Professional Documents
Culture Documents
Chapter 7 Internal Control
Chapter 7 Internal Control
Chapter 07
Internal Control
2. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain
business.
True False
3. Incompatible duties exist when an employee is in a position to perpetrate and conceal errors
or fraud.
True False
4. Internal auditors should preferably report to the chief accounting officer of the company.
True False
6. CPA firms may use written narratives to describe internal control in their audit working
papers.
True False
7-1
Chapter 07 - Internal Control
8. If the auditors' assessment of the design of internal control reveals that it cannot be relied
upon, the auditors are not required to prepare any documentation of internal control for their
working papers.
True False
9. The relatively low number of types of transactions incurred by small firms makes the
segregation of duties impossible.
True False
10. In a financial statement audit, CPAs are required to assess the operating effectiveness of
most significant accounting oriented controls.
True False
11. Which of the following matters would an auditor most likely consider to be a significant
deficiency to be communicated to the audit committee?
A. Management's failure to renegotiate unfavorable long-term purchase commitments.
B. Recurring operating losses that may indicate going concern problems.
C. Evidence of a lack of objectivity by those responsible for accounting decisions.
D. Management's current plans to reduce its ownership equity in the entity.
12. In assessing the objectivity of a client's internal auditors, the CPA would be most likely to
consider internal auditor:
A. Education levels.
B. Experience.
C. Organizational status within the company.
D. Training and supervisory skills.
7-2
Chapter 07 - Internal Control
13. In a financial statement audit performed following AICPA Professional Standards, how
frequently must an auditor test operating effectiveness of controls that appear to function as
they have in past years and on which the auditor wishes to rely upon in the current year?
A. Monthly.
B. Each audit.
C. At least every second audit.
D. At least every third audit.
7-3
Chapter 07 - Internal Control
18. Which is most likely when the assessed level of control risk increases?
A. Change from performing substantive procedures at year-end to an interim date.
B. Perform substantive procedures directed inside the entity rather than tests directed toward
parties outside the entity.
C. Use the maximum number of dual purpose tests.
D. Use larger sample sizes for substantive procedures.
19. Which of the following must the auditor communicate to the audit committee?
A. Significant deficiencies and material weaknesses.
B. Only significant deficiencies.
C. Only material weaknesses.
D. Neither significant deficiencies nor material weaknesses.
20. A client's internal control appears strong, but the CPA has elected not to perform any tests
of controls. The planned assessed level of control risk is at what level?
A. Zero.
B. Low.
C. Moderate.
D. Maximum.
7-4
Chapter 07 - Internal Control
22. Which of the following is not considered one of the five major components of internal
control?
A. Risk assessment.
B. Segregation of duties.
C. Control activities.
D. Monitoring.
25. On financial statement audits, it is required that the auditors obtain an understanding of
internal control, including:
A. Its operating effectiveness.
B. Whether it has been implemented (placed in operation).
C. Performing tests of controls for all material controls.
D. Its ability to provide reasonable assurance.
7-5
Chapter 07 - Internal Control
27. This organization developed a set of criteria that provide management with a basis to
evaluate controls not only over financial reporting, but also over the effectiveness and
efficiency of operations and compliance with laws and regulations:
A. Foreign Corrupt Practices Corporation.
B. Committee of Sponsoring Organizations.
C. Cohen Commission.
D. Financial Accounting Standards Board.
29. Which statement is correct concerning the definition of internal control developed by the
Committee of Sponsoring Organizations (COSO)?
A. Its applicability is largely limited to internal auditing applications.
B. It is recognized in the Statements on Auditing Standards.
C. It emphasizes the effectiveness and efficiency of operations over the reliability of financial
reporting.
D. It suggests that it is important to view internal control as an end product as contrasted to a
process or means to obtain an end.
7-6
Chapter 07 - Internal Control
7-7
Chapter 07 - Internal Control
35. When tests of controls reveal that controls are operating as anticipated, it is most likely
that the assessed level of control risk will:
A. Be less than the preliminary assessed level of control risk.
B. Equal the preliminary assessed level of control risk.
C. Equal the actual control risk.
D. Be less than the actual control risk.
36. Under which circumstance is it likely that the extent of substantive procedures will be
expanded beyond that anticipated in the audit plan?
