Auditing and Assurance Principles by Arens, Elder & a. control risk. 9.

control risk. 9. Most auditors assess inherent risk as high for related
Beasley-20210914T155148Z-001 parties and related-party transactions because:
b. acceptable audit risk.
a. of the unique classification of related-party
c. statistical risk. transactions required on the balance sheet.
CHAPTER 8: PLANNING
d. inherent risk. b. of the lack of independence between the parties.
1. Which of the following is not one of the three main
reasons why the auditor should properly plan engagements? 5. When inherent risk is high, there will need to be: c. of the unique classification of related-party
A lower assessment of audit risk - transactions required on the income statement.
a. To enable proper on-the-job training of
employees. More evidence accumulated by the auditor d. it is required by generally accepted accounting
principles.
b. To enable the auditor to obtain sufficient d. No - Yes
appropriate evidence. 10. Which of the following is not correct regarding the
6. The auditor is likely to accumulate more evidence when communications between successor and predecessor
c. To avoid misunderstandings with the client. the audit is for a company: auditors?
d. To help keep audit costs reasonable. Which has large amounts of debt - Which is to be sold in a. The burden of initiating the communication
2. Avoiding misunderstandings with the client is the near future rests with the predecessor auditor.
important for: a. Yes - Yes b. The burden of initiating the communication rests
Good client relations - Facilitating high-quality work at with the successor auditor.
7. Which of the following is not typically included in
a reasonable cost initial audit planning? c. The predecessor auditor must receive their former
a. yes - yes client’s permission prior to divulging
a. Client acceptance/continuation decisions.
information to the successor auditor
3. A measure of how willing the auditor is to accept that the b. Determination of the purpose of the audit.
financial statements may be materially misstated after the d. The predecessor auditor may choose to provide a
audit is completed and an unqualified opinion has been c. Obtain an understanding with the client. limited response to a successor auditor.
issued is the: 11. A successor auditor may perform which of the
d. Perform analytical procedures as substantive tests.
a. inherent risk. following for a new audit client?
8. Initial audit planning involves four matters. Which of the
b. acceptable audit risk. following is not one of these? Speak to local attorneys, banks and other businesses
regarding the company’s reputation -
c. statistical risk. a. Develop an overall audit strategy.
Speak to the predecessor auditors about disagreements they
d. financial risk. b. Request that bank balances be confirmed. had with management
4. A measure of the auditor’s assessment of the likelihood c. Schedule engagement staff and audit specialists. a. Yes Yes
that there are material misstatements in an account before
d. Identify the client’s reason for the audit. b. No No
considering the effectiveness of the client’s internal control
is called: c. Yes No
d. No Yes 15. Which of the following statements is true regarding 18. One means of informing the client that the auditor is not
communications between predecessor and successor responsible for the discovery of all acts of fraud is the:
12. Which of the following is not a potential effect of an auditors?
auditor’s decision that a lower acceptable audit risk is a. engagement letter.
appropriate? a. The burden of initiating the communication rests
with the predecessor. b. representation letter.
a. More evidence is accumulated.
b. The predecessor’s response can be limited to c. responsibility letter.
b. Less evidence is accumulated. stating that no information will be provided. d. client letter.
c. Special care is required in assigning experienced c. The predecessor should communicate with the
staff. 19. Which of the following normally signs the
successor only if the client is public. engagement letter for an audit of a public company?
d. Review of audit documentation is performed by d. There must be communication between the
personnel not assigned to the engagement. a. Corporate treasurer.
predecessor and successor if the successor is to
13. It is easier and more common to implement increased accept the engagement. b. Chief financial officer.
evidence accumulation for inherent risk than for acceptable 16. Investigating new clients with a focus on assessing the c. Chairman of the board of directors.
audit risk because: auditor’s potential relationship with that new client is a
d. Audit committee.
a. inherent risk can usually be isolated to specific critical element in determining:
accounts. 20. Which of the following normally signs the
a. inherent risk.
engagement letter for an audit of a private company?
b. inherent risk applies to the entire audit. b. acceptable audit risk.
a. Management.
c. acceptable audit risk and sample sizes are set c. statistical risk.
statistically. b. Boardof directors representative.
d. financial risk.
d. acceptable audit risk does not impact on the c. Audit committee representative.
amount of evidence which must be accumulated.
d. Corporate treasurer.
14. (SOX) If an auditor is requested to perform nonaudit 17. The purpose of an engagement letter is to:
21. An understanding of a client’s business and industry
services for a public company audit client, who is
a. document the CPA firm’s responsibility to external and knowledge about operations are essential for
responsible for agreeing to those services with the audit
users of the audited financial statements. performing an adequate audit. For a new client, most of this
firm?
information is obtained:
a. The client’s management. b. document the terms of the engagement in
writing to minimize misunderstandings. a. from the predecessor auditor.
b. The client’s chief executive officer.
c. notify the audit staff of an upcoming engagement b. from the Securities and Exchange Commission.
c. The client’s chief financial officer. so that personnel scheduling can be facilitated.
c. from the permanent file.
d. The client’s audit committee. d. emphasize management’s responsibility for
d. at the client’s premises.
approving the audit program.
22. The least effective method of identifying related d. Consult with and review the work of the a. reference to the auditor’s responsibility for the
parties for a public company would be a(n): predecessor auditor prior to discussing the detection of errors or irregularities.
engagement with the client management.
a. inquiry of management. b. estimation of the time to be spent on the audit work
26. An auditor should examine minutes of the board of by audit staff and management.
b. review of SEC filings. directors’ meetings:
c. statement that management advisory services
c. distribution of the engagement letter to all a. through the date of the financial statements. would be made available upon request.
stockholders.
b. through the date of the audit report. d. reference to management’s responsibility for the
d. examination of stockholders’ listings to identify financial statements.
principal stockholders. c. only at the beginning of the audit.
30. Which of the following is correct with respect to a
23. An official record of meetings of the board of directors d. on a test basis. company’s corporate charter?
and stockholders is included in the corporate:
27. The first standard of field work, which states that the a. The corporate charter is granted by the federal
a. bylaws. work is to be adequately planned and that assistants, if any, government and is required to recognize the
are to be properly supervised, recognizes that: corporation as a separate entity.
b. charter.
a. early appointment of the auditor is b. The corporate charter includes the rules and
c. minutes. advantageous to the auditor and the client. procedures used to operate a corporation.
d. license. b. acceptance of an audit engagement after the close c. The corporate charter includes the exact name
24. Which of the following is not likely to be a related of the client’s fiscal year is generally not of the corporation, the date of incorporation,
party? permissible. and the types of business the corporation is
c. appointment of the auditor subsequent to the authorized to conduct.
a. Affiliated companies.
physical count of inventories requires a disclaimer d. The corporate charter must be annually reviewed
b. A major stockholder of the company. of opinion. by the PCAOB.
c. A warehouse employee. d. performance of substantial parts of the examination 31. Corporate bylaws include:
is necessary at interim dates.
d. The chief executive officer.
The types and amounts of capital stock the corporation is
28. The corporate minutes are the official record of the authorized to issue - The rules and procedures used to
25. Which of the following is most likely to occur at the
meetings of the board of directors and stockholders. The operate the corporation
beginning of an initial audit engagement?
minutes typically include authorizations related to:
a. Prepare a rough draft of the financial statements d. No -Yes
The CPA’s use of outside specialists -
and of the auditor’s report.
Management compensation 32. In what order should the following steps occur?
b. Study and evaluate the system of internal
d. No - Yes A. Assess client business risk
administrative control.
29. An engagement letter sent to an audit client usually B. Understand the client’s business and industry
c. Determine the client’s reason for an audit.
would not include a(n):
C. Perform preliminary analytical procedures
D. Assess acceptable audit risk c. help the client by facilitating the change of 38. Which of the following ratios is best used to assess a
auditors. company’s ability to meet its long-term debt obligations?
a. D, B, C, A.
d. ensure the predecessor collects all unpaid fees prior a. Quick ratio.
b. B, A, D, C. to a change in auditor.
b. Return on common equity.
c. B, D, A, C. 36. The predecessor auditor is required to respond to the
request of the successor auditor for information, but the c. Debt to equity.
d. D, C, B, A.
response can be limited to stating that no information will d. Current ratio.
33. Which of the following statements is not correct be provided when:
with respect to analytical procedures? 39. Which of the following statements is not correct?
a. the predecessor auditor has poor relations with the
a. Auditing standards emphasize the need for auditors successor auditor. a. Analytical procedures used in the planning phase
to develop and use expectations. of the audit are primarily directed at understanding
b. the client is dissatisfied with the predecessor’s the client’s business and directing the auditor’s
b. Analytical procedures must be performed work. attention to areas that may contain possible
throughout the audit. misstatements.
c. there are actual or potential legal problems
c. Analytical procedures may be performed at any between the client and the predecessor. b. Analytical procedures used in the completion
time during the audit. phase are primarily aimed at assessing going
d. the predecessor believes that the client lacks
d. Analytical procedures use comparisons and integrity. concern and secondarily aimed at
relationships to assess whether account balances directing the auditor’s attention to areas that
appear reasonable. 37. Which of the following is correct with respect to may contain possible misstatements.
the use of analytical procedures?
34. The most widely used profitability ratio is the: c. Analytical procedures must be used in the planning
a. Analytical procedures may be used in evaluating and completion phases of the audit, and are
a. quick ratio. balances in the testing phase as long as the auditor optional in the testing phase.
also uses them in assessing the going concern
b. profit margin. d. Analytical procedures used in the completion phase
assumption.
are primarily aimed at directing the auditor’s
c. return on assets.
b. Analytical procedures must be used throughout the attention to areas that may contain possible
d. earnings per share. audit. misstatements and secondarily aimed at
assessing going concern.
35. The purpose of the requirement in SAS No. 84 of c. Analytical procedures used in the testing phase of
having communication between the predecessor and the audit are primarily used to direct an auditor’s 40. Which of the following would not likely be
successor auditor is to: attention so that the auditor’s understanding of the classified as a related-party transaction?
business is improved.
a. allow the predecessor to disclose information a. An advance of one week’s salary to an
which would otherwise be confidential. d. Analytical procedures are performed by employee.
studying plausible relationships between
b. help the successor auditor to evaluate whether financial and nonfinancial data. b. Sales of merchandise between affiliated companies.
to accept the engagement.
c. Loans or credit sales to the principal owner of the c. Whenever the auditor fails to consider the pattern b. uses negative accounts receivable confirmations
client company. reflected by several unusual fluctuations instead of positive confirmations because
when trying to explain what caused them. the latter require mailing of second
d. Exchanges of equipment between two companies requests and review of subsequent cash collections.
owned by the same person. d. The auditor is likely to encounter judgment
problems in each of the above instances. c. compares all cash as of a particular date to avoid
41. Which of the following would not be found in the performing time-consuming cash cutoff
corporate charter? 44. The major concern when using nonfinancial data in procedures.
analytical procedures is the:
a. The kinds and amount of capital stock authorized. d. eliminates the possibility of counting inventory
a. accuracy of the nonfinancial data. items more than once by arranging to make
b. The date of incorporation.
b. source of the nonfinancial data. extensive test counts.
c. The types of business activity that the corporation
is allowed to conduct. c. type of nonfinancial data. 47. Early appointment of the independent auditor will
enable:
d. The rules and procedures adopted by the d. presence of multiple sources of nonfinancial data.
stockholders. a. a more thorough examination to be performed.
45.An auditor searching for related party transactions
42. Which of the following would not usually be should obtain an understanding of each subsidiary’s b. a proper study and evaluation of internal control to
included in the minutes of the board of directors? relationship to the total entity because: be performed.

