Consideration of Internal Control

1. The following relate to internal control. Which of the following is incorrect?

a. Internal control system refers to all the policies and procedures adopted by the management
of an entity to assist in achieving management a objective.
b. A strong environment does not by itself, ensure the effectiveness of the internal control
system.
c. The internal control system is confined to those matters which relate directly to the functions
of the accounting system.
d. In the audit of financial statements, the auditor is only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the financial
statements.

2. An auditor considers internal control to

a. Determine whether assets are safeguarded
b. Suggest improvements in internal control
c. Plan audit procedures
d. Express an opinion.

3. PSA that relates to control risk assessment requires the auditor to obtain an understanding of the
client’s internal controls
a. For every audit c. Sufficient to find any frauds which may exist
b. For first time audits d. Whenever it would be appropraite

4. The purpose of compliance test is to provide reasonable assurance that

a. internal accounting control procedures are being applied as described
b. the extent of substantive testing is kept to a minimum.
c. Errors and irregularities are prevented or detected in a timely manner.
d. The auditor has an understanding of the control environment.

5. Corporate directors, management, external auditors, and internal auditors all play important roles in
creating a proper control environment. Top management is primarily responsible for
a. Establishing a proper environment and specifying overall internal control.
b. Reviewing the reliability and integrity of financial information and the means used to collect and report
such information.
c. Ensuring that external and internal auditors adequately monitor the control environment.
d. Implementing and monitoring controls designed by the board of directors.

6. Which of the following best describe the interrelated components of internal control?
a. Organizational structure, management philosophy, and planning.
b. Control environment, risk assessment, control activities, information and communication
systems, and monitoring.
c. Risk assessment, backup facilities, responsibility accounting, and natural laws.
d. Legal environment of the firm, management philosophy, and organizational structure.

7. As part of understanding internal control, an auditor is not required to

a. Consider factors that affect the risk of material misstatement.
b. Ascertain whether internal control policies and procedures have been placed in operation.
c. Identify the types of potential misstatements that can occur.
d. Obtain knowledge about the operating effectiveness of internal control.

8. In an audit of financial statement, an auditor’s primary consideration regarding a control is whether it

a. Reflects management’s philosophy and operating style.
b. Affects management’s financial statement assertions.
c. Provides adequate safeguards over access to assets.
d. Enhances management’s decision-making processes.

9. After obtaining a sufficient understanding of internal control, the auditor assesses

a. The need to apply GAAS.
b. Detection risk to determine the acceptable level of inherent risk.
c. Detection risk and inherent risk to determine the acceptable level of control risk.
d. Control risk to determine the acceptable level of detection risk.

10. Which of the following are considered control environment factors?

Personnel Policies
Detection Risk and Practices_
a. Yes Yes
b. Yes No
c. No Yes
d. No No

11. Internal control cannot be designed to provide reasonable assurance regarding the achievement of
objectives concerning
a. Reliability of financial reporting.
b. Elimination of all fraud.
c. Compliance with applicable laws and regulations.

1
 d. Effectiveness and efficiency of operations.

12. Control activities constitute one of the five components of internal control. Control activities do not
encompass
a. Performance reviews.
b. Information processing.
c. Physical controls.
d. An internal auditing function.

13. Monitoring is an important component of internal control. Which of the following items would not be an
example of monitoring?
a. Management regularly compares divisional performance with budgets for the division.
b. Data processing management regularly generates exception reports for unusual transactions or volumes
of transactions and follows up with investigation as to causes.
c. Data processing management regularly reconciles batch control totals for items processed with batch
controls for items submitted.
d. Management has asked internal auditing to perform regular audits of the controls over cash processing.

14. Effective internal control

a. Reduces the need for management to review exception reports on a day-to-day basis.
b. Eliminates risk and potential loss to the organization.
c. Cannot be circumvented by management.
d. Is unaffected by changing circumstances and conditions encountered by the organization.

15. One of the auditor’s major concerns is to ascertain whether internal control is designed to provide
reasonable assurance that
a. Profit margins are maximized, and operational efficiency is optimized.
b. The chief accounting officer reviews all accounting transaction.
c. Corporate morale problems are addressed immediately and effectively.
d. Financial statements are fairly presented.