A. The auditors have determined that controls have been implemented (placed in operation)
but, in accordance with the audit plan, have performed no tests of controls.
B. Certain controls do not leave a trail of documentary evidence.
C. Deviation rates were greater than zero and approached anticipated levels.
D. The operating effectiveness of certain controls was found to be less than expected,
although no material misstatements were identified.
7-8
Chapter 07 - Internal Control
39. During financial statement audits, the auditors' consideration of their clients' internal
control is integral to both assess the risk of material misstatement and to:
A. Assess inherent risk.
B. Design further audit procedures.
C. Assess compliance with the Foreign Corrupt Practices Act.
D. Provide a reasonable basis for an opinion on compliance with applicable laws.
40. Which of the following comes closest to outlining the auditors' responsibility for
considering internal control in all financial statement audits?
A. An understanding of the control environment, information and communication, risk
assessment and monitoring is necessary; an understanding of control activities is only
necessary for areas in which the auditor is performing tests of controls.
B. The auditor must obtain an understanding of each of the five internal control components
sufficient to assess the risks of material misstatement for the audit.
C. When tests of controls have been performed, control risk must be assessed at a level less
than the maximum.
D. An understanding of the control environment is necessary, but no understanding of the
other components is necessary unless control risk is to be assessed at a level less than the
maximum.
41. Which of the following is not a primary procedure auditors use to obtain sufficient
knowledge about the design of the relevant controls and to determine whether they have been
implemented (placed in operation)?
A. Previous experience with the entity.
B. Inquiries of appropriate management personnel.
C. Performance of substantive procedures.
D. Inspection of document and records.
42. A control deficiency that is less severe than a material weakness, but important enough to
merit attention by those responsible for oversight of the company's financial reporting is
referred to as a(n):
A. Control deficiency.
B. Inherent limitation.
C. Reportable deficiency.
D. Significant deficiency.
7-9
Chapter 07 - Internal Control
43. For effective internal control, which of the following functions should not be assigned to
the company's accounting department?
A. Reconciling accounting records with existing assets.
B. Recording financial transactions.
C. Signing payroll checks.
D. Preparing financial reports.
45. Which of the following is true about the auditors' consideration of internal control in a
financial statement audit?
A. The auditors must assess control risk at a level lower than the maximum.
B. The auditors must prepare a flowchart description of internal control for their working
papers.
C. The auditors must obtain an understanding of the steps in processing major types of
transactions.
D. The auditors must perform tests of controls.
46. Which of the following is an advantage of describing internal control through the use of a
standardized questionnaire?
A. Questionnaires highlight weaknesses in the system.
B. Questionnaires are more flexible than other methods of describing internal control.
C. Questionnaires usually identify situations in which internal control weaknesses are
compensated for by other strengths in the system.
D. Questionnaires provide a clearer and more specific portrayal of a client's system than other
methods of describing internal control.
7-10
Chapter 07 - Internal Control
49. Which of the following is not a factor that is considered a part of the client's overall
control environment?
A. The organizational structure.
B. The information system.
C. Management philosophy and operating style.
D. Board of directors.
51. After documenting the client's prescribed internal control, the auditors will often perform
a walk-through of each transaction cycle. An objective of a walk-through is to:
A. Verify that the controls have been implemented (placed in operation).
B. Replace tests of controls.
C. Evaluate the major strengths and weaknesses in the client's internal control.
D. Identify weaknesses to be communicated to management in the management letter.
7-11
Chapter 07 - Internal Control
52. The major components of internal control include all of the following, except:
A. Risk assessment.
B. The control environment.
C. Internal auditing.
D. Control activities.
53. Which of the following is correct with respect to control deficiencies discovered during an
audit?
A. Auditors must communicate and recommend corrections relating to all material
weaknesses in internal control to management.
B. All material weaknesses in internal control should be reported to the audit committee.
C. All such matters must be communicated to the audit committee and regulatory agencies.
D. All control deficiencies are also significant deficiencies.
54. After considering the client's internal control the auditors have concluded that it is well
designed and is functioning as anticipated. Under these circumstances the auditors would
most likely:
A. Cease to perform further substantive procedures.
B. Reduce substantive procedures in areas where the internal control was found to be
effective.
