INTERNAL CONTROL
1.
The primary objective of procedures performed to obtain an understanding of internal control is to provide
an auditor with
a. Knowledge necessary for audit planning
b. Evidential matter to use in assessing inherent risk
c. A basis for modifying tests of controls
d. An evaluation of the consistency of application
2.
An auditor uses the knowledge provided by the understanding of internal control and the assessed
level of control risk primarily to
a. Determine whether procedures and records concerning the safeguarding of assets are reliable
b. Ascertain whether the opportunities to allow any person to both perpetrate and conceal fraud are
minimized
c. Modify the initial assessments of inherent risk and preliminary judgments about materiality levels
d. Determine the nature, timing and extent of substantive tests for financial statement assertions
3.
In an audit of financial statements, an auditor’s primary consideration regarding an internal control is
whether the control
a. Reflects management’s philosophy and operating style
b. Affects management’s financial statement assertions
c. Provide adequate safeguards over access to assets
d. Enhances management’s decision-making processes
4.
An auditor would most likely be concerned with controls that provide reasonable assurance about the
a. Efficiency of management’s decision-making process
b. Appropriate prices the entity should charge for its products
c. Decision to make expenditures for certain advertising activities
d. Entity’s ability to initiate, record, process and report financial data
5.
PSA 315 (Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
and its Environment) requires the auditor to perform risk assessment procedures at
a. The financial statement level only
b. The assertion level only
c. The financial statement level and the assertion level for classes of transactions, account balances
and disclosures
d. Either the financial statement or assertion level
6.
The auditor’s risk assessment procedures should always include the following, except
a. Inquiries of management and of others within the entity
b. Analytical procedures
c. Observation and inspection
d. Substantive test procedures and tests of controls
7.
The auditor’s risk assessment procedures
a. By themselves, do not provide sufficient appropriate audit evidence on which to base the audit
opinion
b. Should not consider information obtained from the auditor’s previous experience with the entity
c. Are designed to detect material misstatements at the assertion level for classes of transactions,
account balances and disclosures
d. Are designed to test the effectiveness of the entity’s controls
8.
9.
The auditor should obtain an understanding of the entity’s objectives and strategies, and those business
risks that may result in risks of material misstatement. Which of the following statements concerning the
entity’s business risk is incorrect?
a. Business risk is broader than the risk of material misstatement of the financial statements, though it
includes the latter
b. An understanding of the business risks facing the entity increases the likelihood of identifying risks of
material misstatement
c. The auditor has a responsibility to identify or assess all business risks
d. Business risk may arise from the development of new products or services that may fail
When obtaining an understanding of controls that are relevant to the audit, the auditor is required to
a.
b.
c.
d.
Evaluate the design of those controls
Determine whether those controls have been implemented
Evaluate the design of those controls and determine whether they have been implemented
Evaluate the design of those controls and determine whether they have been implemented by
performing tests of controls
10.
This internal control component is the foundation for all other components. It sets the tone of the
organization, provides discipline and structure, and influences the control consciousness of employees
a. Control activities
b. Monitoring of controls
c. Control environment
d. The entity’s risk assessment process
11.
An entity’s business processes are the activities designed to
a. Develop, purchase, produce, sell and distribute an entity’s products and services
b. Ensure compliance with laws and regulations
c. Record information, including accounting and financial reporting information
d. Assess the effectiveness of internal control performance over time
12.
The auditor uses the understanding of internal control to
I.
Identify types of potential misstatements
II.
Consider factors that affect the risks of material misstatement
III.
Design the nature, timing and extent of further audit procedures
a. I and II only
b. I and III only
c. II and III only
d. I, II and III
13.
Which of the following is a management control method that most likely could improve management’s
ability to supervise company’s activities effectively?
a. Monitoring compliance with internal control requirements imposed by regulatory bodies
b. Limiting direct access to assets by physical segregation and protective devices
c. Establishing budgets and forecasts to identify variances from expectations
d. Supporting employees with the resources necessary to discharge their responsibilities
14.
Which of the following are considered control environment factors?
Detection Risk
Commitment to Competence
a.
Yes
Yes
b.
Yes
No
c.
No
Yes
d.
No
No
15.
Which of the following is not a component of internal control?
a. Control risk
b. Monitoring
c. Information and communication
d. The control environment
16.
Which of the following factors are included in an entity’s control environment?
Audit Committee Participation Integrity and ethical values
Organizational Structure
a.
Yes
Yes
No
b.
