COSO, COBIT, AND MANUAL INTERNAL CONTROL

Angeles, Nikka Lei S.

Cordero, Joana Maidy C.

Cruz, Aira Nicole R.

Cruz, Maripe S.

De Ocera, Genierose M.

Feliciano, Erissa Joy P.

Galvez, Arcelyn Joyce M.

Magat, Kathreene C.

Nepomuceno, Mary Joyce S.P.

Rivera, Shaira Rehj R.

Parulan, Joyce Kristine R.

San Gabriel, Pamela Mae T.

COSO
1. When comparing the COSO internal control framework with the COSO enterprise risk management
framework, which of the following categories is unique to the latter?
a. Risk response
b. Monitoring
c. Risk assessment
d. Information and communication

2. Which of the following is considered a control environment factor by the COSO definition of internal
control?
a. Integrity and ethical values
b. Reasonable assurance
c. Control objectives
d. Risk assessment

3. According to COSO, which of the following is the most effective method to transmit a message of
ethical behavior throughout an organization?
a. Demonstrating appropriate behavior by example
b. Specifying the competence levels for every job in an organization and translating those levels to
requisite knowledge and ski
c. Strengthening internal audit's ability to deter and report improper behavior
d. Removing pressures to meet unrealistic targets, particularly for short-term results

4. Bill is responsible for custody of the finished goods in the warehouse. If his company wishes to maintain
strong internal control, which of the following responsibilities are incompatible with his primary job?
a. He is responsible for the accounting records for all the receipts and shipments of goods from
the warehouse
b. He is responsible for receiving of goods into the warehouse
c. He is responsible for the company's fix asset control ledger
d. He is responsible for issuing goods for shipment

5. Within the COSO Internal Control - Integrated Framework, which of the following components is
designed to ensure that internal controls continue to operate effectively?
a. Risk assessment
b. Control environment
c. Information and communication
d. Monitoring

6. The COSO framework treats internal control as a process designed to provide reasonable assurance
regarding the achievement of objectives related to
a. Reliability of financial reporting.
b. Effectiveness and efficiency of operations.
c. Compliance with applicable laws and regulations.
d. All of the answers are correct.

7. According to COSO, which of the following is a compliance objective?

a. To maintain adequate staffing to keep overtime expense within budget.
 b. To maintain a safe level of carbon dioxide emissions during production.
c. To maintain material price variances within published guidelines.
d. To maintain accounting principles that conform to GAAP.

8. Company management completes event identification and analyzes the risks. The company wishes to
assess its risk after management's response to the risk. According to COSO, which of the following
types of risk does this situation represent?
a. Inherent risk.
b. Residual risk.
c. Event risk.
d. Detection risk.

9. Components of enterprise risk management (ERM) are integrated with the management process. Which
of the following correctly states four of the eight components of ERM according to the COSO's
framework?
a. Event identification, risk assessment, control activities, and objective setting.
b. Internal environment, risk responses, monitoring, and risk minimization.
c. External environment, information and communication, monitoring, and event identification.
d. Objective setting, response to opportunities, risk assessment, and control activities.

COBIT
1. Which item describes a key component of a Governance System?
a. Setting the Governance Framework
b. Identifying responsibilities for governance
c. Ensuring compliance with regulations
d. Optimization of IT assets, resources and capabilities

2. Which is a requirement of the Framework element, within the principles, policies and framework
model?
a. To express the core values of the enterprise
b. To provide a logical flow for staff to comply with the framework
c. To be flexible enough to allow adaption to the enterprise's specific situation
d. To describe the desired outcome of a process

3. Identify the missing word in the following sentence. One of the benefits of the COBIT 5 capability
assessment model is improved reliability and ________ of process capability assessment activities and
evaluations.
a. Enablement
b. Repeatability
c. Effectiveness
d. Integrity

4. What attributes describes the quantity of information that is suitable for the required activity?
a. Relevancy
b. Completeness
c. Appropriate amount of information
d. Ease of manipulation
 5. What term refers to an artifact associated with the execution of a process?
a. Process Purpose
b. A Base Practice
c. A Process Outcome
d. A Work Product

6. Which attribute is relevant to a Process Activity?

a. Provides statements of actions to deliver benefits
b. Aligns with standards and good practices
c. Provides specific detailed activities
d. Supports establishment of distinct roles and responsibilities

7. Which factor may indicate a need for the improved governance of enterprise IT?
a. Key program roles and responsibilities should be defined and assigned
b. A focus on quick wins and prioritizing the most beneficial improvements that are implement is
needed
c. Significant incidents related to IT risk, such as data loss or project failure, have been experienced
d. Tailoring COBIT and other supporting good practices and standards to Tit the unique context of the
enterprise is required
Manual Internal Control
1. It talks about the effectiveness of the entity's internal control that is included in management's report on
internal control.
a. Material Weakness
b. Relevant assertion
c. Management’s assertion
d. Preventive control

