Professional Documents
Culture Documents
At3009 Internal Control Considerations PDF Free
At3009 Internal Control Considerations PDF Free
(LUZON) Manila 87339344 * Calamba City, Laguna * Dasmariñas City, Cavite * Lipa City,
Batangas (0917) 8852769 * (VISAYAS) Bacolod City (034) 4346214 * Cebu City (032)
2537900 loc. 218 (MINDANAO) Cagayan De Oro (0917) 7081465 * Davao City (082) 2250049
AUDITING THEORY
AT.300 9 – Internal Control R.C.P. SOLIMAN/ K.J. UY
Considerations MAY 2021
Reference:
a. PSA 315 (Redrafted), Identifying and Assessing the Risks of Material Misstatement through Understanding the
Entity and its Environment
DISCUSSION QUESTIONS
2. Reasons to evaluate internal control would not include 6. Which of the following is not useful for obtaining an
a. Basis for planning the audit. understanding of internal controls?
b. Determining the nature, timing, and extent of a. Make inquiries of the client’s personnel.
substantive procedures. b. Examine documents and records.
c. Basis for type of opinion to be rendered. c. Read industry trade magazines.
d. Formulating constructive suggestions for d. Observe client activities and operations.
improvements. (byproduct of internal control)
Nature of Internal Control
RAP to Obtain Understanding of Internal Control
7. The process designed and effected by those charged
3. The auditor’s understanding of the accounting and with governance, management, and other personnel
internal control systems significant to the audit is to provide reasonable assurance about the
ordinarily obtained through previous experience with achievement of the entity’s objectives with regard to
the entity. In addition, the auditor may perform the reliability of financial reporting, effectiveness and
following procedures, except efficiency of operations and compliance with applicable
a. Inquiries of appropriate management, supervisory laws and regulations.
and other personnel at various organizational a. Internal Control c. Administrative control
levels within the entity, together with reference to b. Accounting control d. Control environment
documentation, job descriptions and flow charts,
although inquiry although is not sufficient. 8. The financial statements are not likely to correctly
b. Inspection of documents and records produced by reflect GAAP if the:
the accounting and internal control system. a. controls affecting the reliability of financial
c. Observation of the entity’s activities and reporting are inadequate.
operations, including observation of the b. company’s controls do not promote efficiency.
organization of computer operations, management c. company’s controls do not promote effectiveness.
personnel and the nature of transaction d. company’s control do not promote compliance with
processing. applicable rules and regulations.
d. Reperformance of internal control procedures.
(Test of control) 9. Among the three objectives of internal control, which
is of most importance to the auditor in an audit of
4. Risk assessment procedures performed to obtain financial statements?
evidence about the design and implementation of a. Reliability of financial reporting.
relevant controls include b. Effectiveness and efficiency of operations.
a. External confirmation. c. Compliance with applicable laws and regulations.
b. Recalculation. d. All of the above.
c. Analytical procedures.
d. Tracing transactions or walkthrough.
10. What is the relationship between an entity’s objectives entity transactions, events and conditions and to
and the controls it implements to provide reasonable maintain accountability for the related assets,
assurance about their achievement? liabilities, and equity. INFO SYSTEM
a. Direct. c. None
b. Inverse d. Both A and B 17. Monitoring
a. Is the entity’s identification and analysis of
11. An entity’s internal control encompasses its relevant risks as a basis for their management.
a. People. c. Processes. b. Support the identification, capture, and exchange
b. Units and function. d. All of the above. of information in a form and time frame that
enable people to carry out their responsibilities.
12. The primary responsibility for designing, implementing c. Is a process that assesses the quality of internal
and maintaining internal control rests with control performance over time.
a. Internal auditors c. The external auditor d. Sets the tone of an organization, influencing the
b. The CFO d. The management/TCWG control consciousness of its people.