C. Increase the extent of anticipated analytical procedures.
D. Perform all tests of controls to the extent outlined in the preplanned audit program.
55. The use of fidelity bonds protects a company from embezzlement loses and also:
A. Minimizes the possibility of employing persons with dubious records in positions of trust.
B. Reduces the company's need to obtain expensive business interruption insurance.
C. Allows the company to substitute the fidelity bonds for various parts of internal control.
D. Protects employees who made unintentional errors from possible monetary damages
resulting from such errors.
7-12
Chapter 07 - Internal Control
56. The independent auditors might consider the procedures performed by the internal
auditors because:
A. They are employees whose work must be reviewed during substantive testing.
B. They are employees whose work might affect the independent auditors' work.
C. Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations.
D. Their degree of independence may be inferred by the nature of their work.
57. In the consideration of internal control, the operating effectiveness of controls is tested
by:
A. Flowcharts verification.
B. Tests of controls.
C. Substantive procedures.
D. Decision tables.
58. The auditors who become aware of an internal control significant deficiency are required
to communicate this to the:
A. Client's legal counsel.
B. Compensation committee.
C. Audit committee.
D. Internal auditors.
59. A material weakness involves an amount that could result in a misstatement that is
A. Smaller than inconsequential.
B. Larger than inconsequential.
C. Tolerable.
D. Material.
60. At least what level of probability of a material misstatement is required for a control
deficiency to be considered a material weakness?
A. More than remote.
B. Probable.
C. Reasonable possibility.
D. Sufficient.
7-13
Chapter 07 - Internal Control
61. A situation in which the design or operation of a control does not allow management or
employees, in the normal course of performing their assigned functions, to prevent or detect
material misstatements on a timely basis is referred to as a:
A. Control deficiency.
B. Material weakness.
C. Reportable condition.
D. Significant deficiency.
62. To provide for the greatest degree of independence in performing internal auditing
functions, an internal auditor most likely should report to the:
A. Financial vice-president.
B. Corporate controller.
C. Audit committee.
D. Corporate stockholders.
7-14
Chapter 07 - Internal Control
67. Which of the following is least likely to be a factor that might indicate to an auditor that
an identified risk of misstatement requires special audit consideration?
A. Complex calculations are involved.
B. The rate of technological change is moderate in the industry.
C. The potential for fraud seems high.
D. Various subjective methods of application of a key accounting policy exist.
69. If the independent auditors decide that the work performed by the internal auditors may
have a bearing on their own procedures, they should consider the internal auditors':
A. Competence and objectivity.
B. Efficiency and experience.
C. Independence and review skills.
D. Training and supervisory skills.
70. In the consideration of internal control, the auditor is basically concerned that it provides
reasonable assurance that:
A. Management can not override the system.
B. Operational efficiency has been achieved in accordance with management plans.
C. Misstatements have been prevented or detected.
D. Controls have not been circumvented by collusion.
7-15
Chapter 07 - Internal Control
72. In assessing the competence of a client's internal auditor, an independent auditor most
likely would consider the
A. Internal auditor's compliance with professional internal auditing standards.
B. Client's policies that limit the internal auditor's access to management salary data.
C. Evidence supporting a further reduction in the assessed level of control risk.
D. Results of ratio analysis that may identify unusual transactions and events.
73. Which of the following factors would most likely be considered an inherent limitation to
an entity's internal control?
A. The complexity of the information processing system.
B. Human judgment in the decision making process.
C. The ineffectiveness of the board of directors.
D. The lack of management incentives to improve the control environment.
7-16
Chapter 07 - Internal Control
76. An auditor's purpose for performing tests of controls is to provide reasonable assurance
that:
A. Controls are operating effectively.
B. The risk that the auditor may unknowingly fail to modify the opinion on the financial
statements is minimized.
C. Transactions are executed in accordance with management's authorization and access to
assets is limited by a segregation of functions.
D. Transactions are recorded as necessary to permit the preparation of the financial statements
in conformity with generally accepted accounting principles.
77. Of the following statements about internal control, which one is not valid?
A. No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
B. Transactions must be properly authorized before such transactions are processed.
C. Because of the cost/benefit relationship, a client may apply control procedures on a test
basis.
