• No results found

Hall 5e TB Ch15(1).pdf

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "Hall 5e TB Ch15(1).pdf"

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

Chapt

er15—I

TCont

r

ol

sPar

tI

:Sar

banes-

Oxl

eyandI

TGover

nance

TRUE/FALSE

1.Corporatemanagement(includingtheCEO)mustcertifymonthlyandannuallytheir organization’sinternalcontrolsoverfinancialreporting.

ANS: F

2.BoththeSECandthePCAOBrequiresmanagementtousetheCOBITframeworkforas sessinginternalcontroladequacy.

ANS: F

3.BoththeSECandthePCAOBrequiresmanagementtousetheCOSOframeworkforass essinginternalcontroladequacy.

ANS: F

4.Aqualifiedopiniononmanagement’sassessmentofinternalcontrolsoverthefinancialreportingsystem necessitatesaqualifiedopiniononthefinancialstatements?

ANS: F

5.Thesameinternalcontrolobjectivesapplytomanualandcomputer-basedinformat ionsystems.

ANS: T

6.Tofulfillthesegregationofdutiescontrolobjective,computerprocessingfunc tions(likeauthorizationofcreditandbilling)areseparated.

ANS: F

7.Toensuresoundinternalcontrol,programcodingandprogramprocessingshouldb eseparated.

ANS: T

8.Somesystemsprofessionalshaveunrestrictedaccesstotheorganization'sprogra msanddata.

(2)

9.Applicationcontrolsapplytoawiderangeofexposuresthatthreatentheintegr ityofallprogramsprocessedwithinthecomputerenvironment.

ANS: F

10.TheDatabaseAdministratorshouldbeseparatedfromsystemsdevelopment. ANS: T

11.Adisasterrecoveryplanisacomprehensivestatementofallactionstobetaken afteradisaster.

ANS: T

12.ITauditingisasmallpartofmostexternalandinternalaudits. ANS: F

13.Assuranceservicesisanemergingfieldthatgoesbeyondtheauditor’straditionalattestationfunction. ANS: T

14.AnITauditorexpressesanopiniononthefairnessofthefinancialstatements. ANS: F

15.Externalauditingisanindependentappraisalfunctionestablishedwithinanorg anizationtoexamineandevaluateitsactivitiesasaservicetotheorganization .

ANS: F

16.Externalauditorscancooperatewithanduseevidencegatheredbyinternalaudit departmentsthatareorganizationallyindependentandthatreporttotheAuditC ommitteeoftheBoardofDirectors.

ANS: T

17.Testsofcontrolsdeterminewhetherthedatabasecontentsfairlyreflecttheorg anization'stransactions.

ANS: F

(3)

nonfinancialstatementsthataremateriallymisstated. ANS: T

19.Astronginternalcontrolsystemwillreducetheamountofsubstantivetestingt hatmustbeperformed.

ANS: T

20.Substantivetestingtechniquesprovideinformationabouttheaccuracyandcomple tenessofanapplication'sprocesses.

ANS: F MULTIPLECHOICE

1.WhichofthefollowingisNOTanimplicationofsection302oftheSarbanes-Oxle yAct?

a

. Auditorsmustdetermine,whetherchangesininternalcontrolhas,orislikelyt o,materiallyaffectinternalcontroloverfinancialreporting.

b

. Auditorsmustinterviewmanagementregardingsignificantchangesinthedesigno roperationofinternalcontrolthatoccurredsincethelastaudit.

c

. Corporatemanagement(includingtheCEO)mustcertifymonthlyandannuallytheir organization’sinternalcontrolsoverfinancialreporting.

d

. Managementmustdioccurredduringthemostrscloseanymatecentfiscalquarerialchangesiter. nthecompany’sinternalcontrolsthathave ANS: C

2.WhichofthefollowingisNOTarequirementinmanagement’sreportontheeffectivenessofinternalcontrols overfinancialreporting?

a

. Astcontatrolusersatementofmanagementisfaction. ’sresponsibilityforestablishingandmaintainingadequateinternal b

. Astatementthattheorganizationsinternalauditorshasissuedanattestationr eportonmanagement’sassessmentofthecompaniesinternalcontrols. c

. Astatementidentifyingtheframeworkusedbymanagementtoconducttheirassess mentofinternalcontrols.

d

. Anexplicitwrittenconclusionastotheeffectivenessofinternalcontrolover financialreporting.

