Test Bank Chapter 3

lOMoARcPSD|33038177
Test bank chapter 3
Hệ thống thông tin kế toán (Đại học Kinh tế Quốc dân)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university

Downloaded by K61 LÊ TH? HÀ PH??NG (k61.2214810058@ftu.edu.vn)
lOMoARcPSD|33038177
Chapter 03 Internal Controls Answer Key
Multiple Choice Questions
1. According to COSO, internal control is a:
A. Process.
B. Set of rules.
C. Responsibility of employees only.
D. Requirement only for publicly-traded firms.
AACSB: Analytical Thinking

AICPA: BB Critical Thinking
Accessibility: Keyboard Navigation
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 03-01 Define internal control and explain its importance in the accounting information system.
Topic: Internal control definition
2. Internal control is designed to provide:
A. Certainty.
B. Freedom from fraud.
C. Reasonable assurance.
D. Truth.


lOMoARcPSD|33038177
Blooms: Remember
Difficulty: 1 Easy
3. According to the COSO definition, internal control should address objectives in all of the
following categories except:
A. Operations.
B. Compliance.
C. Reporting.
D. Fraud.

Blooms: Remember
Difficulty: 1 Easy
4. According to the COSO definition, internal control should promote ___ in financial reporting.
A. Truth
B. Accuracy
C. Both truth and accuracy
D. Neither truth nor accuracy

Blooms: Understand
Difficulty: 2 Medium

lOMoARcPSD|33038177
5. Bumble Beasley was making a presentation on internal control to a group of prospective
clients. Which of the following statements is the least appropriate for Bumble to make?
A. Responsibility for internal control should be shared throughout the organization.
B. All companies must use the COSO definition of internal control as a guide.
C. Internal controls are not designed specifically to prevent fraud.
D. Part of internal control is ensuring that a company is making the best possible use of its
resources.

Blooms: Understand
Learning Objective: 03-02 Explain the basic purposes of internal control and its relationship to risk.
Topic: Internal control purposes
6. Internal control relates to an organization's achievement of objectives in three major
categories. All of the following are examples of at least one category except:
A. Promoting compliance with the Sarbanes-Oxley Act.
B. Ensuring that plant assets are listed on the balance sheet at their net book value.
C. Developing a clear job description for each position in the company.
D. Providing conclusive proof that fraud has occurred.

Blooms: Understand

lOMoARcPSD|33038177
categories. Which of the following best pairs one of the categories with a specific example?
A. Operations, fulfilling the requirements of the Foreign Corrupt Practices Act
B. Operations, listing appropriate assets at their current market value
C. Reporting, fulfilling the requirements of the Foreign Corrupt Practices Act
D. Reporting, listing appropriate assets at their current market value

Blooms: Understand
categories. Which of the following best pairs one of the categories with a specific example?
A. Judging, reconciling the bank statement at least monthly
B. Reporting, following the COSO internal control framework
C. Compliance, following the COSO internal control framework
D. Compliance, fulfilling the requirements of the Foreign Corrupt Practices Act

Blooms: Understand

lOMoARcPSD|33038177
categories. Which of the following pairs gives an example of two controls that fulfill a single
category?
A. Fulfilling the requirements of the Foreign Corrupt Practices Act, developing a clear job
description for each position in the company
B. Developing a clear job description for each position in the company, calculating profits on
the accrual basis
C. Fulfilling the requirements of the Foreign Corrupt Practices Act, calculating profits on the
accrual basis
D. Ensuring that plant assets are listed on the balance sheet at their net book value, listing
appropriate assets at their current market value reporting

Blooms: Understand
10. Purposes of internal control include:
A. Safeguarding assets.
B. Ensuring financial statement reliability.
C. Promoting operational efficiency.
D. All of these.

Blooms: Remember
Difficulty: 1 Easy

lOMoARcPSD|33038177
11. Internal control has four major purposes in organizations. Ways to achieve at least one of the
four include: (i) keeping cash in a bank, (ii) conducting a new employee orientation.
A. I only.
B. II only.
C. Both I and II.
D. Neither I nor II.

Blooms: Understand
12. Internal control has four major purposes in organizations. Ways to achieve at least one of the
four include: (i) requiring supervisory review of how complex transactions are recorded in the
journal, (ii) using general ledger software such as Peachtree.
A. I only.
B. II only.
C. Both I and II.
D. Neither I nor II.

