This document contains an assessment test covering multiple topics related to accounting and auditing, including audit cycles, supply chain management, business process analysis, inventory management techniques, electronic fund transfers, electronic data interchange, e-commerce, and more. It consists of 20 multiple choice questions testing understanding of these topics. The questions cover identifying red flags, defining business terms, describing techniques like the theory of constraints, ordering processes, and evaluating the effectiveness of relevant controls.
This document contains an assessment test covering multiple topics related to accounting and auditing, including audit cycles, supply chain management, business process analysis, inventory management techniques, electronic fund transfers, electronic data interchange, e-commerce, and more. It consists of 20 multiple choice questions testing understanding of these topics. The questions cover identifying red flags, defining business terms, describing techniques like the theory of constraints, ordering processes, and evaluating the effectiveness of relevant controls.
This document contains an assessment test covering multiple topics related to accounting and auditing, including audit cycles, supply chain management, business process analysis, inventory management techniques, electronic fund transfers, electronic data interchange, e-commerce, and more. It consists of 20 multiple choice questions testing understanding of these topics. The questions cover identifying red flags, defining business terms, describing techniques like the theory of constraints, ordering processes, and evaluating the effectiveness of relevant controls.
This document contains an assessment test covering multiple topics related to accounting and auditing, including audit cycles, supply chain management, business process analysis, inventory management techniques, electronic fund transfers, electronic data interchange, e-commerce, and more. It consists of 20 multiple choice questions testing understanding of these topics. The questions cover identifying red flags, defining business terms, describing techniques like the theory of constraints, ordering processes, and evaluating the effectiveness of relevant controls.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1of 7
ASSESSMENT TEST: ACCTG 023B
MULTIPLE CHOICE
AUDIT CYCLE RED FLAGS
1. These are examples of red flags in a revenue cycle except a. Dubious write-offs of uncollected accounts b. Slow collection of receivables c. Unusual increases despite industry trends d. Decreasing amount of receivables e. Discrepancies between high shipments and low sales SUPPLY CHAIN MANAGEMENT BUSINESS CYCLES 2. This is sometimes referred to as a logistics network and a global network used to deliver products and services from raw materials to end customers through an engineered flow of information, physical distribution and cash. a. Supply chain b. Chain Management c. Chain rule d. Chain flows 3. The type of channel influences how many levels of organization to include in the channel and the specific kinds of intermediaries. For example, an industrial products producer might choose between independent manufacturing agents and a chain of distributors. What is not true as one of the several factors that can influence channel design: a. End-user preferences, where customers want to purchase products or services. b. Product or service characteristics e.g. complexity, features, service requirements c. Manufacturer’s core capabilities and resources of which large producers will have more channel constraints d. Availability, experience and skills of intermediaries. e. Required functions which are necessary to move the product or service from the producer to the customer such as storage, transportation and servicing. BUSINESS PROCESS ANALYSIS 4. This is a collection of analytical techniques that examine and measure the basic elements of processes in order to understand their activities, relationships and contributions to organizational goals a. Business process analysis b. Just process analysis c. Business process review (BPR) d. Any of the above 5. Tasks such as Identification of systems, processes, sub-processes, tasks and jobs of an organization; definition of process boundaries that mark the entry points of the process inputs and the exit points of the process outputs; Construction of process flow diagram (flowchart) that illustrates the various process activities and their interrelationships; determination of the capacity of each step in the process; identification of the bottlenecks which is the process activity with the least capacity; evaluation of further limitations in order to quantify the impact of the bottleneck; and usage of the analysis to make operating decisions and to improve the process. This is called the- a. CAATs – Computerized Assisted Auditing Techniques b. BPATs – Business Process Analysis Techniques c. EITs- Event Identification Techniques d. None of the above 6. Bottleneck is a limiting factor, barrier, or constraint that slows down a product’s total cycle time. Process capacity management is a critical part of achieving process improvement. Bottleneck or constrain management refers to the following process- a. Identify the process barriers (bottlenecks) -these are areas with the least capacity. b. Analyze and understand the barriers. c. Remove the barriers by balancing the flow of work through the process and configuring processes carefully in order to maximize capacity. d. All of the above 7. This is a systems management philosophy where it has at least one constraint (bottleneck or barrier) limiting its output in pursuit of some goal. This slow down a product’s cycle time and limits the output of the entire system. Effectively managing this is the key to the system’s overall success. a. Theory of evolution b. Theory of constraints c. Theory of relativity d. None of the above 8. These are the principles of theory of constraints except a. It is important to concentrate on addressing specific constraints rather than trying to fix the entire system, which may or may not have tangible results. b. Constraints migrate to different components of a system, and continuous monitoring, identification and improvement of new constraints is critical. c. Each constraint limits the output of the entire system d. There are so many constraints in a system
9. Business Process Reengineering (BPR) would mean the following EXCEPT-
a. A fundamental and dramatic rethinking of business processes in order to achieve profound improvements in cost, quality, service, and speed. b. As a way to reduce the cost of management and operations in order to increase their strategic competitive advantage by many organizations in light of global competition. c. This promotes the idea that sometimes wiping the slate clean and organizing and redesigning an organization is necessary to increase costs and increase the quality of a product or service. d. This is a more radical approach to process improvement. 10. The following are quality process improvement approach that focuses on the customer experience by reducing the number of defects in a process until they approach statistical insignificance- a. Just in time Manufacturing b. Lean Manufacturing c. Six sigma d. All of the above 11. Six Sigma is a quality process improvement which offers tools for developing solutions for processes that measurably fail to meet customer requirements by producing more than 3.4 defects for million opportunities. It has five phases known as in this following order- I. DEFINE the nature of the problem; MEASURE existing performance and begin recording the data and facts that provide information about the underlying causes of the problem. II. IMPROVE the process by effecting solutions to the problem; III. CONTROL the process until the solutions become ingrained. IV. MEASURE existing performance V. ANALYZE the information to determine the root cause of the problem; a. II, V, IV, III, I b. I, IV, V, II, III c. III, I, II, IV, V d. I, II, III, IV, V INVENTORY MANAGEMENT TECHNIQUES AND CONCEPTS 12. The following are challenges in inventory management which auditors must have thorough knowledge include- I. Reducing variability in the quality, amount and timing of supply deliveries. II. Balancing the cost of holding more inventory and the cost of holding less III. Increasing production cycles times. IV. Maintaining production equipment. V. Improving demand forecasting. a. I, II, III, IV b. II, III, IV, V c. I, II, IV, V d. II, V, IV, III 13. One model that is widely used in inventory management to help determine how much of something to order. This is a control auditor should evaluate as to its effectiveness- a. Economic order quantity b. Bar code system c. Radio frequency identification system d. Perpetual inventory system ELECTRONIC FUND TRANSFER 14. This is the transfer of monetary value and financial data from one bank to another, thus it cannot involve other parties- a. Check payment b. Cash payment c. Electronic fund transfer d. None of the above 15. Electronic funds transfer presents potential risks to enterprises that use this technology. Therefore, internal auditors should be prepared to assess these risks by evaluating the adequacy and effectiveness of the controls applied. These include EXCEPT- a. Logic controls that restrict unauthorized access to EFT system. b. Program change management controls to ensure that only approved changes are made to the EFT system. c. Application controls to help ensure transaction accuracy. d. Physical controls to ensure that EFT terminals, software and media continue to perform as designed. ELECTRONIC DATA INTERCHANGE 16. Electronic data interchange has three basic layers of control- a. Administrative, Physical and Software b. General, Application, and Physical c. Administrative, Physical and Hardware d. Application, Hardware, Software 17. Internal control for EDI risks caused by data integrity loss due to lack of paper audit trail- a. Acknowledgment protocol b. Computer log, reconcile with production and receipts c. Segregation of duties, graded access levels d. Digital signature or notarization 18. Internal Control for unauthorized user access by HACKERS is by way of strengthening access control on- a. Signal meters, leakage protectors, electromagnetic shielding, penetration-resistant conduits b. Secured message routing, cable protection. Fiber optics, confidential electronic envelope, numerical sequencing c. ID/password, dial-back mechanisms, storage lockout, graded access levels d. None of the above E-COMMERCE 19. E-commerce assessment efforts will be an aspect of the annual audit plan in many organizations. Major component of E-commerce audits include the following EXCEPT- a. Assessing the control infrastructure, including the tone set by senior management. b. Providing absolute assurance that goals and objectives can be achieved. c. Determining if the risks are acceptable. d. Evaluating the business continuity and disaster recovery plans. 