AUDIT REVIEWER

PSA 315, Internal Control

Principles of Audit

1. Internal control is a process, effected by an entity's board of directors, management, and

other personnel, designed to provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance.
TRUE FALSE

2. Most internal control deficiencies are identified through substantive tests.

TRUE FALSE

3. The auditor’s assessment of internal control is required to be done quantitatively.

TRUE FALSE

4. After assessing detection risk, the auditor performs tests of controls.

TRUE FALSE

5. Effective control not only identifies risk but also responds to these risks appropriately.
TRUE FALSE

6. Control risk and detection risk are inversely related.

TRUE FALSE

7. The auditor’s view of internal control is broader than that of management.

TRUE FALSE

8. Internal control is a process designed to guarantee the achievement of the objectives of

reliable financial reporting, compliance with laws and regulations and ineffective and
inefficient operations.
TRUE FALSE

9. The quality of an organization's internal control will affect both the audit approach and the
amount of testing needed for an engagement.
TRUE FALSE

10. Control activities are the policies and procedures that are established to assist in
accomplishing objectives and to mitigate risks.
TRUE FALSE

0 0
11. An organization's commitment to integrity is demonstrated through the tone set by the
board and management.
TRUE FALSE

12. Control is considered to be part of corporate governance.

TRUE FALSE

13. An organization's control environment is established and maintained by the internal

auditing department.
TRUE FALSE

14. Investors and lenders are not concerned with internal control of the companies in which
they invest.
TRUE FALSE

15. The better the quality of the internal controls, the more an auditor can rely on the controls.
TRUE FALSE

16. The better the quality of internal control, the lower the control risk.
TRUE FALSE

17. The five major components of an organization's internal control are: the control
environment, risk assessment, control activities, information and communication, and
monitoring.
TRUE FALSE

18. A company’s internal auditing practices should not be considered when assessing control
risk.
TRUE FALSE

19. Authorization procedures include that all the person have the authority to change already
recorded transaction.
TRUE FALSE

20. In addition to controls being specific, they may be broad, such as policies regarding a code
of ethics.
TRUE FALSE

21. Physical controls are necessary to protect and safeguard assets from accidental or
intentional destruction and theft.
TRUE FALSE

0 0
22. Physical controls to safeguard assets are not intended to include simple controls such as
fences and locks.
TRUE FALSE

23. An auditor is not required to obtain evidence about the design and operation of the internal
controls to reduce the assessment of control risk below maximum.
TRUE FALSE

24. When control risk is assessed at a maximum level, the auditor assumes that the internal
controls are reliable in preventing or detecting material misstatements.
TRUE FALSE

25. When control risk is assessed at a minimum level, the auditor assumes that the internal
controls are reliable in preventing or detecting material misstatements.
TRUE FALSE

26. Performing a walk-through provides an auditor an understanding of the nature of

processing in important accounting applications.
TRUE FALSE

27. The payroll department should be responsible for signing payroll checks.
TRUE FALSE

28. A strong control environment can reduce all the financial reporting risks to zero.
TRUE FALSE

29. The auditor's preliminary assessment of control risk is based on an understanding of the
control system as it has operated in the past and is designed to operate.
TRUE FALSE

30. When control risk is assessed at less than maximum, the auditor must gain assurance that
the control procedures are effective.
TRUE FALSE

31. The auditor is obligated to report significant deficiencies in the control structure
discovered during an audit to the audit committee or its equivalent.
TRUE FALSE

32. One of the advantages of a computerized accounting system is that the computerized
system eliminates the need for internal controls.
TRUE FALSE

0 0
33. Transaction-oriented controls should be tested using the guidelines developed for attribute
testing utilizing statistical sampling techniques. (An example is a test for authorization of a
transaction - either yes or no).
TRUE FALSE

34. Control risk can be evaluated on a scale from high to low.

TRUE FALSE

35. Testing internal control for effectiveness is done in every audit.

TRUE FALSE

36. Auditing in Practice feature demonstrates the linkage of control weaknesses and audit
tests.
TRUE FALSE

37. The auditor should obtain an understanding of whether the client's controls sufficiently
address the risk of material misstatement due to fraud.
TRUE FALSE

