Question #1 (AICPA.

101042BEC-SIM)
A public company audit committee's "financial expert" must have all of the following except: A. An understanding of GAAP and financial statements. B. Experience in preparing or auditing financial statements of comparable companies and application of such principles in connection with accounting for estimates, accruals, and reserves. C. Experience with internal auditing controls. D. Experience on a public company's compensation committee. SOX does not require that the financial expert have experience on a compensation committee.

Question #2 (AICPA.101041BEC-SIM)
Public company audit committees must contain which of the following? A. A majority of independent directors. B. An accounting expert. C. A financial expert. SOX requires that every audit committee of a public company have at least one "financial expert" with (a) an understanding of GAAP and financial statements; (b) experience in preparing or auditing F/S; (c) experience with internal auditing controls; and (d) an understanding of audit committee functions. D. A legal expert.

Question #3 (AICPA.101040BEC-SIM)
Mar has been complicit in her public company's accounting fraud. She consults a lawyer as the time comes to file her firm's 10-K with the SEC. She is a little uncomfortable with what she might have to do. The lawyer will likely tell her that she will have to certify (and be potentially criminally liable for lying about) these matters: A. That she has reviewed the 10-K. B. That to her knowledge the 10-K does not contain any materially untrue statements. C. That she, along with the CEO, is responsible for establishing and maintaining her company's internal controls. D. All of the above. All four of the previous choices are examples, and not the only examples, of things that Mar must certify when her firm files a 10-K.

Question #4 (AICPA.101257BEC)
Which of the following is necessary to be an audit committee financial expert, according to the criteria specified in the Sarbanes-Oxley Act of 2002? A. A limited understanding of generally accepted auditing standards. Although an understanding of GAAS would be likely to be at least tangentially helpful in this setting, this is not specified by SOX as one of the key criteria. These directors are not going to be doing any audits themselves. B. Education and experience as a certified financial planner. C. Experience with internal accounting controls. SOX, in Section 407, provides that, in defining the term "financial expert" (which the SEC has done in detail), the Commission shall consider whether a person has through education and experience acquired: (1) an understanding of GAAP and financial statements; (2) experience in (a) preparation of financial statements and (b) application of such principles in connection with the accounting for estimates, accruals, and reserves; (3)

experience with internal accounting controls; and (4) an understanding of audit committee functions. D. Experience in the preparation of tax returns.

Question #1 (AICPA.040213BEC-SIM)
Which of the following is an example of a detective control? A. Use of pre-formatted screens for data entry. B. Comparison of data entry totals to batch control totals. Reconciliation of data entry totals with batch control totals will detect errors made by the data entry clerks. C. Restricting access to the computer operations center to data-processing staff only. D. Employing a file librarian to maintain custody of the program and data files.

Question #2 (AICPA.061219BEC-SIM)
Milo Corp. maintains daily backups of its accounting system in a fireproof vault in the file library. Weekly, monthly, and annual backups are stored in a secure, fireproof vault at an off-site location. Maintenance of the backup files is an example of A. a detective control. B. a feedback control. C. a corrective control. Corrective controls allow the user to recover from a problem once it has been identified. D. a preventive control. Preventive controls are designed to stop errors and irregularities from occurring.

Question #3 (AICPA.090774.BEC)
Controls in the information technology area are classified into the categories of preventive, detective, and corrective. Which of the following is a preventive control? A. Contingency planning. Contingency planning relates primarily to detective and corrective procedures. B. Hash total. C. Echo check. D. Access control software. Access control software is a preventive control.