CHAPTER 5

Audit Planning and Risk Assessment Procedures

1. Which of the following statements is/are correct?
Statement 1: The client should plan the audit work so that the audit will be
performed in an effective manner.
Statement 2: The auditor should conduct the audit with an attitude of
professional skepticism.
Statement 2: The auditor should develop and document an overall audit plan
describing the scope and conduct of the audit.
a. Only one statement is correct
b. Only two statements are correct
c. All statements are correct
d. All statements are incorrect

2. It involves establishing the overall audit strategy for the engagement and
developing an audit plan in order to reduce audit risk to an acceptably low
level.
a. Reporting
b. Planning
c. Field work
d. Organizing

3. Adequate planning of the audit work helps the auditor of accomplishing the
following objectives, except:
a. Gathering of all corroborating audit evidence.
b. Ensuring that appropriate attention is devoted to important areas of the
audit.
c. Identifying the areas that need a service of an expert.
d. The audit work is completed efficiently.

4. Which of the following statements is incorrect?

a. The auditor should plan the audit so that the engagement will be performed
in an effective manner.
b. Planning an audit involves establishing the overall audit strategy for the
engagement and developing the audit plan, in order to reduce audit risk to an
acceptably low level.
C. Planning involves the engagement partner and other key members of the
engagement team to benefit from their experience and insight and to enhance
the effectiveness and efficiency of the planning process.
d. Planning is not a discrete phase of an audit, but rather a continual and
iterative process that often begins shortly after (Or in connection with) the
completion of the previous audit and continues until the finalization of the
audit program.

5. The extent of planning will vary according to any of the following, except:
a. Size of the audit client.
b. Auditor's experience with the entity and knowledge of the business.
C. The nature and complexity of the audit engagement
d. The assessed level of control risk.

6. Which of the following activities shall not be included in preplanning an

audit?
a. Understanding the client's reason for obtaining an audit
b. Investigating the client's background
c. Determining the likelihood of issuing an unqualified audit opinion on the
client's financial statements
d. Communicating with the prospective client's prior auditor to inquire about
any disagreements with the client

7. The auditors plan should

A B C D
 Precede action Yes No Yes No
 Be Flexible Yes No No Yes
 Be cost-beneficial Yes Yes Yes Yes

8. Which of the following statements is/are correct?

Statement 1: The overall audit plan and the audit program should not be
revised during the course of the audit.

Statement 2: The auditor should develop and document an audit program

setting out the nature, timing and extent of planned audit procedures
required to implement the overall audit plan.
a. Only statement 1 is correct
b. Only statement 2 is correct
c. Both statements are correct
d. Both statements are incorrect

9. Which of the following statements is/are correct?

Statement 1: According to PSA 300, the auditor may discuss elements of
planning with those charged with governance and the entity's management.

Statement 2: The audit plan sets the scope, timing and direction of the audit
guides the development of the more detailed overall audit strategy.

Statement 3: The overall audit strategy is more detailed than the audit plan
and includes the nature, timing and extent of audit procedures to be
performed engagement team members to obtain sufficient appropriate audit
evidence to reduce audit risk to an acceptably low level.

a. Only 1 statement is correct

b. Only 2 statements are correct
c. All statements are correct
d. All statements are incorrect

10. Which of the following matters should be considered by the auditor in

developing the overall audit strategy?
a. Important characteristics of the entity, its business, its financial
performance and its reporting requirements including changes since the date
of the prior audit
b. Conditions requiring special attention, such as the existence of the related
parties
C. The setting of materiality level for audit purposes
d. All of the above

11. The timing of the audit and nature of communications required include
the following, except:
a. The organization of meetings with management, and those charged with
governance, to discuss the nature, extent and timing of the audit work.
b. The discussion with management and those charged with governance
regarding the expected type and timing of reports to be issued and other
communications.
C. Audit areas where there is a higher risk of material misstatement.
d. The entity's timetable for reporting, such as interim and final stages.

12. In developing the overall audit strategy, the focus of the engagement
team's efforts is considered. Which of the following is not appropriately
classified as a factor affecting the focus of the team's efforts?
a. The financial reporting framework on which the financial information to
be audited has been prepared, including any need for reconciliation to
another reporting framework.
b. Setting materiality for planning purposes.
c. Audit areas where there is a higher risk of material misstatement.
d. Volume of transactions, which may determine whether it is more efficient
for the auditor to rely on internal control.

13. In developing an overall audit strategy, an auditor should consider:

a. Whether the allowance for sampling risk exceeds the achieved upper
precision limit.
b. Findings from substantive tests performed at interim dates.
c. Whether the inquiry of the client's attorney identifies any litigation, claims,
or assessments not disclosed in the financial statements.
d. Preliminary evaluations of materiality, audit risk, and internal control.

