CHAPTER 9: INTERNAL CONTROL

CRC-ACE

1. The risk that an auditor’s procedures will lead to the conclusion that material error
does not exist in an account balance when, in fact, such error does exist is referred
to as
a. Audit Risk
b. Inherent Risk
c. Control Risk
d. Detection Risk

2. Which of the following is not a component of audit risk?

a. Detection Risk
b. Business Risk
c. Control Risk
d. Inherent Risk

3. The primary responsibility of establishing and maintaining an internal control

structure starts with
a. The external auditors
b. The internal auditors
c. Management and those charged with governance
d. The controller or the treasurer

4. Which of the following internal control objectives would be most relevant to the audit?
a. Operational objective
b. Compliance objective
c. Financial reporting objective
d. Administrative control objective

5. An auditor’s consideration about internal control is that

a. A specific control prevents or detects errors, material misstatements in classes of
transactions, account balances or disclosures, and their related assertions
b. A specific control contributes to the efficiency and effectiveness of entity’s
operation
c. The control reasonably ensures that the entity complies with government laws
and regulations
d. The control prevents collusion among employees

6. Inherent limitations in an internal control structure must be considered in evaluating

its effectiveness in preventing and detecting errors and fraud. Inherent limitations
does not include
a. Misunderstanding of instructions, mistakes of judgment, personal carelessness,
distraction or fatigue
b. Incompatible functions prepared by the same person
c. Collusion among employees
d. Management override of certain policies and procedures
7. When considering the effectiveness of a system of internal accounting control, the
auditor should recognize that inherent limitations do exist. Which of the following is
an example of an inherent limitation in a system if internal accounting control?
a. The effectiveness of procedures depends on the segregation of employee duties
b. Procedures are designed to assure the execution and recording of transactions in
accordance with management authorization
c. In the performance of most control procedures, there are possibilities of errors
arising from mistakes in judgment
d. Procedure for handling large number of transactions are processed by electronic
data processing equipment

8. Which of the following is not an element of an entity’s internal control structure?

a. Control risk
b. Control Activities
c. Information and communication
d. The control environment

9. Which of the following factors are included in an entity’s control environment?

BOD’s Participation Assignment of Responsibility Management Operating Style
a. YES YES NO
b. YES NO YES
c. NO YES YES
d. YES YES YES

10. In evaluating the design of an entity’s internal control environment, the auditor
considers the following except
a. Integrity and ethical values
b. Commitment or competence
c. Organizational structure
d. Information and communications system

11. As the acceptable level of detection risk decreases, an auditor would LEAST likely
change
a. The timing of substantive tests by performing them at year-end
b. The nature of substantive tests from a less effective to a more effective
procedure
c. The timing of test of controls by performing them at several dates rather than at
one time
d. The extent of substantive tests such as using larger sample size

12. As the acceptable level of detection risk decreases the auditor may
a. Perform test of controls at year-end rather than at interim
b. Increase the level of inherent and control risk
c. Design more effective substantive procedures
d. Use larger sample size for test of controls
13. Which of the following factors are included in an entity’s control environment
Commitment to competence Segregation of duties Organizational structure
a. YES YES NO
b. YES NO YES
c. NO YES YES
d. YES YES YES

14. Which of the following best describes the entity’s risk assessment process?
a. Entity’s process of identifying business risk relevant to financial reporting
objectives and deciding about actions to address those risk
b. Entity’s assessment of audit risk affecting the financial statements
c. Entity’s assessment of risk that internal control may fail to detect misstatements
affecting the financial statements
d. Entity’s process of evaluating risks of misstatements due to fraud

15. The policies and procedure that help ensure that management directives are carried
out are referred to as
a. Control Environment
b. Control activities
c. Monitoring of Controls
d. Information system

16. Which of the following is not an example of control activities?

a. Personnel policies and procedures
b. Authorization of transactions
c. Segregation of duties
d. Safeguarding of assets

17. When obtaining an understanding of an entity’s internal control, the auditor should
obtain knowledge about the system’s
Design Implementation Operating Effectiveness
a. YES YES YES
b. YES YES NO
c. YES NO NO
d. YES NO YES

18. Evaluating the design of an entity’s internal control would involve

a. Considering whether the control, individually or in combination with other
controls, is capable of effectively preventing, or detecting and correcting material
misstatements
b. Determining whether control exists and the entity is using it
c. Determining whether the control is operating effectively
d. Determining the consistency of the application of internal control procedures

19. Obtaining knowledge about whether the control is implemented can be best obtained
by
a. Inquiry of client’s personnel
b. Reading procedures manual
 c. Tracing transactions through the information system relevant to financial
reporting
d. Performing test of control

