Section A...
*Topic: Source & Turnaround Documents + AIS Deliverables*
*Q1. Source Documents*
Which document is the _source document_ for recording a credit sale in the AIS?
A. Customer monthly statement
B. Sales invoice
C. Cash receipts journal
D. Accounts receivable aging report
*Answer:
---
*Q2. Turnaround Documents*
Which is a _turnaround document_ in the revenue cycle?
A. Purchase order
B. Remittance advice attached to customer statement
C. Receiving report
D. Vendor invoice
*Answer:
---
*Q3. AIS Deliverables*
Which is an _AIS deliverable_ used by management, not a source document?
A. Time card
B. Budget vs actual variance report
C. Shipping document
D. Check request
*Answer
---
*Topic: Revenue Cycle – Stages, Docs, Responsibility, Controls*
*Q4. Revenue Cycle Sequence*
The correct order of revenue cycle activities is:
A. Billing → Shipping → Sales Order → Cash Collection
B. Sales Order → Shipping → Billing → Cash Collection
C. Cash Collection → Sales Order → Shipping → Billing
D. Shipping → Sales Order → Cash Collection → Billing
*Answer:
---
*Q5. Revenue Cycle Documents + Department*
Which document is prepared by the _Shipping Department_ in the revenue cycle?
A. Sales order
B. Bill of lading / Packing slip
C. Sales invoice
D. Remittance advice
*Answer
---
*Q6. Internal Control Weakness – Revenue*
The same person approves credit, ships goods, and records sales. This violates:
A. COSO Monitoring
B. Segregation of Duties
C. IT General Controls
D. Data Governance
*Answer:
---
*Topic: Expenditure/Procurement Cycle – Stages, Docs, Controls*
*Q7. Procurement Cycle Sequence*
Correct sequence for the expenditure cycle:
A. Invoice approval → Purchase requisition → PO → Receiving → Payment
B. Purchase requisition → PO → Receiving → Invoice approval → Payment
C. PO → Purchase requisition → Payment → Receiving → Invoice approval
D. Receiving → PO → Purchase requisition → Payment → Invoice approval
*Answer:
---
*Q8. Procurement Documents + Responsibility*
Which document is prepared by the _Receiving Department_?
A. Purchase requisition
B. Purchase order
C. Receiving report
D. Vendor invoice
*Answer:
---
*Q9. Internal Control Weakness – Procurement*
If AP clerk can add new vendors AND process payments, the _primary_ risk is:
A. Duplicate payments
B. Fictitious vendor fraud
C. Inventory obsolescence
D. Understatement of liabilities
*Answer:
---
*Q10. Three-Way Match*
The “three-way match” in AP prevents which risk?
A. Payroll fraud
B. Payment for goods not ordered or not received
C. Overstated depreciation
D. Underapplied FOH
*Answer:
---
*Topic: Payroll Cycle – Stages, Docs, Controls*
*Q11. Payroll Cycle Documents*
Which is the _source document_ for payroll processing?
A. Payroll register
B. Time card / Clock data
C. Payroll tax return
D. Labor distribution report
*Answer
---
*Q12. Payroll Department Responsibility*
Which department should _authorize_ overtime hours?
A. Payroll Department
B. HR Department
C. Employee’s Supervisor/Dept Manager
D. Treasury Department
*Answer:
---
*Q13. Payroll Control Weakness*
The Payroll clerk can add employees, change pay rates, and distribute checks. This creates risk of:
A. Duplicate vendor payments
B. Ghost employee fraud
C. Inventory shrinkage
D. Sales cutoff errors
*Answer:
---
*Topic: Mixed Cycles + AIS Concepts*
*Q14. AIS Input-Process-Output*
In an AIS, the chart of accounts is part of:
A. Input
B. Process
C. Storage
D. Output
*Answer:
---
*Q15. Control Activity for All Cycles*
Which control activity applies to _revenue, procurement, and payroll_ cycles?