Yes
No
Yes
c.
No
Yes
Yes
d.
Yes
Yes
Yes
17.
Which of the following components of internal control includes development and use of training policies
that communicate prospective roles and responsibilities to employees?
a. Monitoring
b. Control environment
c. Risk assessment
d. Control activities
18.
Proper segregation of duties reduces the opportunities to allow persons to be in positions both to
a.
b.
c.
d.
Journalize entries and prepare financial statements
Record cash receipts and cash disbursements
Establish internal control and authorize transactions
Perpetrate and conceal errors and fraudulent acts
19.
Proper segregation of functional responsibilities to achieve effective internal control calls for separation
of the functions of
a.
Authorization, execution and payment
b.
Authorization, recording and custody
c.
Custody, execution and reporting
d.
Authorization, payment and recording
20.
Internal control can provide only reasonable assurance of achieving an entity’s control objectives. The
likelihood of achieving those objectives is affected by which limitation inherent to internal control?
a. The auditor’s primary responsibility is the detection of fraud
b. The board of directors is active and independent
c. The cost of internal control should not exceed its benefits
d. Management monitors internal control
21.
Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
a. Incompatible duties
b. Management override
c. Faulty judgment
d. Collusion among employees
22.
An independent auditor is concerned with controls designed to safeguard assets that are relevant to the
reliability of financial reporting. Adequate safeguards over access to and use of assets means protecting
from
a. Any management decision that would unprofitably use company resources
b. Only those losses arising from fraud
c. Losses such as those arising from setting a product price too low and subsequently realizing
operating losses from the product’s sale
d. Losses arising from access by unauthorized persons
23.
An entity has many employees that access a database. The database contains sensitive information
concerning the customers of the entity and has numerous access points. Access controls prevent
employees from entry to those areas of the database for which they have no authorization. All
salespersons have certain access permission to customer information. Which of the following is a true
statement regarding the nature of the controls and risks?
a. Because there is no segregation of duties among the salespersons, risk of collusion is increased
b. Only one salesperson should be allowed access permission
c. Sales department personnel should not have access to any part of the database
d. A salesperson’s access to customer information should extend only to what is necessary to perform
his/her duties
24.
In obtaining an understanding of controls that are relevant to audit planning, an auditor is required to
obtain knowledge about the
a. Design of the controls included in the internal control components
b. Effectiveness of the controls that have been placed in operation
c. Consistency with which the controls are currently being applied
d. Controls related to each principal transaction class and account balance
25.
In obtaining an understanding of internal control in a financial statement audit, an auditor is not obligated
to
a. Determine whether the controls have been placed in operation
b. Perform procedures to understand the design of internal control
c. Document the understanding of the entity’s internal control components
d. Search for significant deficiencies in the operation of internal control
26.
As part of understanding internal control, an auditor is not required to
a. Consider factors that affect the risk of material misstatement
b. Ascertain whether internal controls have been placed in operation
c. Identify the types of potential misstatements that can occur
d. Obtain knowledge about the operating effectiveness of internal control
27.
In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain
an understanding of an entity’s internal control need not be included because of the auditor’s judgments
about materiality and assessments of
a. Control risk
b. Detection risk
c. Sampling risk
d. Inherent risk
28.
When obtaining an understanding of an entity’s internal controls, an auditor should concentrate on their
substance rather than their form because
a. The controls may be operating effectively but may not be documented
b. Management may establish appropriate controls but not enforce compliance with them
c. The controls may be so inappropriate that the auditor assesses control risk at the maximum
d. Management may implement controls whose costs exceed their benefits
29.
In obtaining an understanding of a manufacturing entity’s internal control concerning inventory balances,
an auditor most likely would
a. Review the entity’s descriptions of inventory policies and procedures
b. Perform test counts of inventory during the entity’s physical count
c. Analyze inventory turnover statistics to zidentify slow-moving and obsolete items
d. Analyze monthly production reports to identify variances and unusual transactions
30.
An auditor should obtain sufficient knowledge of an entity’s information system relevant to financial
reporting to understand the
a. Safeguards used to limit access to computer facilities
b. Process used to prepare significant accounting estimates
c. Procedures used to assure proper authorization of transactions
d. Policies used to detect the concealment of fraud
31.
In an audit of financial statements in accordance with PSAs, an auditor is required to
a. Identify specific controls relevant to management’s financial statement assertions
b. Perform tests of controls to evaluate the effectiveness of the entity’s accounting system
c. Determine whether procedures are suitably designed to prevent or detect material misstatement
d. Document the auditor’s understanding of the entity’s internal control
32.