D. Control activities reasonably insure that collusion among employees can not occur.
7-17
Chapter 07 - Internal Control
80. The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to which
companies in the United States:
A. All companies.
B. SEC registrants.
C. Only those companies included in the Fortune 500.
D. All nonpublic companies.
81. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses
financial statements and:
A. Compliance with laws.
B. Internal control over asset safeguarding.
C. Internal control over financial reporting.
D. Suitable criteria.
82. A report on internal control performed in accordance with PCAOB Standard No. 2
includes an opinion on internal control for:
A. The entire year.
B. The prior quarter.
C. The "as of date."
D. The end of each quarter.
evaluate control:
A. Option A
B. Option B
C. Option C
D. Option D
7-18
Chapter 07 - Internal Control
84. When performing an internal control audit under PCAOB requirements, one or more
material weaknesses in internal control that exist at year-end may result in what type of
report(s):
A. Option A
B. Option B
C. Option C
D. Option D
85. When performing an internal control audit under PCAOB standards, one or more material
weaknesses in internal control that exist at year-end may result in what type of report(s):
A. Option A
B. Option B
C. Option C
D. Option D
7-19
Chapter 07 - Internal Control
Essay Questions
86. Independent auditors should consider the work of internal auditors in their assessment of
control risk.
a. Are internal auditors independent of management? Explain.
b. What is the difference between the primary objective of the independent auditors and that
of internal auditors? Explain.
c. Discuss the factors that should be considered by the independent auditors in deciding how
much, if any, reliance should be placed on the work of the internal auditors.
88. When considering a client's internal control, the auditors focus on its various
characteristics. For each of the following characteristics indicate the auditors' responsibility
under generally accepted auditing standards and the procedures used to meet that
responsibility.
a. The design of internal control.
b. Controls have been implemented (placed in operation).
c. The operating effectiveness of controls.
7-20
Chapter 07 - Internal Control
89. Assume that you have assessed inherent risk for an audit area at a very high level. While
obtaining an understanding of internal control, you have determined that it appears to be very
strong. Nonetheless, due to the large number of transactions involved, you have chosen not to
test controls in the area.
a. At what level will the planned assessed level of control risk be established?
b. Describe the scope of tests of controls that will be performed.
c. At what level will the assessed level of control risk be established?
d. What must be documented in the working papers relating to internal control?
e. At what level will detection risk be established?
f. Describe the required scope of substantive procedures, if any. Make certain to discuss
details of likely nature, timing and extent.
7-21
Chapter 07 - Internal Control
Difficulty: Easy
2. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain
business.
FALSE
Difficulty: Hard
3. Incompatible duties exist when an employee is in a position to perpetrate and conceal errors
or fraud.
TRUE
Difficulty: Easy
4. Internal auditors should preferably report to the chief accounting officer of the company.
FALSE
Difficulty: Medium
Difficulty: Easy
7-22
Chapter 07 - Internal Control
6. CPA firms may use written narratives to describe internal control in their audit working
papers.
TRUE
Difficulty: Easy
Difficulty: Easy
8. If the auditors' assessment of the design of internal control reveals that it cannot be relied
upon, the auditors are not required to prepare any documentation of internal control for their
working papers.
FALSE
Difficulty: Medium
9. The relatively low number of types of transactions incurred by small firms makes the
segregation of duties impossible.
FALSE
Difficulty: Easy
10. In a financial statement audit, CPAs are required to assess the operating effectiveness of
most significant accounting oriented controls.
FALSE
Difficulty: Medium
7-23
Chapter 07 - Internal Control
11. Which of the following matters would an auditor most likely consider to be a significant
deficiency to be communicated to the audit committee?
A. Management's failure to renegotiate unfavorable long-term purchase commitments.
B. Recurring operating losses that may indicate going concern problems.
C. Evidence of a lack of objectivity by those responsible for accounting decisions.
D. Management's current plans to reduce its ownership equity in the entity.
Difficulty: Medium
Source: AICPA
12. In assessing the objectivity of a client's internal auditors, the CPA would be most likely to
consider internal auditor:
A. Education levels.
B. Experience.
C. Organizational status within the company.
D. Training and supervisory skills.
Difficulty: Medium
13. In a financial statement audit performed following AICPA Professional Standards, how
frequently must an auditor test operating effectiveness of controls that appear to function as
they have in past years and on which the auditor wishes to rely upon in the current year?