20. Test of controls are directed towards control

Effectiveness Efficiency
a. YES YES
b. NO NO
c. YES NO
d. NO YES

21. Test of controls are designed to obtain evidence to support the auditor’s assessment
of control risk
a. At a high level
b. At less than high level
c. At zero level
d. At the maximum level
RESA

1. Evaluate the following statements.

I. Internal controls are affected by those charged with governance, management,
and other personnel
II. Internal controls provide absolute assurance about the achievement of the
entity’s objectives on financial reporting, operations and compliance.
III. Internal controls have inherent limitations.
a. True, True, True
b. True, False, True
c. True, False, False
d. False, False, False

2. Evaluate the following statements.

I. The auditor, not the management, must establish and maintain the entity’s internal
control.
II. Professional standards require auditors to obtain an understanding of a client’s
internal control.
III. Professional standards require auditors to test the operating effectiveness of a
client’s internal control in all audits.
a. True, True, True
b. True, False, True
c. True, False, False
d. False, False, False

3. A reason to establish internal control is to:

a. Have a basis for planning the audit.
b. Provide reasonable assurance that the objectives of the organization are
achieved.
c. Encourage compliance with organizational objectives
d. Ensure the accuracy, reliability and timeliness of information

4. According to PSA 315, the auditor uses the understanding of internal control to:
a. Identify the types of potential misstatements
b. Consider the factors that affect the risk of material misstatements
c. Design the nature, timing and extent of further audit procedures (i.e., test of
controls and substantive tests)
d. All of these.

5. In an audit of financial statements, an auditor’s primary consideration regarding a

control is whether it:
a. Enhances management’s decision-making processes.
b. Reflects management’s philosophy and operating style.
c. Affects management’s financial statement assertions.
d. Provides adequate safeguards over access to assets.

6. What is the relationship between an entity’s objectives and the controls it implements
to provide reasonable assurance about their achievement?
 a. Direct
b. Inverse
c. Adverse
d. Cannot be determined

7. An auditor would most likely be concerned with internal control policies and
procedures that provide reasonable assurance about:
a. The efficiency of management’s decision-making process.
b. Appropriate prices the entity should charge for its products.
c. Methods of assigning production tasks to employees.
d. The entity’s ability to process and summarize financial data.

8. These controls may also be relevant to the audit if the external auditor intends to
make use of company-produced information in designing and performing further
audit procedures (test of controls and substantive tests):
a. Controls over completeness and consistency.
b. Controls over existence and occurrence.
c. Controls over completeness and accuracy.
d. Controls over presentation and disclosure.

9. The following are components of internal control

a. Organizational structure, management philosophy, and planning.
b. Legal environment of the firm, management philosophy, and organizational
structure.
c. Risk assessment process, backup facilities, responsibility accounting and natural
laws.
d. Control environment, risk assessment process, control activities, information
system and communication, and monitoring of controls.

10. Which of the following best describes “control environment”?

a. The entity’s process for identifying business risks relevant to financial reporting
objectives and deciding about actions to address those risks, and the results
thereof.
b. The system for transferring information from transaction processing systems to
the general ledger or the financial reporting system
c. Policies and procedures that help ensure the management directives are carried
out.
d. This includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management
concerning the entity’s internal control and its importance to the entity.

11. Management’s attitude towards aggressive financial reporting and its emphasis on
meeting projected profit goals most likely would significantly influence an entity’s
control environment when:
a. Management is dominated by one individual who is also a shareholder.
b. External policies established by parties outside the entity affect its accounting
practices.
 c. The audit committee is active in overseeing the entity’s financial reporting
policies.
d. Internal auditors have direct access to the board of directors and entity
management.

12. An entity’s risk assessment process includes how management:

a. Identifies business risks relevant to financial reporting objectives.
b. Estimates the significance of the risks.
c. Assesses the likelihood of the occurrence of risks.
d. Decides on actions to address the risks.
e. All of the choices.

13. Risks can arise or change due to circumstances such as the following, except:
a. There is a change in the regulatory or operating environment.
b. No new employees have been hired by the company.
c. The company switched from manual information systems to a computerized
system.
d. The accounting and financial reporting framework has experienced significant
revisions.

14. The information system consists of the following:

a. Infrastructure
b. People
c. Procedures and data
d. All of these

15. The objective of the recording function of transactions (in the context of internal
accounting control) is to
a. Limit access and to permit preparation of financial statements in accordance with
GAAP.
b. Assure compliance with the rules of all regulatory bodies having jurisdiction over
the reporting entity
c. Permit preparation of financial statements in accordance with GAAP and to
maintain accountability of assets.
d. Encourage operational efficiency and adherence to prescribed managerial
policies.

