Professional Documents
Culture Documents
An Accounting Associate Sets Up A New Employee in The Payroll System and Directs The Checks To Be Sent To A Post Office Box
An Accounting Associate Sets Up A New Employee in The Payroll System and Directs The Checks To Be Sent To A Post Office Box
directs the checks to be sent to a post office box. What two duties does this
employee have that are incompatible?
Unmodified opinion
Qualified opinion
Adverse opinion
Disclaimer of opinion
The internal audit function is seeking to improve controls over the posting
and approval of fraudulent journal entries in the accounting system. Which
of the following options would best mitigate risk in this area?
Automate and standardize entries so that employees are not involved in this process.
Institute a two-step posting system, where no single employee can post and review/approve his or her ow
Place one department or person in charge of posting and approving all entries.
Focusing resources in this area is not an effective use of resources because this is not an area for high am
Which of the following correctly describes the level of internal controls that
an organization should implement to ensure correct valuation and
documentation of its physical assets?
Since physical assets can be easily appraised by an external third party, the organization should not use o
Physical assets are depreciated as a matter of course, so the current market valuation of physical assets is
Physical assets should be subject to controls and valuation procedures similar to those put in place over o
The organization should only have controls to ensure that the current year depreciation and accumulated
Is it important for journal entry systems to designate an independent
reviewer of journal entries in the context of an organization’s internal
control environment?
No, because journal entry systems are becoming increasingly automated; therefore, the necessity for revi
No, an independent reviewer of journal entries is not necessary if the organization has established a robu
Yes, because review controls help organizations ensure that data is accurate and approved in the correct m
Yes, the organization should have an independent reviewer if the external auditors have found any issues
Which of the following is an example of a preventive control?
Reconciling the cash on hand balance to the bank statement
Reviewing surveillance camera recordings from a warehouse
Keeping unused checks in a locked room
Comparing expenses in the general ledger to approved invoices
Which of the following statements is not correct concerning responsibility
for corporate governance?
Senior management is responsible for executing a company’s strategy while the board of directors is resp
Senior management is responsible for approving the issuance of stock by a company while the audit com
The board of directors is responsible for declaring dividends and the audit committee is responsible for re
Senior management is responsible for managing the day-to-day operations of a company while the audit
Management assesses risks to design and implement appropriate internal
control systems to minimize errors and irregularities. All of the following
activities will help them achieve the objectives of risk assessment except:
The entity considers the potential for fraud in assessing risks to the achievement of objectives.
The entity reassesses risks regularly and as soon as changes in its operating environment transpire.
The entity adopts a policy to guide employees on how to assess and manage risk.
The entity selects and develops control activities that can reduce risk to acceptable levels.
Which of the following best describes the primary benefit or benefits of
cross-training for employees and organizations?
The primary benefit of cross-training is to help employees better understand what their colleagues deal w
The primary benefit of cross-training is that during times of high employee turnover, the existing employ
The primary benefits of cross-training are that it helps spread organizational best practices, and it allows
The primary benefit of cross-training employees is that it allows access to all internal information across
Which statement best describes the role of the engagement letter during
the audit process?
The engagement letter merely serves as the introduction to the audit process and does not pertain specific
The engagement letter is only applicable for compilations and reviews, and not full audits, so it is infrequ
The engagement letter outlines the scope, work, and processes to be undertaken by external auditors duri
When the external auditors sign and verify the engagement letter, the terms and processes outlined in the
Which of the following controls over cash can detect material
misstatements?
Regular bank reconciliations
Bonding employees who handle cash
Segregation of duties in the cash receipts process
Safes and vaults where cash can be stored securely
What level of information and data would necessitate a disclosure in the
external audit report upon conclusion of the annual audit?
Any errors, misstatements, or omissions that are present in the financial statements should be disclosed d
Material misstatements, errors, and omissions should be communicated and disclosed to stakeholders and
If the external auditors have performed all the necessary substantive procedures and examinations, there
Since internal auditors manage and run most of the audit testing and processes, external auditors usually
How does an ethics hotline help an organization create a good tone at the
top and operate in an ethical manner?