14. This serves as the set of instructions to assistants involved in the audit
and as a means to control and record the proper execution of the work of the
personnel involved in the service.
a. Audit procedures
b. Audit plan
C. Audit program
d. Audit risk model

15. The auditor should design the written audit program, so that:
a. All material transactions will be selected for substantive testing.
b. Substantive tests prior to the balance sheet date will be minimized.
c. The audit procedures selected will achieve specific audit objectives.
d. Each account balance will be tested under either tests of controls or tests
of transactions.

16. One of the primary uses of an audit program is to

a. Provide for a standardized approach to the audit engagement
b. Serve as a tool for planning, directing and controlling the audit work
c. Document an auditor's understanding of the internal control
d. Delineate the audit risk accepted by the auditor

17. The auditor should document the overall audit strategy and the audit plan,
including significant changes made during the audit engagement. Which of
the following statements on documentation is incorrect?
a. Documentation of the overall audit strategy and checklists need to be
tailored to the particular client.
c. The auditor's documentation of any significant changes to the originally
planned overall audit strategy and to the detailed audit plan need not include
the reasons for the significant changes.
d. The form and extent of documentation depend on such matters as the size
and complexity of the entity, materiality, the extent of other documentation,
and the circumstances of the specific engagement.

18. An audit program is ordinarily may be made in the form of a memorandum

that contains key decisions regarding the overall scope, timing and conduct
of the audit.
a. It documents the auditor's understanding of the client's internal control.
b. It aids in instructing assistants in the work to be done.
c. It is required by generally accepted auditing standards.
d. It explains any weaknesses noted in the evaluation of the client's existing
internal control.

19. The audit program usually cannot be finalized until the

a. Consideration of the entity's internal control has been completed.
b. Engagement letter has been communicated to the audit committee.
c. Reportable conditions have been communicated to the audit committee.
d. Search for unrecorded liabilities has been performed and documented.
20. The audit program should contain the following, except:
a. Audit objective
b. Time budget for the various audit areas
c. Set of planned audit procedures
d. The combined assessed level of inherent and control risk

21. Audit procedures may be classified as risk assessment procedures and

further audit procedures. Which of the following best describes risk
assessment procedures?
a. These procedures test the operating effectiveness of controls in preventing,
or detecting and correcting, material misstatements at the assertion level.
b. These procedures are used detect material misstatements at the assertion
level.
c. These are procedures for obtaining an understanding of the entity and its
environment, including its internal control, to assess the risks of material
misstatement at the financial statement and assertion levels.
d. These procedures include tests of details of classes of transactions, account
balances, and disclosures and analytical procedures.

22. In performing an audit of financial statements, the auditor should obtain

a sufficient knowledge of a client's business and industry to
a. Develop an attitude of professional skepticism concerning management's
financial statements assertions.
b. Make constructive suggestion concerning improvements causes the
financial statements taken as a whole to be materially misstated.
C. Evaluate whether the aggregation of known misstatements causes the
financial statements taken as a whole to be materially misstated.
d. Understand the events and transactions that may have an effect on the
client's financial statements.

23. Which of the following procedures is not performed as a part of planning

an audit engagement?
a. Reviewing working papers of the prior year
c. Designing an audit program
b. Performing analytical procedures
d. Test of controls
24. Which of the following procedures not normally performed as part of
obtaining an understanding of the client's environment?
a. Reading trade publications to gain a better understanding of the client's
industry
b. Studying the internal controls over cash receipts and disbursements
c. Confirming customer accounts receivable for existence and valuation
d. Touring the client's facilities

25. Which of the following procedures would an auditor least likely perform
in planning a financial statement audit?
a. Coordinating the assistance of entity personnel in data preparation.
b. Discussing matters that may affect the audit with firm personnel
responsible for non-audit services to the entity.
c. Selecting a sample of vendor's invoices for comparison to receiving reports.
d. Reading the current year's interim financial statements.

26. Audit risk has three components: inherent risk, control risk and detection
risk. Which of the following statements is correct?
a. Detection risk is a function of the efficiency of an audit procedure.
b. Cash is more susceptible to theft than an inventory of coal because it has a
greater inherent risk.
C. The risk that material misstatement will not prevent or detected on a
timely basis by internal control can be reduced to a zero by effective controls.
d. The existing levels of inherent risk, control risk and detection risk can be
changed at the discretion of the auditor.

27. Which of the following audit risk components maybe assessed in

quantitative terms?
Inherent Risk Control Risk Detection Risk
a. Yes No Yes
b. Yes Yes Yes
c. No No No
d. No No Yes

28. Some accounts balances, such as those for retirement benefits and finance
lease, are the results of complex calculations.
The susceptibility to material misstatements in these types of accounts is
referred to as
a. Audit risk
b. Detection risk
c. Control risk
d. Inherent risk

29. Inherent risk and control risk differ from detection risk in that inherent
risk and control risk are:
a. Elements of audit risk while detection risk is not.
b. Changes at the auditor's discretion while detection risk is not.
c. Functions of the client and its environment while detection risk is not.
d. Considered at the individual account balance level while detection risk is
not.

