Section A...
15 CMA Part 1 MCQs on AIS + Transaction Cycles* – 2024 New Syllabus Sections E + D. Covers source/turnaround docs, revenue, procurement, payroll cycles
*Topic: Source & Turnaround Documents + AIS Deliverables*
*Q1. Source Documents*
Which document is the _source document_ for recording a credit sale in the AIS?
A. Customer monthly statement
B. Sales invoice
C. Cash receipts journal
D. Accounts receivable aging report
*Answer: B. Sales invoice*
*Explanation*: Source docs initiate a transaction. Sales invoice triggers AR + Revenue entry. Statement is a turnaround doc. Aging is a report/deliverable.
---
*Q2. Turnaround Documents*
Which is a _turnaround document_ in the revenue cycle?
A. Purchase order
B. Remittance advice attached to customer statement
C. Receiving report
D. Vendor invoice
*Answer: B. Remittance advice attached to customer statement*
*Explanation*: Turnaround = computer output sent out, then returned with data added. Customer tears off remittance advice + sends with payment for cash app.
---
*Q3. AIS Deliverables*
Which is an _AIS deliverable_ used by management, not a source document?
A. Time card
B. Budget vs actual variance report
C. Shipping document
D. Check request
*Answer: B. Budget vs actual variance report*
*Explanation*: Deliverables = outputs/reports. A, C, D are inputs/source docs. Variance report supports Section B Performance Management.
---
*Topic: Revenue Cycle – Stages, Docs, Responsibility, Controls*
*Q4. Revenue Cycle Sequence*
The correct order of revenue cycle activities is:
A. Billing → Shipping → Sales Order → Cash Collection
B. Sales Order → Shipping → Billing → Cash Collection
C. Cash Collection → Sales Order → Shipping → Billing
D. Shipping → Sales Order → Cash Collection → Billing
*Answer: B. Sales Order → Shipping → Billing → Cash Collection*
*Explanation*: 1. Customer order entry, 2. Approve credit/release goods, 3. Ship, 4. Invoice, 5. Collect. Billing after shipping ensures goods sent before invoicing.
---
*Q5. Revenue Cycle Documents + Department*
Which document is prepared by the _Shipping Department_ in the revenue cycle?
A. Sales order
B. Bill of lading / Packing slip
C. Sales invoice
D. Remittance advice
*Answer: B. Bill of lading / Packing slip*
*Explanation*: Shipping prepares BOL + packing slip. Sales Dept = sales order. Billing Dept = invoice. Customer = remittance advice.
---
*Q6. Internal Control Weakness – Revenue*
The same person approves credit, ships goods, and records sales. This violates:
A. COSO Monitoring
B. Segregation of Duties
C. IT General Controls
D. Data Governance
*Answer: B. Segregation of Duties*
*Explanation*: Authorization, Custody, Recording must be separate. Risk = fictitious sales + theft. Compensating control = independent review.
---
*Topic: Expenditure/Procurement Cycle – Stages, Docs, Controls*
*Q7. Procurement Cycle Sequence*
Correct sequence for the expenditure cycle:
A. Invoice approval → Purchase requisition → PO → Receiving → Payment
B. Purchase requisition → PO → Receiving → Invoice approval → Payment
C. PO → Purchase requisition → Payment → Receiving → Invoice approval
D. Receiving → PO → Purchase requisition → Payment → Invoice approval
*Answer: B. Purchase requisition → PO → Receiving → Invoice approval → Payment*
*Explanation*: 1. Request, 2. Order, 3. Receive goods, 4. Match docs + approve, 5. Pay. Prevents payment for goods not received.
---
*Q8. Procurement Documents + Responsibility*
Which document is prepared by the _Receiving Department_?
A. Purchase requisition
B. Purchase order
C. Receiving report
D. Vendor invoice
*Answer: C. Receiving report*
*Explanation*: Receiving counts/inspects goods + creates receiving report. Purchasing = PO. User dept = requisition. Vendor = invoice.
---
*Q9. Internal Control Weakness – Procurement*
If AP clerk can add new vendors AND process payments, the _primary_ risk is:
A. Duplicate payments
B. Fictitious vendor fraud
C. Inventory obsolescence
D. Understatement of liabilities
*Answer: B. Fictitious vendor fraud*
*Explanation*: SOD violation – Authorization + Recording. Clerk creates fake vendor + pays self. Preventive control = vendor master maintenance by separate person + approval.
---
*Q10. Three-Way Match*
The “three-way match” in AP prevents which risk?
A. Payroll fraud
B. Payment for goods not ordered or not received
C. Overstated depreciation
D. Underapplied FOH
*Answer: B. Payment for goods not ordered or not received*
*Explanation*: Match PO + Receiving Report + Vendor Invoice. Detective + preventive control. Ensures quantity, price, goods received.
---
*Topic: Payroll Cycle – Stages, Docs, Controls*
*Q11. Payroll Cycle Documents*
Which is the _source document_ for payroll processing?
