Excel Professional Services, Inc.

Management Firm of Professional Review and Training Center (PRTC)

(LUZON) Manila 87339344 * Calamba City, Laguna * Dasmariñas City, Cavite * Lipa City,

Batangas (0917) 8852769 * (VISAYAS) Bacolod City (034) 4346214 * Cebu City (032)

2537900 loc. 218 (MINDANAO) Cagayan De Oro (0917) 7081465 * Davao City (082) 2250049

AUDITING THEORY
AT.300 9 – Internal Control R.C.P. SOLIMAN/ K.J. UY
Considerations MAY 2021

Reference:
a. PSA 315 (Redrafted), Identifying and Assessing the Risks of Material Misstatement through Understanding the
Entity and its Environment

DISCUSSION QUESTIONS

Introduction—Importance of Understanding the 5. In obtaining an understanding of a manufacturing

Entity's Internal Control
1. According to PSA 315, an auditor uses the
understanding of internal control to:
a. Identify types of potential misstatements
b. Consider factors that affect the risks of material
misstatement
c. Design the nature, timing and extent of further
audit procedures
d. All of the above
entity’s internal control concerning inventory balances,
an auditor most likely would
a. Review the entity’s descriptions of inventory
policies and procedures.
b. Perform test counts of inventory during the entity’s
physical count.
c. Analyze inventory turnover statistics to identify
slow-moving and obsolete items.
d. Analyze monthly production reports to identify
variances and unusual transactions.

2. Reasons to evaluate internal control would not include
a. Basis for planning the audit.
b. Determining the nature, timing, and extent of
substantive procedures.
c. Basis for type of opinion to be rendered.
d. Formulating constructive suggestions for
improvements. (byproduct of internal control)
RAP to Obtain Understanding of Internal Control
3. The auditor’s understanding of the accounting and
internal control systems significant to the audit is
ordinarily obtained through previous experience with
the entity. In addition, the auditor may perform the
following procedures, except
a. Inquiries of appropriate management, supervisory
and other personnel at various organizational
levels within the entity, together with reference to
documentation, job descriptions and flow charts,
although inquiry although is not sufficient.
b. Inspection of documents and records produced by
the accounting and internal control system.
c. Observation of the entity’s activities and
operations, including observation of the
organization of computer operations, management
personnel and the nature of transaction
processing.
d. Reperformance of internal control procedures.
(Test of control)
4. Risk assessment procedures performed to obtain
evidence about the design and implementation of
relevant controls include
a. External confirmation.
b. Recalculation.
c. Analytical procedures.
d. Tracing transactions or walkthrough.
6. Which of the following is not useful for obtaining an
understanding of internal controls?
a. Make inquiries of the client’s personnel.
b. Examine documents and records.
c. Read industry trade magazines.
d. Observe client activities and operations.
Nature of Internal Control
7. The process designed and effected by those charged
with governance, management, and other personnel
to provide reasonable assurance about the
achievement of the entity’s objectives with regard to
reliability of financial reporting, effectiveness and
efficiency of operations and compliance with applicable
laws and regulations.
a. Internal Control c. Administrative control
b. Accounting control d. Control environment
8. The financial statements are not likely to correctly
reflect GAAP if the:
a. controls affecting the reliability of financial
reporting are inadequate.
b. company’s controls do not promote efficiency.
c. company’s controls do not promote effectiveness.
d. company’s control do not promote compliance with
applicable rules and regulations.
9. Among the three objectives of internal control, which
is of most importance to the auditor in an audit of
financial statements?
a. Reliability of financial reporting.
b. Effectiveness and efficiency of operations.
c. Compliance with applicable laws and regulations.
d. All of the above.

Page 1 of 9 www.teamprtc.com.ph AT.3009

EXCEL PROFESSIONAL SERVICES, INC.

