Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its

Environment

1. The audit procedures performed to obtain an understanding of the entity and its environment, including
the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud
or error, at the financial statement and assertion levels.

A. Analytical procedures C. Risk assessment procedures

B. Substantive procedures D. All of the above

2. The risk that the financial statements are materially misstated prior to audit:

A. Risk of material misstatement C. Inherent risk

B. Audit risk D. Control risk

3. The susceptibility of an assertion about a class of transaction, account balance or disclosure to a

misstatement that could be material, either individually or when aggregated with other misstatements,
before consideration of any related controls.

A. Inherent risk C. Risk of material misstatement

B. Control risk D. Audit risk

4. The risk that a misstatement that could occur in an assertion and that could be material, either individually
or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a
timely basis by the entity’s internal control.

A. Inherent risk C. Risk of material misstatement

B. Control risk D. Detection risk

5. The auditor shall perform risk assessment procedures to provide a basis for the identification and
assessment of risks of material misstatement at the

A. Financial statement level C. Both A and B

B. Assertion level D. Neither A nor B

6. Statement 1: Risk assessment procedures by themselves provide sufficient appropriate audit evidence on
which to base the audit opinion.
Statement 2: Obtaining an understanding of the entity and its environment, including the entity’s internal
control is a continuous, dynamic process of gathering, updating and analyzing information throughout the
audit.

A. True, True C. False, True

B. True, False D. False, False

7. In performing risk assessment procedures, which of the following statement is incorrect?

A. Information obtained by performing risk assessment procedures and related activities may be used by
the auditor as audit evidence to support assessments of the risks of material misstatement.
 B. The auditor may obtain audit evidence about classes of transactions, account balances, or disclosures
and related assertions and about the operating effectiveness of controls, even though such procedures
were not specifically planned as substantive procedures or as tests of controls.
C. The auditor also is not allowed to perform substantive procedures or tests of controls concurrently
with risk assessment procedures because substantive procedures and tests of controls are performed
based on the results of the risk assessment procedures.
D. The depth of the overall understanding of the entity that is required by the auditor is less than that
possessed by management in managing the entity.

8. The risk assessment procedures shall include the following:

I. Inquiry
II. Analytical procedures
III. Observation
IV. Inspection
V. Confirmation

A. I and II only
B. I, II and III only
C. I, II, III and IV only
D. I, II, III, IV and V

9. Statement 1: Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications.
Statement 2: Unusual or unexpected relationships that are identified may assist the auditor in identifying
risks of material misstatement, especially risks of material misstatement due to fraud.

A. True, True C. False, True

B. True, False D. False, False

10. Statement 1: The auditor shall consider whether information obtained from the auditor’s client acceptance
or continuance process is relevant to identifying risks of material misstatement.
Statement 2: Where the engagement partner has performed other engagements for the entity, the
engagement partner shall consider whether information obtained is relevant to identifying risks of material
misstatement.

A. True, True C. False, True

B. True, False D. False, False

11. Statement 1: The auditor is required to determine whether information obtained in prior periods remains
relevant, if the auditor intends to use that information for the purposes of the current audit.
Statement 2: To determine whether changes have occurred that may affect the relevance of such
information, the auditor may make inquiries and perform other appropriate audit procedures, such as walk-
throughs of relevant systems.

A. True, True C. False, True

B. True, False D. False, False
12. Statement 1: The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity’s financial statements to material misstatement, and the application of the
applicable financial reporting framework to the entity’s facts and circumstances.
Statement 2: It is always necessary for the discussion to include all members in a single discussion and for
all of the members of the engagement team to be informed of all of the decisions reached in the discussion.

A. True, True C. False, True

B. True, False D. False, False

13. In relation to the entity and its environment, the auditor shall obtain an understanding of the following:

I. Relevant industry, regulatory, and other external factors including the applicable financial
reporting framework.
II. The nature of the entity’s operations, ownership and governance structures, type of investments
the entity is making and plans to make and the way the entity is structured and how it is financed.
III. The entity’s selection and application of accounting policies, including the reasons for changes
thereto.
IV. The entity’s objectives and strategies, and those related business risks that may result in risks of
material misstatement.
V. The measurement and review of the entity’s financial performance.

A. I and II only
B. I, II and III only
C. I, II, III and IV only
D. I, II, III, IV and V

14. A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely
affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of
inappropriate objectives and strategies.

A. Business risk C. Significant risk

B. Risk of material misstatement D. Control risk

15. Statement 1: All business risks of the audit client are considered as risks of material misstatements in the
financial statements that the auditor needs to respond by designing further audit procedures.
Statement 2: The auditor shall identify and assess all business risks all business risks give rise to risks of
material misstatement and direct effect on the financial statements.