30. There is an inverse relationship that exist between the acceptable level of
detection risk and the
a. Risk of misapplying audit process
b. Assurance provided by substantive tests
c. Risk of falling to discover material misstatement
d. Preliminary judgments about materiality levels

31. On the basis of audit evidence gathered and evaluated, an auditor decides
to increase the assessed level of control risk, and therefore the risk of
material misstatement, from that originally planned. To achieve an overall
audit risk level that is substantially the same as the planned audit risk level,
the auditor would:
a. Increase inherent risk
c. Decrease substantive testing
b. Increase materiality levels
d. Decrease detection risk

32. Which of the following would an auditor most likely use in determining
the auditor's preliminary judgment about materiality?
a. The anticipated sample size of the planned substantive tests.
b. The entity's annualized interim financial statements.
C. The results of the internal control questionnaire.
d. The contents of the management representation letter.

33. Which of the following statements is not correct about materiality?

a. The concept of materiality recognizes that some matters are important for
fair presentation of financial statements in conformity with GAAP, while
other matters are not important.
b. An auditor considers materiality for planning purposes in terms of the
largest aggregate level of misstatements that could be material to any one of
the financial statements
c. Materiality judgments are made in light of surrounding circumstanced and
necessarily involve both quantitative and qualitative judgments.
d. An auditor's consideration of materiality is influenced by the auditor's
perception of the needs of a reasonable person who will rely on the financial
statements.

34. In considering materiality for planning purposes, Munda, auditor believes

that misstatements aggregating P60,000 would have material effect on an
entity's income statement, but that misstatements would have to aggregate
P40,000 to materially affect the balance sheet. Ordinarily, it would be
appropriate to design auditing procedures that would be expected to detect
misstatements that aggregate:
a. P40, 000
b. P50, 000
C. P60, 000
d. P100, 000

35. Which of the following statements concerning materiality thresholds in

incorrect?
a. Materiality thresholds may change between the planning and review stages
of the audit. These changes may be due to quantitative and/or qualitative
factors.
b. The smallest aggregate level of errors or fraud that could be considered
material to any of the financial statements is referred to as a materiality
threshold.
c. In general, the more misstatements the auditor expects, the higher should
be the aggregate materiality threshold.
d. Aggregate materiality thresholds are a function of the auditor's
preliminary judgment concerning audit risk.

36. The auditor should plan the nature, timing and extent of direction and
supervision of engagement team members and review their work. Which of
the following statements is incorrect regarding direction, supervision and
review?
a. The auditor plans the nature, timing, and extent of direction and
supervision of engagement team members based on the assessed risk of
material misstatement.
b. As the assessed risk of material misstatement increases, for the area of
audit risk, the auditor ordinarily increases the extent and timeliness of
direction and supervision of engagement team members.
c. As the assessed risk of material misstatement decreases, for the area of
audit risk, the auditor performs a more detailed review of their work.
d. The auditor plans the nature, timing and extent of the review of the team's
work based on the capabilities and competence of the individual team
members performing the audit work.

37. Which of the following matters would an auditor most likely consider
when establishing the scope of the audit?
a. The expected audit coverage, including the number and locations of the
entity's components to be included.
b. The entity's timetable for reporting, such as at interim and final stages.
c. The discussion with the entity's management concerning the expected
communications on the status of audit work throughout the engagement and
the expected deliverables resulting from the audit procedures.
d. Audit areas where there is a higher risk of material misstatement.

38. In connection with the planning phase of an audit engagement, which of

the following statements is always correct?
a. Observation of inventory count should be performed at year-end.
b. An engagement should not be accepted after the client's financial year-end
C. Final staffing decisions must be made prior to completion of the planning
stage.
d. A portion of the audit of a continuing audit client can be performed at
interim dates.
39. A retailing entity uses the Internet to execute and record its purchase
transactions. The entity's auditor recognizes that the documentation of
details of transactions will be retained for only a short period of time. To
compensate for this limitation, the auditor most likely would:
a. Compare a sample of paid vendors' invoices to the receiving records at
year-end.
b. Perform tests several times during the year, rather than only at year-end,
c. Plan for a large measure of tolerable misstatement in substantive tests.
d. Increase the sample of transactions to be selected for cutoff tests.