16. Which of the following statements describe the processing function of an accounting
system?
a. Identifying and capturing the relevant information for transactions or events.
b. Editing and validation, calculating, measuring, valuing, summarizing, and
reconciling functions
c. The preparation of financial reports as well as other information, in electronic or
printed format, that the entity uses in measuring and reviewing the entity’s
financial performance.
d. All of these statements describe the recording function.
17. Which of the following descriptions pertain to physical controls?
a. Control activities that include reviews and analyses of actual performance versus
budgets, forecasts, and prior period performance.
b. Controls performed to check accuracy, completeness, and authorization of
transactions.
c. Physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
d. The assignment of incompatible functions to different people.
e. Control activities involving the specific or general authorization of a transaction.

18. Which of the following would be preventive controls?

a. The use of batch totals.
b. Reconciling the accounts receivable subsidiary file with the control account.
c. Requirement that two persons open mail.
d. Preparation of bank reconciliation.

19. An example of specific transaction authorization is the:

a. Setting of automatic reorder points.
b. Establishment of sales prices.
c. Establishment of a customer’s credit limits.
d. Approval of a construction budget for new merchandise.

20. A proper segregation of duties requires:

a. That an individual authorizing a transaction should record it also.
b. That an individual authorizing a transaction maintain custody of the asset that
resulted from the transaction.
c. That an individual maintaining custody of an asset be entitled to access the
accounting records for the asset.
d. That different individuals should handle custody, authorization and record-
keeping.

21. A process implemented by management to assess the effectiveness of internal

control performance over time.
a. Monitoring of controls
b. Quality control system
c. Tests of controls
d. Risk assessment procedures

22. An entity’s ongoing monitoring activities often include:

a. Periodic audits by the audit committee.
b. Reviewing the purchasing function.
c. The audit of the annual financial statements.
d. Control risk assessment in conjunction with quarterly reviews.

23. An effective internal control structure

a. Reduces the need for management to review exception reports on a day-to-day
basis.
b. Eliminates risk and potential loss to the organization.
 c. Cannot be circumvented by management.
d. Is unaffected by changing circumstances and conditions encountered by the
organization.

24. Internal control can only provide reasonable, not absolute, assurance of achieving
entity control objectives. One of the factors limiting the likelihood of achieving those
objectives is that:
a. The auditor’s primary responsibility is the detection of fraud.
b. The board of directors is active and independent.
c. The cost of internal control should not exceed its benefits.
d. Management monitors internal control.

25. When an organization has a strong internal control structure, management can
expect various benefits. The benefit least likely to occur is
a. Reduces cost of an external audit.
b. Elimination of employee fraud.
c. Availability of reliable data for decision-making purposes and protection of
important documents and records.
d. Some assurance of compliance with SEC regulations.

26. Which of the following is an example of an inherent limitation in a client’s internal

control system?
a. The effectiveness of procedures depends on the segregation of employee duties.
b. Procedures are designed to assure the execution and recording of transactions in
accordance with management’s authorization.
c. In the performance of most control procedures, there are possibilities of errors
arising from mistakes in judgment.
d. Procedures for handling large numbers of transactions are processed by
information technology equipment.

27. Which of the following conditions supports strong internal control?

a. Strict monitoring by the Bureau of Internal Revenue.
b. The existence of related parties and related party transactions.
c. Pressure by the financial community to improve earnings performance.
d. An economic downturn.

28. Which of the following pertains to the control environment?

a. Management has created and maintained a culture of honesty and ethical
behavior.
b. The process in which operating activities are assigned.
c. Both a and b
d. Neither a nor b

29. Which of the following pertains to risk assessment?

a. An audit client’s process for identifying business risks relevant to the financial
reporting objective
 b. Business procedures, within both IT and manual systems, by which those
transactions are initiated, recorded, processed, corrected, transferred to the
general ledger and reported in the financial statements
c. Client policies on limiting physical access to assets and records.
d. All of the above.

30. Which of the following pertains to information systems?

a. An audit client’s process for identifying business risks relevant to the financial
reporting objective
b. Business procedures, within both IT and manual systems, by which those
transactions are initiated, recorded, processed, corrected, transferred to the
general ledger and reported in the financial statements
c. Client policies on limiting physical access to assets and records.
d. All of the above.

31. Which of the following pertains to control activities?

a. An entity’s policy on assessing the likelihood of a specific risk occurrence.
b. Business procedures, within both IT and manual systems, by which those
transactions are initiated, recorded, processed, corrected, transferred to the
general ledger and reported in the financial statements
c. Client policies on limiting physical access to assets and records.
d. An audit client’s process for identifying business risks relevant to the financial
reporting objective.

32. Which of the following is (are) a correct statement(s) for internal control systems of
small companies?
a. Elements of internal control for small entities may not be available in
documentary form.
b. Segregation of incompatible duties are often inadequate due to staff limitations.
c. The involvement of the owner-manager may be a compensatory control for the
inadequate segregation of incompatible duties.
d. All of the above.
PRTC

Introduction-Importance of Understanding the Entity’s Internal Control

1. According to PSA 315, an auditor uses the understanding of internal control to:
a. Identify types of potential misstatements
b. Consider factors that affect the risks of material misstatement
c. Design the nature, timing and extent of further audit procedure
d. All of the above

2. Reasons to evaluate internal control would not include

a. Basis for planning the audit
b. Determining the nature, timing and extent of further audit procedures
c. Basis for type of opinion to be rendered.
d. Formulating constructive suggestions for improvements

RAP to Obtain Understanding of Internal Control

3. The auditor's understanding of the accounting and internal control systems significant
to the audit is ordinarily obtained through previous experience with the entity. In
addition, the auditor may perform the following procedures, except:
a. Inquiries of appropriate management, supervisory and other personnel at various
organizational levels within the entity, together with reference to documentation,
job descriptions and flow charts, although inquiry although is not sufficient.
b. Inspection of documents and records produced by the accounting and internal
control system
c. Observation of the entity's activities and operations, including observation of the
organization of computer operations, management the nature of transaction
personnel and processing
d. Reperformance of internal control procedures

4. Risk dissessiment procedures performed to obtain evidence about the design and
implementation of relevant controls include
a. External confirmation.
b. Recalculation
c. Analytical procedures
d. Tracing transactions or walkthrough

5. In obtaining an understanding of a manufacturing entity's internal control concerning

inventory balances an auditor most likely would
a. Review the entity's descriptions of inventory policies and procedure
b. Perform test counts of inventory during the entity's physical count
c. Analyze inventory turnover statistics to identify slow-moving and obsolete items.
d. Analyze monthly production reports to identify variances and unusual
transactions.

6. Which of the following is not useful for obtaining an understanding of internal

controls?
a. Make inquiries of the client's personnel
 b. Examine documents and records
c. Read industry trade magazines
d. Observe client activities and operations.

Nature of Internal Control

7. The process designed and effected by those charged with governance,

management, and other personnel to provide reasonable assurance about the
achievement of the entity's objectives with, regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with applicable laws and
regulations
a. Internal Control
b. Accounting control
c. Control environment
d. Administrative control

8. The financial statements are not likely to correctly reflect GAAP if the
a. Controls affecting the reliability of financial reporting are inadequate.
b. Company's controls do not promote efficiency.
c. Company's controls do not promote effectiveness
d. Company's control do not promote compliance with applicable rules and
regulations.

9. Among the three objectives of internal control, which is of most importance to the
auditor in an audit of financial statements?
a. Reliability of financial reporting.
b. Effectiveness and efficiency of operations.
c. Compliance with applicable laws and regulations.
d. All of the above.

10. What is the relationship between an entity's objectives and the controls it implements
to provide reasonable assurance about their achievement?
a. Direct.
b. Inverse
c. None
d. Both A and B

11. An entity's internal control encompasses its

a. People.
b. Units and function.
c. Processes.
d. All of the above.

12. The primary responsibility for designing, implementing and maintaining internal
control rests with
a. Internal auditors
b. The external auditor
c. The CFO
 d. The management/TCWG

Inherent Limitations of Internal Control

13. When considering internal contn auditor must be aware of the concept of reasonable
assurance, which recognizes that
a. Employment of competent personnel provides assurance that the objectives of
internal control will be achieve
b. Establishment and maintenance of internal control is an important responsibility
of the management and not of the auditor
c. Cost of internal control procedures should not exceed the benefits expected to be
derived from the control
d. Segregation of incompatible functions is necessary to ascertain that the control
procedures are effective

14. Which of the following is not one of the inherent limitations of internal control?
a. Faulty human judgment
b. Collusion
c. Management override.
d. Lack of proper segregation of incompatible duties

15. Which of the following is most likely to be a direct consequence of the fact that
internal controls have inherent limitations that normally cannot be completely
eliminated?
a. Inherent risk must be greater than zero
b. Risk of material misstatement must be greater than zero
c. Audit risk must be greater than zero
d. Detection risk must be greater than zero

The Five Components of Internal Control and The Auditor's Required Understanding

16. Control environment component of internal control

a. Consists of the policies and procedures that help ensure that management
directives are carried out
b. Includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management
concerning the entity's internal control and its importance in the entity.
c. Is the entity's process for identifying business risks relevant to financial reporting
objectives and deciding about actions to address those risks, and the results
thereof.
d. Consists of the procedures and records established to initiate, authorize, record,
process, and report entity transactions, events and conditions and to maintain
accountability for the related assets liabilities, and equity.

