TF Risk assessment is process of identifying, measuring and analyzing risks

relevant to a process which is subject to quantitative and qualitative factors and

are independent on the time frame of the review. false
TF Internal auditors may fail to identify relevant risks due to their lack of
in-depth knowledge of the process being audited. true
TF After risks are identified, they must be measured using only quantitative
tools. false
TF The risk matrix is a widely used and highly effective tool to record, analyze
the objectives, risks and controls in the program or process that is being audited
as defined in the scope definition. This is an essential ingredient when
conducting risk-based audits, as they provide a means to capture and analyze those
items. true
TF Risk assessment and risk management are the same in that they are both
iterative and dynamic. false
TF When management is assessing exposures to various risks, they must pay
particular attention to data security. This goes beyond assessing the personally
identifiable information that tends to be affect integrity and availability of
information. true
TF Control self-assessments require managers to think about the design and
condition of their areas of responsibility and assess the presence and quality of
the related controls. true
TF The increasing purchasing and wealth creation in emerging markets is
hindering new opportunities that organizations can manage. false
TF Risk and Control Self-Assessment are effective mechanisms to those who are
ownership for risks and controls in the organization by which they can allocate
resources appropriately and institute monitoring policies. true
TF Control frameworks provide a roadmap to identify, assess and manage
objectives, risks and controls. These are able to cover only formal systems. false
TF Generally speaking, corrective controls are preferable to preventive controls
because they identify issues after the fact. false
TF Environmental risks relate to the effects of conditions that allow the
entity to operate freely. false
TF A person's behavior may be different in unique situations, as the person acts
in part in response to the environment. true
TF Control environment is the tone at the top and promoted by the board of
directors and senior management, and it refers to the general attitude , integrity
and ethical practices of the individuals. true
TF Establishing objectives is a precondition to risk management. false
MC Internal controls are designed to provide reasonable assurance that
Control policies have not been circumvented through management's joint
effort. Incorrect The internal auditing department's guidance and oversight
of management's performance is accomplished economically and efficiently.
Incorrect Management's planning, organizing, and directing processes are
properly evaluated. Incorrect Material errors or fraud would be prevented or
detected an corrected within a timely period by employees in the course of
performing their assigned duties. Correct
MC Which of the following statements about internal control is correct?
Effectively designed internal control reasonably ensures that collusion among
employees cannot occur. Incorrect The establishment and maintenance of internal
control are important responsibilities of the internal auditor. Incorrect
Exceptionally strong internal control is enough for the auditor to eliminate
substantive tests on a significant account balance. Incