Full name: Nguyễn Thị Thảo Trang

ID: 31221021691
Fundamental of Auditing - Exercise Topic 2-3 – Ethics & Internal Controls

MULTIPLE CHOICE QUESTIONS

1) An audit of financial statements is conducted to determine whether the:
A) organisation is operating efficiently and effectively.
B) auditee is following specific procedures or rules set down by a peer group authority.
C) overall financial statements are stated in accordance with specified criteria.
D) none of the above
 C
2) Using the same auditor team on an assurance engagement over a long period of time most likely creates
which of the following threats to auditor independence?
A) self-interest.
B) self-review.
C) intimidation.
D) familiarity.
 D
3) Which one of the following is NOT one of the five fundamental principles of professional conduct set out
in the Code of Ethics for Professional Accountants?
A) continuing education
B) confidentiality
C) integrity
D) objectivity
 A
4) When considering the arrangement of staff to an engagement, an audit partner must always:
A) ensure confidentiality is not compromised.
B) ensure the audit staff are satisfied.
C) be satisfied that the staff has the appropriate expertise and independence.
D) ensure the client is satisfied.
 A
5) Proper segregation of functional responsibilities calls for separation of the functions of:
A) authorisation, payment, and recording.
B) custody, execution, and reporting.
C) authorisation, recording, and custody.
D) authorisation, execution, and payment.
 C
6) When controls leave no documentary evidence or trail:
A) the only way available as verification of their effectiveness is inquiry of management.
B) it is impossible to verify them so the auditor will have to rely on substantive tests.
C) the auditor generally observes them being applied.
D) it is impossible to audit that area of client's system.
 C
7) Which of the following would not be considered an inherent limitation of the potential effectiveness of an
entity's internal control structure?
A) Incompatible duties
B) Management override
C) Mistakes in judgment
D) Collusion among employees
 A
8) Actions, policies, and procedures that reflect the overall attitude of management, directors, and owners of
the entity about internal control relate to which of the following internal control components?
A) Control environment
B) Information and communication
C) Risk assessment
 D) Monitoring
 A
9) What requirements are usually necessary to become licensed as a certified public accountant?
A. Successful completion of the Uniform CPA Examination.
B. Experience in the accounting field.
C. Education.
D. All of the above.
 D
10) Compliance auditing often extends beyond audits leading to the expression of opinions on the fairness of
financial presentation and includes audits of efficiency, economy, effectiveness, as well as
A) accuracy.
B) adherence to specific rules or procedures.
C) Evaluation
D) internal control.
 B
11) Which of the following correctly describes an internal control component?
A) Control activities set the tone of the organization.
B) Information and communication systems have to do with management's analysis of risk.
C) Risk assessment relates to assessing the quality of the internal control structure over time.
D) Monitoring relates to ongoing assessment by management to determine whether controls are
operating as intended.
 D
12) Which of the following best describes the operational audit?
A) It requires the constant review by internal auditors of the administrative controls as they relate to
the operations of the company.
B) It concentrates on implementing financial and accounting control in a newly organized company.
C) It focuses on verifying the fair presentation of a company’s results of operations.
D) It concentrates on seeking aspects of operations in which waste could be reduced by the introduction
of controls.
 D
DISCUSSION PROBLEMS

Required: Indicate which of the five COSO internal control components is best represented by each
internal control. (Control environment, Risk assessment, Control activities, Information and
communication, and Monitoring)

1. The company’s computer systems track individual transactions and automatically accumulate
transactions to create a trial balance.
 Information and communication
2. On a monthly basis, department heads compare a budget to actual performance report and investigate
unusual differences.
 Control activities
3. The company must receive university transcripts documenting all college degrees earned before an
individual can begin his or her first day of employment with the company.
 Control environment
4. Senior management obtains data about external events that might affect the entity and evaluates the
impact of that information on its existing accounting processes.
 Risk assessment
5. Each quarter, department managers are required to perform a self-assessment of the department’s
compliance with company policies. Reports summarizing the results are to be submitted to the senior
executive overseeing that department.
 Monitoring
6. Before a cash disbursement can be processed, all payee information must be verified by matching the
payee to the company’s approved vendor listing.
 Control activities
7. The system automatically reconciles the detailed accounts receivable subsidiary ledger to the accounts
receivable general ledger account on a daily basis.
 Information and communication
8. The company has developed a detailed series of accounting policy and procedures manuals to help
provide detailed instructions to employees about how controls are to be performed.
 Control activities
9. The company has an organizational chart that establishes the formal lines of reporting and authorization
protocols.
 Control environment
10. The compensation committee reviews compensation plans for senior executives to determine if those
plans create unintended pressures that might lead to distorted financial statements.
  Risk assessment
BT 7.16
- Making note that "order received" without adding any information about the quantity and condition of the
goods. This may result in missing or damaged goods.
 Therefore, the receiving department needs to carefully count and check the received goods.
- Simply checking for purchase requisitions, orders and receiving reports for each purchase without
checking other details can lead to incorrect payment execution.
 The accounts payable department must check that there is a match between the date, description, amount,
price and reference number, then approve the payment.
- There is a lack of segregation of duties in that the financial accountant has cash payments duties and
performs the bank reconciliation. Therefore, the financial accountant may be able to misappropriate funds
without being discovered.
 Therefore, the bank reconciliation should be performed by someone independent of payments and
receipts functions to provide a cross-check on these functions.

Group discussions:
1. Please differentiate Test of control (TOC) and Control activities. Give examples.
Test of control Control activities
Purpose Evaluate the effectiveness of Preventive and detective
control activities controls, reduce the risk of
management
When CR is assessed at less than a high If the management chooses to
Substantive procedures alone is accept or avoid the risk based on
not sufficient risk assessment
How If an audit trail does exist: Encompass a range of manual
- Inspect documentation and automated activities:
associated with the - Segregation of duties
transaction for evidence - Authorization and
of the control approvals
When no audit trail exists - Verification
- Verified - Physical control
- Observation - Control data
- Inquiry of the control - Reconciliations
- Re-performance - Supervisory
Objects Control activities Risk
Example Look for evidence of new orders All purchase orders for inventory
being rejected if they would and supplies must be approved
breach the credit limit. This by a designated manager before
could be tested by inspecting they are submitted to suppliers.
copies of notifications sent to This ensures that the company
customers. The auditor might only orders necessary items and
also consider using test data prevents unauthorized or
to observe if an order exceeding unnecessary purchases.
the credit limit is actually
rejected.

1
2. Please differentiate Test of control (TOC) and Sustantive Test. Give example.
Test of control Substantive test
Components Is the testing tool for Is the control mechanism of
assessing control risk controlling detection risk
Step It is the second step in audit It is the third step in audit
testing testing
Types Can be classified 2 types: Can be classified 3 types
concurrent test and planned
test of control
Basic TOC is the police end It is done on the basic of
procedures monetary error
Determination Effectiveness and efficiency Fairness of FS
of internal control
Timing TOC are done on interim date The Substantive test is done
on the balance sheet date
Example The auditor just documents Watch the physical inventory
about purchasing system of count as it happens for each
the client as the purchase is ending period.
part of the significant process
in the operating expenses,
inventories as well as fixed
assets sections.