Blooms: Understand

lOMoARcPSD|33038177
13. Omar is a general manager at FRD Corporation. He recently attempted to reorganize FRD
from three departments of ten people each to six departments of five people each. Which
purpose of internal control is most likely to be impacted by the change?
A. Safeguarding assets
B. Ensuring financial statement reliability
C. Promoting operational efficiency
D. Uncovering fraud

Blooms: Understand
14. Shawn is an accountant at LNT Corporation. He maintains the company's accounting data on
his computer's local hard drive, but does not back it up on any regular schedule. LNT
Corporation's risk is most related to which purpose of internal control?
A. Safeguarding assets
B. Ensuring financial statement reliability
C. Encouraging compliance with management directives
D. Properly backing up data every day

Blooms: Understand

lOMoARcPSD|33038177
15. ANF Corporation's company procedures manual is available to all employees on the corporate
network, while RSP Corporation distributes a hard copy of its company procedures manual to
all new employees. Which of the following statements is most true?
A. Because the procedures manual would be reported as an asset on the balance sheet, RSP
is doing a better job safeguarding its assets.
B. Because the procedures manual would be reported as an asset on the balance sheet, ANF
is doing a better job safeguarding its assets.
C. ANF employees are more likely to comply with management directives than RSP
employees.
D. The method of distributing the procedures manual is unlikely to be related to ensuring
financial statement reliability.

Blooms: Understand

lOMoARcPSD|33038177
16. CPY Corporation replaces one third of its computers every year; SLP Corporation replaces its
computers when employees submit a request, but no more frequently than once every four
years. Which of the following statements is most true?
A. CPY's replacement policy does a better job safeguarding assets.
B. SLP's replacement policy does a better job safeguarding assets.
C. Neither replacement schedule helps achieve the internal control purpose of safeguarding
assets, but replacing a computer may help promote operating efficiency.
D. Neither replacement schedule helps achieve the internal control purpose of safeguarding
assets because information is not an asset reported on the balance sheet.

Blooms: Understand
17. A well-designed set of internal controls helps a company achieve four main purposes. Which
of the following best pairs two controls related to a single purpose?
A. Restrictive endorsements and bank reconciliations
B. Restrictive endorsements and completing the steps in the accounting cycle
C. Bank reconciliations and background checks
D. Pre-numbered documents and background checks

Blooms: Understand

lOMoARcPSD|33038177
18. A well-designed set of internal controls helps a company achieve four main purposes. Which
of the following best pairs two controls related to a single purpose?
A. Adequate documentation and user training
B. Adequate documentation and bank reconciliations
C. User training and bank reconciliations
D. Firewalls and employee bonding

Blooms: Understand
19. In Brown's taxonomy, systems risk is a form of:
A. Financial risk
B. Operational risk
C. Strategic risk
D. Hazard risk

AICPA: FN Risk Analysis
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 03-03 Describe and give examples of various kinds of risk exposures.
Topic: Risk

lOMoARcPSD|33038177
20. Violating the provisions of the Foreign Corrupt Practices Act most directly subjects an
organization to what kind of risk from Brown's taxonomy?
A. Financial
B. Operational
C. Strategic
D. Inherent

Blooms: Understand
Topic: Risk
21. Hewlett-Packard is a publicly traded corporation whose principal activity is making and selling
computers. Customers can buy an HP computer directly from HP online if they pay with a
bank credit card (such as Visa or Mastercard). HP's risk exposures therefore include all of the
following except:
A. Market risk
B. Systems risk
C. Credit risk
D. Human error risk

Blooms: Understand
Topic: Risk

lOMoARcPSD|33038177
22. Dale is an employee of Big State University who also does some independent consulting to
supplement income. Because consulting engagements are infrequent, Dale has not purchased
insurance for the company. If Dale requires consulting clients to pay in cash, which of the
following risk exposures is most serious?
A. Directors' and officers' liability risk
B. Systems risk
C. Credit risk
D. Consulting risk

Blooms: Understand
Topic: Risk
23. Similarities between legal & regulatory risk and directors' and officers' liability risk in Brown's
taxonomy include:
A. The cause of the risk. violation of management

B. The things directly affected by the risk.
C. Both the cause of the risk and the things directly affected by the risk.
D. Neither the cause of the risk nor the things directly affected by the risk.

Blooms: Understand

lOMoARcPSD|33038177
Topic: Risk
24. Differences between legal & regulatory risk and directors' & officers' liability risk in Brown's
taxonomy include:
A. The cause of the risk.
B. The things directly affected by the risk.
C. Both the cause of the risk and the things directly affected by the risk.
D. Neither the cause of the risk nor the things directly affected by the risk.