An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the
auditor’s
a. Assessment of control risk
b. Identification of weaknesses in the system
c. Assessment of the control environment’s effectiveness
d. Understanding of the system
33.
An advantage of using systems flowcharts to document information about internal control instead of
using internal control questionnaires is that systems flowcharts
a. Identify internal control weaknesses more prominently
b. Provide a visual depiction of clients’ activities
c. Indicate whether controls are operating effectively
d. Reduce the need to observe clients’ employees performing routine tasks
34.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
a. Tests of controls may fail to identify procedures relevant to assertions
b. Material misstatements may exist in the financial statements
c. Specified controls requiring segregation of duties may be circumvented by collusion
d. Entity policies may be inappropriately overridden by senior management
35.
Control risk should be assessed in terms of
a. Specific controls
b. Types of potential fraud
c. Financial statement assertions
d. Control environment factors
36.
After assessing control risk below the maximum level, an auditor desires to further reduce the assessed
level of control risk. At this time, the auditor considers whether
a. It would be efficient to obtain an understanding of the entity’s accounting system
b. The entity’s internal controls have been placed in operation
c. The entity’s internal controls pertain to any financial statement assertions
d. Additional evidential matter sufficient to support a further reduction is likely to be available
37.
An auditor may decide to assess control risk at the maximum level for certain assertions because the
auditor believes
a. Controls are unlikely to pertain to the assertions
b. The entity’s control components are interrelated
c. Sufficient evidential matter to support the assertions is likely to be available
d. More emphasis on tests of controls than substantive tests is warranted
38.
Which of the following is a step in an auditor’s decision to assess control risk below the maximum?
a. Apply analytical procedures to both financial data and nonfinancial information to detect conditions
that may indicate weak controls
b. Perform tests of details of transactions and account balances to identify potential errors and fraud
c. Identify the controls that are likely to detect or prevent material misstatements
d. Document that the additional audit effort to perform tests of controls exceeds the potential reduction
in substantive testing
39.
Which of the following is not a step in an auditor’s decision to assess control risk below the maximum?
a. Evaluate the effectiveness of the control activity with tests of controls
b. Obtain an understanding of the entity’s control environment
c. Perform tests of details of transactions to detect material misstatements in the financial statements
d. Consider whether controls can have a pervasive effect on financial statement assertions
40.
Samples to test controls are intended to provide a basis for an auditor to conclude whether
a. The controls are operating effectively
b. The financial statements are materially misstated
c. The risk of incorrect acceptance is too high
d. Materiality for planning purposes is at a sufficiently low level
41.
Which of the following tests of controls most likely will help assure an auditor that goods shipped are
properly billed?
a. Scan the sales journal for sequential and unusual entries
b. Examine shipping documents for matching sales invoices
c. Compare the accounts receivables ledger to daily sales summaries
d. Inspect unused sales invoices for consecutive prenumbering
42.
An auditor is least likely to test controls that provide for
a. Approval of the purchase and sale of trading securities
b. Classification of revenue and expense transactions by product line
c. Segregation of the functions of recording disbursements and reconciling the bank
d. Comparison of receiving reports and vendors’ invoices with purchase orders
43.
After obtaining an understanding of a client’s internal control, an auditor may decide not to test the
effectiveness of the computer control procedures. Which of the following is not a valid reason for
choosing to omit tests of controls?
a. The controls duplicate operative controls existing elsewhere in the system
b. There appear to be major weaknesses that would preclude assessing control risk below the
maximum level
c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the
tests of controls show the controls to be operative
d. The operating effectiveness of controls appears to support a reduced assessment of control risk
44.
When assessing control risk below the maximum level, an auditor is required to document the auditor’s
Understanding of the Entity’s
Basis for Concluding That
Control Environment
Control Risk is Below the Maximum Level
a.
Yes
No
b.
No
Yes
c.
Yes
Yes
d.
No
No
45.
When control risk is assessed at the maximum level for all financial statement assertions, an auditor
should document the auditor’s
Understanding of the
Conclusion that
Basis for Concluding
Entity’s Internal
Control Risk is at the
that Control Risk is at the
Control Components
Maximum Level
Maximum Level
a.
Yes
No
No
b.
Yes
Yes
No
c.
No
Yes
Yes
d.
Yes
Yes
Yes
46.