10. What is the relationship between an entity’s objectives entity transactions, events and conditions and to
and the controls it implements to provide reasonable maintain accountability for the related assets,
assurance about their achievement? liabilities, and equity. INFO SYSTEM
a. Direct. c. None
b. Inverse d. Both A and B 17. Monitoring
a. Is the entity’s identification and analysis of
11. An entity’s internal control encompasses its relevant risks as a basis for their management.
a. People. c. Processes. b. Support the identification, capture, and exchange
b. Units and function. d. All of the above. of information in a form and time frame that
enable people to carry out their responsibilities.
12. The primary responsibility for designing, implementing c. Is a process that assesses the quality of internal
and maintaining internal control rests with control performance over time.
a. Internal auditors c. The external auditor d. Sets the tone of an organization, influencing the
b. The CFO d. The management/TCWG control consciousness of its people.

Inherent Limitations of Internal Control Control Environment

13. When considering internal control, an auditor must be
aware of the concept of reasonable assurance, which
recognizes that
a. Employment of competent personnel provides
assurance that the objectives of internal control
will be achieved.
b. Establishment and maintenance of internal control
is an important responsibility of the management
and not of the auditor. Not related
c. Cost of internal control procedures should not
exceed the benefits expected to be derived from
the control.
d. Segregation of incompatible functions is necessary
to ascertain that the control procedures are
effective. Not related
18. Which of the following is incorrect regarding control
environment component of internal control?
a. The foundation for the other components of
internal control to function as control environment
provides discipline and structure.
b. To understand the control environment, the
auditor considers programs and controls
addressing fraud risk implemented by
management and those charged with governance.
c. The absence of programs and controls addressing
fraud risk of control environment may not
represent a material weakness.
d. The evaluation of the design of the control
environment includes considering the seven
elements of control environment.

14. Which of the following is not one of the inherent 19. Which of the following factors are included in an
limitations of internal control? a. Faulty human entity’s control environment?
judgment. a. b. c. d.
b. Collusion. Integrity and ethical values Yes No Yes Yes
Commitment to competence Yes Yes No Yes
c. Management override.
Participation of those charged
d. Lack of proper segregation of incompatible duties.
with governance Yes Yes No Yes
Management’s philosophy and
15. Which of the following is most likely to be a direct operating style Yes Yes No Yes
consequence of the fact that internal controls have Organizational structure No Yes Yes Yes
inherent limitations that normally cannot be Assignment of authority and No Yes Yes Yes
completely eliminated? responsibility
a. Inherent risk must be greater than zero. Human resources policies
b. Risk of material misstatement must be greater and procedures Yes No Yes Yes
than zero.
c. Audit risk must be greater than zero. 20. Which of the following relates to human resource
d. Detection risk must be greater than zero. policies and practices factor of control environment?
a. Effective communication of standards and values
The Five Components of Internal Control and The and removal of incentives and temptations for
Auditor's Required Understanding dishonest or unethical acts. INTEGRITY
b. Management’s approach to taking and managing
16. Control environment component of internal control business risks. TCWG participation
a. Consists of the policies and procedures that help c. Consideration of key areas of authority and
ensure that management directives are carried responsibility and appropriate lines of reporting.
out. CONTROL ACTIVITIES ASSIGNMENT OF AUTHORITY
b. Includes the governance and management d. Recruitment, orientation, training, evaluation,
functions and the attitudes, awareness, and counseling, promotion, compensation, and
actions of those charged with governance and remedial action.
management concerning the entity’s internal
control and its importance in the entity. 21. In obtaining an understanding of control environment
c. Is the entity’s process for identifying business risks component of internal control, an auditor should
relevant to financial reporting objectives and evaluate whether
deciding about actions to address those risks, and a. Management, with oversight of TCWG, has created
the results thereof. RISK ASSESSMENT and maintained a culture of honesty and ethical
d. Consists of the procedures and records established behavior.
to initiate, authorize, record, process, and report

Page 2 of 9 www.teamprtc.com.ph AT.3009

EXCEL PROFESSIONAL SERVICES, INC.

b. The strengths of control environment elements c. The safeguarding of assets, records, periodic
provide a foundation for the other components of counts, and reconciliations that creates asset
internal control. accountability. PHYSICAL CONTROL
c. Both a and b. d. The separation of the functions to minimize the
d. Neither a nor b. opportunities for a person to be able to perpetrate
and conceal errors or fraud in the normal course of
Risk Assessment his/her duties. SEG DUTIES