20. When auditing e-commerce activities, internal auditors should look for- a. Network security controls (e.g. firewalls encryption, virus protection policies, communication of security standards within and outside the enterprise) and intrusion detection systems. b. User identification systems (e.g. digital signatures) c. Application change management controls d. All of the above BUSINESS DEVELOPMENT CYCLES 21. Businesses and products have a life cycle, starting with emergence (also called the embryonic or introduction phase) and then going on to- a. Growth, maturity and decline b. Decline, growth and maturity c. Maturity, growth and decline d. Growth, decline and maturity THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO) FRAMEWORK 22. To receive ISO 9001 certification, an organization must implement a new quality management system that meets the criteria set forth in ISO 9001 or compare its current system to identify and address possible gaps. When the system has been fully implemented- a. The organization conducts an internal audit to ensure compliance with all ISO requirements. b. A certified external auditor reviews the system. c. A certified external auditor issues a compliant system, a certificate d. All of the above OUT-SOURCING/CO-SOURCING INTERNAL AUDIT ACTIVITY 23. Out-sourcing is considered for an internal audit activity when – a. An organization lacks an internal audit function and the board of directors, audit committee, and/or senior management recognize the need for it. b. An organization lacks an external audit function and the board of directors, audit committee, and/or senior management recognize the need for it. c. An organization lacks an operations audit function and the board of directors, audit committee, and/or senior management recognize the need for it. d. An organization lacks an computer audit function and the board of directors, audit committee, and/or senior management recognize the need for it. ORGANIZATIONAL DYNAMICS 24. This refers to the ways individuals and groups interact and cooperate in an organization. a. Organizational communication b. Organizational system c. Organizational dynamics d. None of the above IMPACT OF COMPUTERIZATION ON COMMUNICATION 25. Computerization and other workplace support tools have increased communication capabilities. A key advantage is the speed at which communication moves within the organization and across the globe. As many organizations have experienced advantages, there are disadvantages EXCEPT- a. E-mail message communication mistakes b. Employee and customer resistance to new technology c. Relationship misunderstandings, given less face-to-face contact d. Laptop computers and mobile devices provide the ability for employees to travel and work anywhere and anytime. STAKEHOLDER RELATIONSHIPS 26. In 2010, an Institute of Internal Auditing (IIA) task force delivered its recommendations regarding how the modern internal audit activity adds value to an organization. The IIA’s board approved the following value proposition with this equation: INTERNAL AUDITING = Assurance, Insight, and Objectivity which means a. Governance bodies and senior management rely on internal auditing for objective assurance and insight on the effectiveness and efficiency of governance, risk management and internal control processes. b. Risk Management bodies and senior management rely on internal auditing for objective assurance and insight on the effectiveness and efficiency of governance, risk management and internal control processes. c. Risk management bodies and CEO rely on internal auditing for objective assurance and insight on the effectiveness and efficiency of governance, risk management and internal control processes. d. Governance bodies and CEOrely on internal auditing for objective assurance and insight on the effectiveness and efficiency of governance, risk management and internal control processes. 27. Internal audit is a ___________ for improving an organization’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business processes. a. Anticatalyst b. Catalyst c. Innovator d. None of the above 28. This is an end product or result from internal audit’s assurance and consulting work. a. Audit report b. Audit recommendations c. Insight d. Evidence STRATEGIC MANAGEMENT 29. This is a quality tool and techniques, the methodology in which the organization compares its practices with internal best practices/goals/historical data or the best practices of other organizations and adapts these best practices for its own use. a. Six sigma b. Gap analysis c. Benchmarking d. Quality audits 30. This is an in-depth review of a company’s processes and strategy from a quality standpoint, including analysis of best and worst practices. a. Process-flow analysis b. Cause and effect diagrams c. Run Charts d. Quality audits 31. This analysis