A. Payroll register
B. Time card / Clock data
C. Payroll tax return
D. Labor distribution report
*Answer: B. Time card / Clock data*
*Explanation*: Time cards capture hours worked = input. Payroll register + labor distribution = outputs. Tax return = compliance output.
---
*Q12. Payroll Department Responsibility*
Which department should _authorize_ overtime hours?
A. Payroll Department
B. HR Department
C. Employee’s Supervisor/Dept Manager
D. Treasury Department
*Answer: C. Employee’s Supervisor/Dept Manager*
*Explanation*: Authorization = operating dept. Payroll = recording. HR = custody of personnel files. Treasury = custody of cash. SOD required.
---
*Q13. Payroll Control Weakness*
The Payroll clerk can add employees, change pay rates, and distribute checks. This creates risk of:
A. Duplicate vendor payments
B. Ghost employee fraud
C. Inventory shrinkage
D. Sales cutoff errors
*Answer: B. Ghost employee fraud*
*Explanation*: SOD violation – Authorization + Custody + Recording. Preventive = HR adds employees, Supervisor approves rates, Payroll processes, Treasury distributes.
---
*Topic: Mixed Cycles + AIS Concepts*
*Q14. AIS Input-Process-Output*
In an AIS, the chart of accounts is part of:
A. Input
B. Process
C. Storage
D. Output
*Answer: C. Storage*
*Explanation*: Chart of Accounts = master file stored in AIS. Input = source docs. Process = posting rules. Output = financial statements.
---
*Q15. Control Activity for All Cycles*
Which control activity applies to _revenue, procurement, and payroll_ cycles?
A. Requiring purchase requisitions for all orders
B. Segregation of duties between authorization, custody, recording
C. Matching shipping docs to invoices
D. Approving overtime hours
*Answer: B. Segregation of duties between authorization, custody, recording*
*Explanation*: SOD is a universal COSO Control Activity. A, C, D are cycle-specific. IMA tests SOD in every cycle scenario.
---
*High-Yield Exam Notes for Cycles – 2024 Syllabus*
**Cycle** **Key Docs** **Key SOD Issue** **#1 Control**
**Revenue** Sales order, BOL, Invoice, Remittance Credit + Shipping + AR recording Sales order approval + credit check
**Procurement** Req, PO, Receiving Report, Invoice Vendor master + AP payment 3-way match + SOD
**Payroll** Time card, Payroll register Add employee + process + distribute pay HR/Payroll/Treasury SOD + supervisor approval
*IMA Trap*: Turnaround doc = computer output returned. Source doc = original input. Deliverable = report.
*SOD Rule*: If 1 person does 2 of: Authorize, Custody, Record = violation.
*Exam Tips for AIS MCQs – 2024 Syllabus*
1. *SOD = Control Activities* – if 1 person can authorize + record, it’s always SOD.
2. *RPO/RTO = Business decision* – not IT’s call. RPO = data loss tolerance.
3. *Analytics order*: Descriptive → Diagnostic → Predictive → Prescriptive.
4. *ITGC vs App*: ITGC = data center/access/change. App = edit checks in 1 system.
5. *Reasonable assurance only* – never pick “eliminates all risk”.
*Section B
: AIS Mini-Test – 15 MCQs*
*Q1. Segregation of Duties*
During an AIS review, the auditor finds the Treasury Manager can initiate wire transfers, approve wires, and reconcile the bank account. This violates which principle?
A. Control Environment
B. Risk Assessment
C. Control Activities
D. Information & Communication
*Answer: C. Control Activities*
*Explanation*: SOD = Control Activities per COSO. One person with Authorization + Custody + Recording creates fraud risk. This is a preventive control failure.
---
*Q2. ERP Benefit*
The _primary_ benefit of an ERP system for financial reporting is:
A. Eliminates the need for internal auditors
B. Provides a single database to reduce reconciliations and improve timeliness
C. Guarantees absolute assurance of no misstatements
D. Removes all IT General Controls requirements
*Answer: B. Provides a single database to reduce reconciliations and improve timeliness*
*Explanation*: ERP integrates modules = single source of truth. C and D are wrong – COSO gives only _reasonable_ assurance and ERP _increases_ ITGC needs.
---
*Q3. RPA vs AI*
Which task is _best_ suited for RPA rather than AI?
A. Predicting customer churn using historical sales patterns
B. Classifying customer emails by sentiment
C. Downloading invoices from email and entering them into AP
D. Recommending optimal selling price based on demand elasticity
*Answer: C. Downloading invoices from email and entering them into AP*
*Explanation*: RPA = high-volume, rule-based, repetitive tasks. A, B, D require learning/judgment = AI/ML.
---
*Q4. Data Governance*
Who should _own_ the definition of RPO and RTO for the cloud-based AIS?