Which of the following procedures is an auditor most likely to include in the planning phase of a financial
statement audit?
a. Obtain an understanding of the entity’s risk assessment process
b. Identify specific controls designed to prevent fraud
c. Evaluate the reasonableness of the entity’s accounting estimates
d. Perform cutoff tests of the entity’s sales and purchases
47.
After obtaining an understanding of an entity’s internal control and assessing control risk, an auditor may
next
a. Perform tests of controls to verify management’s assertions that are embodied in the financial
statements
b. Consider whether evidential matter is available to support a further reduction in the assessed level
of control risk
c. Apply analytical procedures as substantive tests to validate the assessed level of control risk
d. Evaluate whether the internal controls detected material misstatements in the financial statements
48.
Which of the following procedures most likely will provide an auditor with evidence about whether an
entity’s controls are suitably designed to prevent or detect material misstatements?
a. Reperforming the controls for a sample of transactions
b. Performing analytical procedures using data aggregated at a high level
c. Vouching a sample of transactions directly related to the controls
d. Observing the entity’s personnel applying the controls
49.
In assessing control risk, an auditor ordinarily selects from a variety of techniques, including
a. Inquiry and analytical procedures
b. Reperformance and observation
c. Comparison and confirmation
d. Inspection and verification
50.
An auditor generally tests the segregation of duties related to inventory by
a. Personal inquiry and observation
b. Test counts and cutoff procedures
c. Analytical procedures and invoice recomputation
d. Document inspection and reconciliation
51.
Which of the following procedures concerning accounts receivable is an auditor most likely to perform
to obtain evidential matter in support of an assessed level of control risk below the maximum level?
a. Observing an entity’s employee prepare the schedule of past due accounts receivable
b. Sending confirmation requests to an entity’s principal customers to verify the existence of accounts
receivable
c. Inspecting an entity’s analysis of accounts receivable for unusual balances
d. Comparing an entity’s uncollectible accounts expense with actual uncollectible accounts receivable
52.
An auditor assesses control risk because it
a. is relevant to the auditor’s understanding of the control environment
b. provides assurance that the auditor’s materiality levels are appropriate
c. indicates to the auditor where inherent risk may be the greatest
d. affects the level of detection risk that the auditor may accept
53.
On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed
level of control risk from that originally planned. To achieve an overall audit risk level that is substantially
the same as the planned audit risk level, the auditor would
a.
Increase inherent risk
c. Decrease inherent risk
b.
Decrease detection risk
d. Increase materiality levels
54.
An auditor uses the knowledge provided by the understanding of internal control and the final assessed
level of control risk primarily to determine the nature, timing and extent of the
a. Attribute tests
b. Compliance tests
c. Tests of controls
d. Substantive tests
55.
The objective of tests of details of transactions performed as tests of controls is to
a. Monitor the design and use of entity documents such as prenumbered shipping forms
b. Determine whether internal controls have been placed in operation
c. Detect material misstatements in the account balances of the financial statements
d. Evaluate whether internal controls operated effectively
56.
When an auditor increases the planned assessed level of control risk because certain controls were
determined to be ineffective, the auditor will most likely increase the
a. Extent of tests of details
b. Level of inherent risk
c. Extent of tests of controls
d. Level of detection risk
57.
When numerous property and equipment transactions occur during the year, an auditor who plans to
assess control risk at a low level usually performs
a. Tests of controls and extensive tests of property and equipment balances at the end of the year
b. Analytical procedures for current year property and equipment transactions
c. Tests of controls and limited tests of current-year property and equipment
d. Analytical procedures for property and equipment balances at the end of the year
58.
A client maintains perpetual inventory records in both quantities and pesos. If the assessed level of
control risk is too high, an auditor will probably
a. Apply gross profit tests to ascertain the reasonableness of the physical counts
b. Increase the extent of tests of controls relevant to the inventory cycle
c. Request the client to schedule the physical inventory count at the end of the year
d. Insist that the client perform physical counts of inventory items several times during the year
59.
An auditor may compensate for a high assessed level of control risk by increasing the
a. Level of detection risk
b. Extent of tests of controls
c. Preliminary judgment about audit risk
d. Extent of analytical procedures
60.
Regardless of the assessed level of control risk, an auditor should perform some
a. Tests of controls to determine the effectiveness of controls
b. Analytical procedures to verify the design of controls
c. Substantive tests to restrict detection risk for significant transaction classes
d. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk
**********************