Republic of the Philippines

SORSOGON STATE COLLEGE

Department of Business and Management Education
ACCOUNTANCY AND ACCOUNTING TECHNOLOGY
Bulan Campus
Zone 8, Bulan, Sorsogon, 4706
INTERNAL AUDITING
FIRST Semester, Academic Year 2017-2018

INTERNAL CONTROL ISSUES

Multiple Choice
Identify the choice that best completes the statement or answers the question.

____ 1. The auditor is examining copies of sales invoices for the initials of the person checking the extensions. This is
an example of a
a. Substantive test. c. Dual-purpose test.
b. Test of controls. d. Test of balances.
____ 2. Which of the following statements about internal control is correct?
a. The cost-benefit relationship should be considered in designing internal controls.
b. Poor internal control calls for more extensive control tests.
c. Establishing and maintaining internal control is the internal auditor's responsibility.
d. Strong control allows the auditor to eliminate substantive tests of details.
____ 3. Which of the following elements is not a part of an entity's internal controls?
a. Information and communication systems c. Control activities.
support.
b. The control environment. d. Control risk.
____ 4. Accounting functions that are normally considered incompatible in a manual system are often combined by
computer software. This necessitates an application control that prevents unapproved
a. Access to the computer library. c. Revisions to existing software.
b. Usage of software. d. Testing of modified software.
____ 5. Which of the following would be least likely to be regarded as a test of a control? 
a. Tests of the additions to property by c. Recalculation of payroll deductions.
physical inspection.
b. Tests of signatures on purchase orders d. Comparisons of the signatures on
cancelled checks to the authorized check
signer list.
____ 6. A significant deficiency is best defined as
a. An attempt by the client to limit the scope of the auditor's work in conducting the financial
statement engagement.
b. A deficiency that adversely affects the ability to process transactions in accordance with
generally accepted accounting principles.
c. Fraud or illegal acts committed by management that have a material impact on the
financial statements.
d. A violation of the entity's conflict-of-interest policies and code of ethics.
____ 7. A flowchart of a client's internal controls
a. Is typically obtained from the client’s internal auditors.
b. Serves as the audit program for testing of controls.
c. Provides documentation of the system of internal control.
d. Illustrates the type of fraud, which may have occurred in the system.
____ 8. After obtaining an understanding of internal control and arriving at a preliminary assessed level of control
risk, an auditor decided to perform tests of controls. The auditor most likely decided that: 
a. There were many internal control c. Additional evidence to support a reduction
deficiencies that would allow in the assessed level of control risk is not
misstatements to enter the accounting available.
system.
b. It would be efficient to perform tests of d. An increase in the assessed level of

INTERNAL AUDITING Page 1 of 5

 controls that would result in a reduction in control risk is justified for certain financial
planned substantive procedures. statement assertions.
____ 9. Which statement is correct concerning the definition of internal control developed by the Committee of
Sponsoring Organizations (COSO)? 
a. Its applicability is largely limited to c. It suggests that it is important to view
internal auditing applications. internal control as an end product as
contrasted to a process or means to obtain
an end.
b. It emphasizes the effectiveness and d. It is recognized in the Statements on
efficiency of operations over the reliability Auditing Standards.
of financial reporting.
____ 10. The effectiveness of controls is not generally tested by: 
a. Observation of the application of c. Performance of analytical procedures.
accounting policies and procedures.
b. Inquiries of appropriate client personnel. d. Inspection of documents and reports.
____ 11. Under which circumstance is it likely that the extent of substantive procedures will be expanded beyond that
anticipated in the audit plan? 
a. The auditors have determined that controls c. Certain controls do not leave a trail of
have been implemented (placed in documentary evidence.
operation) but, in accordance with the
audit plan, have performed no tests of
controls.
b. Deviation rates were greater than zero and d. The operating effectiveness of certain
approached anticipated levels. controls was found to be less than
expected, although no material
misstatements were identified.
____ 12. Control risk and the reliance planned for the auditor’s substantive procedures have which of the following
types of relationship?
a. Direct. c. Unknown.
b. Inverse. d. Parallel.
____ 13. Which of the following is most likely to be considered a risk assessment procedure relating to internal
control? 
a. Trace a transaction through the c. Perform a test of a control relating to
information system relevant to financial payroll.
reporting.
b. Confirm accounts receivable. d. Take test counts of the year-end inventory.
____ 14. Which of the following audit tests is a test of controls?
a. Comparing inventory prices to vendors' invoices.
b. Tests of the additions to property, plant, and equipment by physical inspections.
c. Tests of the specific items making up the balance in a financial statement account.
d. Comparing signatures on canceled checks to those of authorized check signers.
____ 15. Tests of controls do not ordinarily address: 
a. The cost effectiveness of the way a control c. How a control was applied.
was applied.
b. The consistency with which a control was d. By whom a control was applied.
applied.
____ 16. Which of the following is not true concerning control activities?
a. Information and communication is an important component of control activities.
b. Transaction authorization is a control activity.
c. Control procedures are another term for control activities.
d. Control activities generally fall into the two categories of preventive controls and detective
controls.
____ 17. Proper segregation of duties is separating the following functions:
a. Authorization, execution, and recording. c. Payment, recording, and authorization.
b. Custody, execution, and reporting. d. Payment, execution, and authorization.

