AUDITING – SYNCHRONOUS SESSION 3

Consideration of Entity’s Internal Control

1. The primary objective of procedures performed to obtain an understanding of internal control is to provide
an auditor with
a. Knowledge necessary for audit planning
b. Evidential matter to use in assessing inherent risk
c. A basis for modifying tests of controls
d. An evaluation of the consistency of application

2. An auditor uses the knowledge provided by the understanding of internal control and the assessed level
of control risk primarily to
a. Determine whether procedures and records concerning the safeguarding of assets are reliable
b. Ascertain whether the opportunities to allow any person to both perpetrate and conceal fraud are
minimized
c. Modify the initial assessments of inherent risk and preliminary judgments about materiality levels
d. Determine the nature, timing and extent of substantive tests for financial statement assertions

3. In an audit of financial statements, an auditor’s primary consideration regarding an internal control is

whether the control
a. Reflects management’s philosophy and operating style
b. Affects management’s financial statement assertions
c. Provide adequate safeguards over access to assets
d. Enhances management’s decision-making processes

4. An auditor would most likely be concerned with controls that provide reasonable assurance about the
a. Efficiency of management’s decision-making process
b. Appropriate prices the entity should charge for its products
c. Decision to make expenditures for certain advertising activities
d. Entity’s ability to initiate, record, process and report financial data

5. PSA 315 (Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
and its Environment) requires the auditor to perform risk assessment procedures at
a. The financial statement level only
b. The assertion level only
c. The financial statement level and the assertion level for classes of transactions, account balances and
disclosures
d. Either the financial statement or assertion level

6. The auditor’s risk assessment procedures should always include the following, except
a. Inquiries of management and of others within the entity
b. Analytical procedures
c. Observation and inspection
d. Substantive test procedures and tests of controls

7. The auditor’s risk assessment procedures

 a. By themselves, do not provide sufficient appropriate audit evidence on which to base the audit
opinion
b. Should not consider information obtained from the auditor’s previous experience with the entity
c. Are designed to detect material misstatements at the assertion level for classes of transactions,
account balances and disclosures
d. Are designed to test the effectiveness of the entity’s controls

8. The auditor should obtain an understanding of the entity’s objectives and strategies, and those business
risks that may result in risks of material misstatement. Which of the following statements concerning the
entity’s business risk is incorrect?
a. Business risk is broader than the risk of material misstatement of the financial statements, though it
includes the latter
b. An understanding of the business risks facing the entity increases the likelihood of identifying risks of
material misstatement
c. The auditor has a responsibility to identify or assess all business risks
d. Business risk may arise from the development of new products or services that may fail

9. When obtaining an understanding of controls that are relevant to the audit, the auditor is required to
a. Evaluate the design of those controls
b. Determine whether those controls have been implemented
c. Evaluate the design of those controls and determine whether they have been implemented
d. Evaluate the design of those controls and determine whether they have been implemented by
performing tests of controls

10. This internal control component is the foundation for all other components. It sets the tone of the
organization, provides discipline and structure, and influences the control consciousness of employees
a. Control activities
b. Monitoring of controls
c. Control environment
d. The entity’s risk assessment process

11. An entity’s business processes are the activities designed to

a. Develop, purchase, produce , sell and distribute an entity’s products and services
b. Ensure compliance with laws and regulations
c. Record information, including accounting and financial reporting information
d. Assess the effectiveness of internal control performance over time

12. The auditor uses the understanding of internal control to

I. Identify types of potential misstatements
II. Consider factors that affect the risks of material misstatement
III. Design the nature, timing and extent of further audit procedures
a. I and II only
b. I and III only
c. II and III only
d. I, II and III
13. Which of the following is a management control method that most likely could improve management’s
ability to supervise company’s activities effectively?
a. Monitoring compliance with internal control requirements imposed by regulatory bodies
 b. Limiting direct access to assets by physical segregation and protective devices
c. Establishing budgets and forecasts to identify variances from expectations
d. Supporting employees with the resources necessary to discharge their responsibilities

14. Which of the following are considered control environment factors?

Detection Risk Commitment to Competence
a. Yes Yes
b. Yes No
c. No Yes
d. No No

15. Which of the following is not a component of internal control?

a. Control risk
b. Monitoring
c. Information and communication
d. The control environment

16. Which of the following factors are included in an entity’s control environment?
Audit Committee Participation Integrity and ethical values Organizational Structure
a. Yes Yes No
b. Yes No Yes
c. No Yes Yes
d. Yes Yes Yes

17. Which of the following components of internal control includes development and use of training policies
that communicate prospective roles and responsibilities to employees?
a. Monitoring
b. Control environment
c. Risk assessment
d. Control activities

18. Proper segregation of duties reduces the opportunities to allow persons to be in positions both to
a. Journalize entries and prepare financial statements
b. Record cash receipts and cash disbursements
c. Establish internal control and authorize transactions
d. Perpetrate and conceal errors and fraudulent acts

19. Proper segregation of functional responsibilities to achieve effective internal control calls for separation
of the functions of
a. Authorization, execution and payment
b. Authorization, recording and custody
c. Custody, execution and reporting
d. Authorization, payment and recording

20. Internal control can provide only reasonable assurance of achieving an entity’s control objectives. The
likelihood of achieving those objectives is affected by which limitation inherent to internal control?
a. The auditor’s primary responsibility is the detection of fraud
b. The board of directors is active and independent
 c. The cost of internal control should not exceed its benefits
d. Management monitors internal control

21. Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
a. Incompatible duties
b. Management override
c. Faulty judgment
d. Collusion among employees

