ACC 409 Exam 3 Questions with Correct Answers 100% Pass
threat - Answers Any potential adverse occurrence or unwanted event that could injure the AIS or the
organization. Also referred to as an event.
exposure/impact - Answers The potential dollar loss if a particular threat becomes a reality.
likelihood/risk - Answers The probability that a threat will come to pass.
internal controls - Answers The processes and procedures implemented to provide reasonable
assurance that control objectives are met.
what are the types of objectives that internal controls help achieve? - Answers 1. safeguard assets-
prevent or detect their unauthorized acquisition, use, or disposition
2. maintain records in sufficient detail to report company assets accurately and fairly
3. provide accurate and reliable information
4. prepare financial reports in accordance with established criteria
5. promote and improve operational efficiency
6. encourage adherence to prescribed managerial policies
7. comply with applicable laws and regulations
are internal controls a process? - Answers yes because it permeates an organizations operating activities
and is an integral part of management activities.
how do accountants and system developers help management achieve their control objectives? -
Answers 1. by designing effective control systems that take a proactive approach to eliminating system
threats and that detect, correct, and recover from threats when they occur
2. making it easier to build controls into a system at the initial design stage than to add them after the
fact
what are the 3 function that internal controls perform? - Answers 1. preventive controls
2. detective controls
3. corrective controls
preventive controls - Answers Controls that deter problems before they arise, such as hiring qualified
accounting personnel; appropriately segregating employee duties; and effectively controlling physical
access to assets, facilities, and information.
,detective controls - Answers Controls designed to discover control problems that were not prevented,
such as duplicate checking of calculations and preparing bank reconciliations and monthly trial balances.
corrective controls - Answers Controls that identify and correct problems as well as correct and recover
from the resulting errors, such as maintaining backup copies of files, correcting data entry errors, and
resubmitting transactions for subsequent processing.
what are the two categories that internal controls are often segregated into? - Answers 1. general
controls
2. application controls
general controls - Answers Controls designed to make sure an organization's information system and
control environment is stable and well managed, such as security; IT infrastructure; and software
acquisition, development, and maintenance controls.
application controls - Answers Controls that prevent, detect, and correct transaction errors and fraud in
application programs. They are concerned with the accuracy, completeness, validity, and authorization
of the data captured, entered into the system, processed, stored, transmitted to other systems, and
reported
what are the four levers of controls that help management reconcile the conflict between creativity and
controls? - Answers (created by Robert Simons, a Harvard business professor)
1. belief system
2. boundary system
3. diagnostic control system
4. interactive control system
belief system - Answers System that describes how a company creates value, helps employees
understand management's vision, communicates company core values, and inspires employees to live
by those values.
boundary system - Answers System that helps employees act ethically by setting boundaries on
employee behavior. Instead of telling employees exactly what to do, they are encouraged to creatively
solve problems and meet customer needs while meeting minimum performance standards, shunning
off-limit activities, and avoiding actions that might damage their reputation.
diagnostic control system - Answers System that measures, monitors, and compares actual company
progress to budgets and performance goals; feedback helps management adjust and fine-tune inputs
and processes so future outputs more closely match goals.
, interactive control system - Answers system that helps managers to focus subordinates' attention on key
strategic issues and to be more involved in their decisions; system data are interpreted and discussed in
face-to-face meetings of superiors, subordinates, and peers.
Foreign Corrupt Practices Act (FCPA) - Answers Legislation passed to prevent companies from bribing
foreign officials to obtain business; also requires all publicly owned corporations maintain a system of
internal accounting controls.
Sarbanes-Ocley Act (SOX) - Answers Legislation intended to prevent financial statement fraud, make
financial reports more transparent, provide protection to investors, strengthen internal controls at
public companies, and punish executives who perpetrate fraud.
what are some of the most important aspects of SOX? - Answers 1. Public Company Accounting
Oversight Board (PCAOB)- A board created by SOX that regulates the auditing profession; created as part
of SOX.(consists of 5 people appointed by SEC)
2. New rules for auditors- 1. auditors must report specific information to the company audit committee,
such as critical accounting policies and practices. 2. SOX also prohibits auditors from performing certain
noynaudit services, such as information systems design and implementation.3. audit firms cannot
provide services to companies if top management was employed by the auditing firm and worked on the
company audit in the preceding 12 months.
3. New roles for audit committees- audit committee members must be on the company board of
directors and be independent of the company, and one member must be a financial expert.
4. New rules for management- SOX requires the CEO and CFO to certify that 1. financial statements and
disclosures are fairly presented, were reviewed by management, and are not misleading, and 2. that the
auditors were told about all material internal control weaknesses and fraud.