a. The duties and powers of the corporate officers. a. the business structure may be deliberately designed c. sufficient competent evidential matter to be
to obscure related party transactions. obtained.
b. Declaration of dividends.
b. this may reveal whether transactions would d. a more efficient examination to be planned.
c. Authorization of long-term loans. have taken place if the parties had been 48. Whenever an auditor compares client data to client-
d. Approval of executive bonuses. unrelated. prepared budgets, there are two special concerns. Indicate if
c. transactions may have been consummated on terms the two items below are concerns.
43. When are auditors likely to encounter judgment
problems in the use of analytical procedures? equivalent to arm’s-length transactions. Assessing whether the budgets were realistic plans - Client
d. this may permit the audit of intercompany account data may have been altered to conform to the budget
challenging
balances to be performed as of concurrent dates. a. A concern – A concern
a. Whenever the auditor places reliance on
management’s explanations for unusual 46. The first standard of fieldwork requires, in part, that 49. An auditor who accepts an audit engagement and does
fluctuations in account balances without first audit work be properly planned. Proper planning as not possess the industry expertise of the business entity
developing independent expectations. intended by the first standard of fieldwork would occur should:
when the auditor:
b. Whenever the auditor allows unaudited balances to a. engage financial experts familiar with the nature of
unduly influence his/her expectations of current a. physically observes the movement of securities the business entity.
balances. already counted to guard against the
substitution of such securities for others b. obtain a knowledge of matters that relate to the
that are not actually on hand. nature of the entity’s business.
c. refer a substantial portion of the audit to another c. Yes - No a. minimum
CPA who will act as the principal auditor.
55. Which is usually included in the engagement b. maximum
d. first inform management that an unqualified letter?
opinion cannot be issued. c. mean average
The projected type of opinion on the financials statement to
50. Which is a liquidity activity ratio? be audited - d. median average

a. Profit margin Name(s) of the client personnel responsible for supplying 3. Auditors are responsible for determining whether
the auditor with information financial statements are materially misstated, so upon
b. Inventory turnover discovering a material misstatement they must bring it to
b. No - No the attention of:
c. Return on assets
56. Which is usually included in the engagement a. regulators.
d. Times interest earned letter?
b. the audit firm’s managing partner.
51. Which is usually included in an engagement letter? List of audit procedures to be used in inventory observation
- c. no one in particular.
Estimate of hours required to complete audit - Dollar
estimate of fees to be billed to the client The auditors’ assessment of Audit Risk d. the client’s management.
d. No - Yes b. No – No 4. The FASB definition of materiality emphasizes
what class of financial statement users?
52. Which is usually included in an engagement letter?
a. Regulators.
A reference to GAAP - A reference to GAAS
b. Informed investors.
a. Yes - Yes CHAPTER 9: RISK AND JUDGEMENT
c. Reasonable persons.
53. Which is usually included in an engagement letter? 1. If it is probable that the judgment of a reasonable person
would have been changed or influenced by the omission or d. Potential investors.
The financial statements are the responsibility of the
company’s management - Ratios to be used by the auditor misstatement of information, then that information is, by 5. When auditors allocate the preliminary judgment about
in the planning phase definition of FASB Statement No. 2: materiality to account balances, the materiality allocated to
a. material. any given account balance is referred to as:
c. Yes - No
b. insignificant. a. the materiality range.
54. When may the auditor refer to a specialist in the
audit report? c. significant. b. the error range.
Only if the specialist’s report results in a modification of d. relevant. c. tolerable materiality.
the audit opinion -
2. The preliminary judgment about materiality is the d. tolerable misstatement.
Only if the specialist assisted in the audit of an account amount by which the auditor believes the statements could
material to the financial statements 6. Why do auditors establish a preliminary judgment
be misstated and still not affect the decisions of reasonable about materiality?
users.
a. To determine the appropriate level of audit d. inversely 14. Amounts involving fraud are usually considered _____
experience required for the work. important than unintentional errors of equal dollar amounts.
10. After the preliminary judgment about materiality
b. So that the client can know what records to make has been established, auditors may: a. less
available to the auditor.
a. not adjust it. b. no less
c. To plan the appropriate audit evidence to
accumulate and develop an overall audit b. adjust it downward only. c. no more
strategy. c. adjust it upward only. d. more
d. To finalize the assessment of control risk. d. adjust it either downward or upward. 15. Which of the following qualitative factors may
7. Auditors are _____ to decide on the combined amount of significantly influence whether an item is deemed to be
11. In an audit area that has a lower inherent risk, it material?
misstatements in the financial statements that they would would be prudent to:
consider material early in the audit. Misstatements that are otherwise minor may be material if
a. increase the amount of audit evidence gathered. there are possible consequences arising from contractual
a. permitted
b. assign more experienced staff to that area. obligations. -
b. required
c. increase the tolerable misstatement for the area. Misstatements that are otherwise immaterial may be
c. not allowed material if they affect a trend in earnings
d. expand planning procedures.
d. strongly encouraged a. Yes - Yes
12. Which of the following is least likely to be appropriate
8. If an auditor establishes a relatively high level for as the basis for determining the preliminary judgment about 16. Auditors generally allocate the preliminary
materiality, then the auditor will: materiality in the audit of financial statements? judgment about materiality to the:
a. accumulate more evidence than if a lower level had a. Net income before taxes. a. balance sheet only.
been set.
b. Current assets. b. income statement only.
b. accumulate less evidence than if a lower level
had been set. c. Owners’ equity. c. income statement and balance sheet.

c. accumulate approximately the same evidence as d. Inventory. d. statement of cash flows.