17. Monitoring
a. Is the entity's identification and analysis relevant risks as a basis for their
management.
 b. Support, the identification, capture, and exchange of information in a form and
time frame that enable people to carry out their responsibilities
c. Is a process that assesses the quality of internal control performance over time.
d. Sets the tone of an organization, influencing the control consciousness of its
people

18. Control Environment

a. The foundation for the other, components of internal control to function as control
environment provides discipline and structure
b. To understand the control environment, the auditor considers programs and
controls addressing fraud risk implemented by management and those charged
with governance
c. The absence of programs and controls addressing fraud risk of control
environment may not represent a material weakness.
d. The evaluation of the design of the control environment includes considering the
seven elements of control environment.

19. Which of the following factors are included in an entity's control environment?
a b c d
Integrity and ethical values Yes No Yes Yes
Commitment to competence Yes Yes No Yes
Participation of those charged with governance Yes Yes No Yes
Management's philosophy and operating style Yes Yes No Yes
Organizational Structure No Yes Yes Yes
Assignment of authority and responsibility No Yes Yes Yes
Human resources policies and procedures Yes No Yes Yes

20. Which of the following relates to human resource

a. Effective communication of standards and values policies and practices factor of
control environment and removal of incentives and temptations for dishonest or
unethical acts.
b. Management's approach to taking and managing business risks
c. Consideration of key areas of authority and responsibility and appropriate lines of
reporting.
d. Recruitment, orientation, training, evaluation, counseling, promotion,
compensation, and remedial action.

21. In obtaining an understanding of control environment component of internal control,

an auditor should evaluate whether
a. Management, with oversight of TCWG, has created and maintained a culture of
honesty and ethical behavior
b. The strengths of control environment elements provide a foundation for the other
components of internal control
c. Both a and b
d. Neither a nor b

Risk Assessment
22. Which of the following risks should be considered by the entity's risk assessment
process?
a. b. c. d.
Changes in Yes Yes Yes Yes
operating
environment
New personnel Yes Yes Yes No
New or Yes Yes Yes Yes
revamped
information
systems
Rapid growth Yes No No Yes
New technology Yes Yes No No
New business Yes Yes Yes Yes
models,
products, or
activities
Corporate Yes Yes Yes Yes
restructurings
Expanded Yes Yes Yes Yes
foreign
operations
New accounting Yes Yes Yes Yes
pronouncements

23. In obtaining an understanding of an entity’s risk assessment process component of

internal control, an auditor should evaluate whether the entity has a process for
a. b. c. d.
Identifying Yes Yes Yes Yes
business risk
Estimating the Yes Yes Yes No
significance of
the risks
Assessing Yes Yes No Yes
likelihood of
occurrence

Deciding actions Yes No No Yes

to address those
risks.

24. Control activities are policies and procedures helping to ensure that actions are taken
to address risks to achievement of entity's objectives. Control activities may be
a. Manual.
b. Automated.
c. Manual and automated
d. All of the above.
25. Control activities component of internal control include
a. b. c. d.
Performance Yes Yes Yes No
reviews
Information Yes No No Yes
processing
Physical controls Yes Yes No No
Segregation of Yes Yes Yes Yes
duties
Authorization Yes Yes Yes Yes

26. Which of the following control activities refers to information processing control?
a. Reviews of actual performance versus budgets and prior performance.
b. Checking of accuracy, completeness, and authorization of transactions, which
include general controls and application controls.
c. The safeguarding of assets, records, periodic asset counts, and reconciliations
that creates accountability.
d. The separation of the functions to minimize the opportunities for a person to be
able to perpetrate and conceal errors or fraud in the normal course of his/her
duties.

27. Proper segregation of functional responsibilities calls for separation of the functions
of
a. Authorization, execution, and recording.
b. Authorization, execution, and payment.
c. Custody, execution, and reporting.
d. Authorization, payment, and recording

28. Which of the following statements is correct with respect to separation of duties?
a. Employees should not have temporary and
b. Employees who authorize transactions should not
c. It is permissible to allow an employee to open cash receipts and record those
receipts.
d. Employees who authorize transactions should have recording responsibility for
these transactions.

29. Physical controls to safeguard assets would include:

a. hiring only trustworthy cashiers
b. segregation of duties
c. locks on the warehouse doors
d. safety audits on the production-line

30. Controls that enhance the reliability of the financial statements may be classified as
prevention controls and detection controls. Which of the following is primarily a
detection control?
a. Separation of duties between recording cash receipts and depositing cash.
 b. Bank accounts are reconciled monthly by persons independent of cash recording
and cash custody.
c. The human resources department authorizes the hiring of only those persons for
accounting positions that meet the written job requirements specified by the
corporate controller.
d. An accounting manual, accompanied by a detailed chart of accounts, carefully
and clearly describes each type of transaction affecting the entity.

31. Internal controls may be preventive, detective, or corrective. Which of the following is
preventive?
a. Requiring two persons to open mail
b. Reconciling the accounts receivable subsidiary file with the control account.
c. Using batch totals.
d. Preparing bank reconciliations.