38. One of the components of internal control, monitoring, refers to the process of identifying,
capturing, and exchanging information in a timely fashion to enable accomplishment of the
organization's objectives.
TRUE FALSE

39. One of the components of internal control, the control environment, is considered
pervasive and the auditor should start the evaluation of controls at this level.
TRUE FALSE

40. Control activities may be implemented at the organizational level and at the transactional
level.
TRUE FALSE

41. Internal control is applied across all activities of the organization.

TRUE FALSE

42. Internal control is concerned with the reliability of financial information.

TRUE FALSE

43. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain
business.
TRUE FALSE

44. Well-designed internal control will prevent all fraud by top management.

0 0
 TRUE FALSE
45. Incompatible duties exist when an employee is in a position to perpetrate and conceal
errors or fraud.
TRUE FALSE

46. CPA firms may use written narratives to describe internal control in their audit working
papers.
TRUE FALSE

47. The auditors' communication of internal control significant deficiencies should be

addressed only to senior management of the company.
TRUE FALSE

48. If the auditors' assessment of the design of internal control reveals that it cannot be relied
upon, the auditors are not required to prepare any documentation of internal control for
their working papers.
TRUE FALSE

49. The relatively low number of types of transactions incurred by small firms makes the
segregation of duties impossible.
TRUE FALSE

50. In a financial statement audit, CPAs are required to assess the operating effectiveness of
most significant accounting-oriented controls.
TRUE FALSE

51. If control risk is assessed high, the auditor may send significantly fewer confirmations for
a sample of accounts receivable than if the control risk is assessed low.
TRUE FALSE

52. The most important control to ensure completeness of sales and shipping is pre-numbered
shipping and billing documents.
TRUE FALSE

53. The auditor has determined that the control risk for the existence assertion is low; therefore
the auditor may reduce the number of items tested on a substantive basis.
TRUE FALSE

54. Financial accounting personnel who do not have the proper education, experience and
backgrounds may signal the auditor to the risk of financial statement fraud.
TRUE FALSE

55. Good control means that risks are identified and dealt with effectively.

0 0
 TRUE FALSE
1. Which of the following elements is not a part of an entity’s internal controls?
a. Information and communication systems support.
b. Control risk.
c. Control activities.
d. The control environment.

2. Which of the following is not a component of internal control?

a. Monitoring.
b. Control environment.
c. Auditor’s business risk.
d. Information and communication.

3. The purpose of tests of controls in the examination of the financial statements of an SEC
client is to provide reasonable assurance that the
a. Controls can be relied upon.
b. Client has complied with GAAP.
c. CPA firm has complied with the quality control standards.
d. Accounting for transactions is accurate.

4. Which of the following is not a component of internal control according to the framework?
a. Control activities.
b. Risk assessment.
c. Monitoring activities.
d. Planning activities.

5. The audit report expressing an opinion on an entity’s internal controls should state that the
a. Compliance objectives of the client’s internal controls are being met.
b. Inherent limitations of the client’s internal controls were examined.
c. Test of internal control revealed no deficiencies in the operation of the system.
d. Establishment and maintenance of internal control is the responsibility of management.

6. Which of the following tests form the basis for an auditor’s report on internal control over
financial reporting?
a. Analytical procedures.
b. Tests of transactions.
c. Tests of controls.
d. Tests of details of balances.

7. Which of the following audit tests would be regarded as a test of controls?

a. Tests of the specific items making up the balance in a financial statement account.
b. Comparing inventory prices to vendors’ invoices.
c. Comparing signatures on canceled checks to those of authorized check signers.

0 0
 d. Tests of the additions to property, plant, and equipment by physical inspections.
8. Which of the following is part of the control environment?
a. Segregation of duties.
b. Codes of conduct.
c. Procedures of initiation transactions.
d. Monthly bank reconciliations.

9. Which of the following statements is true regarding the auditor's responsibilities related to
reporting?
a. Auditors should obtain sufficient appropriate evidence to provide a reasonable basis for
the opinion regarding the financial statements under audit.
b. The audit opinion relates only to the client's financial statements, and does not relate to
the required footnote disclosures.
c. If the auditor has reservations about the fairness of presentation of the financial
statements, the auditor does not need to provide the reason for this reservation, but
needs to only state that the financial statements are not fairly presented.
d. All of these statements are true.