would be the case were materiality lower. 17. Which of the following statements regarding
13. Auditing standards _____ that the basis used to
d. accumulate an undetermined amount of evidence. determine the preliminary judgment about materiality be inherent risk is correct?
documented in the audit files. a. The inherent risk assigned in the audit risk model is
9. The preliminary judgment about materiality and the
amount of audit evidence accumulated are _____ related. a. permit unaffected by the auditor’s experience with client’s
organization.
a. directly b. do not allow
b. Most auditors set a low inherent risk in the first
b. indirectly c. require year of an audit and increase it if experience shows
that it was incorrect.
c. not d. strongly encourage
c. Most auditors set a high inherent risk in the b. The allocation has virtually no effect on audit 24. The five steps in applying materiality are listed
first year of an audit and reduce it in costs because the auditor must collect sufficient below in random order.
subsequent years as they gain experience, even appropriate audit evidence.
when there is inherent risk. 1. Estimate the combined misstatement.
c. Auditors expect to identify overstatements as well
d. The inherent risk assigned in the audit risk model is as understatements in the accounts. 2. Estimate the total misstatement in the segment.
dependent upon the strengths in client’s internal 3. Set preliminary judgment about materiality.
control system. d. Relative audit costs affect the allocation.
21. What is the primary means of dealing with risk in 4. Allocate preliminary judgment about materiality to
18. Auditors begin their assessments of inherent risk during segments.
audit planning. Which of the following would not help in planning decisions related to audit evidence?
assessing inherent risk during the planning phase? ]a. Selection of more effective tests of details of 5. Compare combined estimate with preliminary
balances. judgment about materiality.
a. Obtaining client’s agreement on the engagement
letter. b. Application of the audit risk model. The correct sequence from start to finish would be:

b. Obtaining knowledge about the client’s business c. Establishing a lower preliminary judgment about a. 1 2 5 4 3.
and industry. materiality. b. 3 4 2 1 5.
c. Touring the client’s plant and offices. d. Allocating materiality judgment to segments c. 4 3 1 5 2.
d. Identifying related parties. 22. The phrase “in our opinion” in the auditor’s report d. 5 1 3 2 4.
19. Auditors commonly allocate materiality to balance is intended to inform users that auditors:
25. Which of the following statements is not correct?
sheet accounts rather than income statement accounts a. guarantee fair presentation of the financial
because most income statement misstatements have a(n) statements. a. Materiality is a relative rather than an absolute
_____ effect on the balance sheet. concept.
b. act as insurers of the accuracy of the statements.
a. reduced b. The most important base used as the criterion
c. certify the material presented in the statements by for deciding materiality is total assets.
b. equal management.
c. Qualitative factors as well as quantitative factors
c. undetermined d. base their conclusions about the statements on affect materiality.
d. increased professional judgment.
d. Given equal dollar amounts, frauds are usually
20. Which of the following is not a correct statement 23. Inherent risk is _______ related to detection risk and considered more important than errors.
regarding the allocation of the preliminary judgment about _______ related to the amount of audit evidence.
26. Since materiality is relative, it is necessary to have
materiality to balance sheet accounts? a. directly, inversely bases for establishing whether misstatements are material.
a. Auditors expect certain accounts to have more b. directly, directly Normally, the most common base for deciding materiality
misstatements than others. is:
c. inversely, inversely
a. net income before taxes.
d. inversely, directly
b. net working capital. would have the same effect on the b. a client’s need to achieve an unqualified opinion.
income statement.
c. net income after taxes. c. an auditor’s need to follow auditing standards.
d. Either an understatement of an asset account or an
d. total assets. overstatement of a liability account would have the d. an auditor’s expectations of errors and
same effect on the income statement. assessment of internal control.
27. Certain types of misstatements are likely to be more
important than other types to users, even if the dollar 30. Regardless of how the preliminary judgment about 34. If planned detection risk is reduced, the amount of
amounts are the same. Which of the following materiality is allocated, the auditor must be confident that evidence the auditor accumulates will:
demonstrates this? total combined misstatements in all accounts are: a. increase.
Amounts involving frauds are considered more important a. less than the preliminary judgment.
than errors of equal amount – b. decrease.
b. equal to the preliminary judgment. c. remain unchanged.
Misstatements that are otherwise immaterial may be
material if they affect a trend in earnings. c. more than the preliminary judgment. d. be indeterminate.
a. Yes - Yes d. less than or equal to the preliminary judgment. 35. Likely misstatements can result from:
28. Allocating the preliminary judgment about materiality 31. Auditors frequently refer to the terms audit assurance, Computation of the sampling error for the cash account -
to financial statements segments is necessary because: overall assurance, and level of assurance to refer to
________. Differences between management’s and an auditor’s
a. evidence is accumulated for the financial judgment about account balances –
statements as a whole so materiality does not apply a. detection risk
to them. Projections of misstatements based on an auditor’s tests of
b. audit report risk a sample from a population -
b. evidence is accumulated by segments rather
than for the financial statements as a whole. c. acceptable audit risk a. No – Yes -Yes
c. it is required by the AICPA’s Code of Professional d. inherent risk 36. When discussing control risk (CR) and the audit
Conduct. 32. _____ misstatements are those where the auditor can risk model, which of the following is false?
d. it is required by the SEC. determine the amount of the misstatement in the account. a. CR is a measure of the auditor’s assessment of the
a. Potential likelihood that misstatements will not be prevented
29. Which of the following statements is not correct? or detected by internal control.
a. Either an overstatement of an asset account or an b. Likely
b. If the auditor concludes that internal control is
understatement of a liability account would have c. Known completely ineffective to prevent or detect
the same effect on the income statement. errors, he/she would assign a low value (e.g.,
d. Projected 0%) to CR.
b. A misclassification in the balance sheet will have
no effect on operating income. 33. When a different extent of evidence is needed for c. The relationship between control risk and detection
the various cycles, the difference is caused by: risk is inverse.
c. Either an overstatement of an asset account or
an overstatement of a liability account a. errors in the client’s accounting system.
d. The relationship between control risk and evidence a. Only as needed to complete the audit and satisfy
needed to support account balances is direct. Sarbanes-Oxley requirements.
40. One accounting issue that does not require
37. Which of the following is not a good indicator of the management to use significant judgments is: b. Only if the controls are determined to be
degree to which statements are relied on by external users? effective.
a. the allowance for doubtful accounts.
a. Client’s size, as measured by total assets or total c. Only if the client asks an auditor to test controls.
revenue. b. the useful life of equipment for tax purposes.
d. Only if the controls are sufficient to increase
b. Distribution of ownership among the public. c. obsolete inventory. Control Risk to an acceptable level.
c. Nature and amount of liabilities. d. the liability for warranty payments. 45. Acceptable audit risk is ordinarily set by the
41. Inherent risk is often low for an account such as: auditor during planning and:
d. Amount of net income or loss after taxes.
a. inventory. a. held constant for each major cycle and account.