Since employees are not likely to submit reports or information to management, an ethics hotline will no
An ethics hotline provides employees a method to report possible unethical activity, and to hold other em
If the organization has invested significantly in technology and automation, an ethics hotline is not a requ
An ethics hotline will address many of the needs of an organization and eliminate the need for some train
What is the connection between virtual currencies like Bitcoin and the audit
evidence necessary to successfully complete an annual audit process?
Bitcoin and other virtual currencies will not have any impact on the audit evidence necessary since these
Bitcoin and other virtual currencies will change both the nature of the evidence collected during the audi
Since these assets are digital in nature, these components of the audit process should be delegated to the t
The only way to successfully test these virtual assets is to hire an expert external firm and rely on the find
One day, a petty cash custodian realized he had forgotten his wallet at
home and decided to borrow a few dollars from the petty cash fund to buy
lunch. When he was about to return the money, he realized he could write
a petty cash voucher for himself and attach the receipt. After that time, he
never had to buy his lunch with his own money.
include a statement of management's responsibility for establishing effective internal controls over financ
include a statement that the design of the internal controls is the responsibility of the company's audit com
assess the effectiveness of the company's internal controls over financial reporting, as of the end of the pe
be attested to by an independent auditor.
Which of the following is an example of a detective control?
Installing firewalls on a computer system
Reviewing surveillance camera recordings from a warehouse
Keeping cash in a locked drawer before it is deposited
Performing background checks on all prospective employees
What is the best definition of an unqualified audit opinion as issued by
external auditors for a U.S.-based organization?
The financial statements and disclosures are fair and transparent when analyzed through the lens of IFRS
The financial statements and internal controls are materially correct when analyzed under U.S. GAAP.
The financial statements provided to external users and analysts are free from error and can be used with
The external auditors agree with the information and findings put forth by internal auditors regarding aud
Which of the following would be the most appropriate reaction to a
company assessing that there is a high likelihood that an internal control
failure will occur and that the potential loss from the failure is high?
Accept the risk of the failure and not do anything
Purchase insurance against failures
Implement internal controls to prevent or detect the failure
Adjust the strategy to avoid failures
What is the most appropriate definition of internal control structure as it
pertains to the internal audit processes?
Internal control structure pertains to the number of tests and examinations performed during the internal
Internal control structure is linked to the number and type of internal controls established by managemen
Internal control structure is only linked to the testing and procedures over cash and cash management pro
Internal control structure pertains to the technology assets and systems put into place to prevent and unco
A company is in the process of evaluating its auditor for the past five years
to decide whether to hire it again. Incidentally, the CFO also hired the same
firm for tax preparation services. Which of the following, identifies the right
course of action with proper reasoning?
Replace the audit firm because it is also doing tax preparation services.
Keep the audit firm and have it continue the engagement as is. This way, the efficiency and effectiveness
Negotiate a discounted price with the audit firm, as there will be two engagements with it. This should be
Retain the current auditor but demand that a new lead partner undertake the audit engagement, even thou
Which of the following is not true about the audit committee?
The audit committee should also have independence.
The audit committee is responsible for the oversight of the financial reporting process.
The audit committee is required to have at least one member who qualifies as a financial expert.
The audit committee is responsible for hiring the CFO and the independent external auditors.
Which of the following statements most accurately demonstrates
safeguarding intellectual assets?
Instituting a comprehensive policy about emails, passwords, and communicating information to external
Always purchasing the most cutting-edge technology tools.
Because it is so difficult to keep pace and remain well informed on changes in technology trends, safegua
Maintaining a robust and comprehensive password policy.
Which of the following statements is correct concerning the role of senior
management in corporate governance?
Senior management is responsible for nominating people to serve on the board of directors.
Senior management is responsible for appointing the company’s external auditor.
Senior management is responsible for declaring dividends.
Senior management is responsible for implementing changes recommended by the company’s internal au
A company implemented the policies enumerated below. Which would help
the company strengthen its SOX compliance?
Policies state that management shall be responsible for the internal controls and financial statements of th
for such findings.
The board of directors included corporate social responsibility (CSR) activities in their policies, making s
Because the company is a chemical firm, the audit committee it created did not include a financial expert
prevent spillage and quality control risks.