22. Which of the following risks should be considered by 27. Proper segregation of functional responsibilities calls
the entity’s risk assessment process? for separation of the functions of
a. b. c. d. a. Authorization, execution, and recording.
b. Authorization, execution, and payment.
Changes in operating
c. Custody, execution, and reporting.
environment. Yes Yes Yes Yes
d. Authorization, payment, and recording.
New personnel. Yes Yes Yes No
New or revamped 28. Which of the following statements is correct with
information systems. Yes Yes Yes Yes respect to separation of duties?
Rapid growth. Yes No No Yes a. Employees should not have temporary and
New technology. Yes Yes No No permanent custody of assets.
New business models, b. Employees who authorize transactions should not
products, or activities. Yes Yes Yes Yes have custody of related assets.
c. It is permissible to allow an employee to open cash
Corporate restructurings. Yes Yes Yes Yes
receipts and record those receipts.
Expanded foreign Yes Yes Yes Yes d. Employees who authorize transactions should have
operations. recording responsibility for these transactions.
New accounting
pronouncements. Yes Yes Yes Yes 29. Physical controls to safeguard assets would include:
a. hiring only trustworthy cashiers
23. In obtaining an understanding of an entity’s risk b. segregation of duties
assessment process component of internal control, an c. locks on the warehouse doors
auditor should evaluate whether the entity has a
d. safety audits on the production-line
process for
a. b. c. d. 30. Controls that enhance the reliability of the financial
Identifying business risks. Yes Yes Yes Yes statements may be classified as prevention controls
Estimating the significance and detection controls. Which of the following is
of the risks. Yes Yes Yes No primarily a detection control?
Assessing likelihood of a. Separation of duties between recording cash
receipts and depositing cash. P
occurrence. Yes Yes No Yes
b. Bank accounts are reconciled monthly by persons
Deciding actions to address
independent of cash recording and cash custody.
those risks. Yes No No Yes
c. The human resources department authorizes the
hiring of only those persons for accounting
Control Activities positions that meet the written job requirements
specified by the corporate controller. P
24. Control activities are policies and procedures helping d. An accounting manual, accompanied by a detailed
to ensure that actions are taken to address risks to chart of accounts, carefully and clearly describes
achievement of entity’s objectives. Control activities each type of transaction affecting the entity. P
may be
a. Manual.
31. Internal controls may be preventive, detective, or
b. Automated. corrective. Which of the following is preventive? a.
c. Manual and automated. Requiring two persons to open mail.
d. All of the above. b. Reconciling the accounts receivable subsidiary file
with the control account. D
25. Control activities component of internal control include c. Preparing bank reconciliations. D
a. b. c. d.
Performance reviews Yes Yes Yes No Information System and Communication
Information processing Yes No No Yes
32. An information system consists of __________ that
Physical controls Yes Yes No No
interrelate to achieve a business goal.
Segregation of duties Yes Yes Yes Yes
a. b. c. d.
Authorization Yes Yes Yes Yes
Physical and hardware
infrastructure. Yes Yes Yes No
26. Which of the following control activities refers to
information processing control? Software. Yes No No Yes
a. Reviews of actual performance versus budgets and Data. Yes Yes No No
prior performance. PERFORMANCE CONTROL Manual and automated
b. Checking of accuracy, completeness, and procedures. Yes Yes Yes Yes
authorization of transactions, which include People. Yes Yes Yes Yes
general controls and application controls.

Page 3 of 9 www.teamprtc.com.ph AT.3009

EXCEL PROFESSIONAL SERVICES, INC.

