Chapter 14, Enterprise System Risks and Controls
True/False Questions
1.
A risk is any exposure to the chance of injury or loss.
Ans: True
2.
An internal control is an activity performed to minimize or eliminate a risk.
Ans: True
3.
The materiality of a risk is determined solely by its impact on the organization; that is, by
the size of the potential loss and its impact on achieving the organization's objectives.
Ans: False
Response:
Materiality of risk is also determined by its likelihood of occurring.
4.
Management may choose to ignore risks that have a low impact and a low likelihood of
occurrence unless controls to mitigate those risks are costless.
Ans: True
5.
The control environment sets the tone of the enterprise and can contribute to a high-risk
environment.
Ans: True
6.
The attitudes and actions of top management typically do not affect the climate of an
enterprise, because they are rarely onsite.
Ans: False
Response:
The attitudes and actions of top management largely determine the climate of
an enterprise.
Attitudes and actions of lower level employees typically mirror the attitudes
and actions they see in top management.
7.
An error is an intentional effort to do something undesirable to an enterprise, while an
irregularity is an unintended mistake on the part of an employee.
Ans: False
Response:
An error is an unintended mistake on the part of an employee; an irregularity is
an intentional effort to do something undesirable to an enterprise.
Dunn/Cherrington/Hollander, Enterprise Information Systems:
A Pattern Based Approach, 3e
1
This
preview
has intentionally blurred sections.
Sign up to view the full version.
Chapter 14, Enterprise System Risks and Controls
8.
Corrective controls focus on preventing an error or irregularity.
Ans: False
Response:
Preventive controls focus on error and irregularity prevention. Corrective
controls provide compensation to minimize the damage if an error or irregularity occurs.
9.
Monitoring is the process of assessing the quality of internal control performance over
time.
Ans: True
10. Economy risks include those resulting from war, epidemics, financial market changes,
terrorist attacks, and natural disasters such as floods, hurricanes, and drought.
Ans: True
11. The risk of recording incomplete, inaccurate, or invalid data about a business event is
considered a business process risk.
Ans: False
Response:
That is an information process risk.
12. Enterprises should create contingency plans for transferring operations to a backup
location in case of business interruptions.
Ans: True
13. Lapping is a method of stealing cash in which an employee steals a customer payment and
uses funds from a subsequent customer payment to post to the first customer's account,
using funds from a third customer payment to post to the second customer's account, and
continuing on in that pattern until a valid account is written off as a bad debt, the
perpetrator is caught, the perpetrator leaves the firm, or some combination of those three
possibilities.

This is the end of the preview.
Sign up
to
access the rest of the document.
- Spring '10
- Baker
- enterprise information systems
-
Click to edit the document details