Test Bank For Accounting Information Systems
15th Edition By Marshall B. Romney, Paul J.
Steinbart
Which of the following is NOT a task performed in the audit
planning phase?
a. Reviewing an organization's policies and practices
b. Planning substantive testing procedures
c. Reviewing general controls
d. Determining the degree of reliance on controls - ANSWER
d. Determining the degree of reliance on controls
Which of the following is the best example of an application
control objective?
a. Ensure that the computer operating system functions
efficiently
b. Provide backup facilities in the event of a disaster
c. Prevent unauthorized access to corporate databases
d. Ensure the validity, completeness, and accuracy of sales
transactions - ANSWER d. Ensure the validity,
completeness, and accuracy of sales transactions
Which of the following statements is true?
a. Both the SEC and the PCAOB require the use of the COSO
framework
b. Any framework can be used that encompasses all of COCO's
general themes.
,c. The SEC recommends COBIT and the PCAOB recommends
COSO
d. Both the SEC and the PCAOB require the COBIT framwork
e. None of the above are true - ANSWER b. Any framework
can be used that encompasses all of COCO's general themes.
Which of the following is NOT a control concern in a distributed
data processing environment?
a. Redundancy
b. Hiring qualified professionals
c. Incompatibility
d. Lack of standards
e. All of the above are control concerns - ANSWER e. All of
the above are control concerns
Which of the following disaster recovery techniques may be
least optimal in the case of a wide spread natural disaster?
a. Empty shell
b. Internally provided backup
c. ROC
d. They are all equally beneficial - ANSWER c. ROC
Which of the following is NOT a potential threat to computer
hardware and peripherals?
a. Low humidity
b. High humidity
c. Carbon dioxide fire extinguishers
d. Water sprinkler fire extinguishers - ANSWER c. Carbon
dioxide fire extinguishers
,Which of the following is NOT requirement of Section 302 of
SOX?
a. Corporate management (including the CEO) must certify
monthly and annually their organization's internal controls over
financial reporting
b. Auditors must interview management regarding significant
changes in the design or operation of internal control that
occurred since the last audit
c. Auditors must determine whether changes in internal control
have materially affected, or are likely to materially affect,
internal control over financial reporting.
d. Management must disclose any material changes in the
company's internal controls that have occurred during the most
recent fiscal quarter.
e. All of the above are requirements - ANSWER a. Corporate
management (including the CEO) must certify monthly and
annually their organization's internal controls over financial
reporting
Which of the following is NOT a requirement in management's
report on the effectiveness of internal controls over financial
reporting?
a. Describe the flow of transactions in sufficient detail to points
at which misstatement could arise
b. An evaluation of entity-wide controls that correspond to the
COSO framework
, c. A statement that the organization's internal auditors have
issued an attestation report on management's assessment of
the company's internal controls
d. An explicit written conclusion as the effectiveness of internal
control over financial reporting
e. All of the above are requirements - ANSWER c. A
statement that the organization's internal auditors have issued
an attestation report on management's assessment of the
company's internal controls
Which of the following is associated with the unique
characteristics of an industry?
a. Inherent risk
b. Detection risk
c. Control risk
d. None of the above - ANSWER a. Inherent risk
Which of the following is not true about the SSAE 16 report?
a. It is a third-party attestation report
b. It replaced Statement on Auditing Standards No. (SAS 70)
c. The service provider prepares a separate SSAE 16 report
tailored to the needs of each of its client firms, which the client
auditors rely upon
d. When using the carve-out method, service provider
management would exclude the sub-service organization's
relevant controls
e. All of the above are true - ANSWER c. The service
provider prepares a separate SSAE 16 report tailored to the
15th Edition By Marshall B. Romney, Paul J.
Steinbart
Which of the following is NOT a task performed in the audit
planning phase?
a. Reviewing an organization's policies and practices
b. Planning substantive testing procedures
c. Reviewing general controls
d. Determining the degree of reliance on controls - ANSWER
d. Determining the degree of reliance on controls
Which of the following is the best example of an application
control objective?
a. Ensure that the computer operating system functions
efficiently
b. Provide backup facilities in the event of a disaster
c. Prevent unauthorized access to corporate databases
d. Ensure the validity, completeness, and accuracy of sales
transactions - ANSWER d. Ensure the validity,
completeness, and accuracy of sales transactions
Which of the following statements is true?
a. Both the SEC and the PCAOB require the use of the COSO
framework
b. Any framework can be used that encompasses all of COCO's
general themes.
,c. The SEC recommends COBIT and the PCAOB recommends
COSO
d. Both the SEC and the PCAOB require the COBIT framwork
e. None of the above are true - ANSWER b. Any framework
can be used that encompasses all of COCO's general themes.
Which of the following is NOT a control concern in a distributed
data processing environment?
a. Redundancy
b. Hiring qualified professionals
c. Incompatibility
d. Lack of standards
e. All of the above are control concerns - ANSWER e. All of
the above are control concerns
Which of the following disaster recovery techniques may be
least optimal in the case of a wide spread natural disaster?
a. Empty shell
b. Internally provided backup
c. ROC
d. They are all equally beneficial - ANSWER c. ROC
Which of the following is NOT a potential threat to computer
hardware and peripherals?
a. Low humidity
b. High humidity
c. Carbon dioxide fire extinguishers
d. Water sprinkler fire extinguishers - ANSWER c. Carbon
dioxide fire extinguishers
,Which of the following is NOT requirement of Section 302 of
SOX?
a. Corporate management (including the CEO) must certify
monthly and annually their organization's internal controls over
financial reporting
b. Auditors must interview management regarding significant
changes in the design or operation of internal control that
occurred since the last audit
c. Auditors must determine whether changes in internal control
have materially affected, or are likely to materially affect,
internal control over financial reporting.
d. Management must disclose any material changes in the
company's internal controls that have occurred during the most
recent fiscal quarter.
e. All of the above are requirements - ANSWER a. Corporate
management (including the CEO) must certify monthly and
annually their organization's internal controls over financial
reporting
Which of the following is NOT a requirement in management's
report on the effectiveness of internal controls over financial
reporting?
a. Describe the flow of transactions in sufficient detail to points
at which misstatement could arise
b. An evaluation of entity-wide controls that correspond to the
COSO framework
, c. A statement that the organization's internal auditors have
issued an attestation report on management's assessment of
the company's internal controls
d. An explicit written conclusion as the effectiveness of internal
control over financial reporting
e. All of the above are requirements - ANSWER c. A
statement that the organization's internal auditors have issued
an attestation report on management's assessment of the
company's internal controls
Which of the following is associated with the unique
characteristics of an industry?
a. Inherent risk
b. Detection risk
c. Control risk
d. None of the above - ANSWER a. Inherent risk
Which of the following is not true about the SSAE 16 report?
a. It is a third-party attestation report
b. It replaced Statement on Auditing Standards No. (SAS 70)
c. The service provider prepares a separate SSAE 16 report
tailored to the needs of each of its client firms, which the client
auditors rely upon
d. When using the carve-out method, service provider
management would exclude the sub-service organization's
relevant controls
e. All of the above are true - ANSWER c. The service
provider prepares a separate SSAE 16 report tailored to the