33. An information system 39. An auditor typically follows a _____ approach in

a. b. c. d. obtaining an understanding of internal control.
a. Top-down.
Identifies and records all
b. Bottom-up.
valid transactions. Yes Yes Yes No
c. Parallel.
Describes transactions
d. All of the above.
sufficiently for proper
classification. Yes No No Yes
The Entity's Transaction Cycles and Controls
Measures transactions. Yes Yes No No
Determines the proper 40. An entity’s transaction cycles typically include
reporting period for a. b. c. d.
transactions. Yes Yes Yes Yes
Revenue and receipt cycle Yes Yes Yes No
Presents transactions and
Purchasing and
related disclosures Yes Yes Yes Yes
disbursement cycle Yes No No Yes
properly.
Personnel and payroll cycle Yes Yes No No
34. Communication component of internal control includes Inventory and production Yes Yes Yes Yes
providing an understanding to employees about their cycle
roles and responsibilities. Communication, electronic, Financing and investing Yes Yes Yes Yes
oral or by management actions, may be through cycle
a. Policy manuals.
b. Financial reporting manuals. 41. Which of the following statements with respect to the
c. Memoranda. independent auditor's evaluation of internal control is
d. All of the above. correct?
a. The auditor should decrease control testing when
Monitoring weaknesses in cash receipts are mitigated by
strong controls in cash disbursement procedures.
35. A component of COSO’s internal control system b. The auditor should increase control testing when
concerns the process that provides feedback on the weaknesses in billing procedures are mitigated by
effectiveness of the other components of internal strong controls in collection procedures.
control. This component is called: c. The auditor generally should not evaluate the
a. Information & communication c. Monitoring overall effectiveness of internal control, but should
b. Control activities d. Risk separately evaluate each of the transaction cycles.
assessment d. The auditor should evaluate all internal control
weaknesses before determining the control
36. The monitoring process of internal control does not procedures that should prevent or detect errors or
involve irregularities.
a. Ongoing activities and separate evaluations
b. Actions of internal auditors 42. Why does the auditor divide the financial statements
c. Communications from external parties. into smaller segments?
d. None of the above a. Using the cycle approach makes the audit more
manageable.
37. An entity's ongoing monitoring activities, which are b. Most accounts have few relationships with others
built into normal recurring actions, often include and so it is more efficient to break the financial
a. Periodic audits by the audit committee. statements into smaller pieces.
b. Reviewing or supervising the purchasing function. c. The cycle approach is used because auditing
standards require it.
c. The audit of the annual financial statements.
d. All of the above are correct.
d. Control risk assessment in conjunction with
quarterly reviews.
Internal Control in Smaller Entities
Entity-Level and Transaction-Level Internal Controls
43. An important issue that arises in the context of a small
business is whether the enterprise is auditable. Which
38. Statement 1: Entity-level internal controls are
pervasive controls that relate to the overall operations of the following factors would be most likely to indicate
of an entity. to a CPA that a small business enterprise was not
auditable?
a. The inherent risk of material misstatement is high.
Statement 2: Transaction-level internal controls are
specific controls that ensure transactions are b. The company relies solely on manual data
accurately and timely recorded, authorized, and processing of basic transactions.
processed. c. There are a limited number of employees and poor
a. True, true segregation of duties.
b. True, false d. Underlying source documents for transactions are
c. False, true not retained.
d. False, false
44. Which of the following is most likely to be a
Evaluating Entity-Level Controls characteristic of an owner-managed small business? a.
A formal organization structure
b. A strong control environment