ANS: B

(4)

eseparated? a

. programcodingfromprogramoperations b

. programoperationsfromprogrammaintenance c

. programmaintenancefromprogramcoding d

. alloftheabovedutiesshouldbeseparated ANS: D

4.Supervisioninacomputerizedenvironmentismorecomplexthaninamanualenvir onmentforallofthefollowingreasonsexcept

a

. rapidturnoverofsystemsprofessionalscomplicatesmanagement'staskofassessi ngthecompetenceandhonestyofprospectiveemployees

b

. manysystemsprofessionalshavedirectandunrestrictedaccesstotheorganizati on'sprogramsanddata

c

. rapidchangesintechnologymakestaffingthesystemsenvironmentchallenging d

. systemsprofessionalsandtheirsupervisorsworkatthesamephysicallocation ANS: D

5.Adequatebackupswillprotectagainstallofthefollowingexcept a

. naturaldisasterssuchasfires b

. unauthorizedaccess c

. datacorruptioncausedbyprogramerrors d

. systemcrashes ANS: B

6.Whichisthemostcriticalsegregationofdutiesinthecentralizedcomputerser vicesfunction?

a

. systemsdevelopmentfromdataprocessing b

. dataoperationsfromdatalibrarian c

. datapreparationfromdatacontrol d

. datacontrolfromdatalibrarian ANS: A

(5)

7.Systemsdevelopmentisseparatedfromdataprocessingactivitiesbecausefailure todoso

a

. weakensdatabaseaccesssecurity b

. allowsprogrammersaccesstomakeunauthorizedchangestoapplicationsduringex ecution

c

. resultsininadequatedocumentation d

. resultsinmasterfilesbeinginadvertentlyerased ANS: B

8.Whichorganizationalstructureismostlikelytoresultingooddocumentationpr ocedures?

a

. separatesystemsdevelopmentfromsystemsmaintenance b

. separatesystemsanalysisfromapplicationprogramming c

. separatesystemsdevelopmentfromdataprocessing d

. separatedatabaseadministratorfromdataprocessing ANS: A

9.Allofthefollowingarecontrolrisksassociatedwiththedistributeddataproc essingstructureexcept

a

. lackofseparationofduties b

. systemincompatibilities c

. systeminterdependency d

. lackofdocumentationstandards ANS: C

10.Whichofthefollowingisnotanessentialfeatureofadisasterrecoveryplan? a

. off-sitestorageofbackups b

. computerservicesfunction c

. secondsitebackup d

(6)

ANS: B

11.Asecondsitebackupagreementbetweentwoormorefirmswithcompatiblecompute rfacilitiestoassisteachotherwithdataprocessingneedsinanemergencyisc alled

a

. internallyprovidedbackup b

. recoveryoperationscenter c

. emptyshell d

. mutualaidpact ANS: D

12.Themajordisadvantageofanemptyshellsolutionasasecondsitebackupis a

. thehostsitemaybeunwillingtodisruptitsprocessingneedstoprocessthecr iticalapplicationsofthedisasterstrickencompany

b

. intensecompetitionforshellresourcesduringawidespreaddisaster c

. maintenanceofexcesshardwarecapacity d

. thecontroloftheshellsiteisanadministrativedrainonthecompany ANS: B

13.Anadvantageofarecoveryoperationscenteristhat a

. thisisaninexpensivesolution b

. theinitialrecoveryperiodisveryquick c

. thecompanyhassolecontrolovertheadministrationofthecenter d

. noneoftheaboveareadvantagesoftherecoveryoperationscenter ANS: B

14.Formostcompanies,whichofthefollowingistheleastcriticalapplicationfor disasterrecoverypurposes?

a

. month-endadjustments b

. accountsreceivable c

. accountspayable d

(7)

ANS: A

15.Theleastimportantitemtostoreoff-siteincaseofanemergencyis a

. backupsofsystemssoftware b

. backupsofapplicationsoftware c

. documentationandblankforms d

. resultsofthelatesttestofthedisasterrecoveryprogram ANS: D

16.Somecompaniesseparatesystemsanalysisfromprogramming/programmaintenance.A llofthefollowingarecontrolweaknessesthatmayoccurwiththisorganizationa lstructureexcept

a

. systemsdocumentationisinadequatebecauseofpressurestobegincodinganewp rogrambeforedocumentingthecurrentprogram

b

. illegallinesofcodearehiddenamonglegitimatecodeandafraudiscoveredup foralongperiodoftime

c

. anewsystemsanalysthasdifficultyinunderstandingthelogicoftheprogram d

. inadequatesystemsdocumentationispreparedbecausethisprovidesasenseofjo bsecuritytotheprogrammer

ANS: C

17.Allofthefollowingarerecommendedfeaturesofafireprotectionsystemfora computercenterexcept

a

. clearlymarkedexits b

. anelaboratewatersprinklersystem c

. manualfireextinguishersinstrategiclocations d

. automaticandmanualalarmsinstrategiclocations ANS: B

18.Whichconceptisnotanintegralpartofanaudit? a

. evaluatinginternalcontrols b

. preparingfinancialstatements c expressinganopinion

(8)