16. A reason to establish internal control is to

a. Safeguard the resources of the organization.
b. Provide reasonable assurance that the objectives of the organization are achieved.
c. Encourage compliance with organizational objectives.
d. Ensure the accuracy, reliability, and timeliness of information.

17. Internal control is a function of management, and effective control is based upon the concept of charge
and discharge of responsibility and duty. Which of the following is one of the overriding principles of internal
control?
a. Responsibility for accounting and financial duties should be assigned to one responsible officer.
b. Responsibility for the performance of each duty must be fixed.
c. Responsibility for the accounting duties must be borne by the audit committee.
d. Responsibility for accounting must be assigned only to bonded employees.

18. When an organization has strong internal control, management can expect various benefits. The benefit
least likely to occur is
a. Reduced cost of an external audit.
b. Elimination of employee fraud.
c. Availability of reliable data for decision-making purposes and protection of important documents and
records.
d. Some assurance of compliance with the Foreign Corrupt Practices Act 1977.

19. Internal controls may be preventive, detective, or corrective. Which of the following is preventive?
a. Requiring two persons to open mail.
b. Reconciling the accounts receivable subsidiary file with the control account.
c. Using batch totals.
d. Preparing bank reconciliations.

20. Which of the following statements about internal control is correct?

a. Properly maintained internal control reasonably ensures that collusion among employees cannot occur.
b. The establishment and maintenance of internal control are important responsibilities of the internal
auditor.
c. Exceptionally strong internal control is enough for the auditor to eliminate substantive tests on a
significant account balance.
d. The cost-benefit relationship is a primary criterion that should be considered in designing internal
control.

21. Internal controls are designed to provide reasonable assurance that

a. Material errors or fraud will be prevented or detected and corrected with in a timely period by
employees in the course of performing their assigned duties.
b. Management’s plans have not been circumvented by worker collusion.
c. The internal auditing department’s guidance and oversight of management’s performance is
accomplished economically and efficiently.
d. Management’s planning organizing, and directing processes are properly evaluated.

2
22. The primary objective of procedures performed to obtain an understanding of internal control is to
provide an auditor with
a. Evidence to use in reducing detection risk.
b. Knowledge necessary to plan the audit.
c. A basis for modifying tests of controls.
d. Information necessary to prepare flowcharts.

23. An auditor should obtain sufficient knowledge of an entity’s information system relevant to financial
reporting to understand the
a. Safeguards used to limit access to computer facilities.
b. Process used to prepare significant accounting estimates.
c. Procedures used to assure proper authorization of transactions.
d. Policies used to detect the concealment of fraud.

24. If internal control is well-designed, two tasks that should be performed by different persons are:
a. Approval of bad debt write-offs; and reconciliation of the accounts payable subsidiary ledger
and controlling account.
b. Distributing of payroll checks and approval of sales returns for credit.
c. Posting of amount from both the cash receipts journal and cash payment journal to the
general ledger.
d. Reconciling of cash receipts and preparation of bank reconciliation.

25. Small businesses often lack the number of personnel needed to have an adequate segregation of duties.
How can this control weakness be offset?
a. By the relative simplicity of most businesses’ operations.
b. By the fact that the system in a small business are simple and usually well documented.
c. By the auditor’s decision to audit around any IT system in place.
d. By the owner’s personal involvement in the business.

26. The normal sequence of documents and operations on a well-designed flowchart is:
a. Top to bottom and left to right c. Top to bottom and right to left
b. Bottom to top and left to right d. Bottom to top and right to left

27. Which of the following can an auditor observe as a general control procedure used by companies?
a. Segregation of functional responsibilities.
b. Management philosophy and operating cycle.
c. Open lines of communication to the audit committee of the board of directors.
d. External influences such as bank examiner audits.

28. After obtaining an understanding of an entity’s internal controls, an auditor may assess control risk at
the maximum for some assertions because the auditor
a. Believes internal control activities are unlikely to be effective.
b. Determines that internal control is no well-documented.
c. Performs tests of controls to restrict detection of risk to an acceptable level.
d. Identifies control activities that are likely to prevent material misstatements.