Given the influence of top management on the overall organization, the board included in its policies tha
Which of the following scenarios would possibly represent a management
philosophy that could pose a risk to the creation of an ethical control
environment?
A management team focused on generating long-term growth and increases in earnings power for shareh
A management team focused on exceeding short-term financial results so they can pay bonuses to all em
An organization that was previously cited for unethical behavior and illegal actions, but with a new mana
A management team that is focused on risk management and conservative management policies and cont
Which of the following statements is correct concerning the difference
between corporate bylaws and articles of incorporation?
Corporate bylaws cover how board members are to be notified of board meetings and articles of incorpor
Corporate bylaws are available to the public and articles of incorporation are not available to the public.
Corporate bylaws cover the specific responsibilities of board committees and articles of incorporation co
Corporate bylaws cover the par value of common shares and articles of incorporation cover whether the c
The Foreign Corrupt Practices Act (FCPA) of 1977:
Requires certain records be kept for a minimum amount of time.
Forbids the bribing of foreign officials.
Requires companies maintain a reasonable set of internal controls.
All of the above.
Which of the following is not a responsibility of the entire board of
directors?
Oversee risk management
Manage the company on a day-to-day basis
Monitor the CEO’s performance
Approve the company’s strategic plan
What is the best definition of “tone at the top” as it pertains to internal
auditing, corporate governance, and management philosophy?
Tone at the top represents the actions undertaken by management to establish ethics and the importance o
Tone at the top means that the management team has established an ethics hotline and reporting policy to
Tone at the top is under the purview of external auditors and consultants recommending actions and polic
Tone at the top is fulfilled and demonstrated by the implementation of training led by external experts an
A company is faced with some corporate governance challenges. The
board is proactive in its role of governing the company, especially when
management is making decisions that may influence the future of the
company. As such, senior management and the board became quite
unsure of how to delineate their roles and sometimes have disagreements
about how the company should conduct operations. What would work best
to solve this issue?
Replace senior management and appoint other executives who would agree with you.
As an ethical practice, step down as a board and let someone else fill the role.
Review the company's by-laws to see if it has guidance on the role of the board and senior management.
Inform senior management that the board is on a larger scale regarding the corporate governance hierarch
Which of the following is an example of a detective control?
Requiring that all purchases be made with approved vendors
Installing theft prevention tags on merchandise
Comparing expenses in the general ledger to approved invoices
Keeping unused checks in a locked room
Which of the following is the most appropriate example of a control put in
place over payroll?
The payroll accounts and information should be combined with the other business accounts.
Human resources should delegate the payroll process to the treasury department.
The payroll accounts and authorizations should be distinct and separate from other business payments an
Payroll should be outsourced to an external third party.
SOX requires that the audit committee have at least one financial expert. A
person can be deemed a financial expert through all of the following
means except:
having education and experience as a principal financial officer or of a similar function.
having experience actively supervising a principal financial officer or person performing similar function
having experience overseeing or assessing the preparation, auditing, or evaluation of financial statements
having experience in managing a corporation on a day-to-day basis.
Which of the following SOX provisions would prevent familiarity risk
between the audit firm and the company being audited?
SOX Section 301 requires the audit committee's independence.
SOX Section 407 requires audit committees to have at least one member who qualifies as a financial exp
SOX Section 404 requires public companies to establish and maintain a system of internal controls.
SOX Section 203 requires lead audit partners to rotate off engagements.
During an external audit, management must make certain assertations and
statements related to both the internal control environment and financial
information. What is the most accurate summarization of these
assertations?
That all financial information is stated without any errors or omissions whatsoever.
That all technology tools and upgrades over financial reporting that have been implemented are disclosed
Management assertions are only linked to the internal control environment, and the proposed effectivene
That all accounts shown exist, and that all financial information has been reported and disclosed.
How does establishing an ethics hotline or some other method for
employees to report possible ethics issues impact an organization’s control
environment?
Setting up an ethics hotline has not provided any meaningful benefit to the culture and governance of org
Because employees must identify themselves when they report possible unethical activity, an ethics hotli
An anonymous employee hotline or portal helps improve culture and governance since employees can re
An anonymous hotline helps improve culture and governance because ethical issues are always reported
How do auditors take the importance of internal controls into account
during the testing and auditing process?