40. Which of the following matters would an auditor least likely to consider
when setting the direction of the audit?
a. The availability of client personnel and data.
b. The selection of the engagement team and the assignment of audit work to
the team members.
c. The engagement budget which includes consideration of the appropriate
amount of time to allot for areas where there may be higher risks of material
misstatement.
d. The manner in which the auditor emphasizes to engagement team members
the need to maintain a questioning mind and to exercise professional
skepticism in the gathering and evaluation of audit evidence.
 CHAPTER 6
Internal Control Consideration

1. It is a process, effected by those charged with governance, management,

and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
a. Internal auditing
b. Internal control
c. Business strategy
d. Accounting process

2. Which of the following best describes an internal control system?

a. All the policies and procedures adopted by the management of an entity to
assist in achieving management's objective of ensuring, as far as practicable,
orderly and efficient conduct of its business, including adherence to
management policies, safeguarding of assets; prevention and detection of
fraud and error; accuracy and completeness of the accounting records, and
timely preparation of reliable financial information.
b. The series of tasks and records of an entity by which transactions are
processed as a means of maintaining financial records. Such systems identify,
assemble, analyze, calculate, classify, record, summarize and report
transactions and other events.
c. This includes, but is not limited to, plan of organization and the procedures
and records that are concerned with the decision processes leading to
management's authorization of transactions. It promotes operational
efficiency and adherence to managerial policies.
d. This comprises the plan of organization and the procedures and records
that are concerned with the safeguarding of assets and the reliability of
financial records. It involves systems of authorization and approval controls
over assets, internal audit and all other financial matters.
3. Which of the following is not one of the essential concepts of internal
controls?
a. It is a process
b. It is effected by those charged with governance, management, and other
personnel in an entity
c. It is a means or tool used by management to achieve the entity's objectives
d. It can be expected to absolute assurance regarding that the achievement of
the entity's objectives

4. A reason to establish internal control is to:

a. Have a basis for planning the audit
b. Provide reasonable assurance that the objectives of the organization are
achieved
c. Encourage compliance with organizational objectives
d. Ensure the accuracy, reliability and timeliness of information

5. Internal controls are not designed to provide reasonable assurance that

a. Transactions are executed in accordance with management's authorization
b. Irregularities will be eliminated
c. Access to assets is permitted only in accordance with management's
authorization
d. The recorded accountability for assets is compared with the existing assets
at reasonable intervals

6. Internal control can only provide reasonable, not absolute, assurance of

achieving entity control objectives. One of the factors limiting the likelihood
of achieving those objectives is that:
a. The auditor's primary responsibility is the detection of fraud.
b. The board of directors is active and independent.
c. The cost of internal control should not exceed its benefits.
d. Management monitors internal control.

7. Which of the following is an example of an inherent limitation in a client's

internal control system?
a. The effectiveness of procedures depends on the segregation of employee
duties.
b. Procedures are designed to assure the execution and recording of
transactions in accordance with management's authorization
c. In the performance of most control procedures, there are possibilities of
errors arising from mistakes in judgment.
d. Procedures for handling large numbers of transactions are processed by
information technology (IT) equipment.

8. An internal control system that is working effectively

a. Eliminates risk and potential loss of to the entity
b. Cannot be circumvented by management
c. is unaffected by changing circumstances and conditions encountered by the
entity
d. Reduces the need for management the review exception reports on a day-
to-day basis

9. This internal component is the foundation for all other components. It set
the tone of the organization, provides discipline and structure, and influences
the control consciousness of employees.
a. Control activities
b. Monitoring of control
c. Control environment
d. Entity's risk assessment process

10. Which of the following statements best describes "control environment"?

a. The entity's process for identifying business risks relevant to financial
reporting objectives and deciding about actions to address those risks, and
the results thereof.
b. The system for transferring information from transaction processing
systems to the general ledger or the financial reporting system.
c. Policies and procedures that help ensure that management directives are
carried out.
d. This includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management
concerning the entity's internal control and its importance to the entity.

11. Which of the following considered control environment elements?

Commitment Detection Organizational
 To Competence Risk Structure
a. Yes No Yes
b. Yes Yes Yes
c. No No No
d. No No Yes

12. The information system consists of the following:

A B C D
 Infrastructure Yes Yes No Yes
 Software Yes Yes Yes Yes
 People No Yes No No
 Procedures and inputs No Yes Yes No

13. An entity's risk assessment process includes how management:

A B C D
 Identifies risk Yes Yes No Yes
 Assesses significance and likelihoodYes Yes Yes No
 Decides upon actions to manage Yes No Yes No

14. Risks can arise or change due to circumstances such as the following,
except
a. There is a change in the regulatory or operating environment (.e. a new
law has been passed which prohibits the use of a chemical which is a main
ingredient of the company's major product).
b. New employees have been hired by the company.
c. The company switched from manual information systems to a computerized
system.
d. The accounting and financial reporting framework has remained stable for
the past five years, and no new pronouncements have been made.