A. True, True C. False, True

B. True, False D. False, False

16. Statement 1: Performance measures, whether external or internal, create pressures on the entity which in
turn may motivate management to take action to improve the business performance or to misstate the
financial statements.
Statement 2: An understanding of the entity’s performance measures assists the auditor in considering
whether pressures to achieve performance targets may result in management actions that increase the
risks of material misstatement, including those due to fraud.

A. True, True B. True, False

 C. False, True D. False, False

17. The process designed, implemented and maintained by those charged with governance, management and
other personnel to provide reasonable assurance about the achievement of an entity’s objectives with
regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations.

A. Internal control C. Code of conduct

B. Strategic management D. Accounting information system

18. Statement 1: The auditor shall obtain an understanding of all the internal control implemented by the audit
client.
Statement 2: An understanding of internal control assists the auditor in identifying types of potential
misstatements and factors that affect the risks of material misstatement, and in designing the nature,
timing, and extent of further audit procedures.

A. True, True C. False, True

B. True, False D. False, False

19. Internal control is designed, implemented and maintained to address identified business risks that threaten
the achievement of any of the entity’s objectives that concern:

A. The reliability of the entity’s financial C. Compliance with applicable laws and
reporting regulations
B. The effectiveness and efficiency of its D. All of the above
operations

20. Statement 1: The way in which internal control is designed, implemented and maintained varies with an
entity’s size and complexity.
Statement 2: Internal control, no matter how effective, can provide an entity with only reasonable
assurance about achieving the entity’s financial reporting objectives.

A. True, True C. False, True

B. True, False D. False, False

21. The inherent limitations of internal control includes:

I. Cost of an internal control should not exceed the expected benefits

II. Human error
III. Collusion of two or more people
IV. Inappropriate management override of internal control

A. I only C. I, II and III only

B. I and II only D. I, II, III and IV

22. In understanding the internal controls of the audit client, which of the following statement is incorrect?

A. There is a direct relationship between an entity’s objectives and the controls it implements to provide
reasonable assurance about their achievement.
 B. The entity’s objectives, and therefore controls, relate to financial reporting, operations and
compliance, however, not all of these objectives and controls are relevant to the auditor’s risk
assessment.
C. Controls relating to operations and compliance objectives is not relevant to an audit since it is not
related to the entity’s financial reporting process.
D. Controls over the completeness and accuracy of information produced by the entity may be relevant
to the audit if the auditor intends to make use of the information in designing and performing further
procedures.

23. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition may
include controls relating to:

A. Financial reporting C. Both A and B

B. Operations objectives D. Neither A nor B

24. Statement 1: An entity generally has controls relating to objectives that are not relevant to an audit and
therefore need not be considered.
Statement 2: The auditor should exercise professional judgment in determining the controls relevant to the
audit.

A. True, True C. False, True

B. True, False D. False, False

25. The components of internal control include:

I. Control environment
II. Risk assessment process
III. Information and communication system
IV. Control activities
V. Monitoring of controls

A. I and II only C. I, II, III and IV only

B. I, II and III only D. I, II, III, IV and V

26. The auditor shall obtain an understanding of the control environment. As part of obtaining this
understanding, the auditor shall evaluate whether:

A. Management, with the oversight of those charged with governance, has created and maintained a
culture of honesty and ethical behavior.
B. The strengths in the control environment elements collectively provide an appropriate foundation for
the other components of internal control, and whether those other components are not undermined
by control environment weaknesses.
C. Both A and B
D. Neither A nor B
27. In relation to the control environment as a component of internal control, which of the following statement
is false?

A. The control environment includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the entity’s
internal control and its importance in the entity.
B. The control environment sets the tone of an organization, influencing the control consciousness of its
people.
C. Satisfactory control environment may serve as an absolute deterrent to fraud.
D. The control environment in itself does not prevent, or detect and correct, a material misstatement.

28. Elements of the control environment that may be relevant when obtaining an understanding of the control
environment include all of the following, except:

A. Communication and enforcement of integrity and ethical values

B. Segregation of duties
C. Commitment to competence
D. Human resource policies and practices

29. Statement 1: Relevant audit evidence about the control environment may be obtained through a
combination of inquiries and other risk assessment procedures such as corroborating inquiries through
observation, performing analytical procedures or inspection of documents.
Statement 2: The control environment in itself does not prevent, or detect and correct, a material
misstatement.

