Professional Documents
Culture Documents
1. The primary objective of procedures performed to obtain an understanding of internal control is to provide
an auditor with
a. Knowledge necessary for audit planning
b. Evidential matter to use in assessing inherent risk
c. A basis for modifying tests of controls
d. An evaluation of the consistency of application
2. An auditor uses the knowledge provided by the understanding of internal control and the assessed level
of control risk primarily to
a. Determine whether procedures and records concerning the safeguarding of assets are reliable
b. Ascertain whether the opportunities to allow any person to both perpetrate and conceal fraud are
minimized
c. Modify the initial assessments of inherent risk and preliminary judgments about materiality levels
d. Determine the nature, timing and extent of substantive tests for financial statement assertions
4. An auditor would most likely be concerned with controls that provide reasonable assurance about the
a. Efficiency of management’s decision-making process
b. Appropriate prices the entity should charge for its products
c. Decision to make expenditures for certain advertising activities
d. Entity’s ability to initiate, record, process and report financial data
5. PSA 315 (Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
and its Environment) requires the auditor to perform risk assessment procedures at
a. The financial statement level only
b. The assertion level only
c. The financial statement level and the assertion level for classes of transactions, account balances and
disclosures
d. Either the financial statement or assertion level
6. The auditor’s risk assessment procedures should always include the following, except
a. Inquiries of management and of others within the entity
b. Analytical procedures
c. Observation and inspection
d. Substantive test procedures and tests of controls
8. The auditor should obtain an understanding of the entity’s objectives and strategies, and those business
risks that may result in risks of material misstatement. Which of the following statements concerning the
entity’s business risk is incorrect?
a. Business risk is broader than the risk of material misstatement of the financial statements, though it
includes the latter
b. An understanding of the business risks facing the entity increases the likelihood of identifying risks of
material misstatement
c. The auditor has a responsibility to identify or assess all business risks
d. Business risk may arise from the development of new products or services that may fail
9. When obtaining an understanding of controls that are relevant to the audit, the auditor is required to
a. Evaluate the design of those controls
b. Determine whether those controls have been implemented
c. Evaluate the design of those controls and determine whether they have been implemented
d. Evaluate the design of those controls and determine whether they have been implemented by
performing tests of controls
10. This internal control component is the foundation for all other components. It sets the tone of the
organization, provides discipline and structure, and influences the control consciousness of employees
a. Control activities
b. Monitoring of controls
c. Control environment
d. The entity’s risk assessment process
16. Which of the following factors are included in an entity’s control environment?
Audit Committee Participation Integrity and ethical values Organizational Structure
a. Yes Yes No
b. Yes No Yes
c. No Yes Yes
d. Yes Yes Yes
17. Which of the following components of internal control includes development and use of training policies
that communicate prospective roles and responsibilities to employees?
a. Monitoring
b. Control environment
c. Risk assessment
d. Control activities
18. Proper segregation of duties reduces the opportunities to allow persons to be in positions both to
a. Journalize entries and prepare financial statements
b. Record cash receipts and cash disbursements
c. Establish internal control and authorize transactions
d. Perpetrate and conceal errors and fraudulent acts
19. Proper segregation of functional responsibilities to achieve effective internal control calls for separation
of the functions of
a. Authorization, execution and payment
b. Authorization, recording and custody
c. Custody, execution and reporting
d. Authorization, payment and recording
20. Internal control can provide only reasonable assurance of achieving an entity’s control objectives. The
likelihood of achieving those objectives is affected by which limitation inherent to internal control?
a. The auditor’s primary responsibility is the detection of fraud
b. The board of directors is active and independent
c. The cost of internal control should not exceed its benefits
d. Management monitors internal control
21. Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
a. Incompatible duties
b. Management override
c. Faulty judgment
d. Collusion among employees
22. An independent auditor is concerned with controls designed to safeguard assets that are relevant to the
reliability of financial reporting. Adequate safeguards over access to and use of assets means protecting
from
a. Any management decision that would unprofitably use company resources
b. Only those losses arising from fraud
c. Losses such as those arising from setting a product price too low and subsequently realizing operating
losses from the product’s sale
d. Losses arising from access by unauthorized persons
23. An entity has many employees that access a database. The database contains sensitive information
concerning the customers of the entity and has numerous access points. Access controls prevent
employees from entry to those areas of the database for which they have no authorization. All
salespersons have certain access permission to customer information. Which of the following is a true
statement regarding the nature of the controls and risks?