A. Monthly.
B. Each audit.
C. At least every second audit.
D. At least every third audit.
Difficulty: Medium
7-24
Chapter 07 - Internal Control
Difficulty: Hard
Source: AICPA
Difficulty: Hard
Difficulty: Easy
7-25
Chapter 07 - Internal Control
Difficulty: Hard
18. Which is most likely when the assessed level of control risk increases?
A. Change from performing substantive procedures at year-end to an interim date.
B. Perform substantive procedures directed inside the entity rather than tests directed toward
parties outside the entity.
C. Use the maximum number of dual purpose tests.
D. Use larger sample sizes for substantive procedures.
Difficulty: Medium
19. Which of the following must the auditor communicate to the audit committee?
A. Significant deficiencies and material weaknesses.
B. Only significant deficiencies.
C. Only material weaknesses.
D. Neither significant deficiencies nor material weaknesses.
Difficulty: Medium
20. A client's internal control appears strong, but the CPA has elected not to perform any tests
of controls. The planned assessed level of control risk is at what level?
A. Zero.
B. Low.
C. Moderate.
D. Maximum.
Difficulty: Hard
7-26
Chapter 07 - Internal Control
Difficulty: Hard
22. Which of the following is not considered one of the five major components of internal
control?
A. Risk assessment.
B. Segregation of duties.
C. Control activities.
D. Monitoring.
Difficulty: Medium
Difficulty: Easy
Difficulty: Medium
7-27
Chapter 07 - Internal Control
25. On financial statement audits, it is required that the auditors obtain an understanding of
internal control, including:
A. Its operating effectiveness.
B. Whether it has been implemented (placed in operation).
C. Performing tests of controls for all material controls.
D. Its ability to provide reasonable assurance.
Difficulty: Medium
Difficulty: Medium
27. This organization developed a set of criteria that provide management with a basis to
evaluate controls not only over financial reporting, but also over the effectiveness and
efficiency of operations and compliance with laws and regulations:
A. Foreign Corrupt Practices Corporation.
B. Committee of Sponsoring Organizations.
C. Cohen Commission.
D. Financial Accounting Standards Board.
Difficulty: Medium
7-28
Chapter 07 - Internal Control
Difficulty: Hard
29. Which statement is correct concerning the definition of internal control developed by the
Committee of Sponsoring Organizations (COSO)?
A. Its applicability is largely limited to internal auditing applications.
B. It is recognized in the Statements on Auditing Standards.
C. It emphasizes the effectiveness and efficiency of operations over the reliability of financial
reporting.
D. It suggests that it is important to view internal control as an end product as contrasted to a
process or means to obtain an end.
Difficulty: Hard
Difficulty: Medium
7-29
Chapter 07 - Internal Control
Difficulty: Hard
Difficulty: Medium
Difficulty: Medium
Difficulty: Medium
7-30
Chapter 07 - Internal Control
35. When tests of controls reveal that controls are operating as anticipated, it is most likely
that the assessed level of control risk will:
A. Be less than the preliminary assessed level of control risk.
B. Equal the preliminary assessed level of control risk.
C. Equal the actual control risk.
D. Be less than the actual control risk.
Difficulty: Hard
36. Under which circumstance is it likely that the extent of substantive procedures will be
expanded beyond that anticipated in the audit plan?
A. The auditors have determined that controls have been implemented (placed in operation)
but, in accordance with the audit plan, have performed no tests of controls.
B. Certain controls do not leave a trail of documentary evidence.
C. Deviation rates were greater than zero and approached anticipated levels.
D. The operating effectiveness of certain controls was found to be less than expected,
although no material misstatements were identified.
Difficulty: Hard
Difficulty: Medium
Difficulty: Medium
7-31
Chapter 07 - Internal Control
39. During financial statement audits, the auditors' consideration of their clients' internal
control is integral to both assess the risk of material misstatement and to:
A. Assess inherent risk.
B. Design further audit procedures.
C. Assess compliance with the Foreign Corrupt Practices Act.
D. Provide a reasonable basis for an opinion on compliance with applicable laws.
Difficulty: Easy
40. Which of the following comes closest to outlining the auditors' responsibility for
considering internal control in all financial statement audits?