A. True, True
B. True, False
C. False, True
D. False, False

30. It Is the basis for how management determines the risks to be managed.

A. Control activities C. Control environment

B. Risk assessment process D. Monitoring

31. In relation to the risk assessment process of the audit client’s internal control, the auditor shall obtain an
understanding of whether the entity has a process for:

A B C D
Identifying business risks relevant to financial Yes Yes Yes Yes
reporting objectives
Estimating the significance of the risks Yes No Yes No
Assessing the likelihood of their occurrence No Yes Yes No
Deciding about actions to address those risks No No Yes Yes

32. Statement 1: The absence of an established risk assessment process or has an ad hoc risk assessment
process represents a material weakness in the entity’s internal control.
Statement 2: The auditor shall evaluate whether the absence of a documented risk assessment process is
appropriate in the circumstances or represents a material weakness in the entity’s internal control.
 A. True, True C. False, True
B. True, False D. False, False

33. The information system relevant to financial reporting objectives, which includes the accounting system,
consists of the procedures and records designed and established to:

A B C D
Initiate, record, process, and report entity transactions and Yes Yes Yes Yes
to maintain accountability for the related assets, liabilities,
and equity
Resolve incorrect processing of transactions Yes No Yes No
Process and account for system overrides or bypasses to No Yes Yes Yes
controls
Transfer information from transaction processing systems to Yes No Yes Yes
the general ledger

34. The auditor shall obtain an understanding of the information system, including the related business
processes, relevant to financial reporting, including the following areas:

I. The classes of transactions in the entity’s operations that are significant to the financial
statements.
II. The procedures by which those transactions are initiated, recorded, processed, corrected as
necessary, transferred to the general ledger and reported in the financial statements.
III. The related accounting records, supporting information and specific accounts in the financial
statements that are used in the initiate, record, process and report transactions; this includes the
correction of incorrect information and how information is transferred to the general ledger.
IV. How the information system captures events and conditions, other than transactions, that are
significant to the financial statements.
V. The financial reporting process used to prepare the entity’s financial statements, including
significant accounting estimates and disclosures.
VI. Controls surrounding journal entries, including non-standard journal entries used to record non-
recurring, unusual transactions or adjustments.

A. I, II and III only C. I, II, III, IV and V only

B. I, II, III and IV only D. I, II, III, IV, V and VI

35. Journal entries that are required on a recurring basis to record transactions. Examples might be journal
entries to record sales, purchases, and cash disbursements or to record accounting estimates that are
periodically made by management.

A. Standard journal entries C. Regular transactions

B. Non-standard journal entries D. Adjusting journal entries

36. These are policies and procedures that help ensure that management directives are carried out.

A. Control activities C. Strategies and objectives

B. Quality control D. Monitoring
37. Statement 1: The auditor shall obtain an understanding of control activities relevant to the audit, being
those the auditor judges it necessary to understand in order to assess the risks of material misstatement at
the assertion level and design further audit procedures responsive to assessed risks.
Statement 2: An audit requires an understanding of all the control activities related to each significant class
of transactions, account balance, and disclosure in the financial statements or to every assertion relevant
to them.

A. True, True C. False, True

B. True, False D. False, False

38. Control activities that are relevant to the audit are:

A. Control activities that relate to significant risks and those that relate to risks for which substantive
procedures alone do not provide sufficient appropriate audit evidence.
B. Those that are considered to be relevant in the judgment of the auditor.
C. Both A and B
D. Neither A nor B

39. The auditor’s judgment about whether a control activity is relevant to the audit is influenced by:

A. The risk that the auditor has identified that may give rise to a material misstatement.
B. Whether the auditor thinks it is likely to be appropriate to test the operating effectiveness of the
control in determining the extent of substantive testing.
C. Both A and B
D. Neither A nor B

40. A process to assess the effectiveness of internal control performance over time.

A. Control environment C. Monitoring of controls

B. Control activities D. Risk assessment process

41. Statement 1: The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control over financial reporting, including those related to those control activities relevant
to the audit, and how the entity initiates corrective actions to its controls.
Statement 2: The auditor shall obtain an understanding of the sources of the information used in the entity’s
monitoring activities, and the basis upon which management considers the information to be sufficiently
reliable for the purpose.

A. True, True C. False, True

B. True, False D. False, False

42. Management accomplishes monitoring of controls through:

A. Ongoing activities C. Both A and B

B. Separate evaluations D. Neither A nor B

43. Statement 1: When obtaining an understanding of controls that are relevant to the audit, the auditor shall
evaluate the design of those controls and determine whether they have been implemented, by performing
procedures in addition to inquiry of the entity’s personnel.
 Statement 2: All of the controls relevant to the audit should be evaluated whether they have been
implemented, regardless of their design.

