SEC 592 Week 8 Quiz

SEC 592  Week 8 Quiz | Devry University

Week 8: Final Exam

Question 1

 (TCO A) The components of COSO’s Enterprise Risk Management include all of the following except  

·         internal environment.  

·         objective setting.  

·         event identification.  

·         risk control strategies.

 

Question 2

 (TCO A) Which of the following is not a COBIT component?  

·         Framework  

·         Control Objectives  

·         IT guidelines  

·         Management guidelines

 

Question 3

 (TCO B) The function of enterprise risk management (ERM) is to  

·         draw a line from COBIT standards to COSO I standards.  

·         identify senior officers in the company responsible for risk management execution.  

·         enable management to effectively deal with uncertainty and associated risk and opportunity, thereby enhancing the capacity to build value.  

·         set the vision for how risk management is conducted in a division or department.

 

Question 4

 (TCO B) Which of the following is not a best practice to ensure good governance and ethics in an organization?  

·         Create a chief compliance officer 

·         Create an ethics code of conduct  

·         Hide behind the United States and the generally accepted accounting principles  

·         Use compliance software to balance internal controls

 

Question 5

 (TCO C) Sarbanes-Oxley and HIPAA: 

·         can be implemented in lieu of each other.  

·         address the full regulatory compliance required of public companies.  

·         are mutually exclusive and do not relate to each other in any meaningful way.  

·         require COBIT to achieve full regulatory compliance.

 

 Question 6

(TCO C) What section of the Sarbanes-Oxley Act requires companies to fully document and attest to the effectiveness of their organization’s internal controls?  

·         Section 302  

·         Section 404  

·         Section 201  

·         Section 200

 

Question 7

 (TCO D) Which of the following can be included in a compliance project checklist?  

·         Create a basic plan project  

·         List all key processes  

·         Evaluate and select compliance software  

·         All of the above

 

Question 8

 (TCO D) Issues that surround SAS 70 audits include all of the following except  

·         the time discrepancy between the SAS 70 report and the organization's year-end financial reporting.  

·         the process of conducting quarterly SAS 70 audits adds additional auditing costs.  

·         possible conflicts of interest if a service provider uses the same auditor as its customer.  

·         the six-month deadline for Type II reporting should help meet the compliance deadline.

 

Question 9

 (TCO D) Which of the following companies paid a $300 million fine to settle fraud charges for overstating its number of Internet subscribers and online advertising revenue? 

·         Adelphia  

·         ATT 

·         Time Warner 

·         WorldCom

 

Question 10

 (TCO E) Which of the following is not an example of an inadequate internal control that may need to be subject to corrective action under SOX Section 404?  

·         Poor item/parts master control  

·         Poor purchase and customer order visibility  

·         Poor human resource disciplinary action  

·         Violations of segregation of duties

 

Question 11

 (TCO E) Best practices in documenting Internal Control include all of the following except which one?  

·         Paper work and approval flows  

·         Risk management tools  

·         Event management tools  

·         Document management tools

 

Question 12

 (TCO E) Filing an 8-K Form under Section 409 means that  

·         the company is reporting a material change that will affect its financial reporting.  

·         the company is reporting an ethical violation that will require SEC intervention.  

·         the company is reporting a breach of internal controls.  

·         the company will be late in filing its 10K.

 

Question 13

 (TCO F) Which of the following is not a consideration when developing policies, procedures, and practices relating to computer investigations?  

·         Repair and recovery  

·         Mitigation  

·         Prevention and sanctions  

·         Reporting to law enforcement

 

Question 14

 (TCO F) Computer forensics consists of all of the activities except which of the following?  

·         Acquiring data  

·         Judging data  

·         Examining data  

·         Presenting data

 

Question 15

 (TCO F) Which of the following is not a key element that should be kept in mind when testing Control Objectives as part of a SOX test?  

·         Selection of correct sample size  

·         Rationale of sample size  

·         Method to capture test results  

·         All of the above are key elements

 

Question 16

 (TCO A) When does a “safe harbor” apply, and what are four safe harbor items recognized by the SEC?

 

Question 17

 (TCO B) What do you think is the value of Segregation of Duties (SOD) as it pertains to SOX?

 

Question 18

 (TCO C) Analyze and compare the BASEL II framework with SOX Section 404. What is BASEL II and how is it similar or different from SOX?

 

Question 19

 (TCO D) Assess and explain the importance of the IT governance focus area of performance measurement.

 

Question 20

 (TCO E) How would you assess the fundamental differences between small and large companies regarding their respective internal control processes?

Question 21

 (TCO F) Compare and contrast the SOX Process Flow with Deming’s Plan, Do, Check, and Act quality model.

Question 22

 (TCO F) How would you create a Test Plan form as part of a SOX audit? What are some of the key sections of this document? Describe them.