A. An understanding of the control environment, information and communication, risk
assessment and monitoring is necessary; an understanding of control activities is only
necessary for areas in which the auditor is performing tests of controls.
B. The auditor must obtain an understanding of each of the five internal control components
sufficient to assess the risks of material misstatement for the audit.
C. When tests of controls have been performed, control risk must be assessed at a level less
than the maximum.
D. An understanding of the control environment is necessary, but no understanding of the
other components is necessary unless control risk is to be assessed at a level less than the
maximum.
Difficulty: Medium
41. Which of the following is not a primary procedure auditors use to obtain sufficient
knowledge about the design of the relevant controls and to determine whether they have been
implemented (placed in operation)?
A. Previous experience with the entity.
B. Inquiries of appropriate management personnel.
C. Performance of substantive procedures.
D. Inspection of document and records.
Difficulty: Medium
7-32
Chapter 07 - Internal Control
42. A control deficiency that is less severe than a material weakness, but important enough to
merit attention by those responsible for oversight of the company's financial reporting is
referred to as a(n):
A. Control deficiency.
B. Inherent limitation.
C. Reportable deficiency.
D. Significant deficiency.
Difficulty: Medium
43. For effective internal control, which of the following functions should not be assigned to
the company's accounting department?
A. Reconciling accounting records with existing assets.
B. Recording financial transactions.
C. Signing payroll checks.
D. Preparing financial reports.
Difficulty: Medium
Difficulty: Hard
7-33
Chapter 07 - Internal Control
45. Which of the following is true about the auditors' consideration of internal control in a
financial statement audit?
A. The auditors must assess control risk at a level lower than the maximum.
B. The auditors must prepare a flowchart description of internal control for their working
papers.
C. The auditors must obtain an understanding of the steps in processing major types of
transactions.
D. The auditors must perform tests of controls.
Difficulty: Medium
46. Which of the following is an advantage of describing internal control through the use of a
standardized questionnaire?
A. Questionnaires highlight weaknesses in the system.
B. Questionnaires are more flexible than other methods of describing internal control.
C. Questionnaires usually identify situations in which internal control weaknesses are
compensated for by other strengths in the system.
D. Questionnaires provide a clearer and more specific portrayal of a client's system than other
methods of describing internal control.
Difficulty: Medium
Difficulty: Hard
7-34
Chapter 07 - Internal Control
Difficulty: Hard
49. Which of the following is not a factor that is considered a part of the client's overall
control environment?
A. The organizational structure.
B. The information system.
C. Management philosophy and operating style.
D. Board of directors.
Difficulty: Medium
Difficulty: Medium
51. After documenting the client's prescribed internal control, the auditors will often perform
a walk-through of each transaction cycle. An objective of a walk-through is to:
A. Verify that the controls have been implemented (placed in operation).
B. Replace tests of controls.
C. Evaluate the major strengths and weaknesses in the client's internal control.
D. Identify weaknesses to be communicated to management in the management letter.
Difficulty: Medium
7-35
Chapter 07 - Internal Control
52. The major components of internal control include all of the following, except:
A. Risk assessment.
B. The control environment.
C. Internal auditing.
D. Control activities.
Difficulty: Medium
53. Which of the following is correct with respect to control deficiencies discovered during an
audit?
A. Auditors must communicate and recommend corrections relating to all material
weaknesses in internal control to management.
B. All material weaknesses in internal control should be reported to the audit committee.
C. All such matters must be communicated to the audit committee and regulatory agencies.
D. All control deficiencies are also significant deficiencies.
Difficulty: Hard
54. After considering the client's internal control the auditors have concluded that it is well
designed and is functioning as anticipated. Under these circumstances the auditors would
most likely:
A. Cease to perform further substantive procedures.
B. Reduce substantive procedures in areas where the internal control was found to be
effective.
C. Increase the extent of anticipated analytical procedures.
D. Perform all tests of controls to the extent outlined in the preplanned audit program.
Difficulty: Easy
Source: AICPA
7-36
Chapter 07 - Internal Control
55. The use of fidelity bonds protects a company from embezzlement loses and also:
A. Minimizes the possibility of employing persons with dubious records in positions of trust.
B. Reduces the company's need to obtain expensive business interruption insurance.
C. Allows the company to substitute the fidelity bonds for various parts of internal control.
D. Protects employees who made unintentional errors from possible monetary damages
resulting from such errors.