15. Under PSA 315, monitoring of controls is an internal control component

that involves a process of assessing the quality of internal control
performance over time. It involves assessing the design and operation of
controls on a timely basis and taking necessary corrective actions. Monitoring
of controls is accomplished through ongoing monitoring activities, separate
evaluations, or a combination of the two. An entity's ongoing monitoring
activities often include
a. Periodic reporting by the entity's internal auditors about the functioning
of internal control
b. Reviewing the purchasing account
c. Periodic audits by the audit committee
d. The audit of the annual financial statements

16. Control activities constitute one of the five components of internal

control. Which of the following is not included in this internal control
component?
a. Segregation of duties
b. Performance reviews
c. An internal audit function
d. Authorization

17. Which of the following is a management control method that most likely
could improve management's ability to supervise company activities
effectively?
a. Monitoring compliance with internal control requirements imposed by
regulatory bodies.
b. Limiting direct access to assets by physical segregation and protective
devices.
c. Establishing budgets and forecasts to identify variances from expectations.
d. Supporting employees with the resources necessary to discharge their
responsibilities.

18. PSA 315 requires the auditor to obtain an understanding of the client's
internal controls
a. For every audit
b. Sufficient to find any frauds which may exist
c. For first-time audits

d. Whenever it would be appropriate

19. In planning the audit, the auditor obtains a sufficient understanding of

the existing internal control. Which one of the following is not among the
auditor's primary objectives for obtaining such knowledge?
a. Identify types of material misstatements.
b. Consider the factors that affect the risk of material misstatement.
c. Make constructive suggestions to the client for improvement.
d. Design effective substantive tests.

20. The primary purpose of the auditor's consideration of internal control is

to provide a basis for
a. Determining whether procedures and records that are concerned with the
safeguarding of assets are reliable.
b. Constructive suggestions to clients concerning deficiencies in internal
control.
c. Determining the nature, timing and extent of audit tests to be applied.
d. The expression of an opinion.

21. When obtaining knowledge about an entity's internal control, it is

important for the auditor to consider the competence of its employees,
because their competence bears directly and importantly upon the
a. Cost-benefit relationship of internal control
b. Comparison of recorded accountability with assets
c. Achievement of the objectives of internal control
d. Timing of substantive tests to be performed

22. Obtaining an understanding of internal control involves:

A B C D
 Evaluating the design of a control Determining Yes Yes Yes No
 Determining whether the control has implementedYes Yes No Yes
 Testing the effectiveness of a control No Yes Yes Yes

23. Which of the following statements best describes the phrase, “evaluating
the design of a control"?
a. Considering whether the control, individually or in combination with other
controls, is capable of effectively preventing, or detecting and correcting,
material misstatements.
b. Determining whether the control exists and that the entity is using it.
c. Expressing an opinion as to the effectiveness of a control.
d. Observing the application of specific controls.
24. When obtaining an understanding of the accounting and internal control
system the auditor may trace a few transactions through the accounting
system. This technique is:
a. Reperformance
b. Walk-through
c. Control test
d. Validity Test

25. When obtaining an understanding of an entity's internal control, an

auditor should concentrate on the substance of controls rather than their
form because:
a. The controls may be operating effectively but may not be documented.
b. Management may establish appropriate controls but not act on them.
c. The controls may be so inappropriate that no reliance is contemplated by
the auditor.
d. Management may implement controls with costs in excess of benefits.

26. After obtaining an understanding of an entity's internal control structure

and assessing control risk, an auditor may next:
a. Perform tests of control to verify management's assertions that are
embodied in the financial statements.
b. Apply analytical procedures as substantive tests to validate the assessed
level of control risk.
c. Consider whether evidential matter is available to support a further
reduction in the assessed level of control risk.
d. Evaluate whether the internal control structure policies and procedures
detected material misstatements in the financial statements.

27. After obtaining an understanding of internal control and assessing control

risk, an auditor decided to perform tests of controls. The auditor most likely
decided that
a. Additional evidence to support a further reduction in control risk is not
available.
b. It would be efficient to perform tests of controls that would result in a
reduction in planned substantive tests.
c. An increase in the assessed level of control risk is justified for certain
financial statement assertions.
d. There were many internal control weaknesses that could allow errors to
enter the accounting system.

28. Tests of controls are used to test whether controls are:

a. Operating effectively
b. Placed in operation or implemented
c. Properly incorporated in the financial statements
d. Properly documented by the client

29. Which of the following is the auditor's purpose of further testing internal
control procedures?
a. Provide a basis for reducing the assessed level of control risk below that
which resulted from the auditor's initial understanding of internal control. b.
Reduce the risk that errors or fraud which are not prevented or detected by
internal control are not detected by the independent audit.
c. Provide assurance that transactions are executed in accordance with
management's authorization and access to assets is limited by a proper
segregation of functions.
d. Provide assurance that transactions are recorded as necessary to permit
the preparation of the financial statements in accordance with PFRS.

30. Which of the following procedures most likely would provide an auditor
with evidence about whether an entity's internal control activities are
suitably designed to prevent or detect material misstatements?
a. Reperforming the activities for a sample of transactions.
b. Performing analytical procedures using data aggregated at a high level.
c. Vouching a sample of transactions directly related to the activities.
d. Observing the entity's personnel applying the activities.