Blooms: Understand
Topic: Risk

lOMoARcPSD|33038177
25. Consider the following examples of risk:
i. A corporation is unable to issue bonds because its credit rating is too low.
ii. A U.S. auto manufacturer tries to market a car in Mexico. The car does not sell because the
Spanish translation of its name means "it doesn't go."
iii. An employee receives insufficient training in how to use specialized software.
iv. Due to employee theft, a corporation spends more money than anticipated buying new
tools.
Which pair of risks belongs to the same category in Brown's risk taxonomy?
A. I and II
B. II and III
C. I and III
D. I and IV
both I and IV are forms of financial risk

Blooms: Understand
Topic: Risk

lOMoARcPSD|33038177
26. Consider the following examples of risk:
i. A corporation is unable to issue bonds because its credit rating is too low.
ii. A U.S. auto manufacturer tries to market a car in Mexico. The car does not sell because the
Spanish translation of its name means "it doesn't go."
iii. An employee receives insufficient training in how to use specialized software.
iv. Due to employee theft, a corporation spends more than anticipated buying new tools.
The risks listed above contain examples of all the categories in Brown's risk taxonomy except:
A. Financial
B. Operational
C. Strategic
D. Hazard

Blooms: Understand
Topic: Risk
27. The risk/control matrix illustrated in the chapter contains five columns. Which of the following
is not one of them?
A. Risk
B. Risk category
C. COSO category
D. Internal control


lOMoARcPSD|33038177

Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 03-04 Prepare a simple risk/control matrix.
Topic: Risk control matrix
28. The risk/control matrix illustrated in the chapter contains five columns. Which of the following
items is most likely to appear in the third column?
A. Downloading a virus
B. Preventive
C. Systems
1. risk
D. Virus protection software 2. risk category
3. internal control
Blooms: Understand
29. An airline pilot could not get landing instructions at an airport because the air traffic controller
was asleep. In a risk/control matrix related to that situation, which of the following items is
most likely to appear in the second column?
A. Human error
B. Preventive
C. Require annual physicals
D. Work with a partner


lOMoARcPSD|33038177

Blooms: Understand
30. An airline pilot could not get landing instructions at an airport because the air traffic controller
was asleep. In a risk/control matrix related to that situation, the phrase "require annual
physicals" is most likely to appear in which column?
A. First
B. Third
C. Fourth
D. Fifth

Blooms: Understand

lOMoARcPSD|33038177
31. Raj, an employee at TRS Corporation, was preparing a risk/control matrix related to the steps
in the accounting cycle. The first row of the matrix contained the following entries: Adequate
training. Assets that should be reported at historical cost are reported at market value. Human
error. Internal audits. All the columns in the risk/control matrix are represented by those items
except:
A. Comments
B. Internal control
C. Risk
D. Risk category

Blooms: Understand
32. Raj, an employee at TRS Corporation, was preparing a risk/control matrix related to the steps
in the accounting cycle. The first row of the matrix contained the following entries: Adequate
training. Assets that should be reported at historical cost are reported at market value. Human
risk risk category
error. Internal audits. Which two items would appear in the same column in the matrix?
A. Adequate training and human error
B. Human error and internal audits
C. Adequate training and internal audits
D. None. For a given risk, each column can have only one entry.


lOMoARcPSD|33038177
Blooms: Understand
33. Consider the following list of items that might appear in a risk/control matrix:
i. At least twice a week
ii. Corrective
iii. Human error
iv. Inability to access class materials due to network outage
v. Insufficient time to study
vi. Local data backup
vii. Maximum budget = $50
viii. Preventive
ix. Systems
x. Time management software
Which of the following items are most likely to be grouped on a single row?
A. I, II, III, IV, V
B. I, III, VII, VIII, X
C. III, V, VII, VIII, X
D. III, VI, VII, VIII, X

Blooms: Understand

lOMoARcPSD|33038177
34. Consider the following list of items that might appear in a risk/control matrix:
i. At least twice a week cot 5

ii. Corrective cot 4
iii. Human error
iv. Inability to access class materials due to network outage cot 1

v. Insufficient time to study
vi. Local data backup cot 3
vii. Maximum budget = $50
viii. Preventive
ix. Systems cot 2

x. Time management software
Which of the following items are most likely to be grouped on a single row?
A. I, II, III, IV, V
B. I, II, IV, VI, IX
C. II, III, IV, V, VI
D. VI, VII, VIII, IX, X

Blooms: Understand

lOMoARcPSD|33038177
35. COSO's Internal Control—Integrated Framework comprises a total of ___ categories.
A. Three
B. Four
C. Five
D. Six

Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 03-05 Summarize and explain the importance of COSO's "Internal Control—Integrated Framework."
Topic: COSO internal control framework
36. A speech by the company president about the role of internal control is an example of ___ in
COSO's Internal Control—Integrated Framework.
A. Control environment
B. Control activity
C. Information and communication
D. Risk assessment

Blooms: Understand

lOMoARcPSD|33038177
37. A department manager at TRS Corporation attended a seminar on internal control; afterward,
the manager formed a five-person departmental team to create an internal control plan for the
department. After a one-day off-site meeting, the team produced a document titled
"Departmental Internal Control Plan." It was formatted as a risk/control matrix. One member of
the team commented that, although the work was interesting, the team was glad the task was
complete and wouldn't have to be redone. Which element of COSO's internal control
framework does the department's plan lack?
A. Risk assessment
B. Control activities
D. Monitoring

Blooms: Understand

lOMoARcPSD|33038177
38. A department manager at TRS Corporation attended a seminar on internal control; afterward,
the manager formed a five-person departmental team to create an internal control plan for the
department. After a one-day off-site meeting, the team produced a document titled
"Departmental Internal Control Plan." It was formatted as a risk/control matrix. One member of
the team commented that, although the work was interesting, the team was glad the task was
complete and wouldn't have to be redone. Which of the following statements is most true?
A. A risk/control matrix is inappropriate, since risk assessment and control activities must be
done separately according to the COSO framework.
B. A department manager cannot establish a proper control environment.
C. The team member's comment indicates a weakness in monitoring.
D. Information and communication should always happen in at least two ways.

