CSC42 QUIZ 2:

TRUE/FALSE. BEFORE EACH ITEM, WRITE T (FOR TRUE) OR F (FOR FALSE). FALSE
STATEMENTS REQUIRE EXPLANATION.

F 1. Internal control is a process designed to guarantee the achievement of the objectives of reliable
financial reporting, compliance with laws and regulations and ineffective and inefficient
operations.
 It should be “effective and efficient operations”.

T 2. Internal control is a process designed to provide reasonable assurance regarding the achievement
of the objectives of reliable financial reporting, compliance with laws and regulations and
effective and efficient operations, and safeguarding of the assets.

T 3. The quality of an organization's internal control will affect both the audit approach and the
amount of testing needed for an engagement.

T 4. An entity's control system affects the approach to and quantity of testing in an audit engagement.

T 6. Safeguarding of assets includes controls designed to protect against theft.

T 7. Control is considered to be part of corporate governance.

T 8. Good control means that risks are identified and dealt with effectively.

F 9. Investors and lenders are not concerned with internal control of the companies in which they
invest.
 Investors and lenders are concerned with internal control of the companies in which
they invest.
T 10. Management of public companies are required to report on internal controls.

F 11. A separate external audit of internal accounting control should never be performed.
 A separate external audit of internal accounting control should be performed.
T 12. The external audit function is a critical component of a company's internal control process.

T 13. The five major components of an organization's internal control are: the control environment, risk
assessment, control activities, information and communication, and monitoring.

F 14. A company's internal auditing practices should not be considered when assessing control risk.
 A company's internal auditing practices should be considered when assessing
control risk.
F 15. An organization's control environment is established and maintained by the internal auditing
department.
 An organization's control environment is established and maintained by the
management.
T 16. A well-controlled organizational structure must match the organization's operations, or the
structure is not effective.

T 17. Monitoring of the internal controls involves assessment by appropriate personnel of the design
and operation of controls on a timely basis and taking necessary actions.

1
F 18. An auditor is not required to obtain evidence about the design and operation of the internal
controls to reduce the assessment of control risk below maximum.
 An auditor is required to obtain evidence about the design and operation of the
internal controls to reduce the assessment of control risk below maximum.
T 19. Segregation of duties refers to the duties of authorizing a transaction, recording the transaction,
and taking physical custody of assets related to the transaction.

T 20. In addition to controls being specific, they may be broad, such as policies regarding a code of
ethics.

F 21. Physical controls to safeguard assets are not intended to include simple controls such as fences
and locks.
 Physical controls to safeguard assets are intended to include simple controls such as
fences and locks.
F 22. Auditors are not allowed to use flowcharts to document understanding of internal control.
 Auditors are allowed to use flowcharts to document understanding of internal
control.
F 23. When control risk is assessed at a maximum level, the auditor assumes that the internal controls
are reliable in preventing or detecting material misstatements.
 When control risk is assessed at a maximum level, the auditor assumes that the
internal controls are unreliable and proceeds to substantive testing
T 24. When control risk is assessed at a minimum level, the auditor assumes that the internal controls
are reliable in preventing or detecting material misstatements.

T 25. Performing a walk-through provides an auditor an understanding of the nature of processing in

important accounting applications.

T 26. Reviewing systems flowcharts is usually sufficient to understand the client's internal controls.

F 27. An auditor cannot assess the control risk for subsystems at a different level than the whole
accounting system.
 An auditor can assess the control risk for subsystems at a different level than the
whole accounting system.
T 28. The auditor's preliminary assessment of control risk is based on an understanding of the control
system as it has operated in the past and is designed to operate.

T 29. When control risk is assessed at less than maximum, the auditor must gain assurance that the
control procedures are effective.

T 30. The auditor is obligated to report significant deficiencies in the control structure discovered
during an audit to the audit committee or its equivalent.

F 31. One of the advantages of a computerized accounting system is that the computerized system
eliminates the need for internal controls.
 There is still a need for internal controls when using a computerized accounting
system because computerize system is not completely safe.
T 32. Accounting subsystems are accounting cycles composed of one or more accounting applications.

T 33. Control risk can be evaluated on a scale from high to low.

F 34. Testing internal control for effectiveness is done in every audit.

 When an auditor deemed that the internal control’s control risk is at maximum level,
they perform substantive testing immediately and forego of tests of controls.
2
 T 35. Walk-throughs and inquiries are often used to obtain an understanding of internal controls.

T 36. A flowchart is a graphical representation showing the flow of documents through a system.

T 37. Questionnaires are designed so that a positive answer indicates the absences of a key control
activity or an inadequate segregation of duties.

T 38. When the auditor believes the design of controls of a non-public company is effective but does
not test the controls, the auditor can assess control risk as moderate in some circumstances but
otherwise it should be assessed as high.

T 39. Transaction oriented controls are designed to operate on every transaction throughout the year.

T 40. A narrative is a systematic set of questions designed to develop an understanding of an

organizations’ internal controls and those responsible for implementing control activities.

F 41 One of the components of internal control, monitoring, refers to the process of identifying,
capturing, and exchanging information in a timely fashion to enable accomplishment of the
organization’s objectives.
 Information and communication refers to the process of identifying, capturing, and
exchanging information in a timely fashion to enable accomplishment of the
organization’s objectives.
T 42. One of the components of internal control, the control environment, is considered pervasive and
the auditor should start the evaluation of controls at this level.

T 43. Control activities may be implemented at the organizational level and at the transactional level.

ESSAY
1. Identify to indicate whether each procedure is a preventive or detective control.

a. authorizing a credit sale Preventive Detective

b. preparing a bank reconciliation Preventive Detective
c. locking the warehouse Preventive Detective
d. preparing a trial balance Preventive Detective
e. counting inventory Preventive Detective

Use the internal control procedures listed below to complete the statements.

segregation of duties specific authorization

general authorization accounting records
access controls independent verification
supervision

2. A clerk reorders 250 items when the inventory falls below 25 items. This is an example of
general authorization.

3. The internal audit department recalculates payroll for several employees each pay period. This
is an example of independent verification.
3
4. Locking petty cash in a safe is an example of access controls.

5. Approving a price reduction because goods are damaged is an example of specific

authorization.

6. Using cameras to monitor the activities of cashiers is an example of supervision.

7. Not permitting the computer programmer to enter the computer room is an example of
segregation of duties.

8. Sequentially numbering all sales invoices is an example of accounting records.