Defalcation and internal theft are names that refer to the misstatement of financial records.. Collusion can make it much easier to commit and conceal a fraud or theft, even when proper
Trang 1ACCOUNTING INFORMATION SYSTEMS
CONTROLS AND PROCESSES
TURNER / WEICKGENANNT
CHAPTER 3: Fraud, Ethics, and Internal Control
TEST BANK – CHAPTER 3 – TRUE / FALSE
1 When management does not act ethically, fraud is more likely to occur
2 In the Phar-Mor fraud case, management did not write or adopt a code of ethics
3 Maintaining high ethics can help prevent fraud but will not help to detect fraud
4 Due to management’s responsibility to monitor operations by examining reports that
summarize the results of operations, it is necessary that the system provide timely and
7 According to the 2004 Report to the Nation by the Association of Certified Fraud Examiners,
the estimate of losses due to fraud would total approximately $2,800 per employee
8 The most common method for detecting occupational fraud is a tip – from an employee, a
customer, vendor, or anonymous source
9 Defalcation and internal theft are names that refer to the misstatement of financial records
10 The three conditions that make up the fraud triangle are theft, concealment, and conversion
11 A good set of internal controls may not be as effective in reducing the chance of management
fraud as it would be in reducing the change of fraud committed by an employee
12 The most effective measure to prevent management fraud is to establish a professional
internal audit staff that periodically checks up on management and reports directly to the audit committee of the board of directors
13 Collusion between employees is one of the easiest frauds to detect and prevent
14 Collusion can make it much easier to commit and conceal a fraud or theft, even when proper
internal controls are in place
15 Customer fraud is a common problem for companies that sell merchandise online
Trang 216 Collusion can occur only when two employees who work for the same firm conspire to
circumvent the internal controls to commit fraud or theft
17 A vendor audit occurs when a vendor examines the books and records of a customer
18 Industrial espionage can occur with or without the use of a computer
19 It is necessary to use a computer to accomplish software piracy
20 A hacker is someone who has gained unauthorized access to the computer and must be
someone outside the organization
21 If an organization has the policy of allowing employees to work from home via
telecommunications, they could be opening themselves up to an opportunity for a hacker to break-in to their network
22 E-mail spoofing is more of an irritation to an organization that a fraud threat
23 In order for a code of ethics to reduce opportunities for managers and employees to commit
fraud, it is necessary that management emphasizes this code Punishment related to violations
of the code are not necessary
24 It is not always possible to avoid all mistakes and frauds because there will always be human
error, human nature, and it is not always cost-effective to close all the holes
25 The risk assessment is the foundation for all other components of internal control and provides
the discipline and structure of all other components
26 Companies that reward management with incentives to achieve a growth in earnings is
running the risk that management will also have more motivation and pressure to falsify the financial statements to show the higher amounts
27 The tone at the top of the organization tends to flow through the entire organization and
affects behavior at all levels
28 A poor control environment can be overcome if the remaining components of internal control
are strong
29 The difference between a general authorization and a specific authorization is that with a
general authorization, a transaction is allowed if it falls within specified parameters, whereas with a specific authorization, explicit authorization is needed for that singe transaction to be completed
30 When safeguarding assets, there is no trade-off between access and efficiency
31 Independent checks can serve as a preventive control in that they uncover problems in the
data or the processing
Trang 332 Feedback needed by management to assess, manage, and control the efficiency and
effectiveness of the operations of an organization relates to both financial and operational information
33 A sophisticated accounting system will provide the necessary accurate and effective feedback
needed by management to assess, manage and control the operations of an organization
34 Auditing, a monitoring activity, takes place only on a periodic basis
35 It is not possible to have an internal control system that will provide absolute assurance
36 Computer systems increase the efficiency and effectiveness of an organization but also