Difficulty: Medium
Source: AICPA
56. The independent auditors might consider the procedures performed by the internal
auditors because:
A. They are employees whose work must be reviewed during substantive testing.
B. They are employees whose work might affect the independent auditors' work.
C. Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations.
D. Their degree of independence may be inferred by the nature of their work.
Difficulty: Medium
Source: AICPA
57. In the consideration of internal control, the operating effectiveness of controls is tested
by:
A. Flowcharts verification.
B. Tests of controls.
C. Substantive procedures.
D. Decision tables.
Difficulty: Easy
Source: AICPA
7-37
Chapter 07 - Internal Control
58. The auditors who become aware of an internal control significant deficiency are required
to communicate this to the:
A. Client's legal counsel.
B. Compensation committee.
C. Audit committee.
D. Internal auditors.
Difficulty: Medium
Source: AICPA
59. A material weakness involves an amount that could result in a misstatement that is
A. Smaller than inconsequential.
B. Larger than inconsequential.
C. Tolerable.
D. Material.
Difficulty: Medium
60. At least what level of probability of a material misstatement is required for a control
deficiency to be considered a material weakness?
A. More than remote.
B. Probable.
C. Reasonable possibility.
D. Sufficient.
Difficulty: Medium
61. A situation in which the design or operation of a control does not allow management or
employees, in the normal course of performing their assigned functions, to prevent or detect
material misstatements on a timely basis is referred to as a:
A. Control deficiency.
B. Material weakness.
C. Reportable condition.
D. Significant deficiency.
Difficulty: Medium
7-38
Chapter 07 - Internal Control
62. To provide for the greatest degree of independence in performing internal auditing
functions, an internal auditor most likely should report to the:
A. Financial vice-president.
B. Corporate controller.
C. Audit committee.
D. Corporate stockholders.
Difficulty: Medium
Source: AICPA
Difficulty: Medium
Source: AICPA
Difficulty: Medium
Source: AICPA
Difficulty: Medium
Source: AICPA
7-39
Chapter 07 - Internal Control
Difficulty: Medium
Source: AICPA
67. Which of the following is least likely to be a factor that might indicate to an auditor that
an identified risk of misstatement requires special audit consideration?
A. Complex calculations are involved.
B. The rate of technological change is moderate in the industry.
C. The potential for fraud seems high.
D. Various subjective methods of application of a key accounting policy exist.
Difficulty: Easy
Difficulty: Medium
Source: AICPA
69. If the independent auditors decide that the work performed by the internal auditors may
have a bearing on their own procedures, they should consider the internal auditors':
A. Competence and objectivity.
B. Efficiency and experience.
C. Independence and review skills.
D. Training and supervisory skills.
Difficulty: Medium
Source: AICPA
7-40
Chapter 07 - Internal Control
70. In the consideration of internal control, the auditor is basically concerned that it provides
reasonable assurance that:
A. Management can not override the system.
B. Operational efficiency has been achieved in accordance with management plans.
C. Misstatements have been prevented or detected.
D. Controls have not been circumvented by collusion.
Difficulty: Medium
Source: AICPA
Difficulty: Easy
72. In assessing the competence of a client's internal auditor, an independent auditor most
likely would consider the
A. Internal auditor's compliance with professional internal auditing standards.
B. Client's policies that limit the internal auditor's access to management salary data.
C. Evidence supporting a further reduction in the assessed level of control risk.
D. Results of ratio analysis that may identify unusual transactions and events.
Difficulty: Medium
Source: AICPA
73. Which of the following factors would most likely be considered an inherent limitation to
an entity's internal control?
A. The complexity of the information processing system.
B. Human judgment in the decision making process.
C. The ineffectiveness of the board of directors.
D. The lack of management incentives to improve the control environment.
Difficulty: Medium
Source: AICPA
7-41
Chapter 07 - Internal Control
Difficulty: Easy
Source: AICPA
Difficulty: Medium
Source: AICPA
76. An auditor's purpose for performing tests of controls is to provide reasonable assurance
that:
A. Controls are operating effectively.
B. The risk that the auditor may unknowingly fail to modify the opinion on the financial
statements is minimized.
