Ethics, Fraud, and Internal Control

Questions and Answers

What is a primary responsibility of the board of directors regarding ethical standards?

• To establish a code of ethical standards (correct)
• To engage suppliers
• To ensure stock prices are maximized
• To monitor employee attendance

Why should the roles of CEO and chairman be separate?

• To simplify financial reporting
• To increase stock buyback potential
• To allow for better marketing strategies
• To facilitate independent discussions during executive sessions (correct)

What role does the audit committee play according to best practices?

• To select and engage an independent auditor (correct)
• To approve all management decisions
• To ensure the company complies with marketing regulations
• To oversee daily operational tasks

What is a potential consequence of excessive use of short-term stock options for executive compensation?

Influence on stock prices at the expense of long-term health (B)

What is a crucial requirement for the nominating committee of the board of directors?

To plan for a fully staffed board with independent directors (B)

What should a code of ethics minimally address according to best practices?

Conflicts of interest and acceptance of gifts (D)

What is the main purpose of executive sessions in a board of directors' meetings?

To allow directors to discuss issues without management (D)

How should a compensation committee operate according to established best practices?

By carefully evaluating compensation schemes for desired incentives (D)

What is the primary purpose of detective controls?

To identify and expose errors that escape preventive controls (B)

How do detective controls work?

By recalculating and comparing actual occurrences to pre-established standards (D)

Which statement describes corrective controls?

These controls are actions taken to reverse the effects of detected errors (A)

What would be an example of a detective control in a sales order process?

Recalculating the total value of an order before posting (D)

What differentiates detective controls from corrective controls?

Detective controls highlight anomalies, whereas corrective controls fix problems (B)

Which of the following is NOT a function of detective controls?

Generating reports of transactions for managers (B)

In what scenario would corrective controls be needed?

After an error has already been detected by a detective control (D)

What would be a potential drawback of relying solely on preventive controls?

They may not address errors that have already occurred (A)

What is the purpose of embedded computer modules in an information system?

To allow ongoing monitoring of internal controls (A)

What do management reports primarily provide for managers?

Evidence of internal control functions or malfunctions (A)

Control activities are designed to address which aspect of organizational risk?

Dealing with identified risks (A)

What is the distinction between general controls and application controls in IT?

General controls are entity-wide, while application controls are specific to individual systems. (B)

What are physical controls in accounting systems primarily concerned with?

Human activities involving asset management (D)

Which type of control ensures the integrity of systems like accounts payable and payroll?

Application controls (A)

What is a key characteristic of effective management reports?

They identify trends and exceptions in performance. (B)

Which factor is NOT typically addressed by general IT controls?

Specific application performance (A)

What is one primary purpose of access controls?

To safeguard assets against unauthorized access (A)

What type of access is gained through records that manage asset use?

Indirect access (B)

Which of the following best illustrates an example of indirect access control?

Controlling the access to accounting records (A)

How does independent verification differ from supervision?

Independent verification occurs independently of transactions, while supervision is direct. (D)

What can independent verification procedures help management assess?

The integrity of the transaction processing system (B)

What is the primary goal of transaction authorization?

To ensure all transactions align with management's objectives (B)

When can verification procedures happen in relation to transactions?

After the transactions have occurred (C)

Which of the following is NOT an example of independent verification?

Direct supervision during a task (D)

Which type of authorization allows operations personnel to perform daily tasks without additional approvals?

General authorization (D)

The timing of verification in an accounting system can vary based on what factor?

The technology employed in the accounting system (C)

What characterizes programmed procedures in transaction authorization?

Rules are predetermined and no additional approvals are needed (C)

What is an example of specific authorization?

Deciding to extend a customer's credit limit on a case-by-case basis (C)

Which of the following is NOT a category of physical control activities mentioned?

Physical inventory counts (B)

Why is segregation of duties important in control activities?

It prevents conflict of interest and fraud (D)

What role does independent verification play in physical control activities?

It confirms the accuracy of transactions after they have been processed (A)

How does access control contribute to physical control activities?

It restricts access to sensitive information to authorized personnel (A)

Flashcards are hidden until you start studying

Study Notes

Internal Control Framework

• Control mechanisms are categorized into three types: preventive, detective, and corrective controls.
• Preventive Controls aim to prevent undesirable events before they occur.
• Detective Controls identify errors or irregularities after they have occurred, functioning as the second line of defense.
• Detective controls involve techniques that compare actual occurrences against standards to detect deviations.

Detective Controls

• Designed to identify anomalies that elude preventive measures.
• Activate alarms or alerts when discrepancies arise.
• Example: Recalculating totals on sales orders to reveal data entry errors.

Corrective Controls

• Actions taken to rectify issues identified by detective controls.
• Important distinction: detective controls highlight issues, while corrective controls fix them.

Ethical Standards and Governance

• Boards should separate the roles of CEO and chairman to enhance independence.
• Establish a code of ethics covering conflicts of interest, falsification of data, and confidentiality issues.
• Independent audit committee is crucial for engaging auditors, reviewing reports, and addressing deficiencies.

Compensation Committees

• Must critically evaluate compensation structures to avoid conflicts of interest and ensure long-term health of the organization.

Ongoing Monitoring

• Continuous monitoring can incorporate special computer modules within information systems to facilitate real-time oversight.
• Management reports provide timely data for operational oversight and control.

Control Activities

• Policies and procedures aimed at mitigating identified organizational risks.
• Two main categories: Information Technology (IT) controls and physical controls.

IT Controls

• General Controls relate to entity-wide IT concerns (data security, systems maintenance).
• Application Controls focus on specific systems (e.g., sales order processing, payroll).

Physical Controls

• Involves human activities that trigger transactions or utilize task outcomes.
• Covers security measures surrounding assets, manual processes, and accounting frameworks.

Segregation of Duties

• Ensures that responsibilities are divided to minimize risk of error or fraud.
• Transaction authorization ensures legitimacy of processed transactions.

Authorization Types

• General Authorization allows routine operations without extra approvals (e.g., inventory reorder decisions).
• Specific Authorization requires management approval for nonroutine transactions (e.g., credit limit adjustments).

Access Controls

• Protects against unauthorized asset access, which can lead to theft or data manipulation.
• Physical security and document control help prevent unauthorized access.

Independent Verification

• Involves checks by individuals not directly involved in transactions to ensure accuracy and integrity.
• Helps assess individual performance and reliability of data through reconciliation and review processes.