31. In conducting an audit in accordance with PSAs, the auditor is required to

identify and assess the risks of material misstatement at the financial
statements level, and at the assertion level for classes of transactions,
account balances, and disclosure. Some of these risks, in the auditor's
judgment, require special audit consideration, such as those that involve
fraud or complex transactions. Such risks are called
a. Business risks
b. Audit risks
c. Significant risks
d. Material risks

32. Which of the following statements concerning audit risk and its
components is incorrect?
a. Regardless of the assessed levels of inherent and control risks, the auditor
should always perform some substantive procedures for material account
balances and classes of transactions
b. The higher the assessment of inherent and control risks, the more evidence
the auditor obtain from the performance of substantive procedures
c. The assessed level of inherent risk need not be considered in determining
the nature, timing and extent of substantive procedures required to reduce
audit risk to an acceptably low level
d. After obtaining an understanding of the accounting and internal control
systems, the auditor should make a preliminary assessment of control risk,
at the assertion level, for each material account balance or class of
transactions

33. Which of the following statements is correct?

a. Tests of controls are necessary if the auditor plans to use the primarily
substantive approach.
b. Tests of controls are necessary if the auditor plans to assess the level of
control risk at a HIGH (maximum) level.
c. The auditor can simultaneously obtain an understanding of internal control
and perform tests of controls.
d. After performing tests of controls, the auditor will always assess control
risk at a HIGH level.

34. Tests of controls may include the following, except:

a. Reperformance of internal control procedures
b. Inquiries about, and observation of internal controls which leave no audit
trail
c. Analytical procedures involving comparison of operating expenses with
budget amount
d. Inspection of documentary support to transactions evidencing
authorization
35. Evidence of the performance of control risk assessment procedures
includes all of the following except
a. Flowcharts
b. Questionnaires
c. Lead schedule
d. Memoranda

36. Which of the following statements regarding auditor documentation of

the client's internal control structure is correct?
a. Documentation must include flowcharts.
b. Documentation must include procedural write-ups.
c. No documentation is necessary although it is desirable.
d. No one particular form of documentation is necessary, and the extent of
documentation may vary.

37. When control risk is assessed at HIGH for all financial statements
assertions, an auditor should document the auditor's
A B C D
 Understanding of the entity’s IC structure Yes Yes No Yes
 Conclusion that control risk is HIGH No Yes Yes Yes
 Basis for concluding that CR is HIGH No No Yes Yes

38. A control that reduces the risk that an existing or potential control
weakness will result in a failure to meet a control objective is referred to as:
a. Compensating control
b. Non-routine control
c. Conditional control
d. Offset control

39. When a compensating control exists, a weakness in the system:

a. Is no longer a concern because the potential for misstatement has been
sufficiently reduced.
b. Is reduced but it is not removed; therefore, it is still of concern to the
auditor.
c. Could cause a material loss, so it must be tested using substantive
procedures.
d. Is magnified and must be removed from the sampling process and
examined in its entity.
40. If no changes have occurred since the controls were last tested, a CPA
should
a. Rely on the prior year audit's assessment of internal controls and use this
assessment in the current year.
b. Test the operating effectiveness of such controls at least once in every
fourth audit.
c. Rely entirely on the performance of substantive audit procedures.
d. Test the operating effectiveness of such controls at least once in every third
audit

OTHER MATTERS RELATED TO INTERNAL CONTROLS

1. This refers to person(s) or organization(s) (e.g., a corporate trustee) with

responsibility for overseeing the strategic direction of the entity and
obligations related to the accountability of the entity. This includes
overseeing the financial reporting process.
a. Top level management
b. Management
c. Those charged with governance
d. Audit Committee

2. Matters to be communicated to those charged with governance may include

the following, except
a. The auditor's responsibilities in relation to the financial statement audit
b. Significant findings from the audit
c. Auditors independence
d. Planned audit opinion
3. Which of the following statements is correct concerning an auditor's
required communication with those charged with governance of an audit
client?
a. This communication is required to occur before the auditor's report on the
financial statements is issued.
b. This communication should include discussion of any significant
disagreements with management concerning the financial statements.
c. Any significant matter communicated to the audit committee also should
be communicated to management
d. Significant audit adjustments proposed by the auditor and recorded by
management need not be communicated to those charged with governance.

4. Which of the following statements is correct about an auditor's required

communication with those charged with governance of an audit client?
a. Any matters communicated to the entity's audit committee also are
required to be communicated to the entity's management
b. The auditor is required to inform those charged with governance about
significant misstatements discovered by the auditor and subsequently
corrected by management.
c. Disagreements with management about the application of accounting
principles are required to be communicated in writing to those charged with
governance.
d. Weaknesses in internal control previously reported to those charged with
governance need not be recommunicated.