C. Transactions are executed in accordance with management's authorization and access to
assets is limited by a segregation of functions.
D. Transactions are recorded as necessary to permit the preparation of the financial statements
in conformity with generally accepted accounting principles.
Difficulty: Medium
Source: AICPA
7-42
Chapter 07 - Internal Control
77. Of the following statements about internal control, which one is not valid?
A. No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
B. Transactions must be properly authorized before such transactions are processed.
C. Because of the cost/benefit relationship, a client may apply control procedures on a test
basis.
D. Control activities reasonably insure that collusion among employees can not occur.
Difficulty: Easy
Source: AICPA
Difficulty: Hard
Difficulty: Medium
Source: AICPA
80. The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to which
companies in the United States:
A. All companies.
B. SEC registrants.
C. Only those companies included in the Fortune 500.
D. All nonpublic companies.
Difficulty: Medium
7-43
Chapter 07 - Internal Control
81. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses
financial statements and:
A. Compliance with laws.
B. Internal control over asset safeguarding.
C. Internal control over financial reporting.
D. Suitable criteria.
Difficulty: Medium
82. A report on internal control performed in accordance with PCAOB Standard No. 2
includes an opinion on internal control for:
A. The entire year.
B. The prior quarter.
C. The "as of date."
D. The end of each quarter.
Difficulty: Hard
A. Option A
B. Option B
C. Option C
D. Option D
Difficulty: Medium
7-44
Chapter 07 - Internal Control
84. When performing an internal control audit under PCAOB requirements, one or more
material weaknesses in internal control that exist at year-end may result in what type of
report(s):
A. Option A
B. Option B
C. Option C
D. Option D
Difficulty: Hard
85. When performing an internal control audit under PCAOB standards, one or more material
weaknesses in internal control that exist at year-end may result in what type of report(s):
A. Option A
B. Option B
C. Option C
D. Option D
Difficulty: Medium
7-45
Chapter 07 - Internal Control
Essay Questions
86. Independent auditors should consider the work of internal auditors in their assessment of
control risk.
a. Are internal auditors independent of management? Explain.
b. What is the difference between the primary objective of the independent auditors and that
of internal auditors? Explain.
c. Discuss the factors that should be considered by the independent auditors in deciding how
much, if any, reliance should be placed on the work of the internal auditors.
a. No. However, internal auditors may achieve independence from departments they evaluate
by reporting to a senior officer or the board of directors.
b. The independent auditors' objective is to express an opinion on the client's financial
statements. The internal auditors' primary objective is to aid management in achieving the
most efficient and effective administration of the business.
c. In deciding the degree of reliance to be placed on the work of the internal auditors, the
independent auditors should consider the competence and objectivity of the internal auditors,
and evaluate their work.
Difficulty: Hard
a. The auditors' consideration of their clients' internal control is integral to both (1) to assess
the risks of material misstatement in the financial statements and (2) to design the nature,
timing and extent of further audit procedures.
b. The limitations of internal control include (only three required):
Carelessness.
Misunderstanding of instructions.
Top management may override the system
Collusion among employees may circumvent controls dependent upon segregation of duties.
Cost considerations often limit the effectiveness of the design of the structure.
Difficulty: Medium
7-46
Chapter 07 - Internal Control
88. When considering a client's internal control, the auditors focus on its various
characteristics. For each of the following characteristics indicate the auditors' responsibility
under generally accepted auditing standards and the procedures used to meet that
responsibility.
a. The design of internal control.
b. Controls have been implemented (placed in operation).
c. The operating effectiveness of controls.
Difficulty: Medium
7-47
Chapter 07 - Internal Control
89. Assume that you have assessed inherent risk for an audit area at a very high level. While
obtaining an understanding of internal control, you have determined that it appears to be very
strong. Nonetheless, due to the large number of transactions involved, you have chosen not to
test controls in the area.
a. At what level will the planned assessed level of control risk be established?
b. Describe the scope of tests of controls that will be performed.
c. At what level will the assessed level of control risk be established?
d. What must be documented in the working papers relating to internal control?
e. At what level will detection risk be established?
f. Describe the required scope of substantive procedures, if any. Make certain to discuss
details of likely nature, timing and extent.
Difficulty: Hard
7-48