29. In a study and evaluation of financial reporting controls, the completion of a questionnaire is most
closely associated with which of the following
a. Tests of control c. Obtaining an initial understanding of the system
b. Substantive tests d. Review of the system design

30. To obtain evidential mater about control risk, an auditor ordinarily selects tests from a various of
techniques, including
a. Analysis b. Confirmations c. Reprocessing d. Comparison

31. Which of the following is an appropriate form of documenting the auditor’s understanding of a client’s
internal controls?
a. Narratives
b. Flowcharts
c. Internal control questionnaires
d. Each of the above is an appropriate form of documentation

32. In planning an audit, the auditor’s knowledge about the design of relevant internal controls should be
used to
a. Identify the types of potential misstatements that could occur.
b. Assess the operational efficiency of internal control.
c. Determine whether controls have been circumvented by collusion.
d. Document the assessed level of control risk.

33. Controls that enhance the reliability of the financial statement may be classified as prevention controls
and detection controls. Which of the following is primarily a detection control?
a. Separation of duties between recording cash receipts and depositing cash.
b. Bank accounts are reconciled monthly by persons independent of cash recording and cash
custody.
c. The human resources department authorizes the hiring of only those persons for accounting
positions that meet the written job requirements specified by the corporate controller.

3
 d. An accounting manual, accompanied by a detained chart of accounts, carefully and clearly
describes each type of transaction affecting the entity.

34. An internal auditor is examining inventory control in a merchandising division with annual sales of
P3,000,000 and a 40 percent gross profit rate. Tests show that 2 percent of the peso amount of purchases
do not get into inventory due to breakage and employee theft. Adding certain controls costing P35,000
annually could reduce these losses to 5 percent of purchases. Should the controls be recommended?
a. Yes, because the projected savings exceed the cost of the added controls.
b. No, because the cost of the added controls exceeds the projected savings.
c. Yes, because the ideal system of internal control is the most extensive one
d. Yes, regardless of cost-benefit consideration, because the situation involves employee theft.

35. After considering a client’s internal control, an auditor has concluded that the system is well designed
and is functioning as anticipated. Under these circumstances, the auditor would most likely
a. Cease to perform further substantive tests.
b. Not increase the extent of planned substantive tests.
c. Increase the extent of anticipated analytical procedures.
d. Perform all tests of controls to the extent outlined in the preplanned audit program.

36. Which of the following audit tests would be a test of controls?

a. Tests of the specific items making up the balance in a financial statement account.
b. Comparing inventory prices to vendors’ invoices.
c. Comparing signatures on canceled checks to board of directors’ authorizations.
d. Tests of the additions to property, plant, and equipment by physical inspections.

37. Tests of controls may include the following, except:

a. Reperformance of internal control procedures.
b. Inquiries about and observation of internal controls which leave no audit trail.
c. Analytical procedures involving comparison of operating expenses with budgeted amount.
d. Inspection of documentary support for transactions evidencing authorization.

38. A proper understanding of the client’s internal control is an integral part of the audit planning process.
The results of the understanding
a. Must be reported to the shareholders and the SEC.
b. Bear no relationship to the extend of substantive testing to be performed.
c. Are not reported to client management.
d. May be used as the basis for withdrawing from an audit engagement.

39. Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
a. Incompatible duties c. Mistakes in judgment
b. Management override d. Collusion among employees

40. Internal control can provide only reasonable assurance of achieving entity control objectives. One
factor limiting the likelihood of achieving those objectives is that
a. The auditor’s primary responsibility is the detection of fraud.
b. The board of director is active and independent.
c. The cost of internal control should not exceed its benefits.
d. Management monitors internal controls.

41. The internal auditor recognizes that certain limitations are inherent in any internal control system.
Which one of the following scenarios is the result of an inherent limitation of internal control?
a. The controller both makes and records cash deposits.
b. A security guard allows one of the warehouse employees to remove company assets from the
premises without authorization.
c. The firm sells to customers on account, without credit approval.
d. An employee, who is unable to read, is assigned custody of the firm’s computer tapes library
and run manuals that are used during the third shift.

