Class Name

J-SOX Training (FY2011)

(Comprehension Test)

Established: November 15, 2011

march 1, 2012

Rev. 1.1

Introduction
Time required

Approx. 10 minutes

Passing score

All 10 questions must be correctly answered.

Basic instructions

Click to show the correct answer.

An explanation is provided at the end.

No. 1 (Fill in the blank)

Complete the following sentences by choosing the letter of the
expressions that go in each blank.
Under J-SOX, an error in operations is only an error if it is ( 1 ). Any (
2 ) act that differs from reality is ( 3 ).
Options

a) 1: incidental 2: intentional 3: a deficiency

b) 1: without malice 2: fraudulent 3: deliberate
c) 1: insincere 2: nonrandom 3: fraud
d) 1: unintentional 2) intentional 3) fraud
e) 1: careless 2: dishonest 3) deliberate

Correct
answer

d) 1: unintentional 2) intentional 3) fraud

No. 2 (Fill in the blank)

Complete the following sentences by choosing the letter of the
expressions that go in each blank.
In J-SOX, ( 1 ) deficiency refers to a problem in business process
design, while ( 2 ) deficiency refers to a problem in actual operation.
Options

a) 1: a desk 2) an actual
b) 1: a plan 2: an execution
c) 1: a design 2: an operational
d) 1: a mechanism 2: a practical
e) 1: an architectural 2: an operating

Correct
answer

c) 1: a design 2: an operational

No. 3 (Fill in the blank)

Complete the following sentences by choosing the letter of the
expressions that go in each blank.
In J-SOX, a risk is the danger of ( 1 ) or ( 2 ) hidden in daily
business operations and concerning ( 3 ).
Options

a) 1: miscalculation 2: omission 3: accounting

b) 1: misappropriation 2: embezzlement 3: cash
c) 1: an error 2: fraud 3: financial reporting
d) 1: action 2: inaction 3: a deficiency
e) 1: diversion 2: a scam 3: transactions

Correct
answer

c) 1: an error 2: fraud 3: financial reporting

No. 4 (Single choice)

This is a list of high-risk situations in J-SOX. One of the items does not
belong in this list.
Choose the letter of the item that doesn't belong.
Options

a) Layout change
b) System change
c) Channel change
d) Excessive dependence on individuals
e) Organizational change

Correct
answer

a) Layout change

No. 5 (Single choice)

This is a list of key points in workplace J-SOX activities. One of the
items does not belong in this list.
Choose the letter of the item that doesn't belong.

Options

a) Establish & communicate rules

b) Perform segregation of duties
c) Receive proper approval
d) Leave a trail of the work performed
e) Perform your own double check

Correct
answer

e) Perform your own double check

No. 6 (Multiple)
Which of the following phrases, from A to C, accurately describe the
"establishment and communication of rules.
Choose the letter of the option with the correct phrases.
A. Establish and clearly document rules.
B. Communicate and enforce rules in the workplace.
C. Conduct an annual review to check if rules are still appropriate for
actual operation.
Options

a) A and B
b) A and C
c) B and C
d) A and B and C
e) None of the above

Correct
answer

d) A and B and C

No. 7 (Fill in the blank)

Complete the following sentences by choosing the letter of the
expressions that go in each blank.
Segregation of duties in J-SOX should, at the very least, segregate ( 1
) from ( 2 ) to ensure that ( 3 ) is effective.
Options

a) 1: implementation 2: confirmation and approval

3: mutual supervision
b) 1: planning 2: practice 3: supplementation
c) 1: the person in charge 2: the supervisor 3: follow-up
d) 1: preparation 2: execution 3: checking
e) 1: execution 2: management 3: verification

Correct
answer

a) 1: implementation 2: confirmation and approval

3: mutual supervision

No. 8 (Single choice)

Which of the following options describes the key workplace activity of
"receiving proper approval"?

Options

a) The manager was on a business trip, so a slip was entered based on

approval from a leader without delegated authority.
b) The system workflow was not updated after the person with approval
authority changed, so approval was still being granted by the previous
person.
c) The manager was on a business trip, so the data was entered after
receiving approval over the telephone. An approval stamp was
received the following day.
d) An urgent matter was performed based on verbal approval, and an
approval stamp was never sought for the application form.
e) The manager was away, so a slip was entered based on approval
from a different manager without delegated authority.