Information System and Communication

32. An information system consists of that interrelate to achieve a business goal.

a. b. c. d.
Physical and Yes Yes Yes No
hardware
infrastructure.
Software. Yes No No Yes
Data. Yes Yes No No
Manual and Yes Yes Yes Yes
automated
procedures
People Yes Yes Yes Yes

33. An information system

a. b. c. d.
Identifies and Yes Yes Yes No
records all valid
transactions.
Describes Yes No No Yes
transactions
sufficiently for
proper
classification.
Measures Yes Yes No No
transactions.
Determines the Yes Yes Yes Yes
proper reporting
period for
transactions
Presents Yes Yes Yes Yes
transactions and
 related
disclosures
properly.

34. Communication component of internal control includes providing an understanding to

employees about their roles and responsibilities. Communication, electronic, oral or
by management actions, may be through
a. Policy manuals.
b. Financial reporting manuals.
c. Memoranda.
d. All of the above.

Monitoring

35. A component of COSO's internal control system concerns the process that provides
feedback on the effectiveness of the other components of internal control. This
component is called:
a. Information & communication Monitoring
b. Control activities
c. Monitoring
d. Risk assessment

36. The monitoring process of internal control does not involve

a. Ongoing activities and separate evaluations
b. Actions of internal auditors
c. Communications from external parties. a lng as
d. None of the above

37. An entity's ongoing monitoring activities, which are built into normal recurring actions,
often include.
a. Periodic audits by the audit committed
b. Reviewing or supervising the purchasing function
c. The audit of the annual financial statements.
d. Control risk assessment in conjunction with quarterly reviews

Entity-Level and Transaction-Level Internal Controls

38. Statement 1: Entity-level internal controls are pervasive controls that relate to the
overall operations of an entity.
Statement 2: Transaction-level internal controls are specific controls that ensure
transactions are accurately and timely recorded, authorized, and processed.
a. True, true
b. True, false
c. False, true
d. False, false
 Evaluating Entity-Level Controls

39. An auditor typically follows approach in obtaining an understanding of

internal control
a. Top-down.
b. Down-top
c. Parallel
d. All of the above

The Entity's Transaction Cycles and Controls

40. An entity's transaction cycles typically include

a. b. c. d.
Revenue and Yes Yes Yes No
receipt cycle.
Purchasing and Yes No No Yes
disbursement
cycle.
Personnel and Yes Yes No No
payroll cycle.
Inventory and Yes Yes Yes Yes
production cycle
Financial and Yes Yes Yes Yes
investing cycle.

41. Which of the following statements with respect to the independent auditor's
evaluation of internal control is correct?
a. The auditor should decrease control testing when weaknesses in cash receipts
are mitigated by strong controls in cash disbursement procedures.
b. The auditor should increase control testing when weaknesses in billing
procedures are mitigated by strong controls in collection procedures
c. The auditor generally should not evaluate the overall effectiveness of internal
control, but should separately evaluate each of the transaction cycles
d. The auditor should evaluate all internal control weaknesses before determining
the control procedures that should prevent or detect errors or irregularities.

42. Why does the auditor divide the financial statements into smaller segments?
a. Using the cycle approach makes the audit, more manageable.
b. Most accounts have few relationships with others and so it is more efficient to
break the financial statements into smaller pieces.
c. The cycle approach is used because auditing standards require it
d. All of the above are correct.

Internal Control in Smaller Entities

43. An important issue that arises in the context of a small business which of the
following factors would be most likely to indicate to a CPA that a small business
enterprise was not auditable?
a. The inherent risk of materiai misstatement is high.
b. The company relies solely on manual data processing of basic transactions.
c. There are a limited number of employees and poor segregation of duties.
d. Underlying source documents for transactions are not retained.

44. Which of the following is most likely to be a characteristic of an owner-managed

small business?
a. A formal organization structure
b. A strong control environment.
c. Management tendency to override internal controls
d. Effective segregation of duties.

45. Which of the following risk assessments or values is least likely to be characteristic of
a small business audit?
a. Business risk is low.
b. Control risk is low.
c. Inherent risk is low
d. Detection risk is low.

46. In auditing smaller entities, an auditor usually finds it more efficient to apply
a. Tests of controls strategy
b. Substantive procedures strategy
c. Combinatian of a and b
d. Any of the above

47. Under what circumstances is testing of controls required when auditing a small
business
a. For those accounts where the auditor has determined that there are significant
inherent risks of material misstatement
b. For those accounts for which substantive testing alone does not provide sufficient
assurance
c. For those accounts where the auditor has determined the risk of fraud to be
higher than normal
d. For all accounts containing one or more transactions that are individually material
in amount

48. Which of the following best describes the level of engagement risk when a CPA
audits the financial statements for a small business client?
a. Low
b. Moderate
c. High
d. Maximum

Scope of Internal Control Understanding-Determining Relevant Controls

 49. PSAs require the auditor to obtain understanding of the entity's internal control
structure
a. For first time audit clients.
b. For every audit.
c. Whenever the auditor wishes or sees necessary
d. Sufficient to find any frauds that may exist.

