INTERNAL CONTROL 1. The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with a. Knowledge necessary for audit planning b. Evidential matter to use in assessing inherent risk c. A basis for modifying tests of controls d. An evaluation of the consistency of application 2. An auditor uses the knowledge provided by the understanding of internal control and the assessed level of control risk primarily to a. Determine whether procedures and records concerning the safeguarding of assets are reliable b. Ascertain whether the opportunities to allow any person to both perpetrate and conceal fraud are minimized c. Modify the initial assessments of inherent risk and preliminary judgments about materiality levels d. Determine the nature, timing and extent of substantive tests for financial statement assertions 3. In an audit of financial statements, an auditor’s primary consideration regarding an internal control is whether the control a. Reflects management’s philosophy and operating style b. Affects management’s financial statement assertions c. Provide adequate safeguards over access to assets d. Enhances management’s decision-making processes 4. An auditor would most likely be concerned with controls that provide reasonable assurance about the a. Efficiency of management’s decision-making process b. Appropriate prices the entity should charge for its products c. Decision to make expenditures for certain advertising activities d. Entity’s ability to initiate, record, process and report financial data 5. PSA 315 (Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment) requires the auditor to perform risk assessment procedures at a. The financial statement level only b. The assertion level only c. The financial statement level and the assertion level for classes of transactions, account balances and disclosures d. Either the financial statement or assertion level 6. The auditor’s risk assessment procedures should always include the following, except a. Inquiries of management and of others within the entity b. Analytical procedures c. Observation and inspection d. Substantive test procedures and tests of controls 7. The auditor’s risk assessment procedures a. By themselves, do not provide sufficient appropriate audit evidence on which to base the audit opinion b. Should not consider information obtained from the auditor’s previous experience with the entity c. Are designed to detect material misstatements at the assertion level for classes of transactions, account balances and disclosures d. Are designed to test the effectiveness of the entity’s controls 8. 9. The auditor should obtain an understanding of the entity’s objectives and strategies, and those business risks that may result in risks of material misstatement. Which of the following statements concerning the entity’s business risk is incorrect? a. Business risk is broader than the risk of material misstatement of the financial statements, though it includes the latter b. An understanding of the business risks facing the entity increases the likelihood of identifying risks of material misstatement c. The auditor has a responsibility to identify or assess all business risks d. Business risk may arise from the development of new products or services that may fail When obtaining an understanding of controls that are relevant to the audit, the auditor is required to a. b. c. d. Evaluate the design of those controls Determine whether those controls have been implemented Evaluate the design of those controls and determine whether they have been implemented Evaluate the design of those controls and determine whether they have been implemented by performing tests of controls 10. This internal control component is the foundation for all other components. It sets the tone of the organization, provides discipline and structure, and influences the control consciousness of employees a. Control activities b. Monitoring of controls c. Control environment d. The entity’s risk assessment process 11. An entity’s business processes are the activities designed to a. Develop, purchase, produce, sell and distribute an entity’s products and services b. Ensure compliance with laws and regulations c. Record information, including accounting and financial reporting information d. Assess the effectiveness of internal control performance over time 12. The auditor uses the understanding of internal control to I. Identify types of potential misstatements II. Consider factors that affect the risks of material misstatement III. Design the nature, timing and extent of further audit procedures a. I and II only b. I and III only c. II and III only d. I, II and III 13. Which of the following is a management control method that most likely could improve management’s ability to supervise company’s activities effectively? a. Monitoring compliance with internal control requirements imposed by regulatory bodies b. Limiting direct access to assets by physical segregation and protective devices c. Establishing budgets and forecasts to identify variances from expectations d. Supporting employees with the resources necessary to discharge their responsibilities 14. Which of the following are considered control environment factors? Detection Risk Commitment to Competence a. Yes Yes b. Yes No c. No Yes d. No No 15. Which of the following is not a component of internal control? a. Control risk b. Monitoring c. Information and communication d. The control environment 16. Which of the following factors are included in an entity’s control environment? Audit Committee Participation