CCSA样题二(15')
1. Solution = A Question from Domain I
(A) Correct. Employees at all levels are responsible for internal control and getting together to discuss it in a facilitated workshop reinforces employees' responsibility.
(B) Incorrect. Internal control is a responsibility of senior management, but not solely their responsibility. While senior management is ultimately responsible for overall internal control, choice A is better because it is an underlying philosophy of CSA.
(C) Incorrect. While operational personnel will assess internal control in CSA, their assessments are not considered independent since they perform the work. Internal auditors are often called upon to provide independent assessment of internal control through validation or follow-up of CSA results.
(D) Incorrect. This is not an underlying philosophy of CSA.
Possible reference:
Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 5-7.
Control Self-Assessment: Experience, Current Thinking, and Best Practices. Prepared by Arthur Andersen LLP for The IIA-Ottawa Chapter. p. 2.
2. Solution = B
Question from Domain II
(A) Incorrect. This phrase best describes a process-based approach, although control processes are not the only processes reviewed in this approach.
(B) Correct. A control-based approach concentrates on how well controls are working to manage risks. The key risks and controls are generally identified before the workshop.
(C) Incorrect. While control design could be compared to control frameworks in a control-based approach, this does not adequately describe the process. A control-based process is more likely to examine the gap between control design and control effectiveness in managing risks.
(D) Incorrect. Cost-effectiveness could be discussed in a control-based CSA workshop, but it is not the primary focus of this process.
Possible reference:
Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 15-17, 94-95 (from IIA PPP 98-2).
3. Solution = BQuestion from Domain II
(A) Incorrect. Canceling the workshop would not be appropriate based solely on a possibility of staff resistance to group discussions.
(B) Correct. Preparation through pre-workshop interviews and meetings allows the facilitator to discuss potential problems or culture issues with management or attendees. The facilitator can then be prepared to address these issues in the workshop.
(C) Incorrect. While successes in other departments may be used in marketing CSA, they would only be relevant in this situation if the other participants had been originally resistant to group discussion as well. Choice B is a better response.
(D) Incorrect. Although CSA may often overcome resistance to group discussion, it is not guaranteed. Choice B is a better response because it addresses the need to prepare for possible resistance.
Possible reference:
Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 45-46.
4. Solution = BQuestion from Domain II
(A) Incorrect. This is a major pitfall that can impair the implementation of CSA. Use of inadequate or untrained facilitators can ruin an otherwise well-planned CSA session.
(B) Correct. While voting software can add significantly to the workshop process, it is not an absolute requirement for successful CSA implementation. For example, many smaller organizations or organizations with an open culture can have successful CSA workshops without voting software.
(C) Incorrect. This is a major pitfall that can impair the implementation of CSA. It is important to get management's agreement, commitment, and conviction that they will make the process work.
(D) Incorrect. This is a major pitfall that can impair the implementation of CSA. Starting small is the best way to proceed with an initial project. Starting with a complex project greatly increases the likelihood of failure.
Possible reference:Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 8, 47-49, 73, 87-89.
Control Self-Assessment: Experience, Current Thinking, and Best Practices. Prepared by Arthur Andersen LLP for The IIA-Ottawa Chapter. p. 47.
5. Solution = CQuestion from Domain III
(A) Incorrect. Electronic voting is only a tool. Facilitators are still required to run the workshop and promote discussion.
(B) Incorrect. Voting technology is only a tool within the CSA process. It does not automate the whole CSA process.
(C) Correct. Electronic voting allows individual participants to secretly register their beliefs/perceptions on issues being discussed. In addition, it can accumulate and quantify their votes in graphic feedback.
(D) Incorrect. Electronic voting does not limit discussion. If other topics are presented by attendees, the facilitator may broaden the discussion to include these topics, as appropriate.
Possible reference:Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 47-49.
Control Self-Assessment: Experience, Current Thinking, and Best Practices. Prepared by Arthur Andersen LLP for The IIA-Ottawa Chapter. pp. 83-85
6. Solution = DQuestion from Domain III
(A) Incorrect. This is an appropriate role of the facilitator.
(B) Incorrect. This is an appropriate role of the facilitator.
(C) Incorrect. This is an appropriate role of the facilitator.
(D) Correct. Facilitators should not offer solutions to control problems identified by the group or force their views on control on the group. The facilitator helps the group create its own solutions.
Possible reference:
Control Self-Assessment Workshop Facilitator's Guide (World Bank). The IIA's CSA Library Series 97-1. pp. 45-47.
Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 38-46
7. Solution = BQuestion from Domain III
(A) Incorrect. Although excluding individuals from a workshop is an option, it is usually based on the need to have some staff remain at operating functions or to remove individuals who may inhibit the team analysis and cooperation. This type of individual poses little risk, and encouraging them to leave a workshop that is in session might send a negative message to other participants.
(B) Correct. The facilitator must make an additional effort to have such individuals provide input and should validate their contributions in order to build up confidence. Allowing participants to provide opinions on neutral subjects could draw them out. However, the facilitator should avoid forcing a quiet participant to provide input and should allow the participant to "pass" if necessary.
(C) Incorrect. While going around the room and asking each individual to speak on a topic may provide a level of comfort for the individual to voice an opinion, requiring input may have a negative effect.
(D) Incorrect. Contacting them after the workshop to obtain their input is counter to the fundamental idea that a CSA workshop is built on group discussion.