13. When considering internal control, an auditor must be 18. Which of the following is incorrect regarding control
aware of the concept of reasonable assurance, which environment component of internal control?
recognizes that a. The foundation for the other components of
a. Employment of competent personnel provides internal control to function as control environment
assurance that the objectives of internal control provides discipline and structure.
will be achieved. b. To understand the control environment, the
b. Establishment and maintenance of internal control auditor considers programs and controls
is an important responsibility of the management addressing fraud risk implemented by
and not of the auditor. Not related management and those charged with governance.
c. Cost of internal control procedures should not c. The absence of programs and controls addressing
exceed the benefits expected to be derived from fraud risk of control environment may not
the control. represent a material weakness.
d. Segregation of incompatible functions is necessary d. The evaluation of the design of the control
to ascertain that the control procedures are environment includes considering the seven
effective. Not related elements of control environment.
14. Which of the following is not one of the inherent 19. Which of the following factors are included in an
limitations of internal control? a. Faulty human entity’s control environment?
judgment. a. b. c. d.
b. Collusion. Integrity and ethical values Yes No Yes Yes
Commitment to competence Yes Yes No Yes
c. Management override.
Participation of those charged
d. Lack of proper segregation of incompatible duties.
with governance Yes Yes No Yes
Management’s philosophy and
15. Which of the following is most likely to be a direct operating style Yes Yes No Yes
consequence of the fact that internal controls have Organizational structure No Yes Yes Yes
inherent limitations that normally cannot be Assignment of authority and No Yes Yes Yes
completely eliminated? responsibility
a. Inherent risk must be greater than zero. Human resources policies
b. Risk of material misstatement must be greater and procedures Yes No Yes Yes
than zero.
c. Audit risk must be greater than zero. 20. Which of the following relates to human resource
d. Detection risk must be greater than zero. policies and practices factor of control environment?
a. Effective communication of standards and values
The Five Components of Internal Control and The and removal of incentives and temptations for
Auditor's Required Understanding dishonest or unethical acts. INTEGRITY
b. Management’s approach to taking and managing
16. Control environment component of internal control business risks. TCWG participation
a. Consists of the policies and procedures that help c. Consideration of key areas of authority and
ensure that management directives are carried responsibility and appropriate lines of reporting.
out. CONTROL ACTIVITIES ASSIGNMENT OF AUTHORITY
b. Includes the governance and management d. Recruitment, orientation, training, evaluation,
functions and the attitudes, awareness, and counseling, promotion, compensation, and
actions of those charged with governance and remedial action.
management concerning the entity’s internal
control and its importance in the entity. 21. In obtaining an understanding of control environment
c. Is the entity’s process for identifying business risks component of internal control, an auditor should
relevant to financial reporting objectives and evaluate whether
deciding about actions to address those risks, and a. Management, with oversight of TCWG, has created
the results thereof. RISK ASSESSMENT and maintained a culture of honesty and ethical
d. Consists of the procedures and records established behavior.
to initiate, authorize, record, process, and report
b. The strengths of control environment elements c. The safeguarding of assets, records, periodic
provide a foundation for the other components of counts, and reconciliations that creates asset
internal control. accountability. PHYSICAL CONTROL
c. Both a and b. d. The separation of the functions to minimize the
d. Neither a nor b. opportunities for a person to be able to perpetrate
and conceal errors or fraud in the normal course of
Risk Assessment his/her duties. SEG DUTIES
22. Which of the following risks should be considered by 27. Proper segregation of functional responsibilities calls
the entity’s risk assessment process? for separation of the functions of
a. b. c. d. a. Authorization, execution, and recording.
b. Authorization, execution, and payment.
Changes in operating
c. Custody, execution, and reporting.
environment. Yes Yes Yes Yes
d. Authorization, payment, and recording.
New personnel. Yes Yes Yes No
New or revamped 28. Which of the following statements is correct with
information systems. Yes Yes Yes Yes respect to separation of duties?
Rapid growth. Yes No No Yes a. Employees should not have temporary and
New technology. Yes Yes No No permanent custody of assets.
New business models, b. Employees who authorize transactions should not
products, or activities. Yes Yes Yes Yes have custody of related assets.
c. It is permissible to allow an employee to open cash
Corporate restructurings. Yes Yes Yes Yes
receipts and record those receipts.
Expanded foreign Yes Yes Yes Yes d. Employees who authorize transactions should have
operations. recording responsibility for these transactions.