Integrity and ethical values Organizational Structure a. Yes Yes No b. Yes No Yes c. No Yes Yes d. Yes Yes Yes 17. Which of the following components of internal control includes development and use of training policies that communicate prospective roles and responsibilities to employees? a. Monitoring b. Control environment c. Risk assessment d. Control activities 18. Proper segregation of duties reduces the opportunities to allow persons to be in positions both to a. b. c. d. Journalize entries and prepare financial statements Record cash receipts and cash disbursements Establish internal control and authorize transactions Perpetrate and conceal errors and fraudulent acts 19. Proper segregation of functional responsibilities to achieve effective internal control calls for separation of the functions of a. Authorization, execution and payment b. Authorization, recording and custody c. Custody, execution and reporting d. Authorization, payment and recording 20. Internal control can provide only reasonable assurance of achieving an entity’s control objectives. The likelihood of achieving those objectives is affected by which limitation inherent to internal control? a. The auditor’s primary responsibility is the detection of fraud b. The board of directors is active and independent c. The cost of internal control should not exceed its benefits d. Management monitors internal control 21. Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity’s internal control? a. Incompatible duties b. Management override c. Faulty judgment d. Collusion among employees 22. An independent auditor is concerned with controls designed to safeguard assets that are relevant to the reliability of financial reporting. Adequate safeguards over access to and use of assets means protecting from a. Any management decision that would unprofitably use company resources b. Only those losses arising from fraud c. Losses such as those arising from setting a product price too low and subsequently realizing operating losses from the product’s sale d. Losses arising from access by unauthorized persons 23. An entity has many employees that access a database. The database contains sensitive information concerning the customers of the entity and has numerous access points. Access controls prevent employees from entry to those areas of the database for which they have no authorization. All salespersons have certain access permission to customer information. Which of the following is a true statement regarding the nature of the controls and risks? a. Because there is no segregation of duties among the salespersons, risk of collusion is increased b. Only one salesperson should be allowed access permission c. Sales department personnel should not have access to any part of the database d. A salesperson’s access to customer information should extend only to what is necessary to perform his/her duties 24. In obtaining an understanding of controls that are relevant to audit planning, an auditor is required to obtain knowledge about the a. Design of the controls included in the internal control components b. Effectiveness of the controls that have been placed in operation c. Consistency with which the controls are currently being applied d. Controls related to each principal transaction class and account balance 25. In obtaining an understanding of internal control in a financial statement audit, an auditor is not obligated to a. Determine whether the controls have been placed in operation b. Perform procedures to understand the design of internal control c. Document the understanding of the entity’s internal control components d. Search for significant deficiencies in the operation of internal control 26. As part of understanding internal control, an auditor is not required to a. Consider factors that affect the risk of material misstatement b. Ascertain whether internal controls have been placed in operation c. Identify the types of potential misstatements that can occur d. Obtain knowledge about the operating effectiveness of internal control 27. In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain an understanding of an entity’s internal control need not be included because of the auditor’s judgments about materiality and assessments of a. Control risk b. Detection risk c. Sampling risk d. Inherent risk 28. When obtaining an understanding of an entity’s internal controls, an auditor should concentrate on their substance rather than their form because a. The controls may be operating effectively but may not be documented b. Management may establish appropriate controls but not enforce compliance with them c. The controls may be so inappropriate that the auditor assesses control risk at the maximum d. Management may implement controls whose costs exceed their benefits 29. In obtaining an understanding of a manufacturing entity’s internal control concerning inventory balances, an auditor most likely would a. Review the entity’s descriptions of inventory policies and procedures b. Perform test counts of inventory during the entity’s physical count c. Analyze inventory turnover statistics to zidentify slow-moving and obsolete items d. Analyze monthly production reports to identify variances and unusual transactions 30. An auditor should obtain sufficient knowledge of an entity’s information system relevant to financial reporting to understand the a. Safeguards used to limit access to computer facilities b. Process used to prepare significant accounting estimates c. Procedures used to assure proper authorization of