increases their vulnerability
37 The risks related to computerized systems are adequately covered by the COSO internal
control report
38 The acronym COBIT stands for Control Objectives for Information Technology, an extensive
framework of information technology controls developed by Information Systems Audit and Control Association
39 The AICPA and the Canadian Institute of Chartered Accountants worked together to develop
IT guidelines, commonly referred to as COBIT
40 The risk related to confidentiality category of Trust Principles is that confidential information
about the company or its business partners may be subject to unauthorized access during its transmission or storage in the IT system
ANSWERS TO TEST BANK - CHAPTER 3 – TRUE / FALSE:
Trang 4TEST BANK – CHAPTER 3 – MULTIPLE CHOICE
41 The chance for fraud or ethical lapses will not be reduced if management:
A Emphasizes ethical behavior
B Models ethical behavior
C Hires ethical employees
D Is unethical
42 The Phar-Mor fraud began when management:
A Forgot to change the budgeted figures that had been incorrectly computed
B Attempted to make the actual net income match the budgeted amounts
C Overstated their expenses to cover amounts embezzled from the company
D Understated the revenue in order to reduce the tax payable to the IRS
43 Each of the following companies was involved in fraudulent financial reporting during 2001 and
44 In addition to ethical practices, management has an obligation to maintain a set of processes
and procedures to assure accurate financial reporting and protection of company assets This obligation arises because:
A Many groups have expectations of management
B Management has a stewardship obligation to investors
C Management has an obligation to provide accurate reports to non-investors
D All of the above are reasons for the obligation
45 The careful and responsible oversight and use of the assets entrusted to management is
46 A process, effected by an entity’s board of directors, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives related to the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations is:
A COSO’s definition of internal control
B AICPA’s definition of stewardship
C ACFE’s definition of confidentiality
D IMA’s definition of competency
Trang 547 If an organization’s IT systems are not properly controlled, they may become exposed to the
risks of:
A Unauthorized access
B Erroneous processing
C Service interruption
D All of the above
48 A set of documented guidelines for moral and ethical behavior within an organization is termed
49 Which individual or group has the responsibility to establish, enforce, and exemplify the
principles of ethical conduct within an organization?
51 An example of concealment would include:
A Changing the payee on a check improperly paid by the organization
B Selling a piece of inventory that has been stolen
C Stealing money from an organization before the related sale and cash receipt has been
recorded
D All of the above are examples of concealment
52 Changing the accounting records to hide the existence of a fraud is termed:
Trang 654 The theft of any item of value is referred to as:
A Fraudulent financial reporting
B Misappropriation of assets
C Misstatement of financial records
D Earnings management
55 Financial pressures, market pressures, job-related failures, and addictive behaviors are all
examples of which condition of the Fraud Triangle?
A Opportunity
B Conversion
C Incentive
D Rationalization
56 Circumstances that provide access to the assets or records that are the objects of the
fraudulent activity describes which condition of the Fraud Triangle?
A Rationalization
B Incentive
C Concealment
D Opportunity
57 Fraudsters typically try to justify their behavior by telling themselves that they intend to repay
the amount stolen or that they believe the organization owes them the amount stolen This justification is referred to as:
A Opportunity
B Rationalization
C Incentive
D Concealment
58 According to the authors of this textbook, which of the following is not one of general
categories of people who commit fraud?
Trang 761 Management misstatement of financial statements often occurs in order to receive indirect
benefits such as:
A Decreased income taxes
B Delayed cash flows
C Increased stock prices
66 A cash payment made by a vendor to an organization’s employee in exchange for a sale to the
organization by the vendor is termed:
Trang 868 Jamie Stark, a sales employee, stole merchandise from her employer and Frank Adams, the
accounting clerk, covered it up by altering the inventory records This is an example of:
A Inventory theft
B Financial journal fraud
C Skimming
D Collusion
69 When a customer improperly obtains cash or property from a company, or avoids liability
through deception, it is termed:
A Check fraud
B Customer fraud
C Credit card fraud
D Refund fraud
70 Which of the following would be considered a vendor fraud?
A The submission of duplicate or incorrect invoices
B A customer tries to return stolen goods to collect a cash refund
C The use of stolen or fraudulent credit cards
D Inflating hours worked
71 The theft of proprietary company information is called:
A Vendor fraud
B Customer fraud
C Espionage
D Management fraud
72 Which of the following is a characteristic of computer fraud?
A A computer is used in some cases to conduct a fraud more quickly and efficiently
B Computer fraud can be conducted by employees within the organization
C Computer fraud can be conducted by users outside an organization
D All of the above are characteristics
73 A fraudster uses this to alter a program to slice a small amount from several accounts,
crediting those small amounts to the perpetrator’s benefit
A Trap door alteration
B Salami technique
C Trojan horse program
D Input manipulation
74 A small, unauthorized program within a larger legitimate program, used to manipulate the
computer system to conduct a fraud is referred to as a(n):
A Trap door alteration
B Salami technique
C Trojan horse program
D Input manipulation
Trang 975 When a person alters a system’s checks or reports to commit fraud it is referred to as:
A Input manipulation
B Output manipulation
C Program manipulation
D Collusion
76 This type of external computer fraud is intended to overwhelm an intended target computer
system with so much bogus network traffic so that the system is unable to respond to valid traffic
78 Which of the following is not one of the three critical actions that a company can undertake to
assist with fraud prevention and fraud detection?
A Maintain and enforce a cost of ethics
B Maintain an accounting information system
C Maintain a system of accounting internal controls
D Maintain a system of information technology controls
79 The Sarbanes-Oxley act was passed in 2002 as a Congress’s response to the many situations
of fraudulent financial reporting discovered during 2001 The intention of the Act was:
A Police the accounting firms responsible for auditing the corporations
B Punish the companies that had been involved in the cases of fraudulent financial
reporting
C Establish accounting standards that all companies are to follow
D Reform accounting, financial reporting, and auditing functions of companies that are
publicly traded
80 The types of concepts commonly found in a code of ethics would not include:
A Obeying applicable laws and regulations that govern business
B Avoiding all conflicts of interest
C Operating at a profit in all reporting periods
D Creating and maintaining a safe work environment
81 The objectives of an internal control system include all of the following except:
A Maintain ongoing education
B Safeguard assets
C Maintain accuracy and integrity of accounting data
D Ensure compliance with management directives
Trang 1082 The authors presented their “picture” of internal control as a series of umbrellas which
represent different types of controls Which of the following is not one of those types of controls?
84 This type of control is included in the internal control system because it is not always possible
to prevent all frauds They help employees to discover or uncover errors, fraud, or
86 According to the COSO report, there are five different interrelated components of internal
control Which of the following is not one of those five components?
A Code of Ethics
B Control Environment
C Information and Communication
D Monitoring
87 The component of internal control, identified in the COSO report, that sets the tome of an
organization and includes the consciousness of its employees is:
Trang 1188 The control environment component of internal control was identified to have a number of
different factors Which of the following is not one of those factors?
A Management’s philosophy and operating style
B The identification of sources of risk
C The integrity, ethical values, and competence of the entity’s people
D The attention and direction provided by the board of directors
89 One of the components of internal control identified by COSO required that management must be considering threats and the potential for risks, and stand ready to respond should these events occur This component is referred to as:
A Control Environment
B Control Activities
C Risk Assessment
D Communication
90 The process of risk assessment would include all of the following actions, except:
A Identify sources of risk
B Determine the impacts of identified risks
C Estimate the chance of such risks occurring
D Report the risks to the audit committee
91 The COSO report identified a component of internal control as the policies and procedures that help ensure that management directives are carried out and that management directives are achieved The component is:
A Control activities
B Risk assessment
C Monitoring
D Information and communication
92 The range of activities that make up the component of internal control referred to as control activities includes each of the following, except:
Trang 1294 The category of control activities referred to as segregation of duties requires that certain
activities should be the responsibility of different person or department The three duties that are
to be separated are:
A Authorizing, recording, and paying
B Recording, custody, and disposition
C Authorizing, paying, and custody
D Authorizing, recording, and custody
95 If an accounting supervisor were allowed to hire employees, approve the hours worked, prepare the paychecks, and deliver the paychecks, which of the categories of control activities would be violated?
A Schedules and analyses of financial information
B Supporting document for all significant transactions
C Accounting cycle reports
D All of the following are types of documentation
97 The existence of verifiable information about the accuracy of accounting records is called a(n):
A Securing the assets and records so that they are not misused or stolen
B Limiting access to certain assets to the extent that is practical
C Identifying sources of risk and estimating the possibility of that risk
D Enacting physical safeguards, such as security cameras, to protect some assets
99 Independent checks on the performance of others is one of the categories of internal control These independent checks would include all of the following, except:
A Reviewing batch totals
B Reconciliation
C Comparison of physical assets with records
D Use of appropriate ID to enter restricted areas