New accounting
pronouncements. Yes Yes Yes Yes 29. Physical controls to safeguard assets would include:
a. hiring only trustworthy cashiers
23. In obtaining an understanding of an entity’s risk b. segregation of duties
assessment process component of internal control, an c. locks on the warehouse doors
auditor should evaluate whether the entity has a
d. safety audits on the production-line
process for
a. b. c. d. 30. Controls that enhance the reliability of the financial
Identifying business risks. Yes Yes Yes Yes statements may be classified as prevention controls
Estimating the significance and detection controls. Which of the following is
of the risks. Yes Yes Yes No primarily a detection control?
Assessing likelihood of a. Separation of duties between recording cash
receipts and depositing cash. P
occurrence. Yes Yes No Yes
b. Bank accounts are reconciled monthly by persons
Deciding actions to address
independent of cash recording and cash custody.
those risks. Yes No No Yes
c. The human resources department authorizes the
hiring of only those persons for accounting
Control Activities positions that meet the written job requirements
specified by the corporate controller. P
24. Control activities are policies and procedures helping d. An accounting manual, accompanied by a detailed
to ensure that actions are taken to address risks to chart of accounts, carefully and clearly describes
achievement of entity’s objectives. Control activities each type of transaction affecting the entity. P
may be
a. Manual.
31. Internal controls may be preventive, detective, or
b. Automated. corrective. Which of the following is preventive? a.
c. Manual and automated. Requiring two persons to open mail.
d. All of the above. b. Reconciling the accounts receivable subsidiary file
with the control account. D
25. Control activities component of internal control include c. Preparing bank reconciliations. D
a. b. c. d.
Performance reviews Yes Yes Yes No Information System and Communication
Information processing Yes No No Yes
32. An information system consists of __________ that
Physical controls Yes Yes No No
interrelate to achieve a business goal.
Segregation of duties Yes Yes Yes Yes
a. b. c. d.
Authorization Yes Yes Yes Yes
Physical and hardware
infrastructure. Yes Yes Yes No
26. Which of the following control activities refers to
information processing control? Software. Yes No No Yes
a. Reviews of actual performance versus budgets and Data. Yes Yes No No
prior performance. PERFORMANCE CONTROL Manual and automated
b. Checking of accuracy, completeness, and procedures. Yes Yes Yes Yes
authorization of transactions, which include People. Yes Yes Yes Yes
general controls and application controls.
Extent of Understanding of the Entity's Relevant Controls c. A written description of the process and flow of
—Design and Implementation documents and of the control points.
d. Diagrams of the client’s system that track the
58. The auditor must evaluate the design of relevant flow of documents and processing.
controls and determine whether they have been
implemented. Evaluating the design of the entity’s 65. Questionnaires consist of a series of interrelated
internal control would involve questions about internal control policies and
a. Considering whether the control, individually or in procedures. The questions are typically phrased so
combination with other controls, is capable of that a “Yes” indicates a control strength and a “No”
effectively preventing or detecting and correcting, indicates a potential weakness. An advantage(s) of the
material misstatements. questionnaire is(are)
b. Determining whether control exists and the entity a. Provide a visual representation of the system and
is using it. flexible in construction.
c. Determining the how, by whom, and consistency b. Help identify control concerns and prevents the
of application of internal control. auditor from overlooking important control
d. Determining whether the control is operating considerations.
effectively. c. Flexible to prepare, although difficult for a complex
system.
59. Obtaining an understanding of internal control through d. Identify the contingencies considered in the
risk assessment procedures involves evaluating the description of a problem and the appropriate
a. b. c. d. actions to be taken in each case.
63. Which of the following is not a medium that can 69. Which of the following best represents a walkthrough?
normally be used by an auditor to record information a. The controller reviews the bank reconciliation
concerning a client's internal control policies and prepared by the accountant and its resulting
procedures? journal entries.
c. Decision table. c. Check list. b. The auditor walks the production line to find
d. Policy manual. d. Questionnaire. inefficiencies in the inventory process and reports
them to management.