Page 4 of 9 www.teamprtc.com.ph AT.3009

EXCEL PROFESSIONAL SERVICES, INC.
c. Management tendency to override internal controls
d. Effective segregation of duties
45. Which of the following risk assessments or values is
least likely to be characteristic of a small business
audit?
a. Business risk is low.
b. Control risk is low.
c. Inherent risk is low
d. Detection risk is low.
46. In auditing smaller entities, an auditor usually finds it
more efficient to apply
a. Tests of controls strategy.
b. Substantive procedures strategy.
c. Combination of a and b.
d. Any of the above.
47. Under what circumstances is testing of controls
required when auditing a small business?
a. For those accounts where the auditor has
determined that there are significant inherent risks
of material misstatement
b. For those accounts for which substantive testing
alone does not provide sufficient assurance
c. For those accounts where the auditor has
determined the risk of fraud to be higher than
normal
d. For all accounts containing one or more
transactions that are individually material in
amount
48. Which of the following best describes the level of
engagement risk when a CPA audits the financial
statements for a small business client? a. Low
b. Moderate
c. High
d. Maximum
Scope of Internal Control Understanding—
Determining Relevant Controls
49. PSAs require the auditor to obtain understanding of
the entity’s internal control structure a. For first time
audit clients.
b. For every audit.
c. Whenever the auditor wishes or sees necessary.
d. Sufficient to find any frauds that may exist.
50. In all audits, the auditor should obtain an
understanding of _______ components of internal
control sufficient to assess the risk of material
misstatement and to design further audit procedures.
a. Depends on the management’s permission.
b. Majority.
c. At least four.
d. All the five.
51. With respect to the client's system of internal control,
the auditor is concerned that the existing policies and
procedures provide reasonable assurance that
a. Operational efficiency has been achieved in
accordance with management plans.
b. Errors and fraud have been prevented or detected.
c. Controls have not been circumvented by collusion.
d. Management cannot override the internal controls.
52. An internal control is relevant to an audit of financial
statements if it addresses risks of material
Page 5 of 9 www.teamprtc.com.ph
misstatement. In determining whether a control is
relevant, an auditor shall consider
a. Materiality and significance of risk.
b. Size and nature of entity.
c. How a specific control prevents, or detects and
corrects, material misstatement.
d. All of the above.
53. Which of the following statements is false with regard
to the auditor’s consideration of an entity’s internal
control?
a. An entity may have controls relating to objectives
that are not relevant to audit and need not be
considered.
b. Understanding internal control relevant to each
operating unit or business function may not be
necessary to perform an audit.
c. The auditor’s primary consideration of internal
control is whether the control affects financial
statement assertions.
d. Internal control is considered relevant to the audit
of financial statements when the control addresses
all business risks.
54. Which of the following statements is false with regard
to the auditor’s consideration of an entity’s internal
control?
a. Controls over financial reporting objectives are
usually relevant to audit of financial statements.
b. Controls over operations and compliance
objectives are totally not relevant to audit of
financial statements.
c. Controls over operations and compliance
objectives may be relevant to audit of financial
statements if they relate to information or data
involved in performance of audit procedures such
as those controls related to nonfinancial data used
in analytical procedures and noncompliance with
laws and regulations.
d. Controls over safeguarding of assets such as limit
access to data and programs (e.g., passwords)
that process cash payments are relevant to audit
of financial statements.
55. Which of the following internal control is most likely
relevant to an audit of financial statements?
a. A TV manufacturer’s computerized production
scheduling system.
b. An airline’s automated controls that maintain flight
schedules.
c. A furniture manufacturer’s controls for incidental
sales of scrap materials that accounts for less than
1% of total sales.
d. A bank’s loan approval process.
56. When an auditor uses information produced by the
entity, which of the following controls is(are) relevant?
a. Controls over completeness.
b. Controls over accuracy.
c. Both a and b.
d. Neither a nor b.
57. Identifying relevant controls is least likely facilitated
by
a. Previous experience.
b. The understanding of the entity and its
environment.
c. Information gather during the during.
d. Rate of responses to bank confirmation letters.
AT.3009
EXCEL PROFESSIONAL SERVICES, INC.

Extent of Understanding of the Entity's Relevant Controls
—Design and Implementation
58. The auditor must evaluate the design of relevant
controls and determine whether they have been
implemented. Evaluating the design of the entity’s
internal control would involve
a. Considering whether the control, individually or in
combination with other controls, is capable of
effectively preventing or detecting and correcting,
material misstatements.
b. Determining whether control exists and the entity
is using it.
c. Determining the how, by whom, and consistency
of application of internal control.
d. Determining whether the control is operating
effectively.
59. Obtaining an understanding of internal control through
risk assessment procedures involves evaluating the
a. b. c. d.
c. A written description of the process and flow of
documents and of the control points.
d. Diagrams of the client’s system that track the
flow of documents and processing.
65. Questionnaires consist of a series of interrelated
questions about internal control policies and
procedures. The questions are typically phrased so
that a “Yes” indicates a control strength and a “No”
indicates a potential weakness. An advantage(s) of the
questionnaire is(are)
a. Provide a visual representation of the system and
flexible in construction.
b. Help identify control concerns and prevents the
auditor from overlooking important control
considerations.
c. Flexible to prepare, although difficult for a complex
system.
d. Identify the contingencies considered in the
description of a problem and the appropriate
actions to be taken in each case.