transactions d. Policies used to detect the concealment of fraud 31. In an audit of financial statements in accordance with PSAs, an auditor is required to a. Identify specific controls relevant to management’s financial statement assertions b. Perform tests of controls to evaluate the effectiveness of the entity’s accounting system c. Determine whether procedures are suitably designed to prevent or detect material misstatement d. Document the auditor’s understanding of the entity’s internal control 32. An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the auditor’s a. Assessment of control risk b. Identification of weaknesses in the system c. Assessment of the control environment’s effectiveness d. Understanding of the system 33. An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts a. Identify internal control weaknesses more prominently b. Provide a visual depiction of clients’ activities c. Indicate whether controls are operating effectively d. Reduce the need to observe clients’ employees performing routine tasks 34. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that a. Tests of controls may fail to identify procedures relevant to assertions b. Material misstatements may exist in the financial statements c. Specified controls requiring segregation of duties may be circumvented by collusion d. Entity policies may be inappropriately overridden by senior management 35. Control risk should be assessed in terms of a. Specific controls b. Types of potential fraud c. Financial statement assertions d. Control environment factors 36. After assessing control risk below the maximum level, an auditor desires to further reduce the assessed level of control risk. At this time, the auditor considers whether a. It would be efficient to obtain an understanding of the entity’s accounting system b. The entity’s internal controls have been placed in operation c. The entity’s internal controls pertain to any financial statement assertions d. Additional evidential matter sufficient to support a further reduction is likely to be available 37. An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes a. Controls are unlikely to pertain to the assertions b. The entity’s control components are interrelated c. Sufficient evidential matter to support the assertions is likely to be available d. More emphasis on tests of controls than substantive tests is warranted 38. Which of the following is a step in an auditor’s decision to assess control risk below the maximum? a. Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls b. Perform tests of details of transactions and account balances to identify potential errors and fraud c. Identify the controls that are likely to detect or prevent material misstatements d. Document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive testing 39. Which of the following is not a step in an auditor’s decision to assess control risk below the maximum? a. Evaluate the effectiveness of the control activity with tests of controls b. Obtain an understanding of the entity’s control environment c. Perform tests of details of transactions to detect material misstatements in the financial statements d. Consider whether controls can have a pervasive effect on financial statement assertions 40. Samples to test controls are intended to provide a basis for an auditor to conclude whether a. The controls are operating effectively b. The financial statements are materially misstated c. The risk of incorrect acceptance is too high d. Materiality for planning purposes is at a sufficiently low level 41. Which of the following tests of controls most likely will help assure an auditor that goods shipped are properly billed? a. Scan the sales journal for sequential and unusual entries b. Examine shipping documents for matching sales invoices c. Compare the accounts receivables ledger to daily sales summaries d. Inspect unused sales invoices for consecutive prenumbering 42. An auditor is least likely to test controls that provide for a. Approval of the purchase and sale of trading securities b. Classification of revenue and expense transactions by product line c. Segregation of the functions of recording disbursements and reconciling the bank d. Comparison of receiving reports and vendors’ invoices with purchase orders 43. After obtaining an understanding of a client’s internal control, an auditor may decide not to test the effectiveness of the computer control procedures. Which of the following is not a valid reason for choosing to omit tests of controls? a. The controls duplicate operative controls existing elsewhere in the system b. There appear to be major weaknesses that would preclude assessing control risk below the maximum level c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests of controls show the controls to be operative d. The operating effectiveness of controls appears to support a reduced assessment of control risk 44. When assessing control risk below the maximum level, an auditor is required to document the auditor’s Understanding of the Entity’s Basis for Concluding That Control Environment Control Risk is Below the Maximum Level a. Yes No b. No Yes c. Yes Yes d. No No 45. When control risk is assessed at the maximum level for all financial statement assertions, an auditor should document the auditor’s Understanding of the Conclusion that Basis for Concluding Entity’s Internal Control Risk is at the that Control Risk is at the Control Components Maximum Level Maximum Level a. Yes No No b. Yes Yes No c. No Yes Yes d. Yes Yes Yes 46. Which of the