Blooms: Understand

lOMoARcPSD|33038177
39. Ray has worked in the mailroom at MNG Corporation for five years, and is widely respected
throughout the organization. Jon, the chief financial officer, started working at MNG six months
ago after holding a similar position with one of MNG's competitors. Which of the following
statements is most true?
A. Both Ray and Jon can help establish a strong control environment, but only Jon can
effectively identify risks and suggest control activities.
B. Both Ray and Jon can effectively identify risks and suggest control activities, but only Ray
can help establish a strong control environment.
C. Neither Ray nor Jon should participate in the development of an internal control plan.
D. Both Ray and Jon can influence most aspects of an internal control plan for MNG.

Blooms: Understand
40. A risk/control matrix has five columns, the last of which is labeled "comments." Which of the
following statements is most true?
A. Because it is part of a risk/control matrix, the "comments" column is a control activity.
B. Because it is part of a risk/control matrix, the "comments" column is a tool for risk
assessment.
C. If the comments are written by a department manager, they are part of establishing a
strong control environment.
D. Although the "comments" column may not align directly with one of the five elements of the
COSO framework, including it in the risk/control matrix is a good idea.

lOMoARcPSD|33038177

Blooms: Understand
41. PRL Corporation's internal control plan is based on the COSO framework. It includes five
items: (i) conducting ongoing evaluations of internal control during the normal course of
operations, (ii) hiring accountants who understand the importance of strong internal control,
(iii) including a segment in new employee orientation on the importance of strong internal
control, (iv) periodic employee surveys that identify new issues that require internal controls,
(v) a quarterly newsletter explaining elements of the internal control plan. Based on those five
items alone, which element of PRL's internal control plan is weakest? control activities
A. Risk/control matrix
B. Control activities
D. Monitoring
I focuses on monitoring. II and III help establish a strong control environment. IV is a type of
risk assessment. V is a form of information and communication.

Blooms: Understand

lOMoARcPSD|33038177
42. PRL Corporation's internal control plan is based on the COSO framework. It includes five
items: (i) conducting ongoing evaluations of internal control during the normal course of
operations, (ii) hiring accountants who understand the importance of strong internal control,
(iii) including a segment in new employee orientation on the importance of strong internal
control, (iv) periodic employee surveys that identify new issues that require internal controls,
(v) a quarterly newsletter explaining elements of the internal control plan. Which of the
following most appropriately groups two items from PRL's plan with a component of the COSO
framework?
A. I and II, monitoring
B. II and III, control environment
C. IV and V, information and communication
D. I and V, risk assessment
I focuses on monitoring. II and III help establish a strong control environment. IV is a type of
risk assessment. V is a form of information and communication.

Blooms: Understand

lOMoARcPSD|33038177
43. A company controller set up a fictitious subsidiary office to which he shipped inventories and
then approved the invoice for payment. The inventories were sold and the proceeds deposited
to the controller's personal bank account. Which of the following internal controls would be
most effective in preventing that situation?
A. Separation of duties
B. Bank reconciliations
C. Conflict of interest policy
D. Limit checks

Blooms: Understand
Learning Objective: 03-06 Critique existing internal control systems and design effective internal controls.
Topic: Internal controls
44. A company's accountant was able to approve payment of invoices and write company checks
to a family member, with whom the accountant would split the proceeds. The accountant
covered up the theft with journal entries in the AIS. Which duties should be separated to
prevent such problems in the future?
A. Authorization and custody
B. Custody and recordkeeping
C. Authorization and recordkeeping
D. Control environment and control activities

Blooms: Understand

lOMoARcPSD|33038177
45. After being laid off from his job, Dale applied for unemployment benefits. During his initial
interview to establish eligibility, the interviewer explained his benefits would last no more than
ten weeks; Dale later consulted the official web site and learned that, under the right
circumstances, his unemployment benefits could last up to six months. Which of the following
internal controls is least likely to address this situation?
A. Adequate supervision
B. Adequate documentation
C. Employee bonding
D. Preformatted data entry screen