. d

. analyzingfinancialdata ANS: B

19.Whichstatementisnottrue? a

. Auditorsmustmaintainindependence. b

. ITauditorsattesttotheintegrityofthecomputersystem. c

. ITauditingisindependentofthegeneralfinancialaudit. d

. ITauditingcanbeperformedbybothexternalandinternalauditors. ANS: C

20.Typically,internalauditorsperformallofthefollowingtasksexcept a

. ITaudits b

. evaluationofoperationalefficiency c

. reviewofcompliancewithlegalobligations d

. internalauditorsperformalloftheabovetasks ANS: D

21.Thefundamentaldifferencebetweeninternalandexternalauditingisthat a

. internalauditorsrepresenttheinterestsofmanagementandexternalauditorsre presentoutsiders

b

. internalauditorsperformITauditsandexternalauditorsperformfinancialstat ementaudits

c

. internalauditorsfocusonfinancialstatementauditsandexternalauditorsfocu sonoperationalauditsandfinancialstatementaudits

d

. externalauditorsassistinternalauditorsbutinternalauditorscannotassiste xternalauditors

ANS: A

22.Internalauditorsassistexternalauditorswithfinancialauditsto a

. reduceauditfees b

. ensureindependence c

. representtheinterestsofmanagement

(9)

.

lauditorswithfinancialaudits ANS: A

23.Whichstatementisnotcorrect? a

. Auditorsgatherevidenceusingtestsofcontrolsandsubstantivetests. b

. Themostimportantelementindeterminingthelevelofmaterialityisthemathem aticalformula.

c

. Auditorsexpressanopinionintheirauditreport. d

. Auditorscompareevidencetoestablishedcriteria. ANS: B

24.AllofthefollowingarestepsinanITauditexcept a

. substantivetesting b

. testsofcontrols c

. post-audittesting d

. auditplanning ANS: C

25.Whenplanningtheaudit,informationisgatheredbyallofthefollowingmethods except

a

. completingquestionnaires b

. interviewingmanagement c

. observingactivities d

. confirmingaccountsreceivable ANS: D

26.Substantivetestsinclude a

. examiningthesafetydepositboxforstockcertificates b

. reviewingsystemsdocumentation c

. completingquestionnaires d

(10)

ANS: A

27.Testsofcontrolsinclude a

. confirmingaccountsreceivable b

. countinginventory c

. completingquestionnaires d

. countingcash ANS: C

28.Allofthefollowingarecomponentsofauditriskexcept a

. controlrisk b

. legalrisk c

. detectionrisk d

. inherentrisk ANS: B

29.Controlriskis a

. theprobabilitythattheauditorwillrenderanunqualifiedopiniononfinancial statementsthataremateriallymisstated

b

. associatedwiththeuniquecharacteristicsofthebusinessorindustryofthecl ient

c

. thelikelihoodthatthecontrolstructureisflawedbecausecontrolsareeither absentorinadequatetopreventordetecterrorsintheaccounts

d

. theriskthatauditorsarewillingtotakethaterrorsnotdetectedorprevented bythecontrolstructurewillalsonotbedetectedbytheauditor

ANS: C

30.Allofthefollowingtestsofcontrolswillprovideevidenceaboutthephysical securityofthecomputercenterexcept

a

. reviewoffiremarshalrecords b

. reviewofthetestofthebackuppowersupply c

. verificationofthesecondsitebackuplocation d

(11)

ANS: C

31.Allofthefollowingtestsofcontrolswillprovideevidenceabouttheadequacy ofthedisasterrecoveryplanexcept

a

. inspectionofthesecondsitebackup b

. analysisofthefiredetectionsystemattheprimarysite c

. reviewofthecriticalapplicationslist d

. compositionofthedisasterrecoveryteam ANS: B

32.Whichofthefollowingistrue? a

. IntheCBISenvironment,auditorsgatherevidencerelatingonlytothecontents ofdatabases,notthereliabilityofthecomputersystem.

b

. Conductinganauditisasystematicandlogicalprocessthatappliestoallform sofinformationsystems.

c

. Substantivetestsestablishwhetherinternalcontrolsarefunctioningproperly. d

. ITauditorspreparetheauditreportifthesystemiscomputerized. ANS: B

33.Inherentrisk a

. existsbecauseallcontrolstructuresareflawedinsomeways. b

. isthelikelihoodthatmaterialmisstatementsexistinthefinancialstatements ofthefirm.

c

. isassociatedwiththeuniquecharacteristicsofthebusinessorindustryofthe client.

d

. isthelikelihoodthattheauditorwillnotfindmaterialmisstatements. ANS: C

34.Attestationservicesrequireallofthefollowingexcept a

. writtenassertionsandapractitioner’swrittenreport b

. tdegrheengagementieeofSOXcomplsdesiiancegnedtoconductriskassessmentoftheclient’ssystemstoverifytheir c