10. Which of the following statements about the auditor’s responsibilities in public company
audits is true?
a. The auditor issues opinions on the financial statements and internal control over
financial reporting.
b. The auditor issues an opinion on the financial statements; if those are found to be fairly
stated, the auditor proceeds to issue an opinion on internal control over financial
reporting.
c. The auditor issues an opinion on the financial statements only if internal control over
financial reporting is found to be effective.
d. The auditor issues an opinion on the financial statements and management issues the
opinion on internal control over financial reporting.

11. After gaining an understanding and documenting internal control, the auditor may elect to
perform tests on
a. Those control that the auditor plans to rely on.
b. Those controls for which significant deficiencies have been identified.
c. Those controls that have a material effect on the financial statement balances.
d. A random sample of the controls that were reviewed.

12. Control risk and the reliance planned for the auditor's substantive procedures have which
of the following types of relationship?
a. Direct.
b. Unknown.
c. Inverse.
d. Parallel.

0 0
13. After consideration of a client's internal control, an auditor might decide to
a. Increase the extent of substantive testing in areas where the control structure is strong.
b. Reduce the extent of tests of controls in areas where the controls are strong.
c. Reduce the extent of both substantive tests and tests of controls in areas where the
controls are strong.
d. Increase the extent of substantive testing in areas where the controls are weak.

14. Tests of controls are directed toward the control’s

a. Efficiency.
b. Efficiency and effectiveness.
c. Effectiveness.
d. Cost benefit ratio.

15. In an auditor's consideration of internal control, the completion of a questionnaire is most

closely associated with which of the following?
a. Separation of duties.
b. Understanding the system.
c. Flowchart accuracy.
d. Tests of controls.

16. Which of the following is done by an auditor when gaining an understanding of an entity's
internal controls?
a. Design the nature, timing, and extent of substantive tests.
b. Test depreciation for reasonableness.
c. Identify the types of potential misstatements that might occur.
d. Initially consider business risk.

17. Company-wide policies for the approval of all transactions within stated limits
a. General authorization.
b. Independent check of performance.
c. Control environment.
d. Specific authorization.

18. A material weakness is a condition in which material errors or fraud may occur and not be
detected within a timely period by
a. Customer of the organization when they are paying for services.
b. Certified fraud examiners when called in to investigate fraud.
c. The external auditor during the annual audit.
d. Employees in the normal course of performing their functions.

0 0
19. Which of the following procedures most likely would be included as part of an auditor’s
tests of control procedures?
a. Inspection.
b. Reconciliation.
c. Confirmation.
d. Analytical procedures.

20. A CPA’s consideration of internal control in a financial statement audit for a client
a. Is generally more extensive than that made for an engagement to express an opinion on
internal control.
b. Is the same as for an engagement to express an opinion on internal control.
c. Results in the CPA expressing an opinion on the internal control.
d. Is generally more limited than that made for an engagement to express an opinion on
internal control.

21. After consideration of a client’s internal control, an auditor might decide to

a. Increase the extent of substantive testing in areas where controls are strong.
b. Reduce the extent of tests of controls in areas where the controls are strong.
c. Reduce the extent of both substantive tests and tests of controls in areas where the
controls are strong
d. Increase the extent of substantive tests in areas where the controls are weak.

22. Which of the following is not a purpose of the auditor's consideration of internal control
for an audit client?
a. To ascertain if controls may be relied upon.
b. To assess control risk.
c. To gain an understanding of internal control.
d. To determine the time budgeted for controls.

23. Proper segregation of duties is separating the following instructions:

a. Payment, execution, and authorization.
b. Custody, execution, and reporting.
c. Payment, recording, and authorization.
d. Authorization, execution, and recording.

24. A flowchart of a client’s internal controls

a. Provides documentation of the system of internal control.
b. Is typically obtained from the client’s internal auditors.
c. Serves as the audit program for testing of controls.
d. Illustrates the type of fraud which may have occurred in the system.