A. True, True C. False, True

B. True, False D. False, False

44. In relation to performing test of controls, which of the following statement is false?

A. There is little point in assessing the implementation of a control that is not effective, and so the design
of a control is considered first.
B. Inquiry alone is not sufficient when assessing whether controls are properly implemented.
C. Obtaining an understanding of an entity’s controls is not sufficient to test their operating effectiveness,
unless there is some automation that provides for the consistent operation of the controls
D. None of the above

45. Statement 1: Manual elements in internal control may be less reliable than automated elements because
they can be more easily bypassed, ignored, or overridden and they are also more prone to simple errors
and mistakes.
Statement 2: Consistency of application of a manual control element cannot be assumed.

A. True, True C. False, True

B. True, False D. False, False

46. The auditor shall identify and assess the risks of material misstatement at:

A. The financial statement level C. Both A and B

B. The assertion level for classes of D. Neither A nor B
transactions, account balances, and
disclosures

47. Risks that relate pervasively to the financial statements as a whole and potentially affect many assertions.

A. Risks of material misstatement at the C. Inherent risk

financial statement level D. Information risk
B. Risks of material misstatement at the
assertion level

48. In relation to the risks of material misstatement at the financial statement level, which of the following
statement is false?

A. Risks of this nature are identifiable with specific assertions at the class of transactions, account
balance, or disclosure level.
B. They represent circumstances that may increase the risks of material misstatement at the assertion
level, for example, through management override of internal control.
C. Risks at the financial statement level may derive in particular from a weak control environment.
D. Financial statement level risks may be especially relevant to the auditor’s consideration of the risks of
material misstatement arising from fraud.
49. Statement 1: Risks of material misstatement at the assertion level should be considered because such
consideration directly assists in determining the nature, timing, and extent of further audit procedures at
the assertion level.
Statement 2: In identifying and assessing risks of material misstatement at the assertion level, the auditor
may conclude that the identified risks relate more pervasively to the financial statements as a whole and
potentially affect many assertions.

A. True, True C. False, True

B. True, False D. False, False

50. Representations by management, explicit or otherwise, that are embodied in the financial statements, as
used by the auditor to consider the different types of potential misstatements that may occur.

A. Management letter C. Accounts

B. Assertions D. Disclosures

51. Assertions used by the auditor to consider the different types of potential misstatements that may occur
fall into the following three categories which includes all of the following, except:

A. Assertions about classes of transactions C. Assertions about presentation and

and events for the period disclosure
B. Assertions about account balances at D. All of the above
the period end

52. For the purpose of identifying and assessing the risk of material misstatement the auditor shall do all of the
following, except:

A. Identify risks throughout the process of obtaining an understanding of the entity and its environment,
excluding relevant controls.
B. Assess the identified risks, and evaluate whether they relate more pervasively to the financial
statements as a whole and potentially affect many assertions.
C. Relate the identified risks to what can go wrong at the assertion level, taking account of relevant
controls that the auditor intends to test.
D. Consider the likelihood of misstatement, including the possibility of multiple misstatements, and
whether the potential misstatement is of a magnitude that could result in a material misstatement.

53. Statement 1: As part of the risk assessment, the auditor shall determine whether any of the risks identified
are, in the auditor’s judgment, a significant risk.
Statement 2: In exercising judgment in determining significant risk, the auditor shall include the effects of
identified controls related to the risk.

A. True, True C. False, True

B. True, False D. False, False

54. In exercising judgment as to which risks are significant risks, the auditor shall consider at least the following:

I. Fraud risk
II. Risk related to recent significant economic, accounting or other developments and, therefore,
requires specific attention.
 III. Complexity of transactions
IV. Risk involves significant transactions with related parties
V. Degree of subjectivity in the measurement of financial information related to the risk, especially
those measurements involving a wide range of measurement uncertainty.
VI. Risk involves significant transactions that are outside the normal course of business for the entity,
or that otherwise appear to be unusual.

A. I, II and III only C. I, II, III, IV and V only

B. I, II, III and IV only D. I, II, III, IV, V and VI

55. Statement 1: The auditor’s assessment of the risks of material misstatement at the assertion level may
change during the course of the audit as additional audit evidence is obtained.
Statement 2: In circumstances where the auditor obtains audit evidence or if new information is obtained,
which is inconsistent with the audit evidence on which the auditor originally based the assessment, the
auditor shall revise the assessment and modify the further planned audit procedures accordingly.

A. True, True C. False, True

B. True, False D. False, False

56. Statement 1: The auditor shall evaluate whether, on the basis of the audit work performed, the auditor has
identified a material weakness in the design, implementation or maintenance of internal control.
Statement 2: The auditor shall communicate material weaknesses in internal control identified during the
audit on a timely basis to management at an appropriate level of responsibility, and, as required with those
charged with governance.

A. True, True C. False, True

B. True, False D. False, False

57. The auditor’s understanding of internal control should be document in a form of:

A. Flowcharts
B. Internal Control Questionnaires
C. Narrative Description
D. Any of the above