This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 7Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control TRUE/FALSE 1. Organizational governance is a process by which organizations select objectives, establish processes to achieve objectives, and monitor performance. ANS: T 2. Fraud is the possibility that an event or action will cause an organization to fail to meet its objectives (or goals). ANS: F 3. Management is responsible for establishing and maintaining an adequate system of internal control ANS: T 4. A major reason management must exercise control over an organizations business processes is to provide reasonable assurance that the company is in compliance with applicable legal and regulatory obligations. ANS: T 5. Expected gross risk is a function of the initial expected gross risk, reduced risk exposure due to con- trols, and cost of controls. ANS: F 6. Under the Sarbanes Oxley Act of 2002, the section on Auditor Independence establishes an independ- ent board to oversee public company audits. ANS: F 7. Under the Sarbanes Oxley Act of 2002, the section on Corporate Responsibility requires a companys CEO and CFO to certify quarterly and annual reports. ANS: T 8. Under the Sarbanes Oxley Act of 2002, the section on Enhanced Financial Disclosures requires each annual report filed with the SEC to include an internal control report. ANS: T 9. Under the Sarbanes Oxley Act of 2002, the section on Corporate Tax Returns Section 1001, conveys a sense of the Senate that the corporate federal income tax returns be signed by the treasurer. ANS: F 10. Managements legal responsibility to prevent fraud and other irregularities is implied by laws such as the Foreign Corrupt Practices Act ANS: T 11. Risks are those events that could have a negative impact on organization objectives. ANS: T 12. Opportunities are events that could have a positive impact on organization objectives. ANS: T 13. Risk assessment is the entity's identification and analysis of relevant risks to achievement of its object- ives, forming a basis for determining how the risks should be managed. ANS: T 14. The control environment reflects the organizations general awareness and commitment to the import- ance of control throughout the organization. ANS: T 15. External directives are the policies and procedures that help ensure that management directives are car- ried out. ANS: F 16. Establishing a viable internal control system is the responsibility of management. ANS: T 17. Monitoring is a process that assesses the quality of internal control performance over time. ANS: T 18. The external environment is a system of integrated elements--people, structures, processes, and pro- cedures--acting together to provide reasonable assurance that an organization achieves both its opera- tions system and its information system goals....
View Full Document
- Spring '11