5. New internal control requirements- section 404 requires companies to issue a report accompanying
the financial statements stating that management is responsible for establishing and maintaining an
adequate internal control system.
what are the 3 frameworks used to develop internal control systems? - Answers 1. COBIT
2. COSO
3. ERM
Control Objectives for Information and Related Technology (COBIT) - Answers A security and control
framework that allows (1) management to benchmark the security and control practices of IT
environments, (2) users of IT services to be assured that adequate security and control exist, and (3)
auditors to substantiate their internal control opinions and advise on IT security and control matters.
what are the five key principles COBIT 2019 is based on? - Answers 1. meeting stakeholder needs
threat - Answers Any potential adverse occurrence or unwanted event that could injure the AIS or the
organization. Also referred to as an event.
exposure/impact - Answers The potential dollar loss if a particular threat becomes a reality.
likelihood/risk - Answers The probability that a threat will come to pass.
internal controls - Answers The processes and procedures implemented to provide reasonable
assurance that control objectives are met.
what are the types of objectives that internal controls help achieve? - Answers 1. safeguard assets-
prevent or detect their unauthorized acquisition, use, or disposition
2. maintain records in sufficient detail to report company assets accurately and fairly
3. provide accurate and reliable information
4. prepare financial reports in accordance with established criteria
5. promote and improve operational efficiency
6. encourage adherence to prescribed managerial policies
7. comply with applicable laws and regulations
are internal controls a process? - Answers yes because it permeates an organizations operating activities
and is an integral part of management activities.
how do accountants and system developers help management achieve their control objectives? -
Answers 1. by designing effective control systems that take a proactive approach to eliminating system
threats and that detect, correct, and recover from threats when they occur
2. making it easier to build controls into a system at the initial design stage than to add them after the
fact
what are the 3 function that internal controls perform? - Answers 1. preventive controls
2. detective controls
3. corrective controls
preventive controls - Answers Controls that deter problems before they arise, such as hiring qualified
accounting personnel; appropriately segregating employee duties; and effectively controlling physical
access to assets, facilities, and information.
,detective controls - Answers Controls designed to discover control problems that were not prevented,
such as duplicate checking of calculations and preparing bank reconciliations and monthly trial balances.
corrective controls - Answers Controls that identify and correct problems as well as correct and recover
from the resulting errors, such as maintaining backup copies of files, correcting data entry errors, and
resubmitting transactions for subsequent processing.
what are the two categories that internal controls are often segregated into? - Answers 1. general
controls
2. application controls
general controls - Answers Controls designed to make sure an organization's information system and
control environment is stable and well managed, such as security; IT infrastructure; and software
acquisition, development, and maintenance controls.
application controls - Answers Controls that prevent, detect, and correct transaction errors and fraud in
application programs. They are concerned with the accuracy, completeness, validity, and authorization
of the data captured, entered into the system, processed, stored, transmitted to other systems, and
reported
what are the four levers of controls that help management reconcile the conflict between creativity and
controls? - Answers (created by Robert Simons, a Harvard business professor)
1. belief system
2. boundary system
3. diagnostic control system
4. interactive control system
belief system - Answers System that describes how a company creates value, helps employees
understand management's vision, communicates company core values, and inspires employees to live
by those values.
boundary system - Answers System that helps employees act ethically by setting boundaries on
employee behavior. Instead of telling employees exactly what to do, they are encouraged to creatively
solve problems and meet customer needs while meeting minimum performance standards, shunning
off-limit activities, and avoiding actions that might damage their reputation.
diagnostic control system - Answers System that measures, monitors, and compares actual company
progress to budgets and performance goals; feedback helps management adjust and fine-tune inputs
and processes so future outputs more closely match goals.
, interactive control system - Answers system that helps managers to focus subordinates' attention on key
strategic issues and to be more involved in their decisions; system data are interpreted and discussed in
face-to-face meetings of superiors, subordinates, and peers.
Foreign Corrupt Practices Act (FCPA) - Answers Legislation passed to prevent companies from bribing
foreign officials to obtain business; also requires all publicly owned corporations maintain a system of
internal accounting controls.
Sarbanes-Ocley Act (SOX) - Answers Legislation intended to prevent financial statement fraud, make
financial reports more transparent, provide protection to investors, strengthen internal controls at
public companies, and punish executives who perpetrate fraud.
what are some of the most important aspects of SOX? - Answers 1. Public Company Accounting
Oversight Board (PCAOB)- A board created by SOX that regulates the auditing profession; created as part
of SOX.(consists of 5 people appointed by SEC)
2. New rules for auditors- 1. auditors must report specific information to the company audit committee,
such as critical accounting policies and practices. 2. SOX also prohibits auditors from performing certain
noynaudit services, such as information systems design and implementation.3. audit firms cannot
provide services to companies if top management was employed by the auditing firm and worked on the
company audit in the preceding 12 months.
3. New roles for audit committees- audit committee members must be on the company board of
directors and be independent of the company, and one member must be a financial expert.
4. New rules for management- SOX requires the CEO and CFO to certify that 1. financial statements and
disclosures are fairly presented, were reviewed by management, and are not misleading, and 2. that the
auditors were told about all material internal control weaknesses and fraud.
5. New internal control requirements- section 404 requires companies to issue a report accompanying
the financial statements stating that management is responsible for establishing and maintaining an
adequate internal control system.
what are the 3 frameworks used to develop internal control systems? - Answers 1. COBIT
2. COSO
3. ERM
Control Objectives for Information and Related Technology (COBIT) - Answers A security and control
framework that allows (1) management to benchmark the security and control practices of IT
environments, (2) users of IT services to be assured that adequate security and control exist, and (3)
auditors to substantiate their internal control opinions and advise on IT security and control matters.
what are the five key principles COBIT 2019 is based on? - Answers 1. meeting stakeholder needs
