correctly!

Internal, financial reporting.

Internal, nonfinancial reporting.

External, financial reporting

External, nonfinancial reporting

You Answered Correctly!

You Answered Correctly!

Information and communication.

You Answered Correctly!

They are not designed or implemented properly.

You Answered Correctly!

You Answered Correctly!

You Answered Correctly!

The control environment.

You Answered Correctly!

An understanding of GAAP and financial statements.

Experience in preparing or auditing financial statements of comparable companies and

Experience with internal auditing controls.

Experience on a public company's compensation committee.

You Answered Correctly!

Which of the following is not a limitation of internal control?

Human judgment in decision making may be faulty.

External forces may attack the system.

Management may override internal control.

Controls may be circumvented by collusion.

You Answered Incorrectly.

Current Well defined

New Well defined

You Answered Correctly!

Internal, financial reporting

Internal, nonfinancial reporting.

External, financial reporting.

External, nonfinancial reporting.

You Answered Correctly!

You Answered Correctly!

Information and communication.

You Answered Correctly!

Effectiveness and efficiency of operations.

Effectiveness of prevention of fraudulent occurrences.

Incorporation of ethical business practice standards.

Safeguarding of entity assets.

You Answered Correctly!

You Answered Correctly!

All of the above.

You Answered Correctly!

Establish control activities to manage the risks.

Monitor the risks.

Determine responses to the risks.

You Answered Correctly!

You Answered Incorrectly.

The control environment.

Information and communication.

You Answered Incorrectly.

You Answered Correctly!

Monitor all risks using indirect information.

Monitor all risks using direct information.

You Answered Correctly!

Information and communication.