Since internal controls are the sole responsibility of management and internal auditors, controls do not pl
Controls are taken into account to help identify risks and help plan the other audit testing and processes w
Controls form the basis of the annual audit process and are the focus of external audit testing and procedu
Controls are only taken into account during an external audit when auditors are completely sure that exam
An accounting staff received an email urgently asking for the passcode to
access the accounts payable module. Because the staff did not know who
the person was and the address it was sent from, she found the email
suspicious and decided to report it. Which of the following threats to
security did the staff experience?
Phishing
IT
sabotage
Virus
Trojan
horse
Which of the following best summarizes what an engagement letter is and
how it is used during the external audit process?
An engagement letter explains and outlines the terms and conditions of the audit, but it does not include a
procedures to be conducted are chosen.
An engagement letter explains and outlines the terms and conditions of the audit, including an explanatio
An engagement letter is merely a formality in the current business environment, so it is standardized and
An engagement letter is usually written by the management team in coordination with legal experts to en
Which of the following is an example of a detective control?
Requiring that someone other than the person who approves new employees distribute direct deposit pay
Requiring two approvals for wire transfers
Requiring employees to scan ID cards to access company facilities
Requiring a credit score before granting credit to a customer
Which of the following statements is not correct concerning corporate
bylaws?
Corporate bylaws typically include information on the qualifications for serving on the board of directors
Corporate bylaws typically include information on the proper handling of potential conflicts of interest in
Corporate bylaws stipulate how many board of director members are needed to establish a quorum at boa
Corporate bylaws stipulate the voting rights of each shareholder class.
To what extent, if any, does the perception and evaluation of control risk
play in the external audit process as conducted by external auditors?
Since control risk is the responsibility of internal auditors and management, external auditors do not have
Control risk should be considered by the external auditor when planning and executing analytical proced
External auditors are tasked with assessing and testing the control risk of an organization, so they should
If the internal auditors have assessed control risk as low, external auditors do not need to consider it durin
Would instituting a cross-training program between the employees of the
human resources and accounting functions make sense from an internal
control perspective?
No, because human resources employees have access to confidential information, and they would not no
Yes, cross-training always generates internal efficiencies and benefits, as employees can uncover pain po
No, because cross-training is not as necessary today due to the increased ability of management to review
Yes, allowing accounting professionals to see how human resources handles employee compensation inf
What is the connection between the tone at the top and internal controls?
Since so much of the decision-making process has been automated and/or enhanced by technology, the c
has been.
The tone at the top remains critical for establishing company culture, implementing certain control tools,
The tone at the top really only pertains to financial reporting and information, so the connection to intern
Following recent scandals, tone at the top has been outsourced to external consultants and management p
Which of the following statements concerning internal control objectives
based on the COSO framework is not correct?
Internal controls are designed to provide reasonable assurance that a company produces reliable, transpar
Internal controls are designed to provide reasonable assurance that a company complies with applicable l
Internal controls are designed to provide reasonable assurance that a company runs efficiently and effecti
Internal controls are designed to provide reasonable assurance that a company will be profitable.
Which of the following is least likely to decrease the likelihood of an internal
control failure occurring?
Bonding employees who handle cash
Having one person approve credit applications and a different person approve writing off accounts receiv
Requiring all new vendors to go through a formal approval process
Performing bank reconciliations monthly
Which scenario represents a possible violation of assurance standards
over the safeguarding of cash assets in a retail environment?
If the cash receipts, deposits, and reconciliations are performed by different individuals within the organi
If the bank accounts impacted are reconciled by accounting team members, and reviewed by a third party
If the cash deposit and reconciliation process were performed by the same individual
If the cash records of the organization are only reconciled with support from bank statements and other th
Should the external auditors make sure that controls over the purchasing
and procurement processes are in place at an organization during the
annual audit process?
No, because internal controls are only concerned with internal activities and transactions of the organizat
processes.
External auditors should only ensure that the organization has controls in place for larger or unusual purc
Yes, the external auditors should ensure that controls are in place because external auditors should have f
Yes, the external auditors should ensure that controls are in place over the purchasing of external goods a
Which of the following correctly characterizes inherent, control, and
detection risks in relation to audit risk and audit work?
