Segregation of incompatible functions is necessary
to ascertain that the control procedures are effective. 1. In general, a material weakness in internal control may be defined as a condition in which 6. After considering a client's internal control, an material errors or irregularities may occur and auditor has concluded that the system is well not be detected within a timely period by designed and is functioning as anticipated. a. An independent auditor during tests of controls. Under these circumstances, the auditor would b. Employees in the normal course of performing their most likely assigned functions. a. Cease to perform further substantive tests. c. Management when reviewing interim financial b. Not increase the extent of planned substantive tests. statements and reconciling account balances. c. Increase the extent of anticipated analytical d. Outside consultants who issue a special-purpose procedures. report on internal control structure. d. Perform all tests of controls to the extent outlined in the preplanned audit program. 2. Internal control procedures are not designed to provide reasonable assurance that 7. The primary purpose of the auditor's a. Transactions are executed in accordance with consideration of internal control is to provide a management's authorization. basis for b. Irregularities will be eliminated. a. Determining whether procedures and records that c. Access to assets is permitted only in accordance are concerned with the safeguarding of assets are with management's authorization. reliable. d. The recorded accountability for assets is compared b. Constructive suggestions to clients concerning with the existing assets at reasonable intervals. deficiencies in internal control. c. Determining the nature, timing, and extent of audit 3. Which of the following is the correct order for tests to be applied. performing the auditing procedures A through C d. The expression of an opinion. below? 8. The purpose of tests of controls is to provide A = Tests of controls reasonable assurance that the B = Preparation of a flowchart depicting the a. Accounting treatment of transactions and balances is client's internal control structure valid and proper. C = Substantive tests b. Control procedures are functioning as intended. a. ABC. c. Entity has complied with disclosure requirements of GAAP. b. ACB. d. Entity has complied with requirements of quality c. BAC. control. d. BCA. 9. The auditor's review of the client's internal 4. A secondary purpose of the auditor's control is documented in order to substantiate consideration of internal control is to provide a. Conformity of the accounting records with GAAP. a. A basis for constructive suggestions about b. Compliance with generally accepted auditing improvements in internal control structure. standards. b. A basis for assessing control risk. c. Adherence to requirements of management. c. An assurance that the records and documents have d. The fairness of the financial statement presentation. been maintained in accordance with existing company policies and procedures. 10. After consideration of a client's internal d. A basis for the determination of the resultant extent control, an auditor might decide to of the tests to which auditing procedures are to be a. Increase the extent of substantive testing in areas restricted. where the control structure is strong. b. Reduce the extent of tests of controls in areas where 5. When considering internal control, an auditor the controls are strong. must be aware of the concept of reasonable assurance, which recognizes that c. Reduce the extent of both substantive tests and tests of controls in areas where the controls are a. Employment of competent personnel provides strong. assurance that the objectives of internal control will d. Increase the extent of substantive testing in areas be achieved. where the controls are weak. b. Establishment and maintenance of internal control is an important responsibility of the management and 11. After documenting internal control in an audit not of the auditor. engagement, the auditor may perform tests on c. Cost of internal control procedures should not exceed the benefits expected to be derived from the a. Those controls that the auditor plans to rely on. control. b. Those controls in which deficiencies were identified. c. Those controls that have a material effect on the 18. The accountant's report expressing an financial statement balances. opinion on an entity's internal controls should d. A random sample of the controls that were reviewed. state that the a. Establishment and maintenance of internal control is 12. The auditor is examining copies of sales the responsibility of management. invoices only for the initials of the person b. Objectives of the client's internal controls are being responsible for checking the extensions. This is met. an example of a c. Consideration of the internal controls was conducted a. Test of controls. in accordance with generally accepted auditing b. Substantive test. standards. c. Dual-purpose test. d. Inherent limitations of the client's internal controls d. Test of balances. were examined.