5. Which of the following best describes reportable conditions?

a. A significant deficiency (or combination of significant deficiencies) that
results in a reasonable possibility of a material misstatement which will not
be prevented or detected.
b. A situation in which the design or operation of a control does not allow
management or employees, in the normal course of performing their assigned
functions, to prevent or detect material misstatements on a timely basis.
C. A control deficiency that is less severe than a material weakness, but
important enough to merit attention by those responsible for oversight of the
company's financial reporting.
d. It refers to significant deficiencies in the design or operation of the internal
control structure that could adversely affect the organization's ability to
record, process, summarize, and report financial data consistent with the
assertions of management in the financial statements.

6. Reportable conditions are matters that come to an auditor's attention and

that should be communicated to an entity's audit committee because they
represent
a. Material irregularities or illegal acts perpetrated by management.
b. Significant deficiencies in the design or operation of internal control.
c. Flagrant violations of the entity's documented conflict of interest policies.
d. Intentional attempts by client personnel to limit the scope of the auditor's
work.

7. In general, a material weakness in internal control may be defined as a

condition in which material errors or irregularities may occur and not be
detected within a timely period by
a. An independent auditor during tests of controls.
b. Employees in the normal course of performing their assigned functions.
c. Management when reviewing interim financial statements and reconciling
account balances.
d. Outside consultants who issue a special-purpose report on internal control
structure.

8. Which of the following matters would an auditor most likely consider to be

a significant deficiency to be communicated to the audit committee?
a. Management's failure to renegotiate unfavorable long-term purchase
commitments. b. Recurring operating losses that may indicate going concern
problems.
c. Evidence of a lack of objectivity by those responsible for accounting
decisions.
d. Management's current plans to reduce its ownership equity in the entity.

9. Which of the following statements concerning material weaknesses and

significant deficiencies is correct?
a. An auditor should not identify and communicate material weaknesses
separately from significant deficiencies.
b. Compensating controls may limit the severity of a material weakness or
significant deficiency.
c. Upon discovery an auditor should immediately report all material
weaknesses and significant deficiencies identified during an audit.
d. All significant deficiencies are material weaknesses.

10. The development of constructive suggestions to clients for improvements

in internal control is
a. A requirement of the auditor's consideration of internal control.
b. A desirable by-product of an audit engagement.
c. Addressed by the auditor only during a special engagement.
d. As important as establishing a basis for reliance upon the internal control
structure.

11. A third-party organization (or segment of a third-party organization) that

provides services to user entities that are part of those entities' information
systems relevant to financial reporting.
a. Service organization
b. Subservice organization
c. Service organization's system
d. Third-party organization

12. This refers to controls that the service organization which assumes, in the
design of its service, will be implemented by user entities, and, if necessary
to achieve control objectives, are identified in the description of its system.
a. Complementary user entity controls
b. Complementary service entity controls
c. Primary user entity controls
d. Primary service entity controls

13. When obtaining an understanding of the user entity in accordance with

PSA 315 (Redrafted), the user auditor shall obtain an understanding of how a
user entity uses the services of a service organization in the user entity's
operations, including:
ANSWER: D (YES, YES, YES, YES)

14. Type 1 report on service organization includes a report on

Description of Controls Design of Controls Operating
Effectiveness
a. Yes No Yes
b. Yes Yes Yes
c. No No No
d. Yes Yes No

15. If the user auditor is unable to obtain a sufficient understanding from the
user entity, the user auditor shall obtain understanding from any other
procedures. Which of the following is least likely procedure that will be used
by the auditor?
a. Obtaining a type 1 or type 2 report, if available
b. Contacting the service organization, through the user entity, to obtain
specific information
c. Visiting the service organization and performing procedures that will
provide the necessary information about the relevant controls at the service
organization
d. Contacting law enforcement agencies to force the user entity to provide the
necessary information relevant to understanding by the user auditor.

16. Which of the following is the least concern of the client auditor in
reviewing the report of service organization auditor on suitability of internal
control design of the service organization?
a. The accuracy of description of the service organization's accounting and
internal control systems, ordinarily prepared by the management of the
service organization.
b. The systems' controls have been placed in operation.
c. The accounting and internal control systems are suitably designed to
achieve their stated objectives.
d. The type of documentation of the understanding of the service
organization's control system.

17.AAA Company processes payroll transactions for schools. Raymund, CPA,

is engaged to report on AAA's policies and procedures implemented as of a
specific date. These policies and procedures are relevant to the schools'
internal control, so Raymund's report will be useful in providing the schools'
independent auditors with information necessary to plan their audits.
Raymund's report expressing an opinion on AAA's policies and procedures
implemented as of a specific date should contain an)
a. Description of the scope and nature of Raymund's procedures.
b. Statement that AAA's management has disclosed to Raymund all design
deficiencies of which it is aware.
c. Opinion on the operating effectiveness of AAA's policies and procedures.
d. Paragraph indicating the basis for Raymund's assessment of control risk.