Inherent and control risks can be manipulated by the auditors through the suitable audit procedures thus c
Inherent and control risks serve as the groundwork on which the audit procedures would try to influence
Inherent and control risks are flexible enough to match and align to the target tolerable audit risk even pr
Detection risk is measured first in order to get a framework of the inherent and control risks exposure of
Given the increasingly global nature of business, management practices,
and supply chain initiatives, which of the following is the most accurate
description of internal control risk as it relates to different ways of doing
business?
Since global standards and methods of doing business are converging rapidly, there is limited internal co
Cultural differences, and different business practices, have not traditionally caused control issues among
Cultural differences and different ways of doing business globally can and often do cause issues, includin
As long as the human resources and legal teams are aware of potential internal control issues, the organiz
Which of the following provides the best definition of the purpose of internal
controls?
The purpose of internal controls is to ensure that financial statements are presented free from error to ext
The purpose of internal controls is to make sure that all technology-related assets and information are saf
Internal controls help safeguard organizational assets, protect information, and assist management in mak
Internal controls are primarily focused on safeguarding information linked to the financial statements.
Internal control systems are designed to ensure that organizations operate
as intended. Which of the following statements describes the internal
control objectives of effectiveness and efficiency of operations?
Controls were put into place so that assets are appropriately deployed and used for their intended purpose
The company accurately and adequately discloses information that may influence an investor's decision.
The company adopts a strict transfer pricing procedure to ensure that intercompany transactions will adeq
A multinational company complies with the Foreign Corrupt Practices Act prohibiting it from paying bri
Cash is the most liquid asset in the balance sheet that makes it susceptible
to fraud. All of the following pairs of cash-handling functions should be
segregated except:
Comparing deposits to ledger entries and reconciling receipts to deposits
Reconciling receipts to deposit and preparing the deposit form
Opening the mail and recording deposits to the ledger
Opening the mail and reconciling receipts to deposit
All of the following are compatible responsibilities in the payroll
process except:
Signing and distributing paychecks
Preparing the payroll and filing payroll tax forms
Hiring employees and authorizing changes to pay rates
Recordkeeping of active employees and approving timesheets
If an organization’s management team seeks to improve safeguards over
physical or digital assets, which category of controls would they most likely
implement?
The controls would most likely be categorized as network controls because assets form part of the busine
The controls would most likely be categorized as preventive controls because the controls would reduce
The controls would most likely be categorized as technology controls because the management team is in
The controls would most likely be categorized as detective controls because organizations prefer detectiv
activity.
Explain how the concept of bonding employees relates to the internal
control environment and security over organizational information.
Bonding employees helps protect the organization in the case of unethical or fraudulent activity by emplo
Bonding employees provides protection to employees in the organization in the case of organizational fra
Since the handling of cash occurs less often in almost every business today, the importance of bonding an
Automating cash reconciliations and instituting a review policy of bank reconciliation are two controls th
What is the most comprehensive explanation of the connection between
internal audit and corporate governance?
Internal audit should have the primary responsibility for communicating with external stakeholders and c
Corporate governance is primarily focused on qualitative information and communicating this data, whil
in any capacity.
With the advent of data analytics and artificial intelligence tools, corporate governance is becoming incre
majority of decision-making tools used by organizations.
Internal audit and corporate governance should work together to ensure that data integrity is maintained t
in a variety of ways.
Which of the following is the most probable control risk related to cash
counts, collections, and reporting in a retail environment?
The most probable risk is that management will not have an accurate assessment of how much cash enter
The most probable risk is that it is becoming increasingly difficult to find customers willing to use cash a
The most probable risk is that since bank transactions can take time to settle, organizational liquidity may
The most probable risk is that if cash is not carefully counted and reviewed, fraudulent activity (including
Which of the following is not a responsibility of the entire board of
directors?
Hire the external auditor
Declare dividends
Appoint the CEO
Establish the company’s
mission
Which of the following is correct?
