OPERATIONS AUDITING

INTERNAL CONTROL
April 19, 2022
Q1

1. An entity should consider the cost of a control in relationship to the risk. Which of the
following controls best reflects this philosophy for a large peso investment in heavy machine
tools?
a. Conducting a weekly physical inventory
b. Placing security guards at every entrance 24 hours a day
c. Imprinting a controlled identification number on each tool
d. Having all dispositions approved by the vice president of sales

2. Audit evidence concerning segregation of duties ordinarily is best obtained by:

a. Performing tests of transactions that corroborate management’s financial statement
assertions
b. Observing the employees as they apply specific controls
c. Obtaining a flowchart of activities performed by available personnel
d. Developing audit objectives that reduce control risk

3. Which of the following statements about preliminary assessment or control risks is correct?
a. After obtaining an understanding of the accounting and internal control systems, the
auditor should make a preliminary assessment of control risks, at the assertions level, for
all accounts or transaction classes
b. The preliminary assessment of control risk can be done only after completing tests of
controls
c. The preliminary assessment of control risk for a financial assertions is normally low,
unless the auditor is able t identify weaknesses that may indicate ineffectiveness of
accounting and internal control system
d. The auditor ordinarily assesses control risk at high level for some or all assertions when it
is not cost efficient to do tests of controls

4. Which of the following statements concerning control risk is correct?

a. When control risk is at the maximum level, an auditor is required to document the basis
for that assessment
b. Control risk may be assessed sufficiently low to eliminate substantive testing for
significant transaction classes
c. When assessing control risk, an auditor should not consider evidence obtained in prior
audits about the operation of controls
d. Assessing control risk and obtaining an understanding of an entity’s internal control may
be performed concurrently

5. Based on a consideration of internal control completed at an interim date, the auditor

assessed control risk at a low level and performed interim substantive tests. The records
and procedures would most likely be tested again at year-end if:
a. Tests controls were not performed by the internal auditor during the remaining period
b. Internal control provides a basis for limiting the extent of substantive testing
c. The auditor used nonstatistical sampling during the interim period testing of controls
d. Inquiries and observations lead the auditor to believe that conditions have changed

6. Although substantive tests may supports the accuracy of underlying records, these tests
frequently provide no affirmative evidence of segregation of duties because:
a. Substantive tests rarely guarantee the accuracy of the records if only a person who
performs incompatible functions
b. The records may be accurate even though they are maintained by a person who
performs incompatible functions
c. Substantive tests relate to the entire period under audit, but tests of controls ordinarily are
confined to the period during which the auditor is on the client’s premises
 d. Many computerized procedures leave no audit trail of who performed them, so
substantive tests may necessarily be limited to inquiries and observation of office
personnel

7. After obtaining an understanding of internal control and assessing control risk, an auditor
decided not to perform additional tests of controls. The auditor most likely concluded that
the:
a. Additional evidence to support a further reduction in control risk was not cost-beneficial to
obtain
b. Assessed level of inherent risk exceeded the assessed level of control risk
c. Internal control was properly designed and justifiably may be relied on
d. Evidence obtainable through tests of controls would not support an increased assessment
of control risk

8. An auditor wishes to perform tests of controls on a client’s cash disbursements procedures.

If the control leave no audit trail of documentary evidence, the auditor most likely will test the
procedures by:
a. Confirmation and observation c. Analytical procedures and confirmation
b. Observation and inquiry d. inquiry and analytical procedures

9. Which of the following would not be a method used to control tests of controls?
a. Inquiry b. Walkthrough c. Confirmation d.
Observation

10. The auditor is examining copies of sales invoice only for the initials of the person responsible
for checking the extensions. This is an example of a:
a. Test of controls c. Dual purpose test
b. Substantive test d. Test of balances

11. Which of the following procedures concerning accounts receivable is an auditor most likely to
perform to obtain evidential matter in support of an assessed level of control risks on the
maximum level
a. Sending confirmation requests to an entity’s principal customers to verify the existence of
accounts receivable
b. Inspecting an entity’s analysis of accounts receivable for unusual balances
c. Comparing an entity’s uncollectible accounts expense to actual uncollectible accounts
receivable
d. Observing an entity’s employee prepare the schedule of past due accounts receivable
12. An auditor is least likely to test controls that provide for:
a. Classification of revenue and expense transactions by product line
b. Approval of the purchase and sale of trading securities
c. Segregation of the functions of recording disbursements and reconciling the bank
account
d. Comparison of receiving reports and vendors’ invoices and purchase orders

13. In a small company that doesn’t employ an adequate number of employees to permit proper
division of responsibilities, effective internal control can be strengthened by:
a. Direct participation by the owner of the business in the record keeping activities of the
business
b. Employment of temporary personnel to aid in the separation of duties
c. Delegation of full, clear-cut responsibility to each employee for the functions assigned to
each
d. Engaging a CPA to perform monthly “write-up” work

14. When obtaining an understanding of the accounting and internal control system the auditor
may trace a few transactions through the accounting system. This technique is:
a. Reperformance tests c. Walk-through test
b. Test of transactions d. Validity test
15. Which of the following least likely affects the nature, timing, and extent of the procedures
performed by the auditor to obtain an understanding of the accounting and internal control
systems of an audit client?
a. Materiality considerations
b. The auditor’s assessment of inherent risk
c. The level of acceptable detection risk
d. The size and complexity of the entity and of its computer system

16. The evaluation of deviations that were observed upon completing tests of controls
a. May require the need for doing more extensive understanding of control
b. May require more extensive tests of controls
c. Always requires documentation of the basis of assessment of control risk
d. May require modification of the nature, timing, and extent of planned substantive
procedures

17. The following statement are true about observation when used as tests of control
procedures, except:
a. The auditor may supplement his observations with other tests of control capable of
providing audit evidence
b. Audit evidence obtained by doing observation pertains only to the point in time at which
the procedure was applied
c. Observation of who applies a control procedure is useful as a test of control procedures
when evaluating control effectiveness of both computerized and manual system
d. Ordinarily, making inquiries provides more reliable audit evidence than doing observation
when testing segregation of functional responsibilities

18. Tests of controls are performed to obtain audit evidence about the effectiveness of the:
a. Operation of the internal controls at the time the tests are being applied
b. Operations of the internal controls in eliminating fraud and errors
c. Design of the internal controls in eliminating fraud and errors
d. Design of the accounting and internal controls systems

19. The auditor should consider whether the assessment of control risk is confirmed
a. Upon completion of understanding of internal control
b. Upon completion of tests of controls
c. Before the final audit program is completed
d. Upon the conclusion of the audit, based on the results of substantive procedures and
other audit evidence obtained

20. Which of the following is true of the communication to management of material weaknesses
in accounting and internal control?
a. Communication must be in writing
b. Oral communication of material weaknesses, when appropriate, would be documented in
the audit working papers
c. The communication should indicate that the auditor had extensively examined the
accounting and internal control system of the client
d. The auditors should indicate in the communication that the examination is primarily
designed to determine whether the accounting and internal control is adequate
21. Which of the following is least likely considered by the auditor in determining the significance
of service organization activities to the client and the relevance to the audit?
a. Terms of contract and relationships between the client and the service organization
b. The material financial statement assertions that are affected by the use of the service
organization
c. Client’s internal controls that are applied to the transactions processed by the service
organization
d. The control policies and procedures of the client of requiring that all payments for goods
and services be supported by receiving reports

22. When the auditor considers that the service organization activities are significant to the client
and relevant to the audit and he concludes that it would be efficient to obtain audit evidence
 from tests of control to support an assessment of control risk at a lower level. Such evidence
may be obtained by, except:
a. Performing tests of the client’s controls over activities of the service organization
b. Obtaining a service organization auditor’s report that expresses an opinion as to the
operating effectiveness of the service organization’s accounting and internal control
systems for the processing applications relevant to the audit
c. Visiting the service organization and performing tests of control
d. Review the service contract between the client and the service organization

23. Which statement is incorrect regarding the client auditor’s use of service organization
auditor’s report?
a. When using a service organization auditor’s report, the client auditor should consider the
nature of and content of that report
b. The client auditor should consider the scope of work performed by the service
organization auditor and should assess the usefulness and appropriateness of reports
issued by the service organization auditor
c. When a Type B report is to be used as evidence to support a lower control risk
assessment, a client auditor would consider whether the controls tested by the service
organization auditor are relevant to the client’s transactions (significant assertions in the
client’s financial statements) and whether the service organization auditor’s tests of
control and the results are adequate
d. Since Type A reports may be useful to a client auditor in gaining the required
understanding of the accounting and internal control systems, an auditor may use such
reports as a basis for

24. Which of the following is the least concern of the client auditor in reviewing the report of
service organization auditor on suitability of internal control design of the service
organization?
a. The accuracy of description of the service organization’s accounting and internal control
systems, ordinarily prepared by the management of the service organization
b. The systems’ controls have been placed in operation
c. The accounting and internal control systems are suitably designed to achieve their stated
objectives
d. The type of documentation of the understanding of the service organization’s control
system