A. Requiring purchase requisitions for all orders
B. Segregation of duties between authorization, custody, recording
C. Matching shipping docs to invoices
D. Approving overtime hours
*Answer:
---
*High-Yield Exam Notes for Cycles – 2024 Syllabus*
**Cycle** **Key Docs** **Key SOD Issue** **#1 Control**
**Revenue** Sales order, BOL, Invoice, Remittance Credit + Shipping + AR recording Sales order approval + credit check
**Procurement** Req, PO, Receiving Report, Invoice Vendor master + AP payment 3-way match + SOD
**Payroll** Time card, Payroll register Add employee + process + distribute pay HR/Payroll/Treasury SOD + supervisor approval
*IMA Trap*: Turnaround doc = computer output returned. Source doc = original input. Deliverable = report.
*SOD Rule*: If 1 person does 2 of: Authorize, Custody, Record = violation.
Section B....
MCQ 1: ERP & Segregation of Duties*
Apex Mfg is implementing SAP. During UAT, internal audit notes that users with “AP clerk” access can also post journal entries to the GL. The IT manager says segregation of duties will be fixed after go-live.
Which COSO internal control component is _most_ deficient?
A. Risk Assessment
B. Control Environment
C. Control Activities
D. Monitoring
*Answer
---
*MCQ 2: RPA & Data Quality*
Beta Corp uses RPA bots to auto-post bank fees from downloaded statements. Last month, duplicate rows in the bank file caused $50,000 duplicate fees to post. No exception report was reviewed.
Which 2 data quality dimensions were _most likely_ violated?
A. Accuracy and Validity
B. Timeliness and Completeness
C. Consistency and Accessibility
D. Uniqueness and Integrity
*Answer:
---
*MCQ 3: Cloud AIS & Data Governance*
Gamma Retail’s SaaS AIS had no defined RPO/RTO. After a ransomware attack, recovery took 5 days and 2 days of sales data was lost. The Controller stated “IT owns the cloud.”
This scenario _best_ illustrates a failure in:
A. IT General Controls – Change Management
B. Data Governance – Ownership and Data Life Cycle
C. Application Controls – Input Validation
D. COSO Monitoring – Separate Evaluations
*Answer
---
*MCQ 4: BI Dashboard & Analytics Type*
Delta Co’s Power BI dashboard shows “actual vs budget” sales. FP&A discovers actuals use cash-basis while budget is accrual-basis, causing misleading FOH variances.
The dashboard provides which type of analytics, and what is missing?
A. Predictive; missing regression analysis
B. Descriptive; missing diagnostic analysis
C. Diagnostic; missing prescriptive analysis
D. Prescriptive; missing descriptive analysis
*Answer
---
*MCQ 5: ITGC vs Application Control*
Which of the following is an example of an _IT General Control_ rather than an application control?
A. System rejects invoice if amount is negative
B. Quarterly review of user access rights to the GL module
C. Batch total of payroll hours must match detail records
D. Field format check for valid date in sales entry screen
*Answer:
---
*MCQ 6: RPA vs AI*
Which statement _correctly_ differentiates RPA from AI in an AIS context?
A. RPA uses machine learning to improve decision making over time
B. AI is best for high-volume, rule-based, repetitive tasks
C. RPA follows programmed rules and does not learn from data
D. AI cannot be used for financial statement preparation
*Answer:
---
*Exam Tips for AIS MCQs – 2024 Syllabus*
1. *SOD = Control Activities* – if 1 person can authorize + record, it’s always SOD.
2. *RPO/RTO = Business decision* – not IT’s call. RPO = data loss tolerance.
3. *Analytics order*: Descriptive → Diagnostic → Predictive → Prescriptive.
4. *ITGC vs App*: ITGC = data center/access/change. App = edit checks in 1 system.
5. *Reasonable assurance only* – never pick “eliminates all risk”.
---
*Section E: AIS Mini-Test – 15 MCQs*
*Q1. Segregation of Duties*
During an AIS review, the auditor finds the Treasury Manager can initiate wire transfers, approve wires, and reconcile the bank account. This violates which principle?
A. Control Environment
B. Risk Assessment
C. Control Activities
D. Information & Communication
*Answer:
---
*Q2. ERP Benefit*
The _primary_ benefit of an ERP system for financial reporting is:
A. Eliminates the need for internal auditors
B. Provides a single database to reduce reconciliations and improve timeliness
C. Guarantees absolute assurance of no misstatements
D. Removes all IT General Controls requirements
*Answe
---
*Q3. RPA vs AI*
Which task is _best_ suited for RPA rather than AI?
A. Predicting customer churn using historical sales patterns
B. Classifying customer emails by sentiment
C. Downloading invoices from email and entering them into AP
D. Recommending optimal selling price based on demand elasticity
*Answer:
---
*Q4. Data Governance*
Who should _own_ the definition of RPO and RTO for the cloud-based AIS?
A. IT Department
B. Cloud vendor
C. Finance/Controller
D. External auditor
*Answer:
---
*Q5. COSO Component ID*
Employees report they don’t know who to notify about suspected fraud because no policy exists. Which COSO component is deficient?
A. Control Environment
B. Risk Assessment
C. Control Activities
D. Information & Communication
*Answer
---
*Q6. ITGC vs Application Control*
Which is an IT General Control?
A. Three-way match of PO, GRN, invoice before payment
B. Program change must be tested and approved before production
C. System prevents posting if debit ≠ credit
D. Duplicate vendor invoice number is rejected
*Answer:
---
*Q7. Types of Analytics*
FP&A runs regression to forecast next quarter sales based on ad spend. This is:
A. Descriptive analytics
B. Diagnostic analytics
C. Predictive analytics
D. Prescriptive analytics
*Answer:
---
*Q8. Data Quality Dimensions*
An AIS accepts customer records with blank “State” fields. Which data quality dimension is violated?
A. Timeliness
B. Completeness
C. Accuracy
D. Consistency
*Answer:
---
*Q9. Blockchain in AIS*
The _main_ benefit of blockchain for audit trail purposes is:
A. It eliminates the need for bank reconciliations
B. It provides an immutable, time-stamped ledger
C. It guarantees financial statements are free of error
D. It reduces the cost of RPA licenses
*Answer:
---
*Q10. Preventive vs Detective*
Which control is _detective_?
A. Password complexity requirements
B. Segregation of duties for cash handling
C. Monthly bank reconciliation
D. Approval required for purchases > $10,000
*Answer:
---
*Q11. Master Data Management MDM*
MDM’s primary objective in an AIS is to:
A. Speed up month-end close by automating JEs
B. Create a single source of truth for vendors, customers, products
C. Replace the need for COSO Internal Control
D. Provide predictive analytics for sales
*Answer:
---
*Q12. R² Interpretation*
A cost regression shows R² = 0.92. This means:
A. 92% of the costs are fixed
B. 92% of cost variation is explained by the activity driver
C. The regression is not reliable
D. 8% of costs are variable
*Answer
---
*Q13. Cloud Risk*
The _biggest_ risk when moving AIS to SaaS is:
A. Slower financial reporting
B. Vendor lock-in and data security/privacy
C. Loss of ERP functionality
D. Inability to use RPA
*Answer:
---
*Q14. SOX 404 & AIS*
Under SOX 404, management must:
A. Guarantee financial statements are 100% accurate
B. Assess and report on effectiveness of ICFR, including IT controls
C. Outsource internal audit to external auditors
D. Eliminate all detective controls
*Answer
---
*Q15. Business Continuity*
RTO = 4 hours. RPO = 1 hour. After a server crash, what does this mean?
A. Systems must be restored within 1 hour, data loss ≤ 4 hours
B. Systems must be restored within 4 hours, data loss ≤ 1 hour
C. Both systems and data must be restored in 1 hour
D. RTO/RPO only apply to cloud systems
*Answer:.
---
No comments:
Post a Comment