18. Which of the following is correct on reporting by the user auditor?

a. The user auditor should never refer to the work of a service auditor.
b. The user auditor can only refer to the work of the service auditor if it will
issue modified opinion
c. When reference to the service auditor work is required by law or
regulation, the user auditor's report shall indicate that the reference does not
diminish the user auditor's responsibility for the audit opinion.
d. The user auditor should not issue unmodified opinion when using the work
of a service auditor.

19.AAA Company processes payroll transactions for a retailer. Francis, CPA,

is engaged to express an opinion on a description of AAA's internal controls
implemented as of a specific date. These controls are relevant to the retailer's
internal control, so Francis's report may be useful in providing the retailer's
independent auditor with information necessary to plan a financial statement
audit. Francis's report should
a. Contain a disclaimer of opinion on the operating effectiveness of AAA's
controls.
b. State whether AAA's controls were suitably designed to achieve the
retailer's objectives.
C. Identify AAA's controls relevant to specific financial statement assertions.
d. Disclose Francis's assessed level of control risk for AAA.

20. Which of the following is correct on reporting by the user auditor?

a. The user auditor should never refer to the work of a service auditor.
b. The user auditor can only refer to the work of the service auditor if it will
issue modified opinion.
c. When reference to the service auditor work is required by law or
regulation, the user auditor's report shall indicate that the reference does not
diminish the user auditor's responsibility for the audit opinion.
d. The user auditor should not issue unmodified opinion when using the work
of a service auditor.

21. In comparison to the external auditor, an internal auditor is more likely

to be concerned with
a. Internal control.
b. Operational auditing.
c. Cost accounting procedures.
d. Reviewing interim financial statements.

22. The objectives of internal audit functions vary widely and depend on the
size and structure of the entity and the requirements of management and,
where applicable, those charged with governance. The activities of the
internal audit function may include one or more of the following, except
a. Monitoring of internal control.
b. Examination of financial and operating information.
c. Review of compliance with laws and regulations.
d. Issuing opinion as to whether internal controls are effective.

23. The independent auditor should acquire an understanding of the internal

audit function as it relates to the independent auditor's consideration of
internal control because
a. The audit programs, working papers, and reports of internal auditors can
often be used as a substitute for the work of the independent auditor's staff.
b. The procedures performed by the internal audit staff may eliminate the
independent auditor's need for an extensive consideration of internal control.
c. The work performed by internal auditors may be a factor in determining
the nature, timing and extent of the independent auditor's procedures.
d. The understanding of the internal audit function is an important
substantive test by the independent auditor.

24. If the independent auditors decide that the work performed by the
internal auditor may have a bearing on their own procedures, they should
consider the internal auditor's
a. Competence and objectivity.
c. Efficiency and experience.
b. Independence and review skills.
d. Training and supervisory skills.

25. If the independent auditor decides that the work performed by internal
auditors may have a bearing on the independent auditor's own procedures,
the independent auditor should consider the objectivity of the internal
auditors. One method of judging objectivity is to
a. Review the recommendation made in the reports of internal auditors.
b. Examine, on a test basis, documentary evidence of the work performed by
internal auditors.
c. Inquire of management about the qualification of the internal audit staff.
d. Consider the client's practices for hiring, training, and supervising the
internal audit staff.

26. Ash Retailing, Inc. maintains a staff of three full-time internal auditors
who report directly to the controller. In planning to use the internal auditors
to provide assistance in performing the audit, the independent auditor most
likely will
a. Place limited reliance on the work performed by the internal auditors.
b. Decrease the extent of the tests of controls needed to support the assessed
level of detection risk.
c. Increase the extent of the procedures needed to reduce control risk to an
acceptable level.
d. Avoid using the work performed by the internal controls.

27. Which of the following is not a responsibility that should be assigned to a

company's internal audit department?
a. Evaluating internal control
b. Approving disbursements
c. Reporting on effectiveness of operating segments
d. Investigating potential merger candidates
28. For which of the following judgments may an independent auditor share
responsibility with an entity's internal auditor who is assessed to be both
competent and objective?
Assessment of Assessment of
Inherent Risk Control Risk
a. Yes Yes
b. Yes No
c. No Yes
d. No No

29. During an audit, an internal auditor may provide direct assistance to an

independent CPA in
ANSWER: D (YES, YES, YES)
30. In connection with the examination of financial statements by an
independent auditor, the client suggests that members of the internal audit
staff be utilized to minimize audit costs. Which of the following tasks could
most appropriately be delegated to the internal audit staff?
a. Selection of accounts receivable for confirmation, based upon the internal's
judgment as to how many accounts and which accounts will provide sufficient
coverage.
b. Preparation of schedules for negative accounts receivable responses
c. Evaluation of the internal control for accounts receivable and sales.
d. Determination of the adequacy of the allowance for doubtful accounts.