21) Three key duties that must always be separated under a good system of internal controls are:
A) asset handling, record keeping and transaction approval.
B) asset handling, hiring and safeguarding of assets.
C) asset handling, recordkeeping and safeguarding of assets.
D) record keeping, transaction analysis and transaction approval.
22) Which is NOT a component of comparisons and compliance monitoring?
A) control environment
B) budgets
C) audits
D) all of the above
23) The general rule that all major groups of transactions should be supported by either hard copy documents or electronic records is part of the control procedure of:
A) limited access.
B) segregation of duties.
C) adequate records.
D) proper approvals.
24) A company has a policy that all checks over $5,000 need to have the signature of the owner in addition to the signature of the bookkeeper. This is an example of:
A) limited access.
B) proper approvals.
C) adequate records.
D) encryption.
25) For companies that are too small to hire enough employees to properly separate duties,the key to good internal control is getting the owner to perform which of the following duties:
A) approving all transactions.
B) reconciling the monthly bank account or making bank deposits.
C) reconciling the monthly bank account and making bank deposits.
D) The owner should not perform any of the above duties.
26) A malicious program that enters program code without consent and performs destructive actions in the victim's computer files or programs is a(n):
A) encryption device.
B) phishing expedition.
C) computer virus.
D) fidelity bond.
27) E-commerce pitfalls include all of the following EXCEPT:
A) stolen credit card numbers.
B) phishing expedition.
C) encryption.
D) trojan horses.
28) Creating bogus websites for the purpose of stealing unauthorized data is a(n):
A) encryption device.
B) phishing expedition.
C) computer virus.
D) Trojan horse.
29) ________ rearranges messages by a mathematical formula making the message impossible to read by someone who does not know the code.
A) Encryption
B) Firewall
C) Security wall
D) Access device
30) An internal control system can be circumvented by:
A) collusion, encryption and management override.
B) collusion, management override and segregation of duties.
C) collusion, management override and human limitations.
D) nothing, if it is a good internal control system.