A. IT Department
B. Cloud vendor
C. Finance/Controller
D. External auditor
*Answer: C. Finance/Controller*
*Explanation*: Per Data Governance, business data owners define recovery objectives. IT implements. RPO = how much data loss is acceptable. RTO = how fast to recover.
---
*Q5. COSO Component ID*
Employees report they don’t know who to notify about suspected fraud because no policy exists. Which COSO component is deficient?
A. Control Environment
B. Risk Assessment
C. Control Activities
D. Information & Communication
*Answer: D. Information & Communication*
*Explanation*: Quality info must flow down, up, and across. Missing fraud reporting channel = Information & Communication failure.
---
*Q6. ITGC vs Application Control*
Which is an IT General Control?
A. Three-way match of PO, GRN, invoice before payment
B. Program change must be tested and approved before production
C. System prevents posting if debit ≠ credit
D. Duplicate vendor invoice number is rejected
*Answer: B. Program change must be tested and approved before production*
*Explanation*: Change management = ITGC, applies to all systems. A, C, D are application controls for AP/GL.
---
*Q7. Types of Analytics*
FP&A runs regression to forecast next quarter sales based on ad spend. This is:
A. Descriptive analytics
B. Diagnostic analytics
C. Predictive analytics
D. Prescriptive analytics
*Answer: C. Predictive analytics*
*Explanation*: Predictive = “what will happen”. Regression with R² forecasts. Descriptive = what happened. Diagnostic = why it happened.
---
*Q8. Data Quality Dimensions*
An AIS accepts customer records with blank “State” fields. Which data quality dimension is violated?
A. Timeliness
B. Completeness
C. Accuracy
D. Consistency
*Answer: B. Completeness*
*Explanation*: Completeness = all required fields populated. Accuracy = value is correct. Blank field = incomplete.
---
*Q9. Blockchain in AIS*
The _main_ benefit of blockchain for audit trail purposes is:
A. It eliminates the need for bank reconciliations
B. It provides an immutable, time-stamped ledger
C. It guarantees financial statements are free of error
D. It reduces the cost of RPA licenses
*Answer: B. It provides an immutable, time-stamped ledger*
*Explanation*: Blockchain’s key feature = cannot be altered retroactively. Improves audit evidence. Does not eliminate recs or guarantee no errors.
---
*Q10. Preventive vs Detective*
Which control is _detective_?
A. Password complexity requirements
B. Segregation of duties for cash handling
C. Monthly bank reconciliation
D. Approval required for purchases > $10,000
*Answer: C. Monthly bank reconciliation*
*Explanation*: Recs find errors _after_ they occur = detective. A, B, D stop errors before = preventive.
---
*Q11. Master Data Management MDM*
MDM’s primary objective in an AIS is to:
A. Speed up month-end close by automating JEs
B. Create a single source of truth for vendors, customers, products
C. Replace the need for COSO Internal Control
D. Provide predictive analytics for sales
*Answer: B. Create a single source of truth for vendors, customers, products*
*Explanation*: MDM ensures master files are consistent across systems. Prevents duplicate vendors, wrong ship-to, etc.
---
*Q12. R² Interpretation*
A cost regression shows R² = 0.92. This means:
A. 92% of the costs are fixed
B. 92% of cost variation is explained by the activity driver
C. The regression is not reliable
D. 8% of costs are variable
*Answer: B. 92% of cost variation is explained by the activity driver*
*Explanation*: R² = coefficient of determination. High R² = strong relationship. Used in cost estimation.
---
*Q13. Cloud Risk*
The _biggest_ risk when moving AIS to SaaS is:
A. Slower financial reporting
B. Vendor lock-in and data security/privacy
C. Loss of ERP functionality
D. Inability to use RPA
*Answer: B. Vendor lock-in and data security/privacy*
*Explanation*: SaaS = data outside company. Key risks: vendor failure, breach, GDPR/CCPA compliance. Usually improves speed.
---
*Q14. SOX 404 & AIS*
Under SOX 404, management must:
A. Guarantee financial statements are 100% accurate
B. Assess and report on effectiveness of ICFR, including IT controls
C. Outsource internal audit to external auditors
D. Eliminate all detective controls
*Answer: B. Assess and report on effectiveness of ICFR, including IT controls*
*Explanation*: SOX 404 = Mgmt tests ICFR + auditor attests. ITGCs are part of ICFR. No guarantee of 100% accuracy.
---
*Q15. Business Continuity*
RTO = 4 hours. RPO = 1 hour. After a server crash, what does this mean?
A. Systems must be restored within 1 hour, data loss ≤ 4 hours
B. Systems must be restored within 4 hours, data loss ≤ 1 hour
C. Both systems and data must be restored in 1 hour
D. RTO/RPO only apply to cloud systems
*Answer: B. Systems must be restored within 4 hours, data loss ≤ 1 hour*
*Explanation*: RTO = Recovery Time Objective = downtime tolerance. RPO = Recovery Point Objective = data loss tolerance.