25. Which of the following is least likely entitled to the report of the service organization’s control
system
a. Service organization’s management c. Client’s auditors
b. Service organization’s customers d. Service organization’s stockholders

26. Transaction authorization within an organization may be either specific or general. An

example of specific transaction authorization is the:
a. Approval of a construction budget for a new warehouse
b. Setting of automatic reorder points
c. Establishment of a customer’s credit limits
d. Establishment of sales prices

27. Internal control should provide reasonable (but not necessarily absolute) assurance which
means that:
a. The cost of control activities should not exceed the benefits
b. Internal control is management, not auditor’s responsibility
c. An attestation engagement about management’s internal control assertions may not
necessarily detect all reportable conditions
d. There is always a risk that reportable conditions may result in material misstatements

28. Which of the following statements is an example of an inherent limitation of internal control
a. Errors may arise from mistakes in judgments
b. The effectiveness of control procedures depends on segregation of duties
 c. Procedures are designed to assure that transactions are executed as management
authorities
d. Computers process large numbers of transactions

29. Proper segregation of functional responsibilities calls for separation of the functions of:
a. Authorization, execution and recording c. Custody, execution and reporting
b. Authorization, execution and payment d. Authorization, payment and recording

30. Which of the following is a responsibility that should not be assigned to only one employee?
a. Access to securities in the company’s safe deposit box
b. Custodianship of the cash working fund
c. Reconciliation of bank statement
d. Custodianship of tools and small equipment

31. Which of the following activities would be least likely to strengthen a company’s internal
control?
a. Maintaining insurance for fire and theft
b. Separating accounting from other financial operations
c. Reconciliation of bank statement
d. Carefully selecting and training employees

32. As generally conceived the “audit committee” of a publicly held company should be made up
of:
a. Members of the board of directors who are not officers of employees
b. Representatives of the major equity interests (bonds, preferred stock, common stock)
c. The audit partner, the chief financial officer, the legal counsel and at least one outsider
d. Representatives from the clients management, investors, suppliers and customers

33. Before relying on the system of internal control, the auditor obtains a reasonable degree of
assurance that the internal control procedures are in use and operating as planned. The
auditor obtains this assurance by performing planned
a. Substantive tests c. Transaction tests
b. Tests of controls d. Tests of trends and ratios

34. After obtaining an understanding of a client’s control, an auditor may decide to omit tests of
the controls. Which of the following in not appropriate reason to omit tests of controls?
a. The controls duplicate other controls
b. The controls appear adequate
c. Reportable conditions preclude assessing control risk below the maximum
d. The effort to test controls exceeds the effort saved by not performing substantive tests

35. In general, a material weakness in internal control may be defined as a condition in which
material errors or irregularities may occur and not be detected within a timely period by:
a. An independent auditor during tests of controls
b. Management when reviewing interim financial statements and reconciling account
balances
c. Employees in the normal course of performing their assigned functions
d. Outside consultants who issue a special-purpose report on internal control structure

36. Internal control procedures are not designed to provide reasonable assurance that:
a. Transactions are executed in accordance with management’s authorization
b. Access to assets is permitted only in accordance with management’s authorization
c. Irregularities will be eliminated
d. The recorded accountability for assets is compared with the existing assets at reasonable
intervals

37. A secondary purpose of the auditor’s consideration of internal control is to provide:

a. A basis for assessing control risk
 b. An assurance that the records and documents have been maintained in accordance with
existing company policies and procedures
c. A basis for constructive suggestions about improvements in internal control structure
d. A basis for the determination of the resultant extent of the tests to which auditing
procedures are to be restricted

38. The auditor’s review of the client’s internal control is documented in order to substantive
a. Conformity of the accounting records with GAAP
b. Adherence to requirements of management
c. Compliance with generally accepted auditing standards
d. The fairness of the financial statement presentation

39. A consideration of internal control made during an audit is usually not sufficient to express an
opinion on an entity’s controls because:
a. Weaknesses in the system may go unnoticed during the audit engagement
b. A consideration of internal control is not necessarily made during an audit engagement
c. Only those controls on which an auditor intends to rely are reviewed, tested, and
evaluated
d. Controls can change each year

40. The primary objective of procedures performed to obtain an understanding of internal control
is to provide an auditor with:
a. Evidential matter to use in reducing detection risk
b. A basis from which to modify tests of controls
c. Knowledge necessary to plan the audit
d. Information necessary to prepare flowcharts