42. Control activities include procedures that pertain to physical controls over access to and use of assets
and records. A departure from the purpose of such procedures is that
a. Access to the safe deposit box requiring two officers.
b. Only storeroom personnel and line supervisors have access to the raw materials storeroom.
c. The mail clerk compiles a list of the checks received in the incoming mails.
d. Only salespersons and sales supervisors use sales department vehicles.

43. Basic to a proper control environment are the quality and integrity of personnel who must perform the
prescribed procedures. Which is not a factor in providing for competent personnel?
a. Segregation of duties c. Training programs
b. Hiring practices d. Performance evaluations

44. A proper segregation of duties requires

a. That an individual authorizing a transaction records it.
b. That an individual authorizing a transaction maintain custody of the asset that resulted from
the transaction.

4
 c. That an individual maintaining custody of an asset be entitled to access the accounting records
of the asset.
d. That an individual recording a transaction not compare the accounting record of the asset with
the asset itself.

45. The frequency of the comparison of recorded accountability with assets (for the purpose of safeguarding
assets) should be determined by
a. The amount of assets independent of the cost of the comparison.
b. The nature and amount of the asset and the cost of making the comparison.
c. The cost of the comparison and whether the susceptibility to loss results from errors or fraud.
d. The auditor in consultation with client management.

46. After gaining an understanding of internal control, the auditor may attempt to assess control risk at less
than the maximum. For this purpose, the auditor should (1) identify specific controls that are likely to
prevent or detect material misstatements in the relevant financial statement assertions and (2) perform
tests of controls. The purpose of these tests is to
a. Assure that the auditor has an adequate understanding of internal control.
b. Evaluate the effectiveness of such controls.
c. Provide recommendations to management to improve internal control.
d. Evaluate inherent risk.

47. Which of the following statements regarding auditor documentation of the client’s internal control is
correct?
a. Documentation must include flowcharts.
b. Documentation must include procedural write-ups.
c. No documentation is necessary although it is desirable.
d. No one particular form of documentation is necessary, and the extent of documentation may
vary.

48. Which of the following statements concerning material weaknesses and reportable conditions is correct?
a. An auditor should identify and communicate material weaknesses separately from reportable
conditions.
b. All material weaknesses are reportable conditions.
c. An auditor should report immediately material weaknesses and reportable conditions discovered
during an audit.
d. All reportable conditions are material weaknesses.

49. The objective of test of details of transactions performed as tests of controls is to

a. Detect material misstatements in the account balances of the financial statements.
b. Evaluate whether an internal control structure policy or procedure operated effectively.
c. Determine the nature, timing, and extent of substantive test for financial statement assertions.
d. Reduce control risk, inherent risk, and detection risk to an acceptably low level.

50. An auditor uses the acknowledge provided by the understanding of the internal control structure and
the final assessed level of control risk primarily to determine the nature, timing, and extent of the
a. Attribute tests. c. Tests of controls.
b. Compliance tests. d. Substantive tests.

51. An auditor’s primary consideration regarding an entity’s internal control structure policies and
procedures is whether they
a. Prevent management override
b. Relate to the control environment.
c. Reflect management’s philosophy and operating style.
d. Affect the financial statement assertions.

52. In planning an audit of certain accounts, an auditor may conclude that specific procedures used to
obtain an understanding of an entity’s internal control structure need not be included because of the
auditor’s judgments about materiality and assessments of
a. Control risk. c. Sampling risk.
b. Detection risk. d. Inherent risk.

53. To obtain evidential matter about control risk, an auditor ordinarily selects tests from a variety of
techniques, including
a. Analysis c. Re-performance
b. Confirmation d. Comparison

54. During consideration of the internal control structure in a financial statement audit, an auditor is not
obligated to
a. Search for significant deficiencies in the operation of the internal control structure.
b. Understand the internal control environment and the accounting system.
c. Determine whether the control procedures relevant to audit planning have been placed in
operation.
d. Perform procedures to understand the design of the internal control structure policies.

55. When control risk is assessed at the maximum level for all financial statement assertions, an auditor
should document the auditor’s

5
 Understanding Conclusion Basis
of the entity’s that control Concluding
internal control risk is at the that control
structure maximum risk is at the
elements level Maximum level
a. Yes No No
b. Yes Yes No
c. No Yes Yes
d. Yes Yes Yes