Auditors obtain an understanding of an entitys internal control for the primary

purpose of:

A)

B)

Gathering sufficient appropriate evidence to provide a

reasonable basis for an opinion on the financial statements.

Determining the nature, extent and timing of subsequent audit

procedures to be performed.

Determining whether interim audit testing is appropriate.

C)
Providing documentary evidence to present to those charged
D) with governance.

2
An auditors primary consideration regarding an entitys internal
controls is whether they
Prevent management override.
A)
Relate to the control environment.
B)
Reflect managements philosophy and operating style.
C)

D)

Affect the financial statement assertions.

3
Which of the following statements about internal control is correct?

A)

B)

A properly maintained internal control system reasonably

ensures that collusion among employees cannot occur.

The establishment and maintenance of internal control is an

important responsibility of the internal auditor.

An exceptionally strong internal control system is enough for

the auditor to eliminate substantive procedures on a significant
C) account balance.
The cost-benefit relationship is a primary criterion that should
D) be considered in designing an internal control system.

4
Internal controls are designed to achieve company objectives in all
of the following areas except:
Safeguarding of assets.
A)
Reliability of financial reporting.
B)
Reduction of debt financing costs.
C)

D)

Compliance with laws and regulations.

5
Internal control is a process designed to provide reasonable
assurance regarding the achievement of which objective?
Effectiveness and efficiency of operations.
A)
Reliability of financial reporting.
B)
Compliance with applicable laws and regulations.
C)

D)

All of the above are correct.

6
Which of the following is not one of the five major components of
internal control?
Risk assessment.
A)
Control activities.

B)
Information and communication.
C)

D)

Human resource background checks.

7
Monitoring is a major component of the COSO Internal Control
Integrated Framework. Which of the following is not correct in how
the company can implement the monitoring component?
Monitoring can be an ongoing process.
A)
Monitoring can be conducted as a separate evaluation.
B)

C)

Monitoring and other audit work conducted by internal audit

staff can reduce external audit costs.

The independent auditor can serve as part of the entitys

D) control environment and continuous monitoring.

8
Which of the following is a proper reason for not conducting tests
of controls?

The internal control structure appears very strong.

A)

B)

C)

D)

The procedures require more audit effort than the projected

benefits to be obtained from lowering the control risk.

The company does not have any flowcharts of its system

available for review.

The auditor prefers the control risk to be the minimum.

9
After obtaining an understanding of an entitys internal control
system, an auditor may set control risk at high for some assertions
because he or she
Believes the internal controls are unlikely to be effective.
A)

B)

C)

Determines that the pertinent internal control components are

not well documented.

Performs tests of controls to restrict detection risk to an

acceptable level.

Identifies internal controls that are likely to prevent material

D) misstatements.

10
Regardless of the assessed level of control risk, an auditor would
perform some

A)

Tests of controls to determine the effectiveness of internal

controls.

Analytical procedures to verify the design of internal controls.

B)

C)

Substantive procedures to restrict detection risk for material

transaction classes.

Dual-purpose tests to evaluate both the risk of monetary

D) misstatement and preliminary control risk.

11
With preliminary control risk assessments set at high, auditors are
likely to:
Use a reliance strategy.
A)
Complete little or no tests of controls.
B)
Complete interim testing of account balances.
C)

D)

Test controls extensively.

12
Which of the following represents the correct sequence of audit
steps that come after first obtaining an understanding and
documenting the entitys internal control?

A)

B)

C)

Test of controls, assess control risk, determine extent of

substantive tests, reassess control risk.

Assess control risk, test of controls, determine extent of

substantive testing, reassess control risk.

Assess control risk, determine extent of substantive testing,

test of controls, reassess control risk.

Assess control risk, test of controls, reassess control risk,

D) determine extent of substantive testing.

13
A reliance strategy is chosen when the auditor:
Plans on conducting tests of controls.
A)
Has set the control risk at a high level.

B)
Has set the control risk at a lower level.
C)

D)

Both A) and C).

14
Understanding each of the components of internal control provides
knowledge about:
The design of tests of controls.
A)
The assessment of inherent risks.
B)
Factors that affect the risk of material misstatement.
C)

D)

Both A) and C).