b. marketable securities. b. held constant for each major cycle but varies by
38. If an auditor believes the chance of financial failure is account.
high and there is a corresponding increase in business risk c. cash.
for the auditor, acceptable audit risk would likely: c. varies by each major cycle and by each account.
d. accounts receivable.
a. be reduced. d. varies by each major cycle but is constant by
42. The auditor typically does not assess control risk account.
b. be increased. and inherent risk for:
46. When the auditor is attempting to determine the extent
c. remain the same. a. each audit objective. to which external users rely on a client’s financial
d. be calculated using a computerized statistical statements, they may consider several factors except for:
b. each cycle.
package. a. client size.
c. each account.
39. When management has an adequate level of integrity b. concentration of ownership.
for the auditor to accept the engagement but cannot be d. the overall audit.
regarded as completely honest in all dealings, auditors c. types and amounts of liabilities.
43. (Public) To what extent do auditors typically rely
normally:
on internal controls of their public company clients? d. assessment of detection risk.
a. reduce acceptable audit risk and increase
a. Extensively 47. A major difficulty in the application of the audit
inherent risk.
risk model is:
b. Only very little
b. reduce inherent risk and control risk.
a. defining the terms of the model.
c. Infrequently
c. increase inherent risk and control risk.
b. measuring the components of the model.
d. Never
d. increase acceptable audit risk and reduce inherent
risk. c. understanding the effect on other factors in the
44. Auditors typically rely on internal controls of their model when one factor is changed.
private company clients:
d. the failure of the Audit Standards Board to accept it d. inherent risk and audit risk. b. Inherent risk is inversely related to evidence.
and incorporate it into standards.
51. Auditors may assess inherent risk and control risk: c. Inherent risk is the susceptibility of the financial
statements to material error, assuming no internal
Jointly to determine the risk of material misstatement - controls.
48. When setting a preliminary judgment about Separately and combine their effects in the audit risk model
materiality: d. Inherent risk is the auditor’s assessment of the
a. Yes - Yes likelihood that errors exceeding a tolerable amount
a. more evidence is required for a low dollar exist in a segment before considering the
52. Which one of the following statements about the
amount than for a high dollar amount. effectiveness of internal controls.
cycle approach to auditing is not correct?
b. less evidence is required for a low dollar amount 55. Which of the following is not a primary
a. There are differences among cycles in the
than for a high dollar amount. consideration when assessing inherent risk?
frequency and size of expected errors.
c. the same amount of evidence is required for either a. Nature of client’s business.
b. There are differences among cycles in the
low or high dollar amounts.
effectiveness of internal controls. b. Existence of related parties.
d. there is no relationship between it and the dollar
c. There are differences among cycles on the c. Frequency and intensity of management’s
amount of evidence needed.
auditor’s willingness to accept risk that material review of accounting transactions and records.
49. When allocating materiality, most practitioners errors exist after the auditing is complete.
choose to allocate to: d. Susceptibility to defalcation.
d. It is common for auditors to want an equally low
a. the income statement accounts because they are likelihood of errors for each cycle after the auditor 56. Which of the following is an example of the
more important. is finished. concept of inherent risk?
b. the balance sheet accounts because there are 53. When the auditor has the same level of willingness to a. Humans make more errors than computers;
fewer. risk that material misstatements will exist after the audit is therefore, a manual accounting system is riskier
finished for all financial statement cycles: than a computerized system.
c. both balance sheet and income statement accounts
because there could be errors on either. a. a different extent of evidence will likely be b. Accounting systems with vouchers have many
needed for various cycles. more controls built in, so the risk that there will be
d. all of the financial statements because there could errors on the financial statements is reduced.
be errors on other statements besides the income b. the same amount of evidence will be gathered for
statement and balance sheet. each cycle. c. Loans receivable for a finance company are less
likely to be collectible than those of a bank.
50. The risk of material misstatement refers to: c. the auditor has not followed generally accepted
auditing standards. d. Audits with larger sample sizes are less risky than
a. control risk and acceptable audit risk. those with smaller sample sizes.
d. the level for each cycle must be no more than 2%
b. inherent risk. so that the entire audit does not exceed 10%. 57. Tolerable misstatement as set by the auditor:
c. the combination of inherent risk and control 54. Which of the following statements is not true? a. decreases acceptable audit risk.
risk.
a. Inherent risk is inversely related to detection risk. b. increases inherent risk and control risk.
c. affects planned detection risk. a. small likelihood of ineffective internal 6. A major control available in a small company,
controls. which might not be feasible in a big company, is:
d. does not affect any of the four risks.
b. remote likelihood that material a. a wider segregation of duties.
58. Which of the following underlies the application of misstatements will not be prevented or
generally accepted auditing standards, particularly the detected by internal control. b. a voucher system.
standards of fieldwork and reporting?
c. likelihood that material misstatements will c. fewer transactions to process.
a. The elements of materiality and relative risk. not be prevented or detected by internal d. the owner-manager’s personal interest
b. The element of internal control. control. and close relationship with personnel.
c. The element of corroborating evidence. d. high likelihood that material misstatements 7. (Public) Which of the following is responsible for
will not be prevented or detected by establishing internal controls for a public company?
d. The element of reasonable assurance. internal control.
a. Management.
4. Two key concepts that underlie management’s design
and implementation of internal control are: b. The PCAOB.
a. costs and materiality. c. Management and auditors.
CHAPTER 10: INTERNAL CONTROL
b. absolute assurance and costs. d. Committee of Sponsoring Organizations.
1. Which of the following is responsible for
establishing a private company’s internal control? c. inherent limitations and reasonable 8. Which of the following parties provides an assessment of
assurance. the effectiveness of internal control over financial reporting
a. Management. for public companies?
d. collusion and materiality.
b. Auditors. Management - Financial statement auditors
5. Internal controls can never be considered as
c. Management and auditors. a. Yes Yes
absolutely effective because:
d. Committee of Sponsoring Organizations. 9. An act of two or more employees to steal assets or
a. their effectiveness is limited by the
2. Which of the following is not one of the three competency and dependability of misstate records is frequently referred to as:
primary objectives of effective internal control? employees.
a. collusion.
a. Reliability of financial reporting b. not all organizations have internal audit
b. a material weakness.
departments.
b. Efficiency and effectiveness of operations c. a control deficiency.
c. controls are designed to prevent and detect
c. Compliance with laws and regulations only material misstatements. d. a significant deficiency.
d. Assurance of elimination of business d. internal controls prevent separation of 10. When the auditor attempts to understand the operation
risk. duties. of the accounting system by tracing a few transactions
3. (Public) The Public Company Accounting Oversight through the accounting system, the auditor is said to be:
Board states that reasonable assurance allows a:
 a. tracing. 13. (SOX) When management is evaluating the design of 17. Which of management’s concerns with respect to
internal control, management evaluates whether the control implementing internal controls is the auditor primarily
b. vouching. can do which of the following? concerned?
c. performing a walk-through. Detect material misstatements- Correct b a. Efficiency of operations.
d. testing controls. materialmisstatements

11. (SOX) Which section of the Sarbanes-Oxley Act c. Yes – No

c. Effectiveness of operations.
requires management to issue an internal control report? 14. (SOX) Internal control reports issued by public
companies must identify the framework used to evaluate d. Compliance with applicable laws and
a. 202 regulations.
the effectiveness of internal control. Which of the
b. 203 following is the most common framework in the U.S.? 18. Which of the following activities would be least likely
c. 404 a. Effective Internal Control Framework - to strengthen a company’s internal control?
AICPA a. Separating accounting from other financial
d. 408
b. Internal Control - Integrated operations.
12. (SOX) Sarbanes-Oxley requires management to issue
Framework - COSO b. Maintaining insurance for fire and theft.
an internal control report that includes two specific items.
Which of the following is one of these two requirements? c. Enterprise Internal Control - COSO c. Fixing responsibility for the performance
a. A statement that management is d. Enterprise Internal Control - AICPA of employee duties.
responsible for establishing and d. Carefully selecting and training employees.
maintaining an adequate internal 15. (Public) When one material weakness is present at the
control structure and procedures for end of the year, management of a public company must 19. (Public) Management must disclose material
financial reporting. conclude that internal control over financial reporting is: weaknesses in internal control:
b. A statement that management and the a. insufficient. a. whenever the weakness is deemed
board of directors are jointly responsible b. inadequate. significant to a single class of transactions.
for establishing and maintaining an
adequate internal control structure and c. ineffective. b. whenever the weakness is significant to
procedures for financial reporting. overall financial reporting objectives.
d. inefficient.
c. A statement that management, the board of c. if the weakness exists at the end of the
directors, and the external auditors are 16. (Public) The auditor’s tests to understand the client’s year.
jointly responsible for establishing and internal controls might include which of the following
types of procedures? d. only if the auditor identifies the weakness
maintaining an adequate internal control as significant.
structure and procedures for financial Observation of employees - Inquiries of personnel
reporting. 20. When auditing a private company, the auditor should
a. Yes Yes obtain an understanding of internal control sufficient to:
d. A statement that the external auditors are
solely responsible.
 a. provide reasonable protection against client c. required by the Sarbanes-Oxley Act. b. effectiveness of its internal auditor.
fraud and defalcations by client employees.
d. recommended by the AICPA. c. attitude of its employees.
b. assess control risk.
24. The auditor’s consideration of a private company’s d. attitude of its management.
c. provide a basis for suggestions to the client internal control is:
for improving the accounting system. 28. (Public) To issue a report on internal control over
a. required by GAAP. financial reporting for a public company, an auditor must:
d. provide a method for safeguarding assets,
checking the accuracy and reliability of b. required by GAAS. c a. evaluate management’s assessment
accounting data, promoting operational process.
c. required by the IRS.
efficiency, and encouraging adherence to b. independently assess the design and
prescribed managerial policies. d. recommended by the SEC. operating effectiveness of internal control.
21. (Public) The initial presumption in the audit of a public 25. Internal controls can never be regarded as completely c. evaluate management’s assessment
company is that control risk is: effective. Even if company personnel could design an ideal process and independently assess the
system, its effectiveness depends on the: design and operating effectiveness of
a. low.
a. adequacy of the computer system. internal control.
b. moderate.
b. proper implementation by management. d. test controls over significant account
c. high. balances.
c. ability of the internal audit staff to
d. low or moderate, but not high. maintain it. 29. (Public) Which of the stock exchanges require listed
companies to have an audit committee composed entirely
d. competency and dependability of the of independent directors?
22. In the audit of a private company, the auditor will people using it.
NYSE NASDAQ
test controls when control risk is initially assessed at: 26. Even with the most effectively designed internal
control, the auditor must obtain audit evidence, beyond a. Yes Yes
Low Moderate High
testing the controls, for every: 30. Which of the following factors may increase risks
a. Yes No Yes to an organization?
a. transaction.
b. No No Yes Geographic dispersion of company operations -
b. financial statement account.
c. Yes Yes No Presence of new information technologies
c. material financial statement account.
d. No Yes No a. Yes Yes
d. financial statement account that will be
23. (Public) The auditor’s study of a public company’s relied upon by third parties. 31. Which of the following statements is correct with
internal control is: respect to separation of duties?
27. The essence of an effectively controlled
a. required by GAAS. organization lies in the: a. Employees should not have temporary and
b. required by the AICPA. a. effectiveness of its independent auditor. permanent custody of assets.
 b. Employees who authorize transactions b. Documents should be designed for single c. Prepared at the time a transaction takes
should not have custody of related purposes only to avoid confusion in their place.
assets. use.
d. Designed for multiple uses to increase
c. It is permissible to allow an employee to c. Documents should be designed to be efficiency of operations.
open cash receipts and record those understandable only by those who use
receipts. them.
d. Employees who authorize transactions d. Documents designed for external use must 38. Narratives, flowcharts, and internal control
should have recording responsibility for be prenumbered. questionnaires are three common methods of:
these transactions. a. testing the internal controls.
35. (Public) PCAOB Standard 2 requires auditors to
32. Authorizations can be either general or specific. Which evaluate the effectiveness of the audit committee’s b. documenting the auditor’s
of the following is not an example of a general oversight of the company’s: understanding of internal controls.
authorization?
External financial reporting -Efficiency of operations - c. designing the audit manual and procedures.
a. Automatic reorder points for raw materials Internal control over financial reporting
inventory. d. documenting the auditor’s understanding
a. Yes No Yes of a client’s organizational
b. A sales manager’s authorization for a structure.
sales return. 36. Which of the following is correct?
a. Approval is a policy decision implemented 39. _____ deal with ongoing or periodic assessment of the
c. Credit limits for various classes of quality of internal control by management.
customers. by employees.
b. Approval occurs as a matter of general a. Quality monitoring activities
d. A sales price list for merchandise.
policy and includes significant transactions b. Monitoring activities
33. The most important type of protective measure for only.
safeguarding assets is: c. Oversight activities
c. Authorization is a policy decision for
a. adequate separation of duties among either a general class of transactions or d. Management activities
personnel. specific transactions.
40. (Public) Smaller public companies face challenges
b. proper authorization of transactions. d. Approval should be given by the employee implementing effective internal control due to ______.
responsible for recording the transaction.
c. the use of physical precautions. a. a lack of expertise
37. Which of the following principles is not necessary for
d. adequate documentation. the proper design and use of documents and records? b. reduced importance
34. Which of the following is correct with respect to a. Designed for a single use to increase c. limited resources
the design and use of business documents? efficiency of operations. d. limited available guidance
a. Not all documents used for internal b. Constructed in a manner that encourages
purposes need to be prenumbered. 41. Which of the following is not one of the levels of
correct preparation. an absence of internal controls?
 a. Major deficiency. 44. To determine if significant internal control deficiencies b. transactions are executed in accordance
are material weaknesses, they must be evaluated on their: with management’s authorization.
b. Material weakness.
Likelihood Significance c. decision processes leading to
c. Significant deficiency. management’s authorization of
a. Yes Yes transactions are sound.
d. Control deficiency.
45. The purpose of an entity’s accounting information d. collusive activities would be detected by
and communication system is to ______. segregation of employee duties.
42. Which of the following is the correct definition of Monitor transactions - Record and process
“control deficiency?” 49. Which of the following is correct?
transaction - Initiate transactions a. A significant deficiency is always a
a. A control deficiency exists if the design
or operation of controls does not permit d. No Yes Yes material weakness.
company personnel to prevent or b. A control deficiency is always a material
46. A procedure that would most likely be used by an
detect misstatements on a timely basis. weakness.
auditor in performing tests of control procedures that
b. A control deficiency exists if one or more involve segregation of functions and that leave no c. A material weakness is less significant that
deficiencies exist that adversely affect a transaction trail is: a control deficiency.
company’s ability to prepare external
a. inspection. d. A material weakness is always a
financial statements reliably.
b. observation. significant deficiency.
c. A control deficiency exists if the design or
operation of controls results in a more than c. reperformance. 50. Which of the following is not a likely procedure to
remote likelihood that controls will not support the operating effectiveness of internal controls?
prevent or detect misstatements. d. reconciliation.
a. Inquiry of client personnel.
d. A control deficiency exists if the design or 47. If the results of tests of controls support the design and
operations of controls as expected, the auditor uses ____ b. Observation of control-related activities.
operation of controls results in a more than
probable likelihood that controls will control risk as the preliminary assessment. c. Reperformance of client procedures.
prevent or detect misstatements.
a. a lower d. Completing an internal control
43. A(n) _______ deficiency exists if a necessary questionnaire.
b. the same
control is missing or not properly formulated.
c. a higher 51. (Public) Before making the final assessment of internal
a. control control at the end of an integrated audit, the auditor must
d. either a lower or higher
b. significant Test controls Perform substantive tests of details
48. Internal controls normally include procedures
c. design a. Yes Yes
designed to provide reasonable assurance that:
d. operating
a. employees act with integrity when
performing their assigned tasks.
52. (Public) Significant deficiencies and material absolute assurance that effective control 57. Audit evidence concerning proper segregation of
weaknesses in internal control of a public company must be will be achieved. duties normally is best obtained by:
reported to which of the following?
c. Procedures designed to assure the a. direct personal observation of the
a. The Public Company Accounting execution and recording of transactions in employee who applies control
Oversight Board. accordance with proper authorizations are procedures.
effective against irregularities perpetrated
b. Members of management who are by management. b. making inquiries of co-workers about the
responsible for the related area of the employee who applies control procedures.
company. d. The benefits expected to be derived from
effective internal accounting control c. preparation of a flowchart of duties
c. Audit committee of the company’s usually do not exceed the costs of such performed and available personnel.
board of directors. control. d. inspection of third-party documents
d. The AICPA. containing the initials of who applied
control procedures.
53. Of the following statements about internal controls, 55. Which of the following is not one of the
which one is not valid? subcomponents of the control environment? 58. Proper segregation of functional responsibilities
calls for separation of:
a. No one person should be responsible for a. Management’s philosophy and operating
the custodial responsibility and the style. a. authorization, execution, and payment.
recording responsibility for an asset.
b. authorization, recording, and custody.
b. Organizational structure.
b. Transactions must be properly authorized
before such transactions are processed. c. Adequate separation of duties. c. custody, execution, and reporting.