a. Because there is no segregation of duties among the salespersons, risk of collusion is increased
b. Only one salesperson should be allowed access permission
c. Sales department personnel should not have access to any part of the database
d. A salesperson’s access to customer information should extend only to what is necessary to perform
his/her duties
24. In obtaining an understanding of controls that are relevant to audit planning, an auditor is required to
obtain knowledge about the
a. Design of the controls included in the internal control components
b. Effectiveness of the controls that have been placed in operation
c. Consistency with which the controls are currently being applied
d. Controls related to each principal transaction class and account balance
25. In obtaining an understanding of internal control in a financial statement audit, an auditor is not obligated
to
a. Determine whether the controls have been placed in operation
b. Perform procedures to understand the design of internal control
c. Document the understanding of the entity’s internal control components
d. Search for significant deficiencies in the operation of internal control
27. In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain
an understanding of an entity’s internal control need not be included because of the auditor’s judgments
about materiality and assessments of
a. Control risk
b. Detection risk
c. Sampling risk
d. Inherent risk
28. When obtaining an understanding of an entity’s internal controls, an auditor should concentrate on their
substance rather than their form because
a. The controls may be operating effectively but may not be documented
b. Management may establish appropriate controls but not enforce compliance with them
c. The controls may be so inappropriate that the auditor assesses control risk at the maximum
d. Management may implement controls whose costs exceed their benefits
29. In obtaining an understanding of a manufacturing entity’s internal control concerning inventory balances,
an auditor most likely would
a. Review the entity’s descriptions of inventory policies and procedures
b. Perform test counts of inventory during the entity’s physical count
c. Analyze inventory turnover statistics to identify slow-moving and obsolete items
d. Analyze monthly production reports to identify variances and unusual transactions
30. An auditor should obtain sufficient knowledge of an entity’s information system relevant to financial
reporting to understand the
a. Safeguards used to limit access to computer facilities
b. Process used to prepare significant accounting estimates
c. Procedures used to assure proper authorization of transactions
d. Policies used to detect the concealment of fraud
32. An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the
auditor’s
a. Assessment of control risk
b. Identification of weaknesses in the system
c. Assessment of the control environment’s effectiveness
d. Understanding of the system
33. An advantage of using systems flowcharts to document information about internal control instead of using
internal control questionnaires is that systems flowcharts
a. Identify internal control weaknesses more prominently
b. Provide a visual depiction of clients’ activities
c. Indicate whether controls are operating effectively
d. Reduce the need to observe clients’ employees performing routine tasks
34. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
a. Tests of controls may fail to identify procedures relevant to assertions
b. Material misstatements may exist in the financial statements
c. Specified controls requiring segregation of duties may be circumvented by collusion
d. Entity policies may be inappropriately overridden by senior management
36. After assessing control risk below the maximum level, an auditor desires to further reduce the assessed
level of control risk. At this time, the auditor considers whether
a. It would be efficient to obtain an understanding of the entity’s accounting system
b. The entity’s internal controls have been placed in operation
c. The entity’s internal controls pertain to any financial statement assertions
d. Additional evidential matter sufficient to support a further reduction is likely to be available
37. An auditor may decide to assess control risk at the maximum level for certain assertions because the
auditor believes
a. Controls are unlikely to pertain to the assertions
b. The entity’s control components are interrelated
c. Sufficient evidential matter to support the assertions is likely to be available
d. More emphasis on tests of controls than substantive tests is warranted
38. Which of the following is a step in an auditor’s decision to assess control risk below the maximum?
a. Apply analytical procedures to both financial data and nonfinancial information to detect conditions
that may indicate weak controls
b. Perform tests of details of transactions and account balances to identify potential errors and fraud
c. Identify the controls that are likely to detect or prevent material misstatements
d. Document that the additional audit effort to perform tests of controls exceeds the potential reduction
in substantive testing
39. Which of the following is not a step in an auditor’s decision to assess control risk below the maximum?
a. Evaluate the effectiveness of the control activity with tests of controls
b. Obtain an understanding of the entity’s control environment
c. Perform tests of details of transactions to detect material misstatements in the financial statements
d. Consider whether controls can have a pervasive effect on financial statement assertions
40. Samples to test controls are intended to provide a basis for an auditor to conclude whether
a. The controls are operating effectively
b. The financial statements are materially misstated
c. The risk of incorrect acceptance is too high
d. Materiality for planning purposes is at a sufficiently low level