tool and techniques frequently follows a quality audit in order to identify specific problems and set distinct targets for improvements between the organization and the benchmark competitor that has the best quality in the industry. a. Process flow analysis b. Gap analysis c. Benchmarking d. Control charts 32. This is a method of analyzing operations for efficiency and control where two dimensional graphic representation of an operation in terms of the flow of activity through the process. a. Gap analysis b. Process flow analysis c. Benchmarking d. Six Sigma 33. This is too and techniques which is also called fishbone or Ishikawa diagram which uses visual to map out a list of factors that are thought to affect a problem or a desired outcome. An audit team might use such to determine the root cause of a process with many problem elements. a. Cause and effect diagrams b. Process flow analysis c. Histograms d. Six Sigma 34. SWOT Analysis uses techniques from decision analysis which presented an SO and a WO as _________________ identified while ST and WT strategy for each ____________________ identified- a. Threat; opportunity b. Opportunity; Threat c. Either a or b d. None of the above ORGANIZATIONAL BEHAVIOUR 35. Internal Auditors need to understand organizational behavior because different methods of control work better in different organizations. Also, the root cause of a control deficiency may lie in – a. Functional organizational behavior b. Conventional organizational behavior c. Dysfunctional organizational behavior d. Any of the above PROJECT MANAGEMENT TECHNIQUE 36. Monitoring and control in a project life cycle include the following project tasks in the following order: I. Analyze impact II. Compare actual and predicted outcomes. III. Track progress, especially during execution but also during planning. IV. Make adjustments to meet project objectives and acceptance criteria. a. I, II, III and IV b. II, III, IV and I c. III, IV, IV, and I d. III, II, I, and IV IT/BUSINESS CONTINUITY 37. To identify and assess the control of IT risks properly, an internal auditor must understand the challenges of IT Auditing: I. Understand the purpose of an IT control, what type of control it is and what it is meant to accomplish II. Identify which individuals or positions are responsible for performing what tasks. III. Remain current with methodologies and business objectives. IV. Balance the risk posed with the requirements of creating a control. V. Appreciate the significance of the control to the enterprise-both the benefits that accrue to the enterprise through the control (e.g. legal, compliance or competitive advantage) and the damage that a weak or nonexistent control can cause. VI. Implement an appropriate control framework and auditing plan. a. I, II, VI, IV, V, and III b. I, V, II, IV, VI and III c. II, VI, V, IV, III, and I d. II, I, III, IV, VI, and V 38. The Chief Audit Executive is responsible for ensuring a good fit between the enterprise and its IT controls and proper implementation of a control framework. This involves: I. Communicating IT risks and controls II. Establishing appropriate metrics for control success and policies for communicating with management. III. Identifying all internal and external monitoring processes. IV. Developing and implementing an appropriate risk assessment process. V. Defining and assigning appropriate roles related to IT controls for the entire organization. VI. Being aware of all legal and regulatory requirements. VII. Understanding the organization’s IT control environment. a. I, II, III, IV, V, VI, and VII b. I, III, V, VII, II, IV and VI c. VII, VI, V, IV, III, II, and I d. VII, V, III, I, VI, IV and II SECURITY 39. The internal audit activity can report to management and the board on the level of compliance with- a. Security rules, significant violations and their disposition. b. Systems that do not meet security criteria. c. Violation in segregation of duties d. None of the above 40. Effective IT General Controls are measured by the number of: I. Violations in segregation of duties. II. Incidents that damage the enterprise’s public reputation. III. Systems that do not meet security criteria. a. I only b. I and II c. II and III d. II, I and III 41. Physical security controls include the following. This are the real world means of preventing access to an asset such as locks and/or key cards preventing access to the building, to data centers and to key operational areas. a. Physical access controls b. Environmental hazard controls c. Fire and flood protection d. All of the above 42. The following are types of hardware controls EXCEPT: a. Echo check- Received data is returned to the sender for comparison b. Equipment check- These are circuitry controls that detect hardware errors c. Duplicate process check- A process is done once and not compared. d. Redundant character check- Each transmitted data element receives an additional bit (character) of data mathematically to the data. Abnormal changes will void the mathematical relationship. 