Design of internal control. Yes Yes Yes Yes

66. An auditor must document his/her understanding of
Implementation of internal Yes No No Yes internal control using
control. a. A narrative memorandum.
Operating effectiveness of b. A flowchart.
internal control. Yes Yes No No c. A questionnaire.
d. Any form.
60. When is the case that obtaining an understanding of
internal control is sufficient to test the operating Walkthrough Tests
effectiveness of control?
a. Controls are highly automated and the IT general 67. A procedure that involves tracing a transaction from
controls are effective. its origination through the company's information
b. Controls are non-complex in nature. systems until it is reflected in the company's financial
c. Controls are periodically evaluated by internal report is referred to as a(n) a. Analytical analysis.
auditors. b. Substantive procedure.
d. Controls are sophisticated and critical. c. Test of a control.
d. Walk-through
61. When obtaining an understanding of an entity’s
internal controls, an auditor should concentrate on 68. Which of the following statements is incorrect about
their substance rather than their form because walk-through test?
a. The controls may be operating effectively but may a. A procedure required to be performed every year
not be documented. of audit and to verify the identified “what can go
b. Management may establish appropriate controls wrongs” that have the potential to materially affect
but not enforce compliance with them. relevant financial statement assertions related to
c. The controls may be so inappropriate that the significant accounts and disclosures within each
auditor assesses control risk at the maximum. significant class of transactions.
d. Management may implement controls whose costs b. This procedure may be treated as part of tests of
exceed their benefits. control.
c. This procedure is performed to evaluate the
Documentation of Understanding of Internal Control effectiveness of the design of controls and
determine (confirm) whether the controls are
62. Which of the following is not a medium that can implemented (placed in operation) by the client.
normally be used by an auditor to record information d. The nature and extent of walk-through tests
concerning a client's internal control policies and performed by the auditor are such that they alone
procedures? would provide sufficient appropriate audit evidence
a. Narrative memorandum. c. Flowchart. to support a control risk assessment which is less
b. Procedures manual. d. Questionnaire. than high.

63. Which of the following is not a medium that can 69. Which of the following best represents a walkthrough?
normally be used by an auditor to record information a. The controller reviews the bank reconciliation
concerning a client's internal control policies and prepared by the accountant and its resulting
procedures? journal entries.
c. Decision table. c. Check list. b. The auditor walks the production line to find
d. Policy manual. d. Questionnaire. inefficiencies in the inventory process and reports
them to management.
64. A decision table c. The controller takes a sample of write-offs to
a. Consists of a series of procedures to be performed. ensure they have been adequately documented
b. Logic diagrams presented in matrix form. and recorded.

Page 6 of 9 www.teamprtc.com.ph AT.3009

EXCEL PROFESSIONAL SERVICES, INC.

d. The auditor traces three purchasing transactions b. the person performing the control does not
from the purchase order to the financial statement possess the necessary authority or competence.
for observation and understanding. c. Either a or b.
b. Employees in the normal course of performing and communicated this finding in writing to the client's their
assigned functions. senior management and those charged with
c. Management when reviewing interim financial governance. The auditor should statements and reconciling
account balances. a. Consider the weakness a scope limitation and
d. Outside consultants who issue a special-purpose therefore disclaim an opinion. report on internal control
structure. b. Suspend all audit activities pending directions from the client's audit committee.
78. The auditor is not obligated to search for deficiencies c. Withdraw from the engagement.
in internal control, although the he/she must d. Consider the effects of the condition on the audit. communicate
control deficiencies noted. Which of the following control deficiencies the auditor must 80. When a compensating
control exists, the absence of a communicate to management and those charged with key control: governance?
a. is still a major concern to the auditor.
a. Control deficiency. b. could cause a material loss, so it must be tested
b. Significant deficiency. using substantive procedures.
c. Material weakness. c. is magnified and must be removed from the
d. Both b and c. sampling process and examined in its entirety.
d. is no longer a concern because there is no longer
79. During the audit the independent auditor identified the a significant deficiency or material weakness.
existence of a weakness in the client's internal control