Blooms: Understand

lOMoARcPSD|33038177
46. Pauline was injured on the job and applied for workers' compensation insurance; she was
initially authorized for eight weeks of benefits. Although her doctor released her to return to
work after six weeks, Pauline did not go back to work until the full eight weeks had elapsed.
Internal controls to address this situation would include: (i) insurance and bonding, (ii) internal
audits.
A. I only
B. II only
C. Both I and II
D. Neither I nor II

Blooms: Understand
47. Jared is a loan officer at a bank whose responsibilities include taking applications from
prospective borrowers. Jared also makes an initial recommendation regarding each loan,
although final approval requires the authorization of both a branch manager and a loan
specialist at the bank's corporate headquarters. Within the context of a loan transaction, which
of the following best pairs a risk with an internal control that will address the risk?
A. Approving a loan for a friend who does not meet the criteria, limit checks
B. Including false or misleading information on the loan application, preformatted data entry
screen
C. Submitting an incomplete loan application, preformatted data entry screen
D. Submitting an incomplete loan application, limit checks

lOMoARcPSD|33038177

Blooms: Understand
48. When employees of the City of Fenris need supplies, they fill out a purchase requisition and
send it to the city's purchasing department. The purchasing agents consolidate requisitions for
similar supplies and prepare a purchase order to send to a vendor. The vendor ships the
supplies directly to the purchasing department and then bills the city. Accounting clerks pay
vendor invoices within thirty days. Within the context of that business process, which of the
following best pairs a risk with an internal control that will address the risk?
A. Purchasing supplies from an unauthorized vendor, separation of duties
B. Paying for supplies that were not received, document matching
C. Receiving supplies that were not ordered, limit checks
D. Requisitioning supplies that are not needed, pre-numbered purchase requisitions

Blooms: Understand

lOMoARcPSD|33038177
49. Internal controls can prevent, detect or correct a problem. Which of the following groups
includes controls that will fulfill all three with respect to the risk of an employee stealing tools
from a company warehouse?
A. Random searches, video surveillance, insurance
B. Random searches, physical security, video surveillance
C. Lockbox systems, video surveillance, limit checks
D. Lockbox systems, limit checks, insurance

Blooms: Understand
50. Internal controls can prevent, detect or correct a problem. Which of the following groups
includes controls that will fulfill all three with respect to the risk of an employee embezzling
money by forging a manager's signature on a check?
A. Separation of duties, internal audit, employee bonding
B. Physical security of cash, pre-numbered documents, restrictive endorsements
C. Separation of duties, pre-numbered documents, restrictive endorsements
D. Physical security of cash, internal audit, employee bonding

Blooms: Understand

lOMoARcPSD|33038177
51. Consider the following partially completed risk/control matrix as you answer the questions:
Assume the risk/control matrix is organized like the one presented in the chapter. Column A is
most closely related to the ___ part of the COSO framework.
A. first
B. second
C. fourth
D. last

Blooms: Understand

lOMoARcPSD|33038177
Assume the risk/control matrix is organized like the one presented in the chapter. Column B is
most closely related to the ___ part of the COSO framework.
A. second
B. third
C. fourth
D. last

Blooms: Understand

lOMoARcPSD|33038177
Assume the risk/control matrix is organized like the one presented in the chapter. The best
entry for Item A is:
A. Brown
B. Risk
C. COSO
D. some other entry

Blooms: Remember
Difficulty: 1 Easy

lOMoARcPSD|33038177
entry for Item B is:
A. Operations/reporting/compliance
B. Internal environment
C. Internal control
D. some other entry

Blooms: Remember
Difficulty: 1 Easy

lOMoARcPSD|33038177
entry for Item C is:
A. Theft of inventory
B. Employee embezzlement
C. Either theft of inventory or employee embezzlement
D. Neither theft of inventory nor employee embezzlement

Blooms: Understand

lOMoARcPSD|33038177
entry for Item D is:
A. Human error risk
B. Liquidity risk
C. Systems risk
D. Business strategy risk

Blooms: Understand

lOMoARcPSD|33038177
entry for Item E is:
A. Sell only for cash
B. Rely on third party vendors
C. Allow sales staff to make credit decisions
D. Use the direct write-off method

Blooms: Understand

lOMoARcPSD|33038177
entry for Item F is:
A. Preventive
B. Safeguard assets
C. Corrective
D. Control environment

Blooms: Understand

lOMoARcPSD|33038177
entry for Item G is:
A. Financing process
B. Error rates less than 5% are allowable
C. Either financing process or error rates less than 5% are allowable
D. Neither financing process nor error rates less than 5% are allowable

Blooms: Understand

lOMoARcPSD|33038177
entry for Item H is:
A. Acquisition/payment process
B. Conversion process
C. Financing process
D. Reporting process