0 0
25. Significant deficiencies in internal control are required to be reported
a. Creditors which the client has debt to.
b. The audit committee of the board of directors.
c. Management of the unit in which they occurred.
d. Internal auditors of the entity.

26. In an audit of a nonpublic company, the primary objective of obtaining an understanding of

internal control is for the auditor to
a. Comply with PCAOB standards.
b. Be able to assess inherent risk.
c. Obtain information necessary to plan the audit.
d. Make the acceptance or continuance decision of the client.

27. After gaining an understanding of a public company’s internal control and arriving at an
initial assessment of control risk at a low level, the next step for the auditor is to
a. Determine the timing of substantive tests.
b. Issue the opinion on internal control.
c. Consider the most appropriate substantive tests to be performed.
d. Test controls to be relied upon.

28. The auditor has evaluated the system of internal control and has reached the conclusion
that the system is well designed and is functioning as designed. The next step for the
auditor is to
a. Issue the opinion on the financial statements.
b. Increase analytical procedures that are planned in the audit program.
c. Remove substantive tests from the audit program.
d. Leave substantive testing as planned for in the audit program.

29. The main purpose of the auditor’s consideration of internal control for a client is to
a. Determine the nature, timing, and extent of substantive tests.
b. Express an opinion on the financial statements.
c. Develop suggestions for improvements in internal control.
d. Determine whether fraud has occurred during the year of audit.

30. Evidence about segregation of duties is best obtained by

a. Studying a flowchart detailing who performs which duties.
b. Making inquiries of coworkers about which employees performs which duties.
c. Inspecting conflict of interest policies for segregation of duties procedures.
d. Observation of employees who perform control activities.

31. Which of the following is not one of the four transaction cycles?
a. Expenditure/disbursement.
b. Risk assessment.

0 0
 c. Revenue/receipt.
d. Conversion.

32. Which of the following statements about internal control is correct?

a. Poor internal control calls for more extensive control tests.
b. Establishing and maintaining internal control is the internal auditor’s responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests.
d. The cost-benefit relationship should be considered in designing internal control.

33. Internal control procedures are designed to provide reasonable assurance that
a. The effects of fraud will be eliminated from the financial statements.
b. Transactions are executed in accordance with management’s authorization.
c. The recorded accountability for assets is compared with the physical assets at intervals
of five years or more.
d. Access to assets is permitted only with approval by the internal auditors.

34. Which of the following is not true concerning control activities?

a. Control procedures is another term for control activities.
b. Transaction authorization is a control activity.
c. Control activities generally fall into the two categories of preventive controls and
detective controls.
d. Information and communication is an important component of control activities.

35. Auditors trace a transaction through the system

a. Via an audit trail.
b. When making inquiries of the internal auditor.
c. By making inquiries of the audit committee.
d. Near the close of the engagement.

36. Narratives, flowcharts, and internal control questionnaires are three common methods of:
a. Documenting the auditor’s understanding of internal controls.
b. Testing the internal controls.
c. Designing the audit manual and procedures.
d. Documenting the auditor’s understanding of a client’s organizational structure.

37. Limiting access to assets and records might be accomplished by

a. Audit trails documenting who had authorization to access assets and records.
b. A control environment which discourages access to assets and records.
c. Access codes for those parties with authorization to access assets and records.
d. Risk assessment of the parties with authorization to access assets and records.

0 0
38. Which of the following must the auditor communicate to the audit committee?
a. Significant deficiencies and material weaknesses.
b. Only significant deficiencies.
c. Only material weaknesses.
d. Neither significant deficiencies nor material weaknesses.

39. To be effective, an accounting system should

a. Assess the risk that transactions will not be recorded.
b. Measure the transactions properly.
c. Include provisions for monthly updates of the accounting software.
d. Identify and describe significant deficiencies for the auditors.

40. On financial statement audits, it is required that the auditors obtain an understanding of
internal control, including:
a. Its operating effectiveness.
b. Whether it has been implemented (placed in operation).
c. Performing tests of controls for all material controls.
d. Its ability to provide reasonable assurance.

0 0