2. Because of its importance to financial reporting and to the integrated audit, the auditor should evaluate
the period-end financial reporting process. Which is not included?
a. Procedures used to enter transaction totals into the general ledger
b. Procedures related the inputs, procedures performed, and outputs of the processes the entity
uses to produce its financial statements
c. Procedures used to initiate, authorize, record, and process journal entries in the general ledger
d. Procedures used to record recurring and nonrecurring adjustments to the financial statements

3. The tasks performed during an internal audit assurance engagement should address the following
questions:
i. what are the reasons for the results?
ii. how can performance be improved?
iii. what resutls are being achieved?
The chronological order in which these questions should be addressed is:
a. iii, i, and ii
b. i, iii, ii
c. iii, ii, i
d. ii, iii, i
4. Internal auditors obtain an understanding of controls and perform tests of controls to:
a. Detect material misstatements in account balances
b. Reduce control risk to an acceptably low level.
c. Evaluate the design adequacy and operating effectiveness of the controls.
d. Assess the inherent risks associated with transactions.

5. Which of the following is not likely to be an assurance engagement objective?

a. Evaluate the design adequacy A process objective stating "All contof the payroll input process.
b. Guarantee the accuracy of recorded inventory balances.
c. Assess compliance with health and safety laws and regulations.
d. Determine the operating effectiveness of fixed asset controls

6. If an internal auditor identifies an exception while testing, which of the follwoing may be appropriate?
a. Test additional items to determine whether the exception is an isolated occurrence or indicative of a
control deficiency.
b. Gain an understanding of the root cause, that is, the reason the exception occurred.
c. Draft an observation for the audit report.
d. All of the above

7. Which of the following would be least likely to be considered an objective of internal control?
a. Checking the accuracy and reliability of accounting data
b. Detecting management fraud
c. Encouraging adherence to managerial policies
d. Safeguarding assets

8. An entity’s ongoing monitoring activities often include:

a. Periodic audits by internal auditors
b. The audit of the annual financial statements
c. Approval of cash disbursements
d. Management review of weekly performance reports
e.
9. Controls over financial reporting are often classified as preventative, detective, or corrective. Which of
the following is an example of a detective control?
a. Segregation of duties over cash disbursements
b. Requiring approval of purchase transactions
c. Preparing bank reconciliations
d. Maintaining backup copies of key transactions
10. Effective internal control in a small company that has an insufficient number of employees to permit
proper separation of responsibilities can be improved by:
a. Employment of temporary personnel to aid in the separation of duties.
b. Direct participation by the owner in key record keeping and control activities of the
business
c. Engaging a CPA to perform monthly write-up work
d. Delegation of full, clear-cut responsibility for a separate major transaction cycle to each
employee
11. A primary objective of procedures performed to obtain an understanding of internal control is to provide
the auditors with:
a. Knowledge necessary to determine the nature, timing, and extent of further audit
procedures.
b. Audit evidence to use in reducing detection risk.
c. A basis for modifying tests of controls.
d. An evaluation of the consistency of application of management policies.
12. Which of the following is not one of the three primary objectives of effective internal control?
a. Reliability of financial reporting
b. Efficiency and effectiveness of operations
c. Compliance with laws and regulations
d. Assurance of elimination of business risk

13. Inherent limitations in an internal control must be considered in evaluating its effectiveness in
preventing and detecting errors and fraud. Inherent limitations do not include:
a. Misunderstanding of instructions, mistakes of judgment, personal carelessness, distraction or
fatigue
b. Incompatible functions performed by the same person
c. Collusion among employees
d. Management override of certain policies or procedures

14. An advantage of conducting environmental audits under the direction of the internal audit activity is that
a. Independence and authority are already in place
b. Technical expertise is more readily available
c. The financial aspects are de-emphasized
d. Internal auditing work products are confidential

15. After documenting the client's prescribed internal control structure, the auditors will often perform a
walk-through of each transaction cycle. An objective of a walk-through is to
a. Verify that the structure has been placed in operation
b. Replace tests of controls
c. Evaluate the major strengths and weaknesses in the client's structure
d. Identify weaknesses to be communicated to management in the management letter

16. The major elements of an internal control structure include all of the following, except:
a. The accounting system
b. The control environment
c. Segregation of duties
d. Control procedures

17. Which of the following activities would be least likely to strengthen a company's internal control?
a. Separating accounting form other financial operations
b. Maintaining insurance for fire and theft
c. Fixing responsibility for the performance of employee duties
d. Carefully selecting and training employees.