Possible reference:
Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 40-45
8. Solution = AQuestion from Domain IV
(A) Correct. Strategies involve a general program of action to implement objectives.
(B) Incorrect. Strategies apply to objectives of operations at all levels of an organization.
(C) Incorrect. Middle- and lower-level managers are often involved in setting strategies for their operations.
(D) Incorrect. Strategies are necessary in order to plan for the achievement of objectives.
Possible reference:
Sawyer's Internal Auditing. By Lawrence B. Sawyer, Mortimer Dittenhofer, and assisted by James Scheiner. p. 1112 (4th edition).
Management. By Robert Kreitner. pp. 200-202 (6th edition).
9. Solution = DQuestion from Domain IV
(A) Incorrect. Benchmarking involves comparing with the best performance, not the average performance.
(B) Incorrect. Benchmarking involves comparing performance to that of another organization, not to planned performance.
(C) Incorrect. Benchmarking involves comparing performance to that of another organization, not to prior performance.
(D) Correct. Benchmarking involves comparing an organization's output or processes to those of another organization believed to be the best in its class.
Possible reference:
Sawyer's Internal Auditing. By Lawrence B. Sawyer, Mortimer Dittenhofer, and assisted by James Scheiner. p. 1112 (4th edition).
Management. By Robert Kreitner. pp. 114-116 (6th edition).
10. Solution = BQuestion from Domain V
(A) Incorrect. Currency devaluation risk is not a function of the organization because it is external to the organization.
(B) Correct. An example of an external risk in a developing market economy is currency devaluation, because it is external to the organization.
(C) Incorrect. Currency devaluation is an outcome, not a control.
(D) Incorrect. Currency devaluation is external to the organization and is therefore not best described as the risk that the entity will not meet its operational goals and objectives.
Possible reference:
Business Risk Assessment. By David McNamee. pp. 23-27.
Internal Control - Integrated Framework. Sponsored by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and researched and written by Coopers & Lybrand LLP. pp. 40-42
11. Solution = CQuestion from Domain V
(A) Incorrect. Warranties are not a part of inventory valuation.
(B) Incorrect. Vendor pricing policies have no impact on inventory valuation until goods are purchased. The price at the time of purchase is the only price that matters in inventory valuation, and changes in vendor pricing policies would not necessarily impact valuation.
(C) Correct. The amount of inventory loss through shrinkage directly impacts inventory valuation. Inventory shrinkage must be considered in risk models involving inventory valuation.
(D) Incorrect. Sales forecasts do not affect inventory valuation.
Possible reference:
Business Risk Assessment. By David McNamee. pp. 5-11.
12. Solution = BQuestion from Domain V
(A) Incorrect. Sharing risk between or among entities involves contractual arrangements (such as insurance).
(B) Correct. By changing the operation from purchasing supplies to making the parts (vertical integration), an entity avoids all the risks of supplier shortages (but then takes on some different risks as a manufacturer). One set of risks is generally eliminated, to be replaced by smaller and different risks.
(C) Incorrect. Diversifying risk (not putting all one's eggs in a single basket) involves setting up multiple processes. This might involve some of choice B and some of choice D.
(D) Incorrect. Hedging risk would involve protecting against loss by counterbalancing one measure against another. This might involve contracting with several suppliers, and therefore choice B would be a better description of the example given.
Possible reference:
Business Risk Assessment. By David McNamee. pp. 81-83.
13. Solution = CQuestion from Domain VI
(A) Incorrect. Monitoring is a component of the COSO model but is not the foundation for all other components. Monitoring is actually shown on top of the other components in the COSO model, because monitoring is performed over the other components to identify necessary modifications.
(B) Incorrect. Control activities are a component of the COSO model but not the foundation for all other components. Control activities are implemented to help ensure that management directives to address the risks identified in the risk assessment are carried out.
(C) Correct. The control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. It serves as the foundation for the other components.
(D) Incorrect. Information and communication systems are the components that bind the risk assessment and control activities. These systems enable an entity's employees to capture and exchange the information needed to conduct, manage, and control its operations.
Possible reference:
Internal Control - Integrated Framework. Sponsored by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and researched and written by Coopers & Lybrand LLP. pp. 23-32.
14. Solution = CQuestion from Domain VI
(A) Incorrect. A control chart displays results of a process, not the system of controls.
(B) Incorrect. A control chart displays results of a process, not control concerns.
(C) Correct. A control chart is a graph, which displays the results of a process, along with the upper and lower control limits. When the process is outside these limits, it is outside the limits of acceptable variation.
(D) Incorrect. A control chart does not assign responsibility for a process -- it simply displays the results of the process.
Possible reference:
Management. By Robert Kreitner. p. 118 (6th edition).
15. Solution = BQuestion from Domain VI
(A) Incorrect. This would be a control weakness because an individual who is independent of the cash receipt function should reconcile the bank accounts.
(B) Correct. Restrictively endorsing checks at the time of receipt deters the theft of checks and enhances control. The other items represent control weaknesses.
(C) Incorrect. This would be a control weakness because it involves a lack of segregation of duties.
(D) Incorrect. This would be a control weakness because an individual who is independent of the cash receipt function should record the cash receipts in customers' accounts.
Possible reference:
Sawyer's Internal Auditing. By Lawrence B. Sawyer, Mortimer Dittenhofer, and assisted by James Scheiner. pp. 89-108 on controls (4th edition).