15
The effectiveness of internal control is reduced by:
Computerized accounting records.

A)
Flowcharts.
B)
Human errors or mistakes.
C)

D)

Both A) and C).

16
Which of the following statements regarding auditor
documentation of the entitys internal control is correct?
Documentation must include narrative memorandums.
A)

B)

C)

No documentation is necessary to satisfy auditing standards,

however, oral inquiry is required at minimum.

Internal control questionnaires are specifically tailored to meet

the needs of each individual entity.

The auditors assessment of the level of control risk can be

documented using a structured working paper, an internal
D) control questionnaire or a memorandum.

17
In order to be able to set control risk at a lower level, the auditor
must do all of the following except:
Identify all general IT controls.
A)
Identify specific controls that will be relied upon.
B)
Perform tests of controls.
C)

D)

Conclude on the achieved level of control risk.

18
Assessing control risk below high involves all of the following
except
Identifying specific controls to rely on.
A)
Concluding that controls are ineffective.
B)
Performing tests of controls.
C)
Analysing the achieved level of control risk after performing
tests of controls.
D)

19
Which of the following audit techniques would most likely provide
an auditor with the most assurance about the effectiveness of the
operation of a control?
Inquiry of entity personnel.
A)
Reperformance of the control by the auditor.
B)
Observation of entity personnel.
C)

D)

Walk-through.

20
The highest-quality and most reliable audit evidence that
segregation of duties is properly implemented is obtained by

A)

B)

Inspection of documents prepared by a third party but which

contain the initials of those applying entity controls.

Observation by the auditor of the employees performing

control activities.

C)

D)

Inspection of a flowchart of duties performed and available

personnel.

Inquiries of employees who apply control activities.

21
An auditor may need to obtain a service auditors report when an
entity receives accounting services such as payroll from a service
organization. Which of the following statements is true regarding
this service audit report?
It should include an opinion.
A)
It provides the client auditor with a guarantee regarding
whether the entitys control procedures have been placed in
B) operation.

C)

The client auditor need not inquire about the service auditors
professional reputation.

The client auditor should perform the procedures at the service

D) organization to verify the information in the report.

22
Type 2 reports by the service organizations auditor typically

A)

B)

Provide reasonable assurance that their financial statements

are free of material misstatements.

Ensure that the entity will not have any misstatements in areas
related to the service organizations activities.

Ensure that the entity is billed correctly.

C)
Assess whether the service organizations controls are suitably
D) designed and operating effectively.

23
Significant deficiencies in internal control are matters that come to
an auditors attention that should be communicated to those
charged with governance because they represent

A)

Disclosures of information that significantly contradict the

auditors going concern assumption.

Material fraud perpetrated by high-level management.

B)

C)

Significant deficiencies in the design or operation of the

internal control.

Manipulation or falsification of accounting records or

D) documents from which financial statements are prepared.

24
A primary advantage of using generalized audit software packages
to audit the financial statements of an entity that uses an IT
system is that the auditor may

A)

B)

C)

Consider increasing the use of substantive tests of transactions

in place of analytical procedures.

Substantiate the accuracy of data through self-checking digits

and hash totals.

Reduce the level of required tests of controls to a relatively

small amount.

Access information stored on computer fi les while having a

limited understanding of the entitys hardware and software
D) features.

25
Which of the following is not considered a general control?
Back up and disaster recovery controls.
A)
Password protection on the central server.
B)

C)

Reconciliation of payroll record count with the number of active

employees.

D)

Requiring change authorization forms on all program software.

26
An auditor anticipates assessing control risk at a low level in an IT
environment. Under these circumstances, on which of the following
controls would the auditor initially focus?
Data capture controls.
A)
Application controls.
B)
Output controls.
C)

D)

General controls.

27
An auditors flowchart of an entitys accounting system is a
diagrammatic representation that depicts the auditors
Program for tests of controls.
A)

Understanding of the system.

B)

C)

D)

Understanding of the types of fraud that are probable, given

the present system.

Documentation of the study and evaluation of the system.