18. Which of the following sets of duties would ordinarily be considered basically incompatible in terms of
good internal control?
 a. Preparation of monthly statements to customers and maintenance of the accounts receivable
subsidiary ledger.
b. Posting to the general ledger and approval of additions and terminations relating to the payroll
c. Custody of unmailed signed checks and maintenance of expense subsidiary ledgers
d. Collection of receipts on account and maintaining accounts receivable records

19. Which of management's assertions with respect to implementing internal controls is the auditor
primarily concerned?
a. Efficiency of operations
b. Reliability of financial reporting
c. Effectiveness of operations
d. Compliance with applicable laws and regulations

20. Internal controls are not designed to provide reasonable assurance that:
a. All frauds will be detected
b. Transactions are executed in accordance with management's authorization
c. The company's resources are used efficiently and effectively
d. Company personnel comply with applicable rules and regulations

21. Two key concepts that underlie management's design and implementation of internal control are:
a. Costs and materiality
b. Absolute assurance and costs
c. Inherent limitations and reasonable assurance
d. Collusion and materiality

22. Which of the following is responsible for establishing a private company's internal control?
a. Senior Management
b. Internal Auditors
c. FASB
d. Audit committee

23. The auditors primary purpose in auditing the client's system of internal control over financial reporting
is:
a. To prevent fraudulent financial statements from being issued to the public
b. To evaluate the effectiveness of the company's internal controls over all relevant assertions in the
financial statements
c. To report to management that the internal controls are effective in preventing misstatements
from appearing on the financial statements
d. To efficiently conduct the audit of financial statements

24. Evaluating the design of the entity's internal control would involve
a. Considering whether the control, individually or in combination with other controls, is
capable of effectively preventing, or detecting and correcting, material misstatements
b. Determining whether control exists and the entity is using it
c. Determining whether the control is operating effectively
d. Determining the consistency of application of internal control procedures
 https://www.journalofaccountancy.com/issues/2010/mar/20092240.html
https://www.simplilearn.com/cobit-5-exam-questions-free-practice-test
https://reviewgamezone.com/mc/candidate/test/?test_id=41834&title=COSO%20FRAMEWORK

1. Internal controls can never be considered as absolutely effective because

a. Their effectiveness is limited by the competency and dependability of the company’s
personnel
b. Controls always have inherent weaknesses that can be exploited
c. Controls are designed to prevent and detect only material misstatements
d. None of the above

2. In auditor would most likely be concerned with internal control policies and procedures that provide
reasonable assurance about the
a. Efficiency of management's decision-making process
b. Appropriate prices that the entity should charge for its products
c. Methods of assigning production tasks to employees
d. Entity's ability to accurately process and summarize financial data

3. The auditor should form an opinion on the effectiveness of internal control over financial reporting
(ICFR) by evaluating evidence obtained from all sources, except:
a. The auditor's testing of controls for the ICFR audit
b. Any additional tests of controls performed to achieve the objective related to expressing an opinion
on the financial statements
c. Misstatements detected during the financial statement audit
d. Regulatory agency reports on the entity's ICFR

1. After forming an opinion on the effectiveness of the entity's ICFR, the auditor should evaluate
management's report, which will accompany the auditor's report, to determine whether it contains which
of the following?
a. The nature and extent of misstatements detected by substantive procedures
b. Findings with respect to noncompliance with laws and regulations
c. Findings with respect to related party transactions and complex
d. An identification of the criteria against which ICFR is measured or unusual transactions

2. All of the following are components of internal control except:

a. Monitoring
b. Management reports
c. The information system
d. Risk assessment process
3. Material weaknesses in internal control of a public company must be reported in writing to which of the
following?
a. The SEC
b. Members of management who are responsible for the related area of yhe company
c. Audit committee of the company's board of directors
d. The PICPA
4. During the consideration of internal control in a financial statement audit, an auditor is not obligated to
a. Search for significant deficiencies in the operation of the internal control.
 b. Understand the internal control and the information system.
c. Determine whether the control activities relevant to the audit planning have been implemented.
d. Perforn procedures to unferstand the design of internal control.
5. Which of the following is not a medium that can normally be used by an auditor to record information
concerning client's system of internal accounting control?
a. Narrative memorandum
b. Procedures manual
c. Flowchart
d. Internal control questionnaire

6. A proper segregation of duties requires

a. An individual authorizing a transaction records it
b. An individual authorizing a transaction maintains a custody of the asset that resulted from the
transaction
c. An individual maintaining custody of an asset be entitled to access the accounting records for the
asset.
d. An individual recording a transaction not compare the accounting record of the asset with
the asset itself.
1. Which process domain is the MOST suitable for skills such as Project management and Capacity
management?
a. Monitor,Evaluate and Assess (MEA)
b. Align,Plan and Organize(APO)
c. Build,Acquire and implement (BAI)
d. Deliver,Service and Support(DSS)
2. What item is generated by Business processes as the first stage of the Information Cycle?
a. Information
b. Value
c. Knowledge
d. Data

3. Which is not a requirement of a good policy?

a. Achieves the stated purpose
b. Limited on number
c. Non-intrusive
d. Implemented in most efficient way
1. According to COSO, Internal control can provide only reasonable assurance that the organization's
objectives will be met efficiently and effectively. One factor limiting the likelihood of achieving those
objectives is that
a. The internal auditor's primary responsibility is the detection of fraud.
b. The board is active and independent.
c. The cost of internal control should not exceed its benefits.
d. Management monitors performance.