22. An independent auditor is concerned with controls designed to safeguard assets that are relevant to the
reliability of financial reporting. Adequate safeguards over access to and use of assets means protecting
from
a. Any management decision that would unprofitably use company resources
b. Only those losses arising from fraud
c. Losses such as those arising from setting a product price too low and subsequently realizing operating
losses from the product’s sale
d. Losses arising from access by unauthorized persons

23. An entity has many employees that access a database. The database contains sensitive information
concerning the customers of the entity and has numerous access points. Access controls prevent
employees from entry to those areas of the database for which they have no authorization. All
salespersons have certain access permission to customer information. Which of the following is a true
statement regarding the nature of the controls and risks?
a. Because there is no segregation of duties among the salespersons, risk of collusion is increased
b. Only one salesperson should be allowed access permission
c. Sales department personnel should not have access to any part of the database
d. A salesperson’s access to customer information should extend only to what is necessary to perform
his/her duties

24. In obtaining an understanding of controls that are relevant to audit planning, an auditor is required to
obtain knowledge about the
a. Design of the controls included in the internal control components
b. Effectiveness of the controls that have been placed in operation
c. Consistency with which the controls are currently being applied
d. Controls related to each principal transaction class and account balance

25. In obtaining an understanding of internal control in a financial statement audit, an auditor is not obligated
to
a. Determine whether the controls have been placed in operation
b. Perform procedures to understand the design of internal control
c. Document the understanding of the entity’s internal control components
d. Search for significant deficiencies in the operation of internal control

26. As part of understanding internal control, an auditor is not required to

a. Consider factors that affect the risk of material misstatement
b. Ascertain whether internal controls have been placed in operation
c. Identify the types of potential misstatements that can occur
 d. Obtain knowledge about the operating effectiveness of internal control

27. In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain
an understanding of an entity’s internal control need not be included because of the auditor’s judgments
about materiality and assessments of
a. Control risk
b. Detection risk
c. Sampling risk
d. Inherent risk

28. When obtaining an understanding of an entity’s internal controls, an auditor should concentrate on their
substance rather than their form because
a. The controls may be operating effectively but may not be documented
b. Management may establish appropriate controls but not enforce compliance with them
c. The controls may be so inappropriate that the auditor assesses control risk at the maximum
d. Management may implement controls whose costs exceed their benefits

29. In obtaining an understanding of a manufacturing entity’s internal control concerning inventory balances,
an auditor most likely would
a. Review the entity’s descriptions of inventory policies and procedures
b. Perform test counts of inventory during the entity’s physical count
c. Analyze inventory turnover statistics to identify slow-moving and obsolete items
d. Analyze monthly production reports to identify variances and unusual transactions

30. An auditor should obtain sufficient knowledge of an entity’s information system relevant to financial
reporting to understand the
a. Safeguards used to limit access to computer facilities
b. Process used to prepare significant accounting estimates
c. Procedures used to assure proper authorization of transactions
d. Policies used to detect the concealment of fraud

31. In an audit of financial statements in accordance with PSAs, an auditor is required to

a. Identify specific controls relevant to management’s financial statement assertions
b. Perform tests of controls to evaluate the effectiveness of the entity’s accounting system
c. Determine whether procedures are suitably designed to prevent or detect material misstatement
d. Document the auditor’s understanding of the entity’s internal control

32. An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the
auditor’s
a. Assessment of control risk
b. Identification of weaknesses in the system
c. Assessment of the control environment’s effectiveness
d. Understanding of the system

33. An advantage of using systems flowcharts to document information about internal control instead of using
internal control questionnaires is that systems flowcharts
a. Identify internal control weaknesses more prominently
b. Provide a visual depiction of clients’ activities
 c. Indicate whether controls are operating effectively
d. Reduce the need to observe clients’ employees performing routine tasks

34. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
a. Tests of controls may fail to identify procedures relevant to assertions
b. Material misstatements may exist in the financial statements
c. Specified controls requiring segregation of duties may be circumvented by collusion
d. Entity policies may be inappropriately overridden by senior management

35. Control risk should be assessed in terms of

a. Specific controls
b. Types of potential fraud
c. Financial statement assertions
d. Control environment factors

36. After assessing control risk below the maximum level, an auditor desires to further reduce the assessed
level of control risk. At this time, the auditor considers whether
a. It would be efficient to obtain an understanding of the entity’s accounting system
b. The entity’s internal controls have been placed in operation
c. The entity’s internal controls pertain to any financial statement assertions
d. Additional evidential matter sufficient to support a further reduction is likely to be available

37. An auditor may decide to assess control risk at the maximum level for certain assertions because the
auditor believes
a. Controls are unlikely to pertain to the assertions
b. The entity’s control components are interrelated
c. Sufficient evidential matter to support the assertions is likely to be available
d. More emphasis on tests of controls than substantive tests is warranted

38. Which of the following is a step in an auditor’s decision to assess control risk below the maximum?
a. Apply analytical procedures to both financial data and nonfinancial information to detect conditions
that may indicate weak controls
b. Perform tests of details of transactions and account balances to identify potential errors and fraud
c. Identify the controls that are likely to detect or prevent material misstatements
d. Document that the additional audit effort to perform tests of controls exceeds the potential reduction
in substantive testing

39. Which of the following is not a step in an auditor’s decision to assess control risk below the maximum?
a. Evaluate the effectiveness of the control activity with tests of controls
b. Obtain an understanding of the entity’s control environment
c. Perform tests of details of transactions to detect material misstatements in the financial statements
d. Consider whether controls can have a pervasive effect on financial statement assertions

40. Samples to test controls are intended to provide a basis for an auditor to conclude whether
a. The controls are operating effectively
b. The financial statements are materially misstated
c. The risk of incorrect acceptance is too high
d. Materiality for planning purposes is at a sufficiently low level