c. Because of the cost-benefit relationship, a d. authorization, payment, and recording.

d. Commitment to competence.
client may apply controls on a test basis. 59. Internal controls are not designed to provide
56. It is important for the CPA to consider the competence
d. Control procedures reasonably ensure reasonable assurance that:
of the clients’ personnel because their competence bears
that collusion among employees cannot directly and importantly upon the: a. all frauds will be eliminated.
occur.
a. cost/benefit relationship of the system of b. transactions are executed in accordance
54. Which of the following best describes the inherent internal control. with management’s authorization.
limitations that should be recognized by an auditor when
considering the potential effectiveness of internal control? b. achievement of the objectives of internal c. access to assets is permitted only in
control. accordance with management’s
a. Procedures that depend on segregation authorization.
of duties can be circumvented by c. comparison of recorded accountability with
collusion. assets. d. company personnel comply with applicable
rules and regulations.
b. Competent and honest client personnel d. timing of the tests to be performed.
provide an environment conducive to
accounting control and provide
60. Which of the following statements about auditor d. Written communication is required for b. employment of competent personnel
documentation of the client’s internal controls is correct?d material weaknesses, but oral provides assurance that the objectives of
a. Documentation must include flow charts. communication is allowed for internal control will be achieved.
significant deficiencies.
b. Documentation must include procedural c. establishment and maintenance of internal
write-ups. 63. Which of the following statements, if any, is correct? control is an important responsibility of the
management and not of the auditor.
c. No documentation is necessary although it a. The NASDAQ market requires listed companies
is desirable. to have audit committees that have only d. costs of internal control should not
independent directors. exceed the benefits expected to be
d. No one particular form of derived from internal control.
documentation is necessary. b. The NASDAQ market requires listed companies to
have audit committees that have a minority of the
positions held by independent directors.
66. The financial statements are not likely to correctly
61. Significant deficiencies are matters that come to an c. The NASDAQ market recommends, but does not reflect GAAP if the:
auditor’s attention and should be communicated to an require, listed companies to have audit committees.
entity’s audit committee because they represent: a. controls affecting the reliability of financial
d. The NASDAQ market recommends, but does not reporting are inadequate.
a. material frauds perpetrated by high-level require, listed companies to have audit committees
management. that have a minority of the positions held by b. company’s controls do not promote efficiency.
b. internal control deficiencies that could independent directors. c. company’s controls do not promote effectiveness.
adversely affect a company’s ability to 64. (SOX) The Sarbanes-Oxley Act requires:
initiate, record, process, or d. company’s control do not promote compliance with
report external financial statements a. all public companies to issue reports on internal applicable rules and regulations.
reliably. controls. 67. The primary emphasis by auditors is on controls
c. flagrant violations of the entity’s b. all public companies to define adequate internal over:
documented conflict-of-interest policies. controls. a. classes of transactions.
d. intentional attempts by client personnel to c. the auditor of public companies to design effective b. account balances.
limit the scope of the auditor’s field work. ICFR.
c. both a and b, because they are equally important.
62. How must significant deficiencies and material d. the auditor of public companies to provide
weaknesses be communicated to those charged with recommendations to correct material weaknesses. d. both a and b, because they vary from client to
governance? client.
65. When considering internal control, an auditor should be
a. Either oral or written communication is aware of the concept of reasonable assurance, which 68. Compared to a public company, the most important
acceptable. recognizes that the: difference in a nonpublic company in assessing control risk
is the ability to assess control risk at _______ for any or all
b. Oral communication is required. a. segregation of incompatible functions is control-related objectives.
necessary to ascertain that internal control
c. Written communication is required. is effective. a. low
 b. moderately low 71. To be effective, an internal audit department must b. calculated by using the audit risk model.
be independent of:
c. medium c. an economic issue, trading off the costs
a. operating departments. of testing controls against the cost of
d. high testing balances.
b. the accounting department.
69. An auditor should consider two key issues when d. calculated by using the formulas provided
obtaining an understanding of a client’s internal controls. c. both a and b. in the AICPA’s auditing standards.
These issues are:
d. either a or b, but not both. 75. When a compensating control exists, the absence of
a. the effectiveness and efficiency of the controls. a key control:
72. Hanlon Corp. maintains a large internal audit staff that
b. the frequency and effectiveness of the controls. reports directly to the chief financial officer. Audit reports a. is no longer a concern because there is
prepared by the internal auditors indicate that the system is no longer a significant deficiency or
c. the design and utilization of the controls. functioning as it should and that the accounting records are material weakness.
d. The implementation and efficiency of the reliable. An independent auditor will probably:
controls. b. is still a major concern to the auditor.
a. eliminate tests of controls.
70. The independent auditor should acquire an c. could cause a material loss, so it must be
b. increase the depth of the study and tested using substantive procedures.
understanding of the internal audit function as it relates to evaluation of administrative controls.
the independent auditor’s study and evaluation of internal d. is magnified and must be removed from
control because the: c. avoid duplicating the work performed by the sampling process and examined in its
the internal audit staff. entirety.
a. audit programs, working papers, and
reports of internal auditors can often be d. place limited reliance on the work 76. After considering a client’s internal controls, an auditor
used as a substitute for the work of the performed by the internal audit staff. has concluded that it is well designed and is functioning as
independent auditor’s staff. intended. Under these circumstances the auditor would
73. External financial statement auditors must obtain
b. procedures performed by the internal audit evidence regarding what attributes of an internal audit (IA) most likely:
staff may eliminate the independent department if the external auditors intend to rely on IA’s a. perform tests of controls to the extent
auditor’s need for an extensive study and work? outlined in the audit program.
evaluation of internal control.
a. Integrity b. determine the control procedures that
c. work performed by internal auditors should prevent or detect errors and
may be a factor in determining the b. Objectivity
irregularities.
nature, timing, and extent of the c. Competence
independent auditor’s procedures. c. not increase the extent of predetermined
d. All of the above substantive tests.
d. understanding of the internal audit function
is an important substantive test to be 74. When planning an audit, the auditor’s assessed d. determine whether transactions are
performed by the independent auditor. level of control risk is: recorded to permit preparation of financial
statements in conformity with
a. determined by using actuarial tables.
generally accepted accounting principles.
77. To obtain an understanding of an entity’s control 2. One of the earliest frauds occurred at McKesson- b. Earnings management
environment, an auditor should concentrate on the Robbins. This company committed fraud by doing which of
substance of management’s policies and procedures rather the following? c. Top-line management
than their form because: d. Management-by-objective
a. Reporting fictitious contributed capital.
a. management may establish appropriate 7. ________ is a form of earnings management in which
policies and procedures but not act on b. Reporting fictitious sales and
nonexistent inventory. revenues and expenses are shifted between periods to
them. reduce fluctuations in earnings.
b. the board of directors may not be aware of c. Reporting fictitious fixed assets and
underreporting expenses. a. Fraudulent financial reporting
management’s attitude toward the control
environment. d. Reporting expenses as capitalized items. b. Expense smoothing

c. the auditor may believe that the policies c. Income smoothing

and procedures are inappropriate for that
d. Each of the above is correct
particular entity. 3. Which of the following is a category of fraud?
d. the policies and procedures may be so Fraudulent financial reporting - Misappropriation of assets
weak that no reliance is contemplated by 8. Which of the following is one of the conditions for
the auditor. a. Yes Yes
fraud described in SAS No. 99?
4. With respect to fraudulent financial reporting, most
frauds involve: Attitudes/rationalization - Risk Factors - Opportunities

Inventory or liquid asset theft - Intentional misstatements a. Yes No Yes

CHAPTER 11: FRAUD AND ERRORS of amounts 9. Fraudulent financial reporting may be
1. Which of the following best defines fraud in a d. No Yes accomplished through the manipulation of:
financial statement auditing context? a. assets.
5. ________ is fraud that involves theft of an entity’s
a. Fraud is an unintentional misstatement of assets. b. revenues.
the financial statements.
a. Fraudulent financial reporting c. liabilities.
b. Fraud is an intentional misstatement of
the financial statements. b. A “cookie jar” reserve d. all of the above

c. Fraud is either an intentional or c. Misappropriation of assets 10. Who is most likely to perpetrate fraudulent
unintentional misstatement of the financial d. Income smoothing financial reporting?
statements, depending on materiality.
6. ________ involves deliberate actions taken by a. Members of the board of directors
d. Fraud is either an intentional or management to meet earnings objectives. b. Production employees
unintentional misstatement of the financial
statements, depending on consistency. a. Expenditure management c. Management of the company
 d. The internal auditors b. Excessive pressure for management to 17. Which of the following is not a factor that relates to
meet debt repayment requirements. opportunities to misappropriate assets?
11. Misappropriation of assets is normally perpetrated
by: c. Management’s practice of making overly a. Inadequate internal controls over assets.
aggressive forecasts.
a. members of the board of directors. b. Presence of large amounts of cash on hand.
d. High turnover of accounting, internal audit,
b. employees at lower levels of the and information technology staff. c. Inappropriate segregation of duties or
organization. independent checks on performance.
15. Which of the following is a factor that relates to
c. management of the company. attitudes or rationalization to commit fraudulent financial d. Adverse relationships between
reporting? management and employees.
d. the internal auditors.
a. Significant accounting estimates involving 18. Which of the following is a factor that relates to
12. Which of the following is not a factor that relates to incentives to misappropriate assets?
opportunities to commit fraudulent financial reporting? subjective judgments.
b. Excessive pressure for management to a. Significant accounting estimates involving
a. Lack of controls related to the calculation subjective judgments.
and approval of accounting estimates. meet debt repayment requirements.
c. Management’s practice of making b. Significant personal financial obligations.
b. Ineffective oversight of financial reporting
by the board of directors. overly aggressive forecasts. c. Management’s practice of making overly
d. High turnover of accounting, internal audit aggressive forecasts.
c. Management’s practice of making
overly aggressive forecasts. and information technology staff. d. High turnover of accounting, internal audit
16. Which of the following statements describes and information technology staff.
d. High turnover of accounting, internal audit,
and information technology staff. circumstances that underlie employee incentives to 19. Which of the following issues is normally part of the
misappropriate assets? “brainstorming” session required by SAS No. 99?
13. The most common technique used by management
to misstate financial information is: a. Dissatisfied employees may steal from a How assets could be misappropriated - Where the
sense of entitlement. entity’s financial statements are susceptible to material
a. overstatement of expenses. misstatements due to fraud
b. Weak internal controls encourage
b. improper revenue recognition. employees to take chances. a. Yes Yes
c. understatement of liabilities. c. If management cheats customers and gets 20. In the fraud triangle, fraudulent financial reporting
away with it, then employees believe they and misappropriation of assets:
d. understatement of assets.
can do the same to the company.
14. Which of the following is a factor that relates to a. share little in common.
d. Employees have a vested interest in
incentives or pressures to commit fraudulent financial b. share most of the same risk factors.
making the company’s financial statements
reporting?
erroneous.
c. share the same three conditions.
a. Significant accounting estimates involving
subjective judgments. d. share most of the same conditions.
21. Sources of information gathered to assess fraud before developing an appropriate response to the risk of c. specifically related to the employee’s job
risks usually do not include: fraud. responsibility
a. analytical procedures. a. enhance d. focused on employees understanding the
importance of ethics
d b. inquiries of management. b. reduce
28. As part of the brainstorming sessions, auditors are
c. communication among audit team c. increase directed to emphasize:
members.
d. increase or decrease The need for professional skepticism - The audit team’s
d. review of corporate charter and bylaw response to potential fraud risks
25. Which of the following parties is responsible for
22. SAS No. 99 requires auditors to document which of the implementing internal controls to minimize the likelihood a. Yes Yes
following matters related to the auditor’s consideration of of fraud?
material misstatements due to fraud? 29. Auditor responses to fraud risks include which of
a. External auditors the following?
a. Reasons supporting a conclusion that there
is not a significant risk of material b. Audit committee members Perform procedures to result in the issuance of a qualified
improper expense recognition. c. Management opinion - Perform procedures to address the risk of
management override of controls
b. Procedures performed to obtain d. Committee of Sponsoring Organizations
information necessary to identify and d. No Yes
assess the risks of material fraud. 26. The most effective way to prevent and deter fraud
is to: 30. As part of designing and performing procedures to
c. Results of the internal auditor’s procedures address management override of controls, auditors must
performed to address the risk of a. implement programs and controls that perform which of the following procedures?
management override of controls. are based on core values embraced by
the company. Examine all journal entries above the level of materiality -
d. Discussions with management regarding Review accounting estimates for biases
separation of duties. b. hire highly ethical employees.
d. No Yes
23. Under SAS No. 99, auditors are to presume that c. communicate expectations to all employees
there is a significant risk of: on an annual basis. 31. Which of the following most accurately defines
professional skepticism as it is used in auditing standards?
a. overstated assets. d. terminate employees who are suspected of
committing fraud. a. It either assumes management is honest or
b. understated liabilities. slightly dishonest, but neither all the time.
27. Fraud awareness training should be:
c. improper revenue recognition. b. It neither assumes that management is
a. broad and all-encompassing dishonest nor assumes unquestioned
d. overstated expenses. honesty.
b. extensive and include details for all
24. After fraud risks are identified and documented, the functional areas c. It assumes management is honest most of
auditor should evaluate factors that ______ fraud risk the time.
 d. It assumes that management is dishonest in a. Communications among audit team a. Assessment
only rare instances. members.
b. Declarative
32. Auditors may identify conditions during fieldwork that b. Inquiries of management.
change or support a judgment about the initial assessment c. Interrogative
of fraud risks. Which of the following is not a condition c. Analytical procedures.
d. Informational
which should alert an auditor that the initial assessment d. Consideration of fraud risks discovered
should be changed? during recent audits of other clients. 40. This type of inquiry often elicits “yes” or “no”
responses to the auditor’s questions.
a. The auditor’s lack of independence 36. Which of the following is not a category of inquiry
used by auditors? a. Assessment
b. Discrepancies in the accounting records
a. Assessment inquiry b. Declarative
c. Unusual relationships between the auditor
and management b. Declarative inquiry c. Interrogative
d. Missing or conflicting evidence c. Interrogative inquiry d. Informational