. theformalestablishmentofmeasurementscriteria d

. theengagementislimitedtoexamination,review,andapplicationofagreed-upon procedures

(12)

ANS: B

35.Thefinancialstatementofanorganizationreflectsasetofmanagementassertio nsaboutthefinancialhealthofthebusiness.Allofthefollowingdescribedtyp esofassertionsexcept

a

. thatalloftheassetsandequitiesonthebalancesheetexist b

. thatallemployeesareproperlytrainedtocarryouttheirassignedduties c

. thatalltransactionsontheincomestatementactuallyoccurred d

. thatallallocatedamountssuchasdepreciationarecalculatedonasystematica ndrationalbasis

ANS: B SHORTANSWER

1.Whichofthefollowingstatementsistrue?

a.BoththeSECandthePCAOBrequirestheuseoftheCOSOframework b.BoththeSECandthePCAOBrequirestheCOBITframework

c.TheSECrecommendsCOBITandthePCAOBrecommendsCOSO

d.AnyframeworkcanbeusedthatencompassallofCOSO’sgeneralthemes ANS:

Bothcanddabovearetrue.

2.COSOidentifiestwobroadgroupingsofinformationsystemcontrols.Whatarethe y?

ANS:

general;application

3.TheSarbanes-OxleyActcontainsmanysections.Whichsectionsarethefocusoft hischapter?

ANS:

Thechapterconcentrateoninternalcontrolandauditresponsibilitiespursuant toSections302and404.

4.WhatcontrolframeworkisrecommendedbythePCAOB? ANS:

ThePCAOB’sAuditingStandardNo.2endorsestheuseofCOSOastheframeworkforcontrolassessment. 5.Whataretheobjectivesofapplicationcontrols?

(13)

ANS:

Theobjectivesofapplicationcontrolsaretoensurethevalidity,completeness,andaccuracyfinancial transactions.

6.Definegeneralcontrols. ANS:

Generalcontrolsapplytoallsystems.Theyarenotapplicationspecific.Genera lcontrolsincludecontrolsoverITgovernance,theITinfrastructure,securitya ndaccesstooperatingsystemsanddatabases,applicationacquisitionanddevelop ment,andprogramchanges.

7.DiscussthekeyfeaturesofSection302oftheSarbanes-OxleyAct. ANS:

Section302requiresthatcorporatemanagement(includingtheCEO)certifyquart

erlyandannuallytheirorganization’sinternalcontrolsoverfinancialreporting.Thecertifyingofficersare requiredto:

a. havedesignedinternalcontrols

b. theymustdiscloseanymaterialchangesinthecompany’sinternalcontrolsthat haveoccurredduringthemostrecentfiscalquarter.

8.WhatthethreeprimaryCBISfunctionsthatmustbeseparated? ANS:

Programmingshouldbeseparatedfromcomputeroperations

Programmingmaintenanceshouldbeseparatedfromnewsystemsdevelopment. Endusersshouldbeseparatefromsystemsdesign.

9.Listthreepairsofsystemfunctionsthatshouldbeseparatedinthecentralized computerservicesorganization.Describeariskexposureifthefunctionsareno tseparated.

FunctionstoSeparate RiskExposure

__________________________ __________________________ __________________________ __________________________ __________________________ __________________________ ANS:

separatesystemsdevelopmentfromdataprocessingoperations(unauthorizedchang estoapplicationprogramsduringexecution),

(14)

separatedatabaseadministratorfromsystemsdevelopment(unauthorizedaccessto databasefiles),

separatenewsystemsdevelopmentfromsystemsmaintenance(writingfraudulentco deandkeepingitconcealedduringmaintenance),

separatedatalibraryfromcomputeroperations(lossoffilesorerasingcurrent files)

10.Fordisasterrecoverypurposes,whatcriteriaareusedtoidentifyanapplicatio nordataascritical?

ANS:

Criticalapplicationandfilesarethosethatimpacttheshort-runsurvivaloft hefirm.Criticalitemsimpactcashflows,legalobligations,andcustomerrelati ons.

11.Describethecomponentsofadisasterrecoveryplan. ANS:

Everydisasterrecoveryplanshould: designateasecondsitebackup identifycriticalapplications

preparebackupandoff-sitestorageprocedures createadisasterrecoveryteam

testthedisasterrecoveryplan 12.Whatisamirroreddatacenter?

ANS:

Duplicatingprogramsanddataontoacomputerataseparatelocation.Mirroring isperformedforbackuppurposes.

13.WhyissupervisorycontrolmoreelaborateintheCBISenvironmentthaninthema nualenvironment?