50. In all audts, the auditor should obtain an components of internal understanding of
control sufficient to assess the risk of material misstatement and to design further
audit procedures.
a. Depends on the management's permission.
b. Majority
c. At least four
d. All the five.

CPA REVIEW SCHOOL OF THE PHILIPPINES

1. According to PSA 400, which of the following is correct regarding internal control
system?
a. Internal control system refers to all the policies and procedures adopted by the
auditor to assist in achieving management’s objective.
b. A strong environment, by itself, ensure the effectiveness of the internal control
system.
c. In the audit of financial statements, the auditor is only concerned with those
policies and procedures within the accounting and internal control systems that
are relevant to the financial statements.
d. The internal control system is confined to those matters which relate directly to
the functions of the accounting system.

2. Which of the following is correct about internal control?

a. Accounting and internal control systems provide management with conclusive
evidence that objectives are reached.
b. One of the inherent limitations of accounting and internal control systems is the
possibility that the procedures may become inadequate due to changes in
conditions, and compliance with procedures may deteriorate.
c. Most internal controls tend to be directed at non-routine transactions.
d. Management does not consider costs of the accounting and internal control
systems.

3. Corporate directors, management, external auditors, and internal auditors all play
important roles in creating a proper control environment. Top management is
primarily responsible for
a. Establishing a proper environment and specifying overall internal control.
b. Reviewing the reliability and integrity of financial information and the means used
to collect and report such information.
c. Ensuring that external and internal auditors adequately monitor the control
environment.
d. Implementing and monitoring controls designed by the board of directors.

4. Which of the following best describe the interrelated components of internal control?
a. Organizational structure, management philosophy, and planning.
b. Control environment, risk assessment, control activities, information and
communication systems, and monitoring.
c. Risk assessment, backup facilities, responsibility accounting and natural laws.
d. Legal environment of the firm, management philosophy, and organizational
structure.

5. In an audit of financial statements, an auditor’s primary consideration regarding a

control is whether it
a. Reflects management’s philosophy and operating style.
b. Affects management’s financial statement assertions.
c. Provides adequate safeguards over access to assets.
d. Enhances management’s decision-making processes.
6. Effective internal control
a. Eliminates risk and potential loss to the organization.
b. Cannot be circumvented by management.
c. Is unaffected by changing circumstances and conditions encountered by the
organization.
d. Reduces the need for management to review exception reports on a day-to-day
basis.

7. Which of the following statements about internal control is correct?

a. Properly maintained internal controls reasonably assure that collusion among
employees cannot occur.
b. Establishing and maintaining internal control is the internal auditor’s
responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests.
d. The cost-benefit relationship should be considered in designing internal control.

8. The ultimate purpose of assessing control risk is to contribute to the auditor’s

evaluation of the risk that
a. Tests of controls may fail to identify controls relevant to assertions.
b. Material misstatements may exist in the financial statements.
c. Specified controls requiring segregation of duties may be circumvented by
collusion.
d. Entity policies may be overridden by senior management.

9. A proper understanding of the client’s internal control is an integral part of the audit
planning process. The results of the understanding
a. Must be reported to the shareholders and the SEC.
b. Bear no relationship to the extent of substantive testing to be performed.
c. Are not reported to client management.
d. May be used as the basis for withdrawing from an audit engagement.

10. An entity should consider the cost of a control in relationship to the risk. Which of the
following controls best reflects this philosophy for a large peso investment in heavy
machine tools?
a. Conducting a weekly physical inventory.
b. Placing security guards at every entrance 24 hours a day.
c. Imprinting a controlled identification number on each tool.
d. Having all dispositions approved by the vice president of sales.

11. Audit evidence concerning segregation of duties ordinarily is best obtained by

a. Performing tests of transactions that corroborate management’s financial
statement assertions
b. Observing the employees as they apply specific controls.
c. Obtaining a flowchart of activities performed by available personnel.
d. Developing audit objectives that reduce control risk.
12. Which of the following statements about preliminary assessment of control risks is
correct?
a. After obtaining an understanding of the accounting and internal control systems,
the auditor should make a preliminary assessment of control risks, at the
assertion level, for all accounts or transaction classes.
b. The preliminary assessment of control risk can be done only after completing
tests of controls.
c. The preliminary assessment of control risk for a financial assertion is normally
low, unless the auditor is able to identify weaknesses that may indicate
ineffectiveness of accounting and internal control system.
d. The auditor ordinarily assesses control risk at high level for some or all assertions
when it is not cost efficient to do tests of controls.

13. Which of the following statements concerning control risk is correct?

a. When control risk is at the maximum level, an auditor is required to document the
basis for that assessment.
b. Control risk may be assessed sufficiently low to eliminate substantive testing for
significant transaction classes.
c. When assessing control risk, an auditor should not consider evidence obtained in
prior audits about the operation of controls.
d. Assessing control risk and obtaining an understanding of an entity’s internal
control may be performed concurrently.

14. Based on a consideration of internal control completed at an interim date, the auditor
assessed control risk at a low level and performed interim substantive tests. The
records and procedures would most likely be tested again at year-end if
a. Tests of controls were not performed by the internal auditor during the remaining
period.
b. Internal control provides a basis for limiting the extent of substantive testing.
c. The auditor used nonstatistical sampling during the interim period testing of
controls.
d. Inquiries and observations lead the auditor to believe that conditions have
changed.

15. Although substantive tests may support the accuracy of underlying records, these
tests frequently provide no affirmative evidence of segregation of duties because
a. Substantive tests rarely guarantee the accuracy of the records if only a person
who performs incompatible functions.
b. The records may be accurate even though they are maintained by a person who
performs incompatible functions.
c. Substantive tests relate to the entire period under audit, but tests of controls
ordinarily are confined to the period during which the auditor is on the client’s
premises.
d. Many computerized procedures leave no audit trail of who performed them, so
substantive tests may necessarily be limited to inquiries and observation of office
personnel.
16. After obtaining an understanding of internal control and assessing control risk, an
auditor decided not to perform additional tests of controls. The auditor most likely
concluded that the
a. Additional evidence to support a further reduction in control risk was not cost-
beneficial to obtain.
b. Assessed level of inherent risk exceeded the assessed level of control risk.
c. Internal control was properly designed and justifiably may be relied on.
d. Evidence obtainable through tests of controls would not support an increased
assessment of control risk.

17. The objective of tests of details of transactions performed as tests of controls is to

a. Monitor the design and use of entity documents such as prenumbered shipping
form
b. Determine whether controls have been placed in operation.
c. Detect material misstatements in the account balances of the financial
statements.
d. Evaluate whether controls operated effectively.

18. An auditor wishes to perform tests of controls on a client’s cash disbursements

procedures. If the controls leave no audit trail of documentary evidence, the auditor
most likely will test the procedures by
a. Confirmation and observation.
b. Analytical procedures and confirmation.
c. Observation and inquiry.
d. Inquiry and analytical procedures

19. Which of the following would not be a method used to conduct tests of controls?
a. Inquiry
b. Walkthrough
c. Confirmation
d. Observation

20. The auditor is examining copies of sales invoices only for the initials of the person
responsible for checking the extensions. This is an example of a
a. Test of controls c. Dual purpose test
b. Substantive test d. Test of balances

21. Which of the following types of evidence would an auditor most likely examine to
determine whether controls are operating as designed?
a. Confirmations of receivables verifying account balances.
b. Letters of representations corroborating inventory pricing.
c. Attorneys’ responses to the auditor’s inquiries.
d. Client records documenting the use of computer programs.
22. Which of the following procedures concerning accounts receivable is an auditor most
likely to perform to obtain evidential matter in support of an assessed level of control
risk below the maximum level?
a. Sending confirmation requests to an entity’s principal customers to verify the
existence of accounts receivable.
b. Inspecting an entity’s analysis of accounts receivable for unusual balances.
c. Comparing an entity’s uncollectible accounts expense to actual uncollectible
accounts receivable.
d. Observing an entity’s employee prepare the schedule of past due accounts
receivable.

23. An auditor is least likely to test controls that provide for

a. Classification of revenue and expense transactions by product line
b. Approval of the purchase and sale of trading securities
c. Segregation of the functions of recording disbursements and reconciling the bank
account
d. Comparison of receiving reports and vendors’ invoices with purchase orders

24. In a small company that doesn't employ an adequate number of employees to permit
proper division of responsibilities, effective internal control can be strengthened by
a. Direct participation by the owner of the business in the record keeping activities
of the business.
b. Employment of temporary personnel to aid in the separation of duties.
c. Delegation of full, clear-cut responsibility to each employee for the functions
assigned to each.
d. Engaging a CPA to perform monthly "write up" work.

25. Which of the following is true of the communication to management of material

weaknesses in accounting and internal control?
a. Communication must be in writing.
b. Oral communication of material weaknesses, when appropriate, would be
documented in the audit working papers.
c. The communication should indicate that the auditor had extensively examined the
accounting and internal control system of the client.
d. The auditors should indicate in the communication that the examination is
primarily designed to determine whether the accounting and internal control is
adequate.