33. Which of the following is least likely to uncover d. Informational inquiry 41. Which of the following non-verbal cues is a sign of
fraud? stress?
37. ___________ inquiry is used when the auditor seeks
a. External auditors responses from the interviewee about his or her knowledge a. Leaning away from the auditor, usually
of an event or circumstance. toward the door or window
b. Internal auditors
a. Assessment b. Avoiding eye contact
c. Internal controls
b. Declarative c. Crossing one’s arms or legs
d. Management
c. Interrogative d. Each of the above is a sign of stress
34. For inquiry to be effective, auditors need to be skilled at
listening and _______ an interviewee’s response to d. Informational 42. Which party has the primary responsibility to oversee
questions. an organization’s financial reporting and internal control
38. ___________ inquiry is used to obtain details processes?
a. evaluating about facts that the auditor does not have.
a. The board of directors
b. recording a. Assessment
b. The audit committee
c. transcribing b. Declarative
c. Management of the company
d. remembering c. Interrogative
d. The financial statement auditors
d. Informational
43. When the auditor suspects that fraud may be
35. Which of the following is not a likely source of 39. ___________ inquiry is used to ascertain whether present, SAS No. 99 requires the auditor to:
information to assess fraud risks? information already obtained is correct, factual or truthful.
 a. terminate the engagement with sufficient 1. IT has several significant effects on an organization. c. reveal
notice given to the client. Which of the following would not be important from an
auditing perspective? d. not understand
b. issue an adverse opinion or a disclaimer of
opinion. a. Organizational changes. 5.Which of the following is not a risk specific to IT
environments?
c. obtain additional evidence to determine b. The visibility of information.
whether material fraud has occurred. a. Reliance on the functioning capabilities of
c. The potential for material misstatement. hardware and software.
d. re-issue the engagement letter.
d. None of the above; i.e., they are all b. Increased human involvement.
44. With whom should the auditor communicate whenever important.
he or she determines that senior management fraud may be c. Loss of data due to insufficient backup.
present, even if the matter might be considered 2. The audit procedure which is least useful in gathering
evidence on significant computer processes is: d. Reduced segregation of duties.
inconsequential?
a. documentation. 6. Which of the following is not an enhancement to internal
a. PCAOB control that will occur as a consequence of increased
b. Audit committee b. observation. reliance on IT?

c. An appropriate level of management that is c. test decks. a. Computer controls replace manual
at least one level above those involved controls.
d. generalized audit software.
d. The internal auditors b. Higher quality information is available.
3. Which of the following is not a benefit of using IT-
45. Management is responsible for: based controls? c. Computer-based controls provide
opportunities to enhance separation of
Identifying and measuring fraud risks - Taking steps to a. Ability to process large volumes of duties.
mitigate identified risks transactions.
d. Manual controls replace automated
a. Yes Yes b. Ability to replace manual controls with controls.
computer-based controls.
b. No No 7. Which of the following is not a risk to IT systems?
c. Reduction in misstatements due to
c. Yes No consistent processing of transactions. a. Need for IT experienced staff
d. No Yes d. Over-reliance on computer-generated b. Separation of IT duties from accounting
reports. functions
4. One significant risk related to an automated environment c. Improved audit trail
is that auditors may ____ information provided by an
information system. d. Hardware and data vulnerability
CHAPTER 12: EVIDENCE
a. not place enough reliance on 8. Which of the following is not a category of an
application control?
b. place too much reliance on
 a. Processing controls. d. Input controls. 15. ______ involves implementing a new system in one
part of the organization, while other locations continue to
b. Output controls. 12. Which of the following statements related to use the current system.
application controls is correct?
c. Hardware controls. a. Parallel testing
a. Application controls relate to various
d. Input controls. aspects of the IT function including b. Online testing
9. Old and new systems operating simultaneously in software acquisition and the processing of
transactions. c. Pilot testing
all locations is a test approach known as:
b. Application controls relate to various d. Control testing
a. pilot testing.
aspects of the IT function including 16. To determine that user ID and password controls
b. horizontal testing. physical security and the processing are functioning, an auditor would most likely:
of transactions in various cycles.
c. integrative testing. a. attempt to sign on to the system using
c. Application controls relate to all aspects of invalid user identifications and
d. parallel testing.
the IT function. passwords.
10. When the client uses a computer but the auditor
d. Application controls relate to the b. write a computer program that simulates
chooses to use only the non-IT segment of internal control
processing of individual transactions. the logic of the client’s access control
to assess control risk, it is referred to as auditing around the
computer. Which one of the following conditions need not software.
be present to audit around the computer? c. extract a random sample of processed
13. General controls include all of the following
a. Computer programs must be available except: transactions and ensure that the
in English. transactions were appropriately
a. systems development. authorized.
b. The source documents must be available in
a non-machine language. b. online security. d. examine statements signed by employees
stating that they have not divulged their
c. The documents must be filed in a manner c. processing controls. user identifications and passwords to any
that makes it possible to locate them. d. hardware controls. other person.
d. The output must be listed in sufficient 17. When IT programs or files can be accessed from
14. Predesigned formats, such as those used for audit
detail to enable the auditor to trace documentation, can be created and saved using electronic terminals, users should be required to enter a(n):
individual transactions. spreadsheets and word processors. These are called: a. echo check.
11. Which of the following is a category of general a. desktop publishing.
controls? b. parity check.
b. templates. c. self-diagnosis test.
a. Processing controls.
c. macros. d. authorized password.
b. Output controls.
d. work files.
c. Physical and online security.
18. An auditor’s flowchart of a client’s system is a c. Processing b. Successful IT development efforts require
graphical representation that depicts the auditor’s: the involvement of IT and non-IT
d. Transaction personnel.
a. program for tests of controls.
22. A database management system: c. The chief information officer should report
b. understanding of the system. to senior management and the board.
a. physically stores each element of data
c. understanding of the types of errors that only once. d. Programmers should have access to
are probable given the present system. computer operations to aid users in
b. stores data on different files for different
d. documentation of the study and evaluation purposes, but always knows where they are resolving problems.
of the system. and how to retrieve them. 25. Which of the following statements is correct?
19. Which of the following is not a characteristic of an c. allows quick retrieval of data but at a cost a. Auditors should evaluate application
online processing system? of inefficient use of file space. controls before evaluating general controls.
a. Output of the data files is available on d. allows quick retrieval of data, but it needs b. Auditors should evaluate application
request. to update files continually. controls and general controls
b. Master files are updated at the time the 23. Which of the following is not associated with simultaneously.
entry is made. converting from a manual to an IT system? c. Auditors should evaluate general
c. Display terminals are used for both input a. It usually centralizes data. controls before evaluating application
and output purposes. controls.
b. It permits higher quality and more
d. Programming is not allowed online and consistent controls over operations. d. None of these statements is correct.
must be done separately. 26. An important characteristic of IT is uniformity of
c. It may eliminate the control provided by
20. Typical controls developed for manual systems division of duties of independent persons processing. Therefore, a risk exists that:
which are still important in IT systems include: who perform related functions and a. auditors will not be able to access data
compare results. quickly.
a. proper authorization of transactions.
d. It may take the recordkeeping function b. auditors will not be able to determine if
b. competent and honest personnel. and the document preparation function data is processed consistently.
c. careful and complete preparation of source away from those who have custody
documents. of assets and put those functions into the c. erroneous processing can result in the
IT center. accumulation of a great number of
d. all of the above. misstatements in a short period of
24. Which of the following statements about general time.
21. ______ controls prevent and detect errors while controls is not correct?
transaction data are processed. d. all of the above.
a. Disaster recovery plans should identify
a. Software alternative hardware to process company
data.
b. Application
27. Auditors should evaluate the ________ before c. There are reasonableness tests for the unit b. sales-cycle controls before application
evaluating application controls because of the potential for selling price of a sale. controls.
pervasive effects.
d. After processing, all sales transactions are c. general controls before applications
a. input controls reviewed by the sales department. controls.
b. control environment 31. Which of the following is least likely to be used in d. applications controls before the control
obtaining an understanding of client general controls? environment.
c. processing controls
a. Examination of system documentation 35. Controls which are designed to assure that the
d. general controls information processed by the computer is authorized,
b. Inquiry of client personnel (e.g., key users) complete, and accurate are called:
28. A control that relates to all parts of the IT system is
called a(n): c. Observation of transaction processing a. input controls.
a. general control. d. Reviews of questionnaires completed by b. processing controls.
client IT personnel
b. systems control. c. output controls.
32. Which of the following is not a general control?
c. universal control. d. general controls.
a. Reasonableness test for unit selling price
d. applications control. of a sale. 36. Programmers should be allowed access to:
b. Equipment failure causes error messages a. user controls.
29. Controls which apply to a specific element of the on monitor.
b. general controls.
system are called: c. Separation of duties between programmer
and operators. c. systems controls.
a. user controls.
d. Adequate program run instructions for d. applications controls.
b. general controls.
operating the computer. 37. Programmers should do all but which of the
c. systems controls. following?
33. Controls which are built in by the manufacturer to
d. applications controls. detect equipment failure are called: a. Test programs for proper performance.
30. Which of the following is not an example of an a. input controls. b. Evaluate legitimacy of transaction data
applications control? input.
b. fail-safe controls.
a. An equipment failure causes system c. Develop flowcharts for new applications.
downtime. c. hardware controls.
d. manufacturer’s controls. d. Programmers should perform each of the
b. There is a preprocessing authorization of above.
the sales transactions. 34. Auditors usually evaluate the effectiveness of:
38. ______ tests determines that every field in a record
a. hardware controls before general controls. has been completed.
 a. Validation c. reading program change requests. b. Test data approach.
b. Sequence d. all of the above methods. c. Parallel simulation.
c. Completeness 43. When auditors consider only non-IT controls in d. Embedded audit module.
assessing control risk, it is known as:
d. Programming 47. Companies with non-complex IT environments often
a. the single-stage audit. rely on microcomputers to perform accounting system
39. In an IT-intensive environment, most processing functions. Which of the following is not an audit
controls are: b. the test deck approach. consideration in such an environment?
a. input controls. c. auditing around the computer. a. Limited reliance on automated controls.
b. operator controls. d. generalized audit software (GAS). b. Unauthorized access to master files.
c. programmed controls. 44. The auditor’s objective to determine whether the c. Vulnerability to viruses and other risks.
client’s computer programs can correctly handle valid and
d. documentation controls. invalid transactions as they arise is accomplished through d. Excess reliance on automated controls.
40. Which of the following is not a processing control? the:

a. Control totals. a. test data approach.

48. Internal control is ineffective when computer
b. Logic tests. b. generalized audit software approach. personnel:

c. Check digits. c. microcomputer-aided auditing approach. a. participate in computer software

acquisition decisions.
d. Computations tests. d. generally accepted auditing standards.
b. design flowcharts and narratives for
41. Output controls are not designed to assure that data 45. The audit approach in which the auditor runs his or her computerized systems.
generated by the computer are: own program on a controlled basis to verify the client’s
data recorded in a machine language is: c. originate changes in customer master
a. accurate. files.
a. the test data approach.
b. distributed only to authorized people. d. provide physical security over program
b. called auditing around the computer. files.
c. complete.
c. the generalized audit software approach. 49. When using the test data approach:
d. used appropriately by employees in
making decisions. d. the microcomputer-aided auditing a. test data should include only exception
approach. conditions.
42. Auditors usually obtain information about general
and application controls through: 46. Which of the following is not one of the three b. application programs tested must be
categories of testing strategies when auditing through the virtually identical to those used by
a. interviews with IT personnel. computer? employees.
b. examination of systems documentation. a. Pilot simulation.
 c. select data may remain in the client system a. Parallel simulation. 57. What tools do companies use to limit access to
after testing. sensitive company data?
b. Generalized audit software programming.
d. none of the above statements is correct. Encryption techniques - Digital signatures - Firewall
c. Integrated test facility.
50. Because general controls have a _____ effect on the a. Yes Yes Yes
operating effectiveness of application controls, auditors d. Test data approach.
must consider general controls. 58. Rather than maintain an internal IT center, many
54. Firewalls are used to protect: companies use ________ to perform many basic functions
a. nominal a. erroneous internal handling of data. such as payroll.
b. pervasive b. against insufficient documentation of a. external general service providers
c. mitigating transactions. b. external application service providers
d. worsening c. illogical programming commands. c. internal control service providers
51. Errors in data processed in a batch computer d. unauthorized use of system resources. d. internal auditors
system may not be detected immediately because: 55. In an IT system, automated equipment controls or 59. A company uses the account code 669 for maintenance
a. transaction trails in a batch system are hardware controls are designed to: expense. However, one of the company clerks often codes
available only for a limited period of time. a. correct errors in the computer programs. maintenance expense as 996. The highest account code in
the system is 750. What internal control in the company’s
b. there are time delays in processing b. monitor and detect errors in source computer program would detect this error?
transactions in a batch system. documents.
a. Pre-data input check.
c. errors in some transactions cause rejection c. detect and control errors arising from
of other transactions in the batch. the use of equipment. b. Valid-character test.
d. random errors are more likely in a batch d. arrange data in a logical sequential manner c. Sequence check.
system than in an online system. for processing purposes. d. Valid-code test.
52. ______ link equipment in large geographic regions. 56. If a control total were to be computed on each of the 60. Which of the following is not an application
a. Cosmopolitan area networks (CANs) following data items, which would best be identified as a control?
hash total for a payroll IT application?
b. Local area networks (LANs) a. Preprocessing authorization of sales
a. Gross wages earned. transactions.
c. Wide area networks (WANs)
b. Employee numbers. b. Reasonableness test for unit selling price of
d. Virtual area networks (VANs) sale.
c. Total hours worked.
53. Which of the following computer-assisted auditing c. Post-processing review of sales
techniques allows fictitious and real transactions to be d. Total debit amounts and total credit
amounts. transactions by the sales department.
processed together without client operating personnel being
aware of the testing process?
 d. Separation of duties between computer
programmer and operators.
61. It is common in IT systems to have certain types of
transactions initiated automatically by the computer. Which
of the following activities would not be an appropriate
candidate for automatic computer initialization?
a. In a bank, periodic calculation of interest
on customer accounts.
b. In a manufacturing facility ordering
inventory at preset order levels.
c. In a hospital, the ordering of oxygen when
pre-specified levels are achieved.
d. In an investment brokerage firm, the
sale of pharmaceutical stocks when the
Dow-Jones Industrial Average falls
below a certain level.
62. Application controls vary across the IT system. To gain
an understanding of internal control for a private company,
the auditor must evaluate the application controls for every:
a. every audit area.
b. every material audit area.
c. every audit area in which the client uses
the computer.
d. every audit area where the auditor plans
to reduce assessed control risk.
63. Many clients have outsourced the IT functions. The
difficulty the independent auditor faces when a computer
service center is used is to:
a. gain the permission of the service center to
review their work.
b. find compatible programs that will analyze c. less concerned with (1) than with (2).
the service center’s programs.
d. more concerned with (1) than with (2).
c. determine the adequacy of the service
center’s internal controls. 67. Service auditors do not issue which of the
following types of reports?
d. try to abide by the Code of Professional
Conduct to maintain the security and a. Report on implemented controls
confidentiality of client’s data. b. Report on controls that have been
implemented and tested for design
64. An auditor who is testing IT controls in a payroll
system would most likely use test data that contain effectiveness
conditions such as: c. Report on controls that have been
a. time tickets with invalid job numbers. implemented and tested for operating
effectiveness
b. overtime not approved by supervisors.
d. Each of the above is issued.
c. deductions not authorized by employees.
68. The most important output control is:
d. payroll checks with unauthorized
signatures. a. distribution control, which assures that
only authorized personnel receive the
reports generated by the system.
65. Which of the following is not a general control? b. review of data for reasonableness by
someone who knows what the output
a. The plan of organization and operation of should look like.
IT activity.
c. control totals, which are used to verify that
b. Procedures for documenting, reviewing, the computer’s results are correct.
and approving systems and programs.
d. logic tests, which verify that no mistakes
c. Processing controls.
were made in processing.
d. Hardware controls.
66. In comparing (1) the adequacy of the hardware controls
in the system with (2) the organization’s methods of
handling the errors that the computer identifies, the
independent auditor is:
a. unconcerned with both (1) and (2).
b. equally concerned with (1) and (2).
 d. No Yes c. Yes Yes No
3. Tolerable misstatements for overstatements 7. Which of the following is not a type of statistical
and understatements: method that provides results in dollar terms?
a. may be different amounts. a. Variables sampling.
b. must be different amounts. b. Attributes sampling.
c. must be set at the same amount. c. Monetary-unit sampling.
d. must be expressed in percentages. d. Sampling with probability proportional to
size.
4. Monetary-unit sampling is most commonly
used when: 8. Which of the following is not a term relevant to
sampling for tests of details?
a. several exceptions are expected.
a. Acceptable risk of incorrect rejection
b. a dollar result is desired.
b. Analysis of misstatements
c. the population data are maintained
on manual files. c. Estimate misstatements in the population
d. the auditor is searching for d. Define the exception conditions
understatements only.

CHAPTER 17: SAMPLING

5. Monetary-unit sampling is not particularly
1. Sampling used for tests of details provides effective at detecting:
results in terms of:
a. overstatements.
a. exception rates.
b. understatements.
b. percentages.
c. errors in current assets.
c. dollars.
d. errors in noncurrent assets.
d. expectation rates.
6. Tests for rates of occurrence are appropriately used
2. Both sampling and nonsampling risks are in all but which of the following situations?
associated with:
Testing of internal controls - Substantive testing Of
Tests of controls - Substantive tests of transactions - Substantive testing of details of
transactions. balances