ANS:

Therequiredskillsofsystemsprofessionalsleadtohighratesofturnover.Sys temsprofessionalsworkinareasthatpermitdirectandunrestrictedaccesstoth eorganizationsprogramsanddata.Managementisunabletoadequatelyobserveemp loyeesintheCBISenvironment.

(15)

ANS:

ControlissuesoftheDDPmodelincludeincompatibilityofhardwareandsoftware purchasedwithoutcoordination,redundancyofworkwithdifferentunitsduplicat ingeffort,incompatibledutiesbecauseofconsolidationinsmallunits,difficul tyacquiringqualifiedpersonnel,andlackofstandards.

15.Whatisprogramfraud? ANS:

Programfraudinvolvesmakingunauthorizedchangestopartsofaprogramforthe purposeofcommittinganillegalact.

16.Thedistributeddataprocessingapproachcarriessomecontrolimplicationsofwh ichaccountantsshouldbeaware.Discusstwo.

ANS:

Incompatibilityofhardwareandsoftware,selectedbyusersworkingindependently,canresulti nsystemincompatibilitythatcanaffectcommunication.

Whenindividualsindifferentpartsoftheorganization“dotheirownthing,”therecanbesignificant redundancybetweenunits.

Whenuserareashandletheirowncomputerservicesfunctions,theremaybeaten dencytoconsolidateincompatibleactivities.

Smallunitsmaylacktheabilitytoevaluatesystemsprofessionalsandtoprovid

eadequateopportunitiesandmaythereforehavedifficultyacquiringqualifiedprofessionals. Asthenumberofunitshandlingsystemstasks,thereisanincreasingchancetha

tthesystemswilllackstandards.

17.__________________________areintentionalmistakeswhile______________________ ____areunintentionalmistakes.

ANS:

Irregularities,Errors

18.Explaintherelationshipbetweeninternalcontrolsandsubstantivetesting. ANS:

Thestrongertheinternalcontrols,thelesssubstantivetestingmustbeperform ed.

19.Discusstheinterrelationshipoftestsofcontrols,auditobjectives,exposures, andexistingcontrols.

(16)

ANS:

Duringtheriskanalysisphaseoftheaudit,theauditordevelopsanunderstandi ngoftheexposuresthatthreatenthefirmandabouttheexistingcontrols.Based

onthatunderstanding,theauditordevelopsauditobjectives.Fromtheauditobj ectivestheauditordesignsandperformstestsofcontrols.

20.Distinguishbetweenerrorsandirregularities.Whichdoyouthinkconcerntheau ditorsthemost?

ANS:

Errorsareunintentionalmistakes;whileirregularitiesareintentionalmisrepre sentationstoperpetrateafraudormisleadtheusersoffinancialstatements.Er rorsareaconcerniftheyarenumerousorsizableenoughtocausethefinancial statementstobemateriallymisstated.Processeswhichinvolvehumanactionswill

containsomeamountofhumanerror.Computerprocessesshouldonlycontainerror siftheprogramsareerroneous,orifsystemsoperatingproceduresarenotbeing

closelyandcompetentlyfollowed.Errorsaretypicallymucheasiertouncoverth anmisrepresentations,thusauditorstypicallyaremoreconcernedwhethertheyha veuncoveredanyandallirregularities.

21.Describetwoteststhatanauditorwouldperformtoensurethatthedisasterrec overyplanisadequate.

ANS:

reviewsecondsitebackupplan,criticalapplicationlist,andoff-sitebackups ofcriticallibraries,applicationsanddatafiles;ensurethatbackupsupplies,

sourcedocumentsanddocumentationarelocatedoff-site;reviewwhichemployeesa remembersofdisasterrecoveryteam

22.Distinguishbetweeninherentriskandcontrolrisk.Howdointernalcontrolsand detectionriskfitin?

ANS:

(17)

ndustryoftheclient.Firmsindecliningindustriesareconsideredtohavemore inherentriskthanfirmsinstableorthrivingindustries.Controlriskistheli kelihoodthatthecontrolstructureisflawedbecauseinternalcontrolsareeithe rabsentorinadequatetopreventordetecterrorsintheaccounts.Internalcont rolsmaybepresentinfirmswithinherentrisk,yetthefinancialstatementsmay bemateriallymisstatedduetocircumstancesoutsidethecontrolofthefirm,su chasacustomerwithunpaidbillsonthevergeofbankruptcy.Detectionriskis theriskthatauditorsarewillingtoacceptthaterrorsarenotdetectedorprev entedbythecontrolstructure.Typically,detectionriskwillbelowerforfirms

withhigherinherentriskandcontrolrisk. 23.Contrastinternalandexternalauditing.