following procedures is an auditor most likely to include in the planning phase of a financial statement audit? a. Obtain an understanding of the entity’s risk assessment process b. Identify specific controls designed to prevent fraud c. Evaluate the reasonableness of the entity’s accounting estimates d. Perform cutoff tests of the entity’s sales and purchases 47. After obtaining an understanding of an entity’s internal control and assessing control risk, an auditor may next a. Perform tests of controls to verify management’s assertions that are embodied in the financial statements b. Consider whether evidential matter is available to support a further reduction in the assessed level of control risk c. Apply analytical procedures as substantive tests to validate the assessed level of control risk d. Evaluate whether the internal controls detected material misstatements in the financial statements 48. Which of the following procedures most likely will provide an auditor with evidence about whether an entity’s controls are suitably designed to prevent or detect material misstatements? a. Reperforming the controls for a sample of transactions b. Performing analytical procedures using data aggregated at a high level c. Vouching a sample of transactions directly related to the controls d. Observing the entity’s personnel applying the controls 49. In assessing control risk, an auditor ordinarily selects from a variety of techniques, including a. Inquiry and analytical procedures b. Reperformance and observation c. Comparison and confirmation d. Inspection and verification 50. An auditor generally tests the segregation of duties related to inventory by a. Personal inquiry and observation b. Test counts and cutoff procedures c. Analytical procedures and invoice recomputation d. Document inspection and reconciliation 51. Which of the following procedures concerning accounts receivable is an auditor most likely to perform to obtain evidential matter in support of an assessed level of control risk below the maximum level? a. Observing an entity’s employee prepare the schedule of past due accounts receivable b. Sending confirmation requests to an entity’s principal customers to verify the existence of accounts receivable c. Inspecting an entity’s analysis of accounts receivable for unusual balances d. Comparing an entity’s uncollectible accounts expense with actual uncollectible accounts receivable 52. An auditor assesses control risk because it a. is relevant to the auditor’s understanding of the control environment b. provides assurance that the auditor’s materiality levels are appropriate c. indicates to the auditor where inherent risk may be the greatest d. affects the level of detection risk that the auditor may accept 53. On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed level of control risk from that originally planned. To achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would a. Increase inherent risk c. Decrease inherent risk b. Decrease detection risk d. Increase materiality levels 54. An auditor uses the knowledge provided by the understanding of internal control and the final assessed level of control risk primarily to determine the nature, timing and extent of the a. Attribute tests b. Compliance tests c. Tests of controls d. Substantive tests 55. The objective of tests of details of transactions performed as tests of controls is to a. Monitor the design and use of entity documents such as prenumbered shipping forms b. Determine whether internal controls have been placed in operation c. Detect material misstatements in the account balances of the financial statements d. Evaluate whether internal controls operated effectively 56. When an auditor increases the planned assessed level of control risk because certain controls were determined to be ineffective, the auditor will most likely increase the a. Extent of tests of details b. Level of inherent risk c. Extent of tests of controls d. Level of detection risk 57. When numerous property and equipment transactions occur during the year, an auditor who plans to assess control risk at a low level usually performs a. Tests of controls and extensive tests of property and equipment balances at the end of the year b. Analytical procedures for current year property and equipment transactions c. Tests of controls and limited tests of current-year property and equipment d. Analytical procedures for property and equipment balances at the end of the year 58. A client maintains perpetual inventory records in both quantities and pesos. If the assessed level of control risk is too high, an auditor will probably a. Apply gross profit tests to ascertain the reasonableness of the physical counts b. Increase the extent of tests of controls relevant to the inventory cycle c. Request the client to schedule the physical inventory count at the end of the year d. Insist that the client perform physical counts of inventory items several times during the year 59. An auditor may compensate for a high assessed level of control risk by increasing the a. Level of detection risk b. Extent of tests of controls c. Preliminary judgment about audit risk d. Extent of analytical procedures 60. Regardless of the assessed level of control risk, an auditor should perform some a. Tests of controls to determine the effectiveness of controls b. Analytical procedures to verify the design of controls c. Substantive tests to restrict detection risk for significant transaction classes d. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk **********************