- now do the DIY drill –

DO-IT-YOURSELF (DIY) DRILL

70. In considering internal control, what is the purpose of
a transaction walk through?
a. To assure that employees are performing assigned
functions accurately.
b. To confirm the auditor's understanding of the
internal control structure.
c. To select documents for detailed tests of controls.
d. To verify the results of the auditor's sampling plan.
71. Obtaining knowledge about whether the control is
implemented can best be obtained by a. Inquiry of
client’s personnel.
b. Performing tests of control.
c. Reading procedures manual.
d. Tracing transactions through the information
system relevant to financial reporting.
Deficiencies in Internal Control
72. Which of the following is not one of the levels of an
absence of internal controls? a. Control deficiency.
b. Significant deficiency.
c. Material weakness.
d. Major deficiency.
73. Deficiency in internal control exists when:
a. A control is unable to prevent, or detect and
correct, F/S misstatements timely.
b. A necessary control is missing.
c. Either a or b.
d. Neither a nor b.
74. A(n) _______ deficiency exists if a necessary control
is missing or not properly formulated. a. Control.
b. Significant.
c. Design.
d. Operating.
75. An operation deficiency exists when
a. a properly designed control does not operate as
designed.
d. Neither a nor b.
76. If the auditor finds a material weakness in the controls
of the client, it represents a deficiency in the design or
operation of a control
a. that adversely affects the company’s ability to
initiate, record, process, or report external
financial data reliably in accordance with GAAP.
b. that negatively affects the company’s ability to
initiate, record, process, or report external
financial data reliably in accordance with GAAP.
c. that results in a remote possibility that a material
misstatement of the annual or interim financial
statements will not be prevented or detected.
d. that results in a reasonable possibility that a
material misstatement of the annual or interim
financial statements will not be prevented or
detected.
77. In general, a material weakness in internal control
may be defined as a condition in which material errors
or irregularities may occur and not be detected within
a timely period by
a. An independent auditor during tests of controls.
1. What is management’s primary purpose of effective
internal control in an organization?
a. Obtaining high-quality data for making good
business decisions providing reasonable assurance
that the entity’s objectives are achieved.
b. Completion of a successful audit for the entity.
c. Shareholder involvement in the company’s
success.
d. Obtaining profitability and financial strength.
2. An effective system of internal control
a. Eliminates risks and potential loss to the
organization
b. Can prevent collusion among employees
c. Can reduce the cost of an external audit
d. Cannot be circumvented by management