ANS:

Internalauditingisanindependentappraisalfunctionestablishedwithinanorg anizationtoexamineandevaluateitsactivitiesasaservicetotheorganization .Externalauditingisoftencalled"independentauditing"becauseitisdoneby certifiedpublicaccountantswhoareindependentoftheorganizationbeingaudite d.Thisindependenceisnecessarysincetheexternalauditorsrepresenttheinter estsofthird-partystakeholderssuchasshareholders,creditors,andgovernment agencies.

24.Whatarethecomponentsofauditrisk? ANS:

Inherentriskisassociatedwiththeuniquecharacteristicsofthebusinessitse lf;controlriskisthelikelihoodthatthecontrolstructureisflawedbecausec ontrolsareabsentorinadequate;anddetectionriskistheriskthatauditorsar ewillingtotakethaterrorswillnotbedetectedbytheaudit.

25.Howdothetestsofcontrolsaffectsubstantivetests? ANS:

(18)

lcontrolstructure.Thestrongertheinternalcontrols,thelowerthecontrolri sk,andthelesssubstantivetestingtheauditormustdo.

26.Whatisanauditorlookingforwhentestingcomputercentercontrols? ANS:

Whentestingcomputercentercontrols,theauditoristryingtodeterminethatt hephysicalsecuritycontrolsareadequatetoprotecttheorganizationfromphysi calexposures,thatinsurancecoverageonequipmentisadequate,thatoperatordo cumentationisadequatetodealwithoperationsandfailures,andthatthedisast errecoveryplanisadequateandfeasible.

27.Defineandcontrastattestationservicesandassuranceservices. ANS:

Attestservicesareengagementsinwhichapractitionerisengagedtoissue,ordoesissue,aw rittencommunicationthatexpressesaconclusionaboutthereliabilityofawritt

enassertionthatistheresponsibilityofanotherparty,e.g.,thefinancialsta tementspreparedbyanorganization.

Assuranceservicesareprofessionalservicesthataredesignedtoimprovethequalityofinformati on,bothfinancialandnon-financial,usedbydecisionmakers.Thedomainofassu

ranceservicesisintentionallyunbounded. ESSAY

1.DiscussthekeyfeaturesofSection404oftheSarbanes-OxleyAct ANS:

Section404requiresthemanagementofpubliccompaniestoassesstheeffectiven

essoftheirorganization’sinternalcontrolsoverfinancialreportingandprovideanannualreportaddressing thefollowingpoints:1)Astatementofmanagement’sresponsibilityforestablishingandmaintaining adequateinternalcontrol.2)Anassessmentoftheeffectivenessofthecompany’sinternalcontrolsover financialreporting.3)Astatementthattheorganizationsexternalauditorshasissuedanattestationreport onmanagement’sassessmentofthecompaniesinternalcontrols.4)Anexplicitwrittenconclusionastothe effectivenessofinternalcontroloverfinancialreporting.6)Astatementidentifyingtheframeworkusedby managementtoconducttheirassessmentofinternalcontrols.

(19)

eworkusedtoconducttheirassessmentofinternalcontrols.Discusstheoptions inselectingacontrolframework.

ANS:

TheSEChasmadespecificreferencetotheCommitteeoftheSponsoringOrganizat ionsoftheTreadwayCommission(COSO)asarecommendedcontrolframework.Furthe

rmore,thePCAOB’sAuditingStandardNo.2endorsestheuseofCOSOastheframeworkforcontrol assessment.Althoughothersuitableframeworkshavebeenpublished,accordingtoStandardNo.2,any frameworkusedshouldencompassallofCOSO’sgeneralthemes.

3.Explainhowgeneralcontrolsimpacttransactionintegrityandthefinancialrepo rtingprocess.

ANS:

Consideranorganizationwithpoordatabasesecuritycontrols.Insuchasituati on,evendataprocessedbysystemswithadequatebuiltinapplicationcontrolsma ybeatrisk.Anindividualwhocancircumventdatabasesecurity,maythenchange ,steal,orcorruptstoredtransactiondata.Thus,generalcontrolsareneededto

supportthefunctioningofapplicationcontrols,andbothareneededtoensurea ccuratefinancialreporting.

4.PriortoSOX,externalauditorswererequiredtobefamiliarwiththeclientorg anization’sinternalcontrols,butnottestthem.Explain.

ANS:

Auditorshadtheoptionofnotrelyingoninternalcontrolsintheconductofan auditandthereforedidnotneedtotestthem.Insteadauditorscouldfocusprim arilyofsubstantivetests.UnderSOX,managementisrequiredtomakespecificas sertionsregardingtheeffectivenessofinternalcontrols.Toattesttothevalid ityoftheseassertions,auditorsarerequiredtotestthecontrols.

5.Doesaqualifiedopiniononmanagementsassessmentofinternalcontrolsoverthe financialreportingsystemnecessitateaqualifiedopiniononthefinancialstat ements?Explain.

(20)

No.Auditorsarepermittedtosimultaneouslyrenderaqualifiedopiniononmanag

ement’sassessmentofinternalcontrolsandanunqualifiedopiniononthefinancialstatements.Inother words,itistechnicallypossibleforauditorstofindinternalcontrolsoverfinancialreportingtobeweak,but concludethroughsubstantiveteststhattheweaknessesdidnotcausethefinancialstatementstobe materiallymisrepresented.

6.ThePCAOB’sstandardNo.2specificallyrequiresauditorstounderstandtransactionflowsindesigningtheirtest ofcontrols.Whatstepsdoesthisentail?

ANS:

Thisinvolves:

1.Selectingthefinancialaccountsthathavematerialimplicationsforfinancia lreporting.2.Identifytheapplicationcontrolsrelatedtothoseaccounts.Asp reviouslynoted,the3.Identifythegeneralthatsupporttheapplicationcontrol s.

Thesumofthesecontrols,bothapplicationandgeneral,constitutetherelevant internalcontrolsoverfinancialreportingthatneedtobereviewed.

7.Whatfrauddetectionresponsibilities(ifany)areimposedonauditorsbySOX. ANS:

StandardNo.2placesnewresponsibilityonauditorstodetectfraudulentactivi ty.Thestandardemphasizestheimportanceofcontrolsdesignedtopreventordet ectfraudthatcouldleadtomaterialmisstatementofthefinancialstatements.M anagementisresponsibleforimplementingsuchcontrolsandauditorsareexpressl yrequiredtotestthem.

8.DescribehowaCorporateComputerServicesFunctioncanovercomesomeofthepro blemsassociatedwithdistributeddataprocessing.

ANS:

TheCorporateComputerServicesFunctionmayprovidethefollowingtechnicaladv iceandexpertisetodistributeddataprocessingunits:

centraltestingofcommercialsoftwareandhardware; installationofnewsoftware;

trouble-shootinghardwareandsoftwareproblems; technicaltraining;

firm-widestandardsettingforthesystemsarea;and performanceevaluationofsystemsprofessionals.

(21)

ANS:

Secondsitebackupsincludemutualaidpacts,emptyshell,recoveryoperationsc enter,andinternallyprovidedbackups.

MutualAidPacts

Advantages Inexpensive

Disadvantages Mayencounterreluctancetosharefacilitiesduringanemergency EmptyShell

Advantages Inexpensive

Disadvantages Extendedtimelagbetweendisasterandinitialrecovery Mayencountercompetitionamongusersforshellresources RecoveryOperationsCenter

Advantages Rapidinitialrecovery Disadvantages Expensive

InternallyProvidedBackups

Advantages Controlledbythefirm

Compatibilityofhardwareandsoftware Rapidinitialrecovery

Disadvantages Expenseofmaintainingexcesscapacityyearround 10.Internalcontrolinacomputerizedenvironmentcanbedividedintotwobroadcat

egories.Whatarethey?Explaineach. ANS:

Internalcontrolscanbedividedintotwobroadcategories.Generalcontrolsapplytoallormostofasystem tominimizeexposuresthatthreatentheintegr

ityoftheapplicationsbeingprocessed.Theseincludeoperatingsystemcontrols, datamanagementcontrols,organizationalstructurecontrols,systemdevelopment controls,systemmaintenancecontrols,computercentersecurity,InternetandInt

ranetcontrols,EDIcontrols,andPCcontrols.Applicationcontrolsfocusonexposuresrelatedtospecific partsofthesystem:payroll,accountsr

eceivable,etc.

11.Auditorsexaminethephysicalenvironmentofthecomputercenteraspartofthei raudit.Manycharacteristicsofcomputercentersareofinteresttoauditors.Wh atarethey?Discuss.

ANS:

(22)

:physicallocationbecauseitaffectstheriskofdisaster–itshouldbeawayfromman-madeandnatural hazards;constructionofthecomputercentershouldbesound;accesstothecomputercentershouldbe controlled;air-conditioningshouldbeadequategiventheheatgeneratedbyelectronicequipmentandthefai lurethatcanresultfromover-heating;firesuppressionsystemsarecritical;andadequatepowersupplyis neededtoensureservice.

12.Explainwhycertaindutiesthataredeemedincompatibleinamanualsystemmayb ecombinedinaCBISenvironment?Giveanexample.