13. In an auditor's consideration of internal 19. The accountant's report expressing an
control, the completion of a questionnaire is opinion on an entity's internal controls would not most closely associated with which of the include a following? a. Description of the scope of the engagement. a. Separation of duties. b. Specific date that the report covers rather than a b. Understanding the system. period of time. c. Flowchart accuracy. c. Brief explanation of the broad objectives and d. Tests of controls. inherent limitations of internal control. d. Statement that the entity's internal controls are consistent with that of the prior year after giving 14. The reliance placed on substantive tests in effect to subsequent changes. relation to control risk varies in a relationship that is ordinarily 20. A CPA's consideration of internal control in a. Parallel. an audit b. Inverse. a. Is generally more limited than that made in c. Direct. connection with an engagement to express an d. Equal. opinion on internal control. b. Is generally more extensive than that made in 15. The auditor observes client employees in order connection with an engagement to express an to opinion on internal control. a. Prepare a flowchart. c. Will generally be identical to that made in connection b. Update information contained in the organization and with an engagement to express an opinion on procedure manuals. internal control. c. Corroborate the information obtained during the d. Will generally result in the CPA expressing an initial review of the system. opinion on the internal control. d. Determine the extent of compliance with quality control standards. 21. The auditor who becomes aware of reportable conditions is required to 16. A consideration of internal control made communicate this to the during an audit is usually not sufficient to a. Audit committee and client's legal counsel. express an opinion on an entity's controls b. Board of directors and internal auditors. because c. Senior management and board of directors. a. Weaknesses in the system may go unnoticed during d. Internal auditors and senior management. the audit engagement. b. A consideration of internal control is not necessarily 22. Which of the following is not a purpose of an made during an audit engagement. auditor's attempt to understand internal control c. Only those controls on which an auditor intends to when a client processes accounting information rely are reviewed, tested, and evaluated. by computer? d. Controls can change each year. a. Determine the extent to which the computer is used 17. An auditor's report on internal control of a in significant accounting applications. publicly held company would ordinarily be of b. Understand the flow of transactions in the system. least use to c. Comprehend the basic structure of accounting a. Shareholders. control. b. Officers. d. Identify the controls that can be relied on when c. Directors. designing substantive tests of details. d. Regulatory agencies. 23. Which of the following is likely to be of least importance to an auditor when assessing control risk in a company that processes data by b. Validity of the output. computer? c. Procedures contained within the program. a. The segregation of duties within the computer d. Normalcy of distribution of test data. department. 29. Which of the following is true of generalized b. The control over source documents. audit software? c. The documentation maintained for accounting a. They can be used only in auditing on-line computer applications. systems. d. The cost-benefit ratio of data processing operations. b. They can be used on any computer without modification. 24. In considering a client's internal control c. They each have their own characteristics, which the structure in a computer environment, the auditor auditor must carefully consider before using in a will encounter general controls and application given audit situation. controls. Which of the following is an application control? 28. The test–data method is used by auditors to a. Organization charts. test the b. Hash total. a. Accuracy of input data. c. Systems flowcharts. b. Validity of the output. d. Control over program changes. c. Procedures contained within the program. d. Normalcy of distribution of test data. 25. Auditing by testing the input and output of a computer system--i.e., auditing "around" the 29. Which of the following is true of generalized computer--instead of the computer software audit software? itself will a. They can be used only in auditing on-line computer a. Not detect program errors that do not appear in the systems. output sampled. b. They can be used on any computer without b. Detect all program errors, regardless of the nature of modification. the output. c. They each have their own characteristics, which the c. Provide the auditor with the same type of evidence. auditor must carefully consider before using in a given d. Not provide the auditor with confidence in the results audit situation. of the auditing procedures. d. They enable the auditor to perform all manual compliance test procedures less expensively. 26. Smith Corporation has numerous customers. A customer file is kept on disk. Each customer file contains the name, address, credit limit, and 30. Assume that an auditor estimated that 10,000 account balance. The auditor wishes to test this checks were issued during the accounting file to determine whether credit limits are being period. If an application control that performs a exceeded. The best procedure for the auditor to limit check for each check request is to be follow would be to subjected to the auditor's test–data approach, the sample should include: a. Develop test data that would cause some account balances to exceed the credit limit and determine if a. Approximately 1,000 test items. the system properly detects such situations. b. A number of test items determined by the auditor to b. Develop a program to compare credit limits with be sufficient under the circumstances. account balances and print out the details of any c. A number of test items determined by the auditor's account with a balance exceeding its credit limit. reference to the appropriate sampling tables. c. Request a printout of all account balances so they d. One transaction. can be manually checked against the credit limits. d. Request a printout of a sample of account balances 31. PC DOS, MS DOS, and AppleDOS are examples of so they can be individually checked against the credit limits. a. Application software. b. Generalized audit software. 27. Which of the following methods of testing c. Database management systems. application controls utilizes software prepared d. Operating software. by the auditors and applied to the client's data? a. Parallel simulation. 32. Which of the following is not an b. Integrated test facility. example of a computer-assisted audit c. Test data. technique? d. Exception report tests. a. Integrated test data. b. Audit modules. 