Blooms: Understand
Essay Questions

lOMoARcPSD|33038177
61. Fill in the blanks below to complete the COSO definition of internal control. Internal control is a
(a), effected by an entity's (b), management and other personnel, designed to provide (c),
regarding the achievement of objectives relating to (d), (e) and (f).
a. _______________________________________________________
b. _______________________________________________________
c. _______________________________________________________
d. _______________________________________________________
e. _______________________________________________________
f. _______________________________________________________
a. process
b. board of directors
c. reasonable assurance
d. operations
e. reporting
f. compliance

Blooms: Remember
Difficulty: 1 Easy

lOMoARcPSD|33038177
62. Sam and Dan are the owners of the International School for Computer Training (ISCT), a for-
profit educational institution that provides computer-related education in several short-term
programs. As a first step in developing an internal control plan, they have identified two risks:
(a) employees steal supplies for personal use and (b) failure to attract a sufficient number of
students. Based on those two risks, prepare a risk-control matrix using the format illustrated in
the chapter.
Risk: Employees steal supplies for personal use.
Risk category: Liquidity risk
Internal control: Keep supplies in a locked cabinet.
Internal control purpose: preventive
Comments: Restrict access to the key.
Risk: Failure to attract a sufficient number of students
Risk category: Liquidity risk
Internal control: Establish an adequate budget for advertising.
Comments: As part of the budget, determine which ads have been most effective.

Blooms: Understand

lOMoARcPSD|33038177
63. A Place to Rest is a retreat center located just outside Los Angeles; the center's management
is interested in developing an internal control plan using the COSO framework. For each item
listed below, indicate the framework element that most clearly applies; you must use each
element of the COSO framework exactly one time.
a. Conducting focus groups where employees talk about problems they observe at the center
b. Designating a three-person committee to review and update the plan annually
c. Filling out a risk/control matrix
d. Inviting a guest speaker to talk to employees about the importance of internal control
e. Sending out a monthly e-mail describing some aspect of the center's internal control plan
a. risk assessment
b. monitoring
c. control activities
d. control environment
e. information and communication

Blooms: Understand

lOMoARcPSD|33038177
64. Consider the list of risks and internal controls in the table below. For each row, indicate
whether the internal control addresses the risk. If it does, indicate whether it is primarily
preventive, detective or corrective in nature.
a. no
b. no
c. yes, preventive
d. no
e. yes, corrective

Blooms: Understand

lOMoARcPSD|33038177
65. Carlos is the vice president of finance at PLP Corporation. When he joined the company five
years ago, the finance division was organized in two departments: operating transactions and
non-operating transactions. Each department had two employees and a manager. The
operating transactions department handled all aspects of transactions dealing with inventory,
supplies, payroll and other operating expenses; the non-operating transactions department
handled all aspects of transactions dealing with short-term investments, long-term debt and
shareholders. Any transactions that did not fit one of the two groups were handled by the vice
president of finance. The finance division had its own procedures manual, organized into three
chapters: operating transactions, non-operating transactions, other transactions. Within the
operating transactions department, one employee handled payroll only, while the other
employee handled all aspects of non-payroll transactions. Within the non-operating
transactions department, one employee handled transactions related to short-term
investments. The other employee handled long-term debt transactions, while the department
manager handled all aspects of transactions dealing with shareholders. Based on the
narrative, identify three risk exposures for the finance department at PLP Corporation. For
each risk exposure, suggest two internal controls that would address it. Use the outline below
to record your responses.
1) Risk exposure: _____________________________________________
a. Control: ________________________________________________
b. Control: ________________________________________________
2) Risk exposure: _____________________________________________
a. Control: ________________________________________________
b. Control: ________________________________________________
3) Risk exposure: _____________________________________________
a. Control: ________________________________________________
b. Control: ________________________________________________

lOMoARcPSD|33038177
1. Risk exposure: Theft of cash. Controls: Separation of duties & adequate supervision.
2. Risk exposure: Employee errors. Controls: Reorganize the procedures manual & employee
training.
3. Risk exposure: Inappropriate/unwise short-term investments. Controls: Adequate
supervision & a company policy on investments.

Blooms: Understand

lOMoARcPSD|33038177
manager handled all aspects of transactions dealing with shareholders. Based on the
narrative, identify five risk exposures for the finance division at PLP Corporation. For each risk
exposure, use Brown's taxonomy to identify both the broad category and the specific type of
risk within the category.
1. Theft of cash. Liquidity. Financial.
2. Employee errors. Human error. Operational.
3. Inappropriate short-term investments. Market risk. Financial.
4. Violations of SOX. Legal and regulatory risk. Strategic risk.
5. Failure to consider financial aspects of competition. Business strategy risk. Strategic.

lOMoARcPSD|33038177

Blooms: Analyze
Difficulty: 3 Hard
Topic: Risk

lOMoARcPSD|33038177
manager handled all aspects of transactions dealing with shareholders. Risk exposures for the
finance division at PLP include:
a) Cash dividends being sent to the wrong shareholders
b) Dividend miscalculations
c) Embezzlement of cash
d) Missed payments on long-term debt
e) Payroll checks issued to employees no longer working for PLP
f) Payroll miscalculations
g) Poor choices for short-term investments
h) Purchasing supplies and inventory from unauthorized vendors
i) Theft of supplies
To address those risks, PLP might institute the following internal controls: adequate
supervision, segregation of duties, appropriate use of information technology. Divide the risk
exposures listed into three groups based on the internal control that would best address the
risk; each group must have no fewer than two and no more than four risk exposures. Each risk
exposure must be associated with exactly one internal control.

lOMoARcPSD|33038177
Adequate supervision: A, G, H
Segregation of duties: C, I
Appropriate use of information technology: B, D, E, F

Blooms: Analyze
Difficulty: 3 Hard

lOMoARcPSD|33038177
manager handled all aspects of transactions dealing with shareholders.
Risk exposures for the finance division at PLP include:
• Cash dividends being sent to the wrong shareholders
• Embezzlement of cash
• Missed payments on long-term debt
• Payroll checks issued to employees no longer working for PLP
• Payroll miscalculations
Using the format illustrated in the text, design a risk/control matrix for the risk exposures listed
above.
Risk: Cash dividends being sent to the wrong shareholders
Risk category: human error
Internal control: Verify shareholder information prior to issuing checks
Internal control purpose: Preventive
Comments: Use a negative confirmation

lOMoARcPSD|33038177
Risk: Embezzlement of cash
Risk category: Liquidity
Internal control: Separation of duties
Comments: Authorization/custody/recordkeeping
Risk: Missed payments on long-term debt
Risk category: Human error
Internal control: Automate payments
Comments: Use a sinking fund
Risk: Payroll checks issued to employees no longer working for PLP
Internal control: Delete employees from the information system once their employment is over.
Comments: Human resources should send the information to IT.
Risk: Payroll miscalculations
Risk category: Human error
Internal control: Use information technology for calculations
Comments: Consider outsourcing the payroll function

Blooms: Analyze
Difficulty: 3 Hard

lOMoARcPSD|33038177
69. COSO's Internal Control—Integrated Framework comprises five interrelated elements. List
and briefly discuss each of the five elements.
The five elements of the framework are: control environment, risk assessment, control
activities, information & communication, and monitoring. Students' discussion should
emphasize the content outlined in the chapter.

Blooms: Remember
Difficulty: 1 Easy
70. Bumble Beasley was recently hired as a marketing manager at ATI Corporation. When
approached by the accounting manager regarding the development of an internal control plan
for the marketing department, Bumble said: "Internal control? I'm not even really sure I know
what that is. And even if I did, I had the impression that it was all the responsibility of you
accounting types." In the role of the accounting manager, explain to Bumble in your own words
what internal control is. Also explain, in your own words, the basic purposes of internal
control.
Internal control refers to the set of policies and procedures organizations should implement to
achieve four purposes: ensuring that financial reporting is reliable, encouraging employees to
follow company rules, keeping assets safe and making operations as efficient as possible.

Blooms: Understand

lOMoARcPSD|33038177
71. Bonnie is the owner of Doggie Day Care, a pet-sitting service. Pet owners bring their dogs to
Bonnie's facility, where they are either given private accommodations or are put in a large pen
with other dogs. (Private accommodations are more expensive.) Bonnie and her employees
feed the dogs twice a day; those dogs in private accommodations are also given two exercise
periods per day. Owners pay half the daily fee at the start of the day, and the other half when
they pick up the dog at the end of the day; owners must also certify that their dogs have had
all required vaccinations. As Bonnie's company is a day care service, no dogs stay the night in
her facility. Bonnie accepts cash, checks and major credit cards in payment. Bonnie is
interested in developing a comprehensive internal control plan for Doggie Day Care; she has
approached you, as a consultant, for assistance. Use the COSO internal control framework to
develop an internal control plan for Bonnie. Ensure that your plan includes sufficient detail that
Bonnie can implement it as you intend.
Control environment: Bonnie should frequently talk about the importance of internal control
with her employees and customers.
Risk assessment: Owners may not pick up their dogs. Checks may bounce. Employees/dogs
may be injured.
Control activities: Ensure customers sign an agreement allowing Bonnie to take abandoned
dogs to the pound. Stop accepting checks. Purchase adequate insurance.
Information and communication: Review the internal control plan with employees on a
quarterly basis.
Monitoring: Create a "suggestion box" where employees can identify weaknesses in the plan
and ways to improve them.

Blooms: Analyze
Difficulty: 3 Hard

lOMoARcPSD|33038177
her facility. Bonnie accepts cash, checks and major credit cards in payment. List and discuss
three to five risk exposures Bonnie's company faces. For each risk you identify, explain where
it fits within Brown's taxonomy of risk.
1. Owners may not pick up their dogs as scheduled (business strategy risk).
2. Dogs may fight with one another (legal and regulatory risk).
3. Checks from owners may not clear the bank (liquidity risk).
4. Bonnie may not be competitive since she does not keep dogs overnight (business strategy
risk).
5. Owners may not be truthful about dogs having required vaccinations (legal and regulatory
risk).