ANS:

InaCBISenvironmentitwouldbeinefficientandcontrarytotheobjectivesof automationtoseparatesuchtasksandprocessingandrecodingatransactionamong

severaldifferentapplicationprogramsmerelytoemulateamanualcontrolmodel. Further,thereasonforseparatingtasksistocontrolagainstthenegativebeha viorofhumans;inaCBISthecomputerperformsthetasksnothumans. 13.Compareandcontrastthefollowingdisasterrecoveryoptions:mutualaidpact,e

mptyshell,recoveryoperationscenter,andinternallyprovidedbackup.Rankthem frommostriskytoleastrisky,aswellasmostcostlytoleastcostly.

ANS:

Amutualaidpactrequirestwoormoreorganizationstoagreeandtrustoneanot hertoaideachotherwiththeirdataprocessingneedsintheeventofadisaster .Thismethodisthelowestcost,butalsosomewhatriskyfortworeasons.First,

thehostcompanymustbetrustedtoscalebackitsownprocessinginordertopr ocessthetransactionsofthedisaster-strickencompany.Second,thetwoormore firmsmustnotbeaffectedbythesamedisasterortheplanfails.Thenextlowes tcostmethodisinternallyprovidedbackup.Withthismethod,organizationswith multipledataprocessingcentersmayinvestininternalexcesscapacityandsupp ortthemselvesinthecaseofdisasterinonedataprocessingcenter.Thismethod

isnotasriskyasthemutualaidpactbecauserelianceonanotherorganization isnotafactor.Intermsofcost,thenexthighestmethodistheemptyshellwhe retwoormoreorganizationsbuyorleasespaceforadataprocessingcenter.The

(23)

spaceismadereadyforcomputerinstallation;however,nocomputerequipmentis installed.Thismethodrequiresleaseormortgagepayments,aswellaspaymentf orairconditioningandraisedfloors.Theriskofthismethodisthatthehardwa re,software,andtechniciansmaybedifficult,ifnotimpossible,tohaveavaila bleinthecaseofanaturaldisaster.Further,ifmultiplemembers'systemscras hsimultaneously,anallocationproblemexists.Themethodwithlowestriskanda lsothehighestcostistherecoveryoperationscenter.Thismethodtakestheemp tyshellconceptonestepfurther-thecomputerequipmentisactuallypurchased andsoftwaremayevenbeinstalled.Assumingthatthissiteisfarenoughawayfr omthedisaster-strickenareanottobeaffectedbythedisaster,thismethodcan

beaverygoodsafeguard.

14.Whatisadisasterrecoveryplan?Whatarethekeyfeatures? ANS:

Adisasterrecoveryplanisacomprehensivestatementofallactionstobetaken before,during,andafteradisaster,alongwithdocumented,testedprocedurest hatwillensurethecontinuityofoperations.Theessentialfeaturesare:providi ngsecondsitebackup,identifyingcriticalapplications,backupandoff-sitesto rageprocedures,creatingadisasterrecoveryteam,andtestingthedisasterreco veryplan.

References

Download now ( PDF - 23 Page - 343.42 KB )

Related documents

Human Factors Evaluation of Conflict Detection Tool for Terminal Area

Abstract —A conflict detection and resolution tool, Terminal-area Tactical Separation-Assured Flight Environment (T-TSAFE), is being developed to improve the timeliness

Instructional Design and Learning Theory on the Development of a Multimedia Courseware

In this study, Sampling method used is simple random sampling (Sulaiman, 2004). Target population for this study is students who are taking Foundation of Computer

Change for the good? The influence of the Dutch co-financing system II on NGDOs

The Dutch government, especially the Ministry of Foreign Affairs (MoFA), cooperates with Dutch NGDOs to achieve development in developing countries.. The MoFA

Medical decision making among Hispanics and non Hispanic Whites with chronic back and knee pain: A qualitative study

However, Hispanic patients with knee and back pain appear to differ from non-Hispanic Whites in areas pertinent to shared decision-making, including the role of adverse experiences

The impact of time and day on the presentation of acute coronary syndromes

The less intense symptoms associated with NSTEMI or UA may lead some patients to wait during daytime and on weekdays, which could help explain the increased pro- portion with STEMI

Finite Element Analysis of porously punched prosthetic short stem virtually designed for simulative uncemented Hip Arthroplasty

To realize this aim, first of all, a three-dimensional (3D) femoral model for pre- operative planning is achieved by Reverse Engineering Software that mimicked operative

Expanding the Boundaries of Anthropology: The Cultural Criticism of Gloria AnzaldÚa and Marlon Riggs

As Rofel wrote in her proposal, u[t]he work of these scholars has helped us to rethink the intersections of gender, race/ ethnicity, and sexuality, and, indeed, to rethink the

Law Quadrangle, V 55, Iss 02 (Fall 2012) 

Justice Kagan made the remarks during a Q&A with Law School Dean Evan Caminker, who served as a Supreme Court clerk around the same time as Justice Kagan and who became dean