INTERNAL AUDITING Page 2 of 5

____ 18. A material weakness is a condition in which material errors or fraud may occur and not be detected within a
timely period by
a. Certified fraud examiners when called in to investigate fraud.
b. Employees in the normal course of performing their functions.
c. The external auditor during the annual audit.
d. Customers of the organization when they are paying for services.
____ 19. Evidence about segregation of duties is best obtained by
a. Studying a flowchart detailing who performs which duties.
b. Inspecting conflict of interest policies for segregation of duties procedures.
c. Observation of employees who perform control activities.
d. Making inquiries of coworkers about which employees performs which duties.
____ 20. Which of the following is least likely to be evidence of operating effectiveness of controls? 
a. Cancelled supporting documents. c. Records documenting usage of computer
programs.

b. Confirmations of accounts receivable. d. Signatures on authorization forms.

____ 21. Control activities include
a. Market share data. c. The control environment.
b. Risks faced by the entity from new d. Authorization of purchases of new
technology. equipment.
____ 22. Limiting access to assets and records might be accomplished by
a. Access codes for those parties with authorization to access assets and records.
b. Risk assessment of the parties with authorization to access assets and records.
c. A control environment, which discourages access to assets and records.
d. Audit trails documenting who had authorization to access assets and records.
____ 23. Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal
control for planning purposes? 
a. Confirmation. c. Checklist.
b. Questionnaire. d. Flowchart.
____ 24. Which of the following matters would an auditor most likely consider to be a significant deficiency to be
communicated to the audit committee? 

a. Recurring operating losses that may c. Management's failure to renegotiate

indicate going concern problems. unfavorable long-term purchase
commitments.

b. Evidence of a lack of objectivity by those d. Management's current plans to reduce its

responsible for accounting decisions. ownership equity in the entity.

____ 25. If the auditors do not perform tests of controls for certain assertions: 
a. They have performed a substandard audit. c. They are not required to communicate
significant deficiencies relating to those
accounts to management and the board of
directors.
b. They must issue a qualified opinion. d. They must assess control risk at the
maximum level for those assertions.
____ 26. After consideration of a client's internal control, an auditor might decide to
a. Increase the extent of substantive testing in areas where the controls are weak.
b. Reduce the extent of tests of controls in areas where the controls are strong.
c. Increase the extent of substantive testing in areas where controls are strong.
d. Reduce the extent of both substantive tests and tests of controls in areas where the controls
are strong.
____ 27. After gaining an understanding and documenting internal control, the auditor may elect to perform tests on
a. A random sample of the controls that were reviewed.
b. Those controls for which significant deficiencies have been identified.
c. Those controls that the auditor plans to rely on.

INTERNAL AUDITING Page 3 of 5

 d. Those controls that have a material effect on the financial statement balances.
____ 28. When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level
of control risk will: 
a. Be less than the preliminary assessed level c. . Equal the actual control risk.
of control risk.
b. Equal the preliminary assessed level of d. Be less than the actual control risk.
control risk.
____ 29. The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) includes
controls related to the reliability of financial reporting, the effectiveness and efficiency of operations, and: 

a. Incorporation of ethical business practice c. Compliance with applicable laws and