64. A decision table c. The controller takes a sample of write-offs to
a. Consists of a series of procedures to be performed. ensure they have been adequately documented
b. Logic diagrams presented in matrix form. and recorded.
d. The auditor traces three purchasing transactions b. the person performing the control does not
from the purchase order to the financial statement possess the necessary authority or competence.
for observation and understanding. c. Either a or b.
b. Employees in the normal course of performing and communicated this finding in writing to the client's their
assigned functions. senior management and those charged with
c. Management when reviewing interim financial governance. The auditor should statements and reconciling
account balances. a. Consider the weakness a scope limitation and
d. Outside consultants who issue a special-purpose therefore disclaim an opinion. report on internal control
structure. b. Suspend all audit activities pending directions from the client's audit committee.
78. The auditor is not obligated to search for deficiencies c. Withdraw from the engagement.
in internal control, although the he/she must d. Consider the effects of the condition on the audit. communicate
control deficiencies noted. Which of the following control deficiencies the auditor must 80. When a compensating
control exists, the absence of a communicate to management and those charged with key control: governance?
a. is still a major concern to the auditor.
a. Control deficiency. b. could cause a material loss, so it must be tested
b. Significant deficiency. using substantive procedures.
c. Material weakness. c. is magnified and must be removed from the
d. Both b and c. sampling process and examined in its entirety.
d. is no longer a concern because there is no longer
79. During the audit the independent auditor identified the a significant deficiency or material weakness.
existence of a weakness in the client's internal control
5. The essence of an effectively controlled organization 12. Which of the following best describes the inherent
(i.e., control environment) lies in the: limitations that should be recognized by an auditor
a. effectiveness of its independent auditor. when considering the potential effectiveness of
b. effectiveness of its internal auditor. internal control?
c. attitude of its employees. a. Procedures that depend on segregation of duties
d. attitude of its management. can be circumvented by collusion.
b. Competent and honest client personnel provide an
6. A component of COSO’s internal control system environment conducive to accounting control and
concerns the process of identifying, capturing, and provide absolute assurance that effective control
exchanging information in a timely fashion to enable will be achieved.
accomplishment of the organization’s objective. This c. Procedures designed to assure the execution and
component is called recording of transactions in accordance with
a. control activities. proper authorizations are effective against
b. information and communication. irregularities perpetrated by management.
c. monitoring. d. The benefits expected to be derived from effective
d. control environment. internal accounting control usually do not exceed
the costs of such control.
7. A proper segregation of duties requires
a. An individual maintaining custody of an asset be 13. When evaluating a client's system of internal control to
entitled to access the accounting records for the determine whether the necessary procedures are
asset. prescribed and have been implemented satisfactorily,
an auditor must
b. An individual authorizing a transaction records it
a. Develop questionnaires and checklists.
c. An individual recording a transaction not compare
the accounting record of the asset with the asset b. Obtain an understanding of internal control.
itself c. Perform tests of internal control procedures.
d. An individual authorizing a transaction maintain a d. Evaluate administrative policies.
custody of the asset that resulted from a
transaction 14. Which of the following would an auditor least likely
perform when obtaining understanding of the entity’s
8. Which of the following is a detective control designed internal control?
to detect the occurrence of a misstatement? a. Access a. Re-performance of internal control
controls. b. Inquiries of appropriate personnel
b. Edit controls. c. Inspection of documents and record
c. Reconciliations. d. Observation of the entity’s activities and
d. All of the above are detective controls. operations
9. Which of the following statements about internal 15. The auditor observes client employees during the
control is correct? review of the client's system of internal control in
a. Properly maintained internal controls reasonably order to
assure that collusion among employees cannot a. Prepare a flowchart.
occur. b. Update information contained in the organization
b. Establishing and maintaining internal control is the and procedure manuals.
internal auditor's responsibility. c. Assist in obtaining an understanding of the client's
c. Exceptionally strong control allows the auditor to internal control policies and procedures.
eliminate substantive tests of details. d. Determine the extent of compliance with quality
d. The cost benefit relationship should be considered control standards.
in designing internal controls.
- end of AT.3009 -