According to the Sarbanes-Oxley Act (SOX) Section 404, the audit of internal controls is viewed as an in
The Public Company Accounting Oversight Board (PCAOB) has been established to support the existing
Concerns related to the auditor’s independence as associated with his audit clients are outside the scope o
The audit of internal controls aims to seek an independent review of how effectively the management per
financial reporting.
Which of the following statements is not correct concerning provisions of
the Sarbanes-Oxley Act of 2002 designed to improve the financial reporting
process?
Audit committees are required to either have at least one member who is considered to be a financial exp
Key executives (typically the CEO and CFO) must certify that they have designed internal controls that a
Companies must establish a system of internal controls over financial reporting and have that system aud
Audit firms are prohibited from providing all types of non-audit services to audit clients.
Which of the following is the best definition of control risk as it pertains to
external auditors?
The risk that if there are no internal controls in place at an organization, a material misstatement might oc
The risk that even after undergoing an external audit, errors and misstatements are present in the organiza
The risk that the client's internal controls will not prevent or detect a material misstatement.
The risk that auditors give an unqualified opinion on a firm's financial statements when they contain a m
A real estate company operates a mall in the business district. To protect
against fire and any forms of natural disaster, its management decided to
take property insurance. Which of the following risk mitigation strategies did
the management employ?
Accept
risk
Reduce
risk
Transfer
risk
Avoid risk
Businesses with adequate internal controls can capture and communicate
information accurately, efficiently, and securely. All of the following
processes are positive signs that effective information communication
systems are in place except:
Competent individuals are hired for each function, and background checks are performed.
Access to policies that help clarify responsibilities, guide direction, and set expectations is made availabl
Employees can communicate incidents, failures, and concerns through a well-established mechanism.
Controls are in place to protect data from unauthorized access.
What situation would most likely represent an internal control environment
where the external auditors would greatly increase the control risk while
managing an audit?
An organization where management routinely emphasizes the importance of long-term growth and earnin
An organization that has been previously fined by the SEC for earnings manipulations and has reduced c
An organization where there were ethics violations 10 years ago under previous management, but new m
The control environment is assessed by internal auditors at the organization, so external auditors are not u
Agency problems arise when there are conflicts of interest between the
trustees (management) and the principals (shareholders). All of the
following are correct when it comes to agency problems and corporate
governance except:
One way to address agency problems is by independent audits checking on management actions and perf
Agency problems can be mitigated by compensating trustees with financial and nonfinancial incentives t
Corporate governance is only focused on how to promote and maximize shareholders’ wealth. Hence, the
Putting limitations on what a trustee can do is another way to address agency problems. As an example, s
Which of the following is not an example of a safeguarding control?
Cash is locked in a drawer and the controller has the only key.
Access to the room where computer servers are located is restricted.
Randomly reviewing employee website activity.
Prenumbered forms are used.
Can internal controls pose a risk to organizational efficiency, even if they
are developed and tested internally by management and the internal audit
function?
No, if the internal controls are developed and tested by the internal audit function there is no risk of them
Yes, controls developed internally will almost always negatively impact efficiency, because even though
impacts organizational efficiency.
Yes, there is always a risk that internal controls could negatively impact operational efficiency, even if th
No, controls do not hinder operational efficiency because being efficient is the most important aspect for
In an external audit, what connection is there between control risk and
subsequent audit procedures?
Control risk is the responsibility of internal auditors and management professionals; therefore, it is not co
The higher the level of assessed control risk, the lower the amount of testing and procedures are required
The lower the level of assessed control risk, the lower the amount of testing and procedures are required.
As artificial intelligence and blockchain technology become more integrated, the necessity of testing and
Which of the following complies with the Sarbanes-Oxley Act of 2002
(SOX)?
Members of the audit committee are allowed to have consulting and advisory engagements with the com
All audit committee members must qualify as financial experts, given the intricacies of the committee's w
Public companies must establish and maintain a system of internal controls, which external auditors mus
SOX requires lead audit partners to rotate off engagements every three years to help maintain the indepen
Which of the following is outside the scope of Section 301 of the Sarbanes-
Oxley Act (SOX)?
It highlights the critical importance of having an independent audit committee in order to empower this g
In the absence of a separate and distinct set of members identified as the audit committee, all members of
the independence rule.
A public entity is required to disclose the presence or absence of a financial expert in its audit committee
qualification as a financial expert.
The audit committee shall be held as primarily responsible for handling whistleblowers, both internal and
Which of the following statements is not correct concerning provisions of
the Sarbanes-Oxley Act of 2002 designed to improve the financial reporting
process?
Companies must establish a system of internal controls over financial reporting and have that system aud
Companies are prohibited from ever hiring people who worked for their audit firm for key financial posit
Audit committees have the sole authority to hire and fire independent auditors.
The lead audit partner must rotate off engagements every five years.
Which of the following statements is not correct concerning provisions of
the Sarbanes-Oxley Act of 2002 designed to improve the financial reporting
process?
Key executives (typically the CEO and CFO) must certify that they have designed internal controls that a
The lead audit partner must rotate off engagements every five years.
External auditors are allowed to provide internal audit services for audit clients as long as the client’s aud
Audit committees have the sole authority to hire and fire independent auditors.
A local dollar store sells a wide assortment of merchandise such as
household supplies, cosmetics, and snacks. While the owner recognizes
the risk that items might be shoplifted, he thought putting security tags on
one-dollar merchandise is too cumbersome. In addition, shoplifting does
not happen a lot in the neighborhood. Which of the following risk mitigation
strategies should the store employ?
Retain risk
Reduce
risk
Transfer
risk
Avoid risk
How should intangible assets be treated and tested during an external audit
process?
Since intangible assets do not have a physical presence, there is no reason to audit and examine these ass
Because intangible assets are an increasingly important part of the value associated with the organization
Intangible assets should only be tested with the use of external experts, and management professionals sh
The only way to accurately assess and test intangible assets is to verify that legal ownership has both bee
Which of the following provides the best description of audit effectiveness?
Audit effectiveness only pertains to the external audit process, so it is not a concern for internal auditors
Audit effectiveness relates directly with how audit firms and auditors can use available financial and hum
Audit effectiveness pertains to how accurate and timely the results of the audit process are.
Audit effectiveness relates directly with how timely and efficient auditors are in the production and comm
All of the following are preventive controls over fixed assets except:
Reconciliation of actual depreciation expense against budget.
Installation of radio frequency identification (RFID) tags.
Keeping a log of fixed asset serial numbers.
Requiring approvals for asset disposals.
Should a segregation of duties exist between the individuals who create
and enter journal entries, and the individuals who approve and post these
items?
This segregation of duties should exist to help prevent possible unethical, erroneous, or fraudulent postin
This segregation of duties should exist because it will increase efficiency in the organization, as individu
This segregation of duties is not important if the person creating the entry is at least at the supervisor leve
This segregation of duties is not important because entries have become increasingly automated in nature
Which of the following elements will an auditor use to evaluate the control
environment of an entity?
Inherent and residual risks
Independence checks on performance and adequacy of documents and records
Physical control over assets, segregation of duties, and authorization of transactions
Ethical values, organizational structure, management philosophy, and operating style
Which of the following internal control activities most likely would deter
lapping of collections from customers?
Independent internal verification of dates of entry in the cash receipts journal with dates of daily cash sum
Separation of duties between receiving cash and posting the accounts receivable ledger.
Authorization of write-offs of uncollectible accounts by a supervisor independent of credit approval.
Supervisory comparison of the daily cash summary with the sum of the cash receipts journal entries.
Which of the following can be considered a good corporate governance
practice?
The board of directors has delegated the human resources department to source and hire the chief executi
A company formed an audit committee and appointed the brother of the chief financial officer as the hea
A company hired some well-experienced and certified internal auditors to become part of their internal a
The board established corporate policies and provided corporate social responsibility (CSR) activities ad
In what situation are external auditors required to perform analytic
procedures, substantive examinations, and other verification tests during
the context of an annual audit?
An annual audit should always contain analytical procedures, substantive examinations, and other metho
Auditors are required to perform analytical procedures, substantive examinations, and other verification t
Auditors are required to perform analytical procedures, substantive examinations, and other verification t
Auditors should only conduct testing and other examination procedures if there is reasonable doubt as to
Which of the following would accurately be classified as a control related to
the safeguarding and storage of physical cash and cash equivalent assets?