standards. regulations.
b. Safeguarding of entity equity. d. Effectiveness of prevention of fraudulent
occurrences
____ 30. Which of the following statements is correct concerning the understanding of internal control needed by
auditors? 
a. The auditors must understand the control c. The auditors must understand monitoring
environment, risk assessment, and all and all preliminary accounting controls.
control activities.
b. The auditors must understand the d. The auditors must have a sufficient
information system, not the accounting understanding to assess the risks of
system. material misstatement.
____ 31. A significant deficiency: 
a. Is identical to a material weakness except c. Involves an amount of discovered
that it need not be communicated to those misstatements greater than the amount
responsible for oversight of the company's used as the planning measure of
financial reporting. materiality.
b. Differs from a material weakness in that it d. Is less severe than a material weakness.
involves internal control over operations
rather than internal control over financial
reporting.
____ 32. Internal control procedures are designed to provide reasonable assurance that
a. The recorded accountability for assets is compared with the physical assets at intervals of
five years or more.
b. Transactions are executed in accordance with management's authorization.
c. The internal auditors permit access to assets only with approval.
d. The effects of fraud will be eliminated from the financial statements.
____ 33. Which of the following is not a component of internal control?
a. Control environment. c. Information and communication.
b. Monitoring. d. Auditor’s business risk.
____ 34. Monitoring is accomplished by the client through
a. Analyst’s report on the stock of the client. c. Its Risk Containment department.
b. Continuing and periodic evaluations. d. SEC reports on the client.
____ 35. Which of the following is part of risk assessment?
a. A foreign subsidiary does not adapt to changes in company procedures.
b. Lack of proper approval of payroll checks.
c. The client lacks written procedures for initiating sales transactions.
d. The client does not reconcile its bank accounts on a regular basis.
____ 36. Which of the following is part of the control environment?
a. Monthly bank reconciliations. c. Segregation of duties.
b. Codes of conduct. d. Procedures for initiating transactions.
____ 37. In an auditor's consideration of internal control, the completion of a questionnaire is most closely associated
with which of the following?
a. Understanding the system. c. Tests of controls.
b. Separation of duties. d. Flowchart accuracy.

INTERNAL AUDITING Page 4 of 5

____ 38. Which of the following is done by an auditor when gaining an understanding of an entity's internal controls?
a. Test depreciation for reasonableness.
b. Design the nature, timing, and extent of substantive tests.
c. Initially consider business risk.
d. Identify the types of potential misstatements that might occur.
____ 39. Which is most likely when the assessed level of control risk increases? 
a. Use the maximum number of dual purpose c. Change from performing substantive
tests. procedures at year-end to an interim date.
b. Perform substantive procedures directed d. Use larger sample sizes for substantive
inside the entity rather than tests directed procedures.
toward parties outside the entity.
____ 40. Which of the following is the correct order for performing the procedures noted?
a. Test controls, perform substantive tests, understand the system of internal control.
b. Test controls, understand the system of internal control, perform substantive tests.
c. Perform substantive tests, test controls, understand the system of internal control.
d. Understand the system of internal control, test controls, perform substantive tests.

INTERNAL AUDITING Page 5 of 5

INTERNAL CONTROL ISSUES
Answer Section

MULTIPLE CHOICE

1. ANS: B PTS: 1 OBJ: (AICPA ADAPTED)

2. ANS: A PTS: 1
3. ANS: D PTS: 1 OBJ: (AICPA ADAPTED)
4. ANS: C PTS: 1 OBJ: (AICPA ADAPTED)
5. ANS: A PTS: 1 DIF: H
6. ANS: B PTS: 1
7. ANS: C PTS: 1
8. ANS: B PTS: 1 DIF: H REF: AICPA
9. ANS: D PTS: 1 DIF: H
10. ANS: C PTS: 1 DIF: M
11. ANS: D PTS: 1 DIF: H
12. ANS: B PTS: 1
13. ANS: A PTS: 1 DIF: H
14. ANS: D PTS: 1 OBJ: (AICPA ADAPTED)
15. ANS: A PTS: 1 DIF: H
16. ANS: A PTS: 1
17. ANS: A PTS: 1
18. ANS: B PTS: 1
19. ANS: C PTS: 1
20. ANS: B PTS: 1 DIF: H
21. ANS: D PTS: 1
22. ANS: A PTS: 1
23. ANS: A PTS: 1 DIF: E
24. ANS: B PTS: 1 DIF: M REF: AICPA
25. ANS: D PTS: 1 DIF: M
26. ANS: A PTS: 1 OBJ: (AICPA ADAPTED)
27. ANS: C PTS: 1 OBJ: (AICPA ADAPTED)
28. ANS: B PTS: 1 DIF: H
29. ANS: C PTS: 1 DIF: M
30. ANS: D PTS: 1 DIF: E
31. ANS: D PTS: 1 DIF: M
32. ANS: B PTS: 1
33. ANS: D PTS: 1
34. ANS: B PTS: 1
35. ANS: A PTS: 1
36. ANS: B PTS: 1
37. ANS: A PTS: 1 OBJ: (AICPA ADAPTED)
38. ANS: D PTS: 1
39. ANS: D PTS: 1 DIF: M
40. ANS: D PTS: 1

INTERNAL AUDITING Page 6 of 5