43. IT operational controls include – I. Planning controls; II. Policies, standards and procedures; III. Data and program security; IV. Insurance and continuity planning; V. Controls over security providers a. I and II only b. I, III, and V c. II, IV, V d. V, IV, III, II and I 44. Data Security must be maintained EXCEPT: a. During end-users training b. On site c. During transmission d. When stored on third-party systems 45.This is a scientific discovery process applied to computer records, needed for information to be admissible evidence in a court. Properly trained auditors on this discipline must be used to avoid corrupting the data that needs to be studied- a. Computer forensics b. E-discovery c. Either Computer forensics or E-discovery d. None of the above INFORMATION PROTECTION 45. There are three universally accepted elements of information security- a. Confidentiality, integrity and availability b. Confidentiality, integrity and completeness c. Confidentiality, integrity and authenticity d. Confidentiality, integrity and collectiveness 46. Part of IT internal audit is an assessment of information vulnerabilities and recommendation for improvements. The following are indicators of poor vulnerability management Except: a. An inability to assess risks associated with vulnerabilities and to prioritize mitigation efforts. b. Lack of an asset management system c. Adequately identify IT vulnerabilities systematically, resulting to proper management thus no exposure of critical assets d. Poor working relationships between IT management and IT security. 47. This is a malicious software designed to gain access to a computer system without the the owner’s permission for the purpose of controlling or damaging the system or stealing data- a. Trojan horse b. Malware c. Hackers d. Worms 48. These are malicious programs disguised to be innocuous or using social engineering. Social engineering is a set of rhetorical techniques used to make fraudulent messages seem inviting and is initiated through deceptive emails, instant messages or phone contact. a. Trojan horses b. Malware c. Worms d. Hackers 49. This poses three fundamental questions whose answers should inform access decisions and management: Who has access to what information? Is the access appropriate for the job being performed? Are the access and activity monitored, logged and reported appropriately? a. Identity and Access Management b. Risk Management c. IT Management d. None of the above 50. Auditors evaluates encryption by- a. evaluating physical controls over computers that have password keys b. testing policies to see if they are being followed c. implementing and monitoring logic controls d. All of the above 51. Audits of application development can EXCEPT- a. A pre-implementation consulting review b. Can take the form of participative consulting during a project c. A post-implementation assurance review once a project is complete d. An assurance review of the general application development process. 52. This is where end-users are given the freedom to develop their own simple programs or analytical tools using commonly available software tools such as spreadsheets and database tools. a. Cloud computing b. End-user computing c. Electronic Vaulting d. None of the above 53. Some safeguards are available to control the risks of end-user computing I. Strong manual controls when PCs process transactions (manual review of reports) II. Commercial backup software III. Encryption of stored data IV. Use of master versions of software installed on all departments (or related) PCs V. Security cards that ask for passwords and store information about time of use. a. I, II, IV and III b. III, I, IV and V c. I, II, III, IV, and V d. I, V, IV, and II 54. These are intended to prevent computer errors by controlling data as it manually or electronically enters the system. Internal auditors should emphasize tests of these controls. Garbage-in, garbage-out. a. Output controls b. Processing controls c. Input controls d. None of the above 55. These are automated error checks built into computer processing as well as segregation of duties such as controlling programmers, access to files and records. Auditors should examine restart procedures and verify that reconstructed files have accuracy checks. a. Output controls b. Processing controls c. Input controls d. Any of the above 56. These are detective controls that find error and verify the accuracy and reasonableness of output data after processing is complete. The auditor can manually produce control samples and compare them to the system inputs and the system outputs. a. Output controls b. Processing controls c. Input controls d. None of the above 57. Auditing when ERP implementation use business reengineering. Once the methodologies have been designed, an internal auditor must, among other things: I. Evaluate the technology environment, including complexity and efficiency. II. Decide if a legacy system is still being used for any part of the process. III. Have a detailed understanding of the ERP approach, including the specific modules or controls are clearly defined and understood. a. I only b. II only c. I, II and III d. II and III 58. Senior management determines the degree of the internal auditors’ involvement in the business continuity and disaster recovery management processes considering their- a. Knowledge, skills, independence and objectivity b. Knowledge, skills, professional skeptiscm and objectivity c. Knowledge, skills, integrity and objectivity d. Knowledge, skills, integrity and honesty