28. The test–data method is used by auditors to c. Disk operating systems. test the d. Audit hooks. a. Accuracy of input data. 33. Which of the following statements most 39. Which of the following is not done by an likely represents a disadvantage for an entity auditor when obtaining an understanding of an that maintains computer data files rather than entity's internal controls? manual files? a. Identify the types of potential misstatements that can a. It's usually more difficult to detect transposition occur. errors. b. Consider the operating effectiveness of the internal b. Transactions are usually authorized before they are controls. executed and recorded. c. Design substantive tests. c. It's usually easier for unauthorized persons to d. Consider factors that affect the risk of material access and alter the files. misstatements. d. Random error is more common when similar transactions are processed in different ways. 40. Which of the following audit tests would be a test of controls? 34. Transaction authorization within an a. Tests of the specific items making up the balance in organization may be either specific or general. a financial statement account. An example of specific transaction authorization b. Comparing inventory prices to vendors' invoices. is the c. Comparing signatures on canceled checks to board a. Setting of automatic reorder points. of directors' authorizations. b. Approval of a construction budget for a new d. Tests of the additions to property, plant, and warehouse. equipment by physical inspections. c. Establishment of a customer's credit limits. d. Establishment of sales prices. 41. The sequence of steps in gathering evidence as the basis of the auditor's opinion is: 35. Proper segregation of functional a. Substantive tests, documentation of control responsibilities calls for separation of the structure, and tests of controls. functions of b. Documentation of control structure, substantive a. Authorization, execution, and recording. tests, and tests of controls. b. Authorization, execution, and payment. c. Documentation of control structure, tests of controls, c. Custody, execution, and reporting. and substantive tests. d. Authorization, payment, and recording. d. Tests of controls, documentation of control structure, and substantive tests. 36. An auditor should consider the competence of a client's employees because their 42. Which of the following procedures is competence bears directly and importantly on essential to determining whether necessary the control activities were prescribed and are being a. Cost-benefit relationship of internal control. followed? b. Achievement of the objectives of internal control. a. Developing questionnaires and checklists. c. Comparison of recorded accountability with assets b. Evaluating the entity's procedures for risk on hand. assessment. d. Timing of the tests to be performed. c. Documenting and testing controls. d. Observing employees and making inquiries. 37. Which of the following elements is not a part of an entity's internal controls? a. Control risk. 43. Evidence about segregation of duties is best b. Control activities. obtained by c. The accounting system. a. Inspecting documents that contain the initials of who d. The control environment. performed control activities. b. Direct personal observation of employees who 38. Which of the following statements about perform control activities. internal control is correct? c. Preparing a flowchart of who performs the duties. a. Properly maintained internal controls reasonably d. Making inquiries of coworkers about the employee assure that collusion among employees cannot who performs the duties. occur. b. Establishing and maintaining internal control is the internal auditor's responsibility. 44. An auditor's flowchart of a client's internal controls is a diagram depicting the auditor's c. Exceptionally strong control allows the auditor to eliminate substantive tests of details. a. Understanding of the internal controls. d. The cost-benefit relationship should be considered in b. Program for tests of controls. designing internal controls. c. Documentation of having considered the internal controls. d. Understanding of the types of irregularities that are probable. 50. When software or files can be accessed from on-line servers, users should be required to 45. An auditor is required to communicate enter significant deficiencies in internal control to a. A parity check. a. Audit committee of the board of directors. b. A personal identification code. b. Creditors and board of directors. c. A self-diagnosis test. d. An echo check. c. Board of directors and internal auditors. d. Internal auditors and senior management. 51. An auditor's consideration of a company's computer control activities has disclosed the 46. An auditor has concluded that a client's following four circumstances. Indicate which internal controls are well designed and circumstance constitutes a significant deficiency functioning as expected. Under these in internal control. circumstances the auditor would most likely a. Computer operators do not have access to the a. Cease to perform further substantive tests. complete software support documentation. b. Not increase the extent of planned substantive tests. b. Computer operators are closely supervised by c. Increase the extent of planned analytical programmers. procedures. c. Programmers are not authorized to operate d. Perform all tests of controls to the extent outlined in computers. the audit program. d. Only one generation of backup files is stored in an off-premises location. 47. Reportable conditions are matters that come to an auditor's attention and that should be 52. A control feature requires the computer to communicated to an entity's audit committee send signals to the printer to activate the print because they represent mechanism for each character. The print a. Material irregularities or illegal acts perpetrated by mechanism, just prior to printing, sends a signal management. back to the computer verifying that the proper b. Significant deficiencies in the design or operation of print position has been activated. internal control. This type of hardware control is referred to as a/an c. Flagrant violations of the entity's documented a. Echo check. conflict-of-interest policies. b. Validity check. d. Intentional attempts by client personnel to limit the c. Signal check. scope of the auditor's work. d. Check digit. 48. Which of the following statements best describes a weakness often associated with 53. In a computer system, hardware controls computers? are designed to a. Computer equipment is more subject to systems a. Arrange data in a logical sequence for processing. error than manual processing is subject to human b. Correct errors in software. error. c. Monitor and detect errors in source documents. b. Computer equipment processes and records similar d. Detect and control errors arising from use of transactions in a similar manner. equipment. c. Control activities for detecting invalid and unusual transactions are less effective than manual control 54. The primary objective of procedures activities. performed to obtain an understanding of internal d. Functions that would normally be separated in a control is to provide an auditor with manual system are combined in a computer system. a. Evidential matter to use in reducing detection risk. b. Knowledge necessary to plan the audit. 49. Accounting functions that are normally c. A basis from which to modify tests of controls. considered incompatible in a manual system are d. Information necessary to prepare flowcharts. often combined by computer software. This necessitates an application control that prevents unapproved a. Access to the computer library. b. Revisions to existing software. c. Usage of software. d. Testing of modified software.