Choose the one alternative that best completes the statement or answers the question.
1) Which of the factors listed below is not a common factor for fraud? 1) _______
A) rationalization for the crime
B) desire to get even with the employer
C) opportunity to commit fraud
D) pressure to commit fraud
2) Misappropriation of assets can also be called 2) _______
A) Fraudulent financial reporting
B) Management fraud
C) Employee fraud
D) Computer fraud
3)Which type of antivirus program is most effective in spotting an infection soon after it starts? 3) _______
A) a virus detection program
B) a virus protection program
C) a virus identification program
D) none of the above
4) How can an organization reduce fraud losses? 4) _______
A) require vacations and rotate duties
B) maintain adequate insurance
C) encrypt data and programs
D) use forensic accountants
5) A ________ is similar to a ________, except that it is a program rather than a code segment hidden in a host program. 5) _______
A) worm; virus
B) worm; Trojan horse
C) Trojan horse; worm
D) virus; worm
6) Which method of fraud is physical in its nature rather than electronic? 6) _______
7) The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called 7) _______
8) Intentional or reckless conduct that results in materially misleading financial statements is called 8) _______
A) financial fraud.
B) misstatement fraud.
C) audit failure fraud.
D) fraudulent financial reporting.
9) The potential dollar loss that could result if an unwanted event occurs is called a(n) 9) _______
B) extraordinary loss.
10) The likelihood that an adverse or unwanted event could occur is referred to as a(n) 10) ______
11) Which of the following federal laws incorporated the language of the AICPA about controls into a law applying to all registered companies? 11) ______
A) Foreign Corrupt Practices Act of 1977
B) The Securities Act of 1933
C) Federal Corruption Prevention Act of 1987
D) The Securities Exchange Act of 1934
12) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter 12) ______
A) fraud by outsiders
B) unintentional errors
C) employee fraud or embezzlement
D) payroll irregularities
13) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinion about government regulation. It seems that, as a result of “government interference” the company’s longstanding policy of making low-interest loans to top management was being terminated. The regulation that Chuck is referring to is the 13) ______
A) Truth in Lending Act
B) McCain-Feingold Act
C) Sarbanes-Oxley Act
D) Foreign Corrupt Practices Act
14) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits unless there is evidence of criminal negligence. What is the expected loss without insurance? 14) ______
15) The risk that remains after management implements internal controls is 15) ______
A) Risk appetite
B) Residual risk
C) Risk assessment
D) Inherent risk
16) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits unless there is evidence of criminal negligence. What is the expected loss with insurance? 16) ______
17) There are different types of internal controls available to an organization. The type of controls that deters problems before they arise are called 17) ______
A) preventive controls.
B) corrective controls.
C) exposure controls.
D) detective controls.
18) According to SysTrust, the reliability principle of integrity is achieved when 18) ______
A) the system is available for operation and use at times set forth by agreement.
B) system processing is complete, accurate, timely, and authorized.
C) the system can be maintained as required without affecting system availability, security, and integrity.
D) the system is protected against unauthorized physical and logical access.
19) An electronic document that certifies the identity of the owner of a particular public key. 19) ______
A) Public key
B) Asymmetric encryption
C) Digital signature
D) Digital certificate
20) In developing policies related to personal information about customers, Folding Squid Technologies adhered to the Trust Services framework. The standard applicable to these policies is 20) ______
21) In a private key system the sender and the receiver have ________, and in the public key system they have ________. 21) ______
A) the same key; two separate keys
B) an encrypting algorithm; a decrypting algorithm
C) different keys; the same key
D) a decrypting algorithm; an encrypting algorithm
22) Which of the following is an example of a corrective control? 22) ______
A) Physical access controls
B) Intrusion detection
C) Emergency response teams
23) A more rigorous test of the effectiveness of an organization’s computer security. 23) ______
A) Vulnerability scan
B) Penetration test
C) Log analysis
D) Intrusion detection system
24) Which of the following is not a requirement of effective passwords? 24) ______
A) Passwords should be no more than 8 characters in length.
B) Passwords should contain a mixture of upper and lowercase letters, numbers and characters.
C) Passwords should be changed at regular intervals.
D) Passwords should not be words found in dictionaries.
25) An auditor examining a firm’s accounting information system creates a fictitious customer in the system and then creates several fictitious sales to the customer. The records are then tracked as they are processed by the system. This is an example collecting audit evidence using 25) ______
A) a system control audit review file.
B) an integrated test facility.
C) audit hooks.
D) the snapshot technique.
E) continuous and intermittent simulation.
26) The ________ part of the auditing process involves (among other things) the auditors observing the operating activities and having discussion with employees. 6) ______
A) communication of audit results
B) evaluation of audit evidence
C) audit planning
D) collection of audit evidence
27) The evidence collection method that considers the relationship and trends among information to detect items that should be investigated further is called 27) ______
A) physical examination.
C) analytical review.
D) review of the documentation.
28) One way an auditor gauges how much audit work and testing needs to be performed is through evaluating materiality and seeking reasonable assurance about the nature of the information or process. What is key to determining materiality during an audit? 28) ______
A) the testing of records, account balances, and procedures on a sample basis
B) determining if material errors exist in the information or processes undergoing audit
C) determining what is and is not important given a set of circumstances is primarily a matter of judgment
D) none of the above
29) The ________ to auditing provides auditors with a clear understanding of possible errors and irregularities and the related risks and exposures. 29) ______
A) financial audit approach
B) risk-adjusted approach
C) risk-based approach
D) information systems approach
30) The ________ audit is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. 30) ______
D) information systems