Correct
answer

c) The manager was on a business trip, so the data was entered after
receiving approval over the telephone. An approval stamp was
received the following day.

No. 9 (Single choice)

Which of the following options describes the key workplace activity of
"leaving a trail of the work performed"?

Options

a) The input results are only visually confirmed by comparing

the system screen to the forms.
b) Order forms are not retained once they have been entered
into the system
c) There is no on-site manager and approval is only obtained
verbally by telephone.
d) Slips are confirmed, but may or may not be marked with a
confirmation stamp.
e) After checking a delivery slip, a confirmation mark is always
stamped in the number column.

Correct
answer

e) After checking a delivery slip, a confirmation mark is always

stamped in the number column.

No. 10 (Single choice)

Which of the following options describes the key workplace activity of
"proper management of access rights"?

Options

a) Workplace leaders have all-encompassing access rights in

key systems to facilitate smooth operations.
b) After changing jobs, an employee still uses their access rights
to a key system in the old workplace because it makes their
job easier.
c) An employee uses someone else's access rights to do their
job.
d) Shared access rights are used in the workplace
e) There are different types of access rights that depend on the
scope of an employee's duties.

Correct
answer

e) There are different types of access rights that depend on the

scope of an employee's duties.

No. 1

Explanation

Under J-SOX, the difference between an error" and "fraud" depends on whether the
action was "intentional" or not. An "intentional" action that differs from reality includes
not only matters pertaining to amounts and quantities but also booking dates, operation
of accounts, failure to follow proper approval procedures, and so on.

No. 2

Explanation

A situation where internal control has some kind of problem is called a "deficiency."
There are two types of deficiency: a "design deficiency" that refers to an error in
business process design, and an "operational deficiency" that refers to an error in an
actual operation.

No. 3

Explanation

In J-SOX, a "risk" is the possibility of an error" or "fraud" hidden in daily business

operations and concerning financial reporting. The internal controls are "over financial
reporting," so the scope is limited to "matters pertaining to money."

No. 4

Explanation

There are "situations with a high likelihood of occurrence" of "mistakes" and "fraud."
Situations involving "change" tend to include many unstable and incomplete elements,
creating "a high likelihood of occurrence." However, simple changes, such as changes
in seating arrangement, do not result in operational changes. Thus, a "layout change"
does not create "a high likelihood of occurrence."

No. 5

Explanation

There are six key workplace activities in J-SOX: "establish and communicate rules,"
"perform segregation of duties," "receive proper approval," "leave a trail of the work
performed," "double check by third party," and "proper management of access rights."
Although people should always double check their work, this is not considered to be an
effective form of confirmation in J-SOX because people tend to be lax when doing so.

No. 6

Explanation

There are three key points in the key workplace activity of "establish and communicate
rules": "establish and clearly document rules," "communicate and enforce rules in the
workplace," and "conduct an annual review to check if rules are still appropriate for
actual operation." All three of these must take place.

No. 7

Explanation

Under segregation of duties, at the very least "implementation" needs to be segregated

from "approval and confirmation." The mutual supervision provided by this
arrangement is vital to the establishment of proper internal control. This requirement
cannot be waived for operational reasons such as staffing shortages.

No. 8

Explanation

The receipt of proper approval requires that approval authority and "procedures
(steps/trail/timing)" be appropriate. If the manager is away on a business trip, verbal
approval is generally acceptable for proceeding with an operation. However, there is no
"trail" with verbal approval, so it must be supplemented with an approval stamp. It
cannot be considered "proper approval" unless a confirmation stamp is received
afterwards.

No. 9

Explanation

"Leaving a trail of the work performed" needs to be done in line with predefined rules.
An unreliable implementation, where a trail may or may not be left or the method of
doing so depends on the person, is not enough. The trail does not need to be an
official seal or signature, either. If defined in advance, a simple check mark is sufficient.

No. 10

Explanation

There are four key points in the key workplace activity of "proper management of
access rights": "access rights are granted after acquiring proper approval," "there are
different levels of access rights (patterns) suited to specific duties," "an appropriate
level of access rights is assigned based on duties," and "access rights are periodically
inventoried (every six months) and passwords are changed." Access rights are not
being properly managed if a user has access rights that exceed the level required for
their job. Such situations invite the risk of fraud. Access rights need to be divided into
appropriate levels and assigned based on the work being performed.