Page 7 of 9 www.teamprtc.com.ph AT.3009

EXCEL PROFESSIONAL SERVICES, INC.
3. When auditing a company, the auditor should obtain
an understanding of internal control sufficient to:
a. provide reasonable protection against client fraud
and defalcations by client employees.
b. assess control risk.
c. provide a basis for suggestions to the client for
improving the accounting system.
d. provide a method for safeguarding assets,
checking the accuracy and
reliability of accounting data,
promoting operational efficiency, and
encouraging adherence to prescribed
managerial policies.
4. The control environment includes all of the following
except
a. management philosophy and operating style.
b. methods of assigning authority and responsibility.
c. personnel policies and practices.
d. control activities.
5. The essence of an effectively controlled organization
(i.e., control environment) lies in the:
a. effectiveness of its independent auditor.
b. effectiveness of its internal auditor.
c. attitude of its employees.
d. attitude of its management.
6. A component of COSO’s internal control system
concerns the process of identifying, capturing, and
exchanging information in a timely fashion to enable
accomplishment of the organization’s objective. This
component is called
a. control activities.
b. information and communication.
c. monitoring.
d. control environment.
7. A proper segregation of duties requires
a. An individual maintaining custody of an asset be
entitled to access the accounting records for the
asset.
b. An individual authorizing a transaction records it
c. An individual recording a transaction not compare
the accounting record of the asset with the asset
itself
d. An individual authorizing a transaction maintain a
custody of the asset that resulted from a
transaction
8. Which of the following is a detective control designed
to detect the occurrence of a misstatement? a. Access
controls.
b. Edit controls.
c. Reconciliations.
d. All of the above are detective controls.
9. Which of the following statements about internal
control is correct?
a. Properly maintained internal controls reasonably
assure that collusion among employees cannot
occur.
b. Establishing and maintaining internal control is the
internal auditor's responsibility.
c. Exceptionally strong control allows the auditor to
eliminate substantive tests of details.
d. The cost benefit relationship should be considered
in designing internal controls.
Page 8 of 9 www.teamprtc.com.ph
10. Internal control procedures are not designed to
provide reasonable assurance that
a. Transactions are executed in accordance with
management's authorization.
b. Irregularities (frauds) will be eliminated.
c. Access to assets is permitted only in accordance
with management's authorization.
d. The recorded accountability for assets is compared
with the existing assets at reasonable intervals.
11. Internal controls can never be considered as
absolutely effective because:
a. their effectiveness is limited by the competency
and dependability of employees.
b. not all organizations have internal audit
departments.
c. controls are designed to prevent and detect only
material misstatements.
d. internal controls prevent separation of duties.
12. Which of the following best describes the inherent
limitations that should be recognized by an auditor
when considering the potential effectiveness of
internal control?
a. Procedures that depend on segregation of duties
can be circumvented by collusion.
b. Competent and honest client personnel provide an
environment conducive to accounting control and
provide absolute assurance that effective control
will be achieved.
c. Procedures designed to assure the execution and
recording of transactions in accordance with
proper authorizations are effective against
irregularities perpetrated by management.
d. The benefits expected to be derived from effective
internal accounting control usually do not exceed
the costs of such control.
13. When evaluating a client's system of internal control to
determine whether the necessary procedures are
prescribed and have been implemented satisfactorily,
an auditor must
a. Develop questionnaires and checklists.
b. Obtain an understanding of internal control.
c. Perform tests of internal control procedures.
d. Evaluate administrative policies.
14. Which of the following would an auditor least likely
perform when obtaining understanding of the entity’s
internal control?
a. Re-performance of internal control
b. Inquiries of appropriate personnel
c. Inspection of documents and record
d. Observation of the entity’s activities and
operations
15. The auditor observes client employees during the
review of the client's system of internal control in
order to
a. Prepare a flowchart.
b. Update information contained in the organization
and procedure manuals.
c. Assist in obtaining an understanding of the client's
internal control policies and procedures.
d. Determine the extent of compliance with quality
control standards.
AT.3009
EXCEL PROFESSIONAL SERVICES, INC.

16. Why will the external auditor typically interview the

internal audit department as it relates to its risk-based
approach?
a. To appropriately change internal controls.
b. To comment on the deficiency of internal audit
control.
c. To understand and assess management risk
processes.
d. To perform effective analytical procedures.

17. In an auditor's consideration of internal control, the

completion of a questionnaire is most closely
associated with which of the following? a. Separation
of duties.
b. Understanding the system.
c. Flowchart accuracy.
d. Tests of controls.

18. A major control available in a small company, which

might not be feasible in a big company, is: a. a wider
segregation of duties.
b. a voucher system.
c. fewer transactions to process.
d. the owner-manager’s personal interest and close
relationship with personnel.

19. Which of the following evidence-selection techniques is

most likely to be useful in the context of an audit of a
small business?
a. Block sampling
b. 100% examination
c. Stratified sampling
d. MUS sample selection

20. Which of the following is least likely to be a motivation

for the owners/managers of a small business to
misstate income?
a. Minimization of corporate income taxes
b. Showing sufficient growth and profitability to keep
lenders happy
c. Compliance with debt covenants
d. Maximizing potential dividend payout

- end of AT.3009 -

Page 9 of 9 www.teamprtc.com.ph AT.3009