Blooms: Analyze
Difficulty: 3 Hard
Topic: Risk

lOMoARcPSD|33038177
her facility. Bonnie accepts cash, checks and major credit cards in payment. Bonnie has
approached you, as a consultant, with concerns about the risks her company faces and how
she might address them. Explain the concept of a risk/control matrix to Bonnie, then design
such a matrix for three risks Bonnie's company must address.
A risk/control matrix is a way to summarize an organization's risks and suggest controls to
address them.
Risk: Dogs may fight with one another.
Risk category: Legal and regulatory
Internal control: Keep all dogs separated.
Comments: Keeping dogs separated may require an increase in prices.
Risk: Checks from owners may not clear the bank.
Internal control: Accept only cash and credit cards.
Comments: Consider making exceptions for long-time customers.
Risk: Bonnie may not be competitive since she does not keep dogs overnight.
Risk category: Business strategy risk
Internal control: Expand her services.
Internal control purpose: corrective

lOMoARcPSD|33038177
Comments: Do a survey of current customers to determine if they want/need the service.

Blooms: Analyze
Difficulty: 3 Hard
74. Match each detailed element of Brown's risk taxonomy on the left with the most appropriate
category on the right.
1. D
2. A
3. B
4. C
5. D
6. A
7. A
8. C

Blooms: Remember

lOMoARcPSD|33038177
Difficulty: 1 Easy
Topic: Risk
75. Internal controls have four basic purposes in organizations. Please match each item on the left
with the most relevant purpose on the right.
1. C
2. C
3. D
4. A
5. D
6. A
7. B
8. B

Blooms: Understand

Test Bank Chapter 3

Uploaded by

Copyright:

Available Formats

Test Bank Chapter 3

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Test Bank Chapter 3

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|33038177

Test bank chapter 3

Hệ thống thông tin kế toán (Đại học Kinh tế Quốc dân)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Chapter 03 Internal Controls Answer Key

Multiple Choice Questions

1. According to COSO, internal control is a:

C. Responsibility of employees only.

D. Requirement only for publicly-traded firms.

AACSB: Analytical Thinking

2. Internal control is designed to provide:

B. Freedom from fraud.

AACSB: Analytical Thinking

Downloaded by K61 LÊ TH? HÀ PH??NG (k61.2214810058@ftu.edu.vn)

following categories except:

AACSB: Analytical Thinking

C. Both truth and accuracy

D. Neither truth nor accuracy

AACSB: Analytical Thinking

Downloaded by K61 LÊ TH? HÀ PH??NG (k61.2214810058@ftu.edu.vn)

Topic: Internal control definition

5. Bumble Beasley was making a presentation on internal control to a group of prospective

A. Responsibility for internal control should be shared throughout the organization.

C. Internal controls are not designed specifically to prevent fraud.

AACSB: Analytical Thinking

6. Internal control relates to an organization's achievement of objectives in three major

A. Promoting compliance with the Sarbanes-Oxley Act.

C. Developing a clear job description for each position in the company.

D. Providing conclusive proof that fraud has occurred.

AACSB: Analytical Thinking

Downloaded by K61 LÊ TH? HÀ PH??NG (k61.2214810058@ftu.edu.vn)

Topic: Internal control purposes

7. Internal control relates to an organization's achievement of objectives in three major

A. Operations, fulfilling the requirements of the Foreign Corrupt Practices Act

B. Operations, listing appropriate assets at their current market value

C. Reporting, fulfilling the requirements of the Foreign Corrupt Practices Act

D. Reporting, listing appropriate assets at their current market value

AACSB: Analytical Thinking

8. Internal control relates to an organization's achievement of objectives in three major

A. Judging, reconciling the bank statement at least monthly

B. Reporting, following the COSO internal control framework

C. Compliance, following the COSO internal control framework

D. Compliance, fulfilling the requirements of the Foreign Corrupt Practices Act

AACSB: Analytical Thinking

Downloaded by K61 LÊ TH? HÀ PH??NG (k61.2214810058@ftu.edu.vn)

9. Internal control relates to an organization's achievement of objectives in three major

description for each position in the company

the accrual basis

appropriate assets at their current market value reporting

AACSB: Analytical Thinking

10. Purposes of internal control include:

B. Ensuring financial statement reliability.

C. Promoting operational efficiency.

AACSB: Analytical Thinking

Downloaded by K61 LÊ TH? HÀ PH??NG (k61.2214810058@ftu.edu.vn)

C. Both I and II.

D. Neither I nor II.

AACSB: Analytical Thinking