Mandating that all employees in the treasury department update their passwords every 30 days using spec
Requiring that every cash count conducted within the organization is verified by at least one independent
Implementing a job rotation program between the accounts payable function, and human resources to hel
Hiring an external consulting firm to review the current policies and controls over the organization and re
Which of the following is least likely to decrease the likelihood of an internal
control failure occurring?
Bonding employees who handle cash
Having one person approve credit applications and a different person approve writing off accounts receiv
Requiring all new vendors to go through a formal approval process
Performing bank reconciliations monthly
Which of the following would be the most appropriate reaction to a
company assessing that there is a low likelihood that an internal control
failure will occur and that the potential loss from the failure is low?
Accept the risk of the failure and not do anything
Implement internal controls to prevent or detect the failure
Purchase insurance against failures
Adjust the strategy to avoid failures
Management, in designing its internal control system, can choose between
detective and preventive type of controls, among others. Which is the best
guide in their selection?
Detective controls might, in some cases, discover the error or fraud only after incurring significant negati
It is difficult to create a one-size-fits-all type of system design, thus a cost-benefit analysis is recommend
Preventive controls, in general, aim to stop the risk at the earliest point possible, which is from the point
The best design of internal control systems is one with more preventive controls than detective controls,
Which of the following would be the most appropriate reaction to a
company assessing that there is a low likelihood that an internal control
failure will occur and that the potential loss from the failure is high?
Implement internal controls to prevent or detect the failure
Purchase insurance against failures
Adjust the strategy to avoid failures
Accept the risk of the failure and not do anything
An accounting staff responsible for accounts receivable has been diverting
customers' payments by offsetting other customers' payments. Which of
the following controls can prevent this lapping fraud from happening?
Enforce mandatory vacation
Audit cash receipt transactions regularly
Send monthly statements to customers
Require customers to pay directly to a
lockbox
Which of the following statements is not correct concerning provisions of
the Sarbanes-Oxley Act of 2002 designed to improve the financial reporting
process?
Accounting firms are allowed to provide tax services to audit clients as long as the client’s audit committ
Audit committee members cannot accept consulting, advisory, or any other fees from the company (exce
Audit firms must rotate off engagements every five years in order to maintain the independence of the au
Key executives (typically the CEO and CFO) must certify that they have reviewed the financial statemen
A manufacturer receives checks from its customers as payment for orders.
Because of this, the company had to segregate duties to different
personnel to handle its cash receipts. Which of the following risk mitigation
strategies did the company take?
Accept
risk
Reduce
risk
Transfer
risk
Avoid risk
Which of the following is accurate with regard to the updating of
technological controls?
If technology controls are implemented on a rolling period, in alignment with suggested changes from th
Technology, including technology controls, should be updated at a continuous rate to reflect and align w
Internal auditors should delegate the construction and implementation of internal controls to the technolo
Because technology is a rapidly changing area, attempting to establish controls is not the most effective u
Which of the following company practices would likely encourage an
effective internal control environment?
Management can override controls and manipulate accounting records to make performance look better t
The organization adopts a whistleblower policy that protects individuals from retaliation to encourage the
There are no established policies on hiring, compensation, promotion, and evaluation.
Organizational structure is not clearly defined and documented in a chart, so lines of reporting are vague.
Which of the following is not a reason why using prenumbered purchase
order forms with sequential numbers is a form of internal control?
Using prenumbered forms with sequential numbers eliminates the chance that an employee will forget to
Using prenumbered forms with sequential numbers eliminates the chance of having multiple purchase or
Using prenumbered forms with sequential numbers allows a company to know exactly how many purcha
Using prenumbered forms with sequential numbers saves time when filling out the form since the numbe
Which of the following is an example of an internal control that could be
implemented to help reduce the risk of fraudulent payments made to
external vendors?
Designate one person or small department to be in charge of payment approvals.
Internal audit should designate their responsibility of control over payroll processes to the payroll functio
Establish a policy that all payments must go to vendors that are already on the approved vendor list prior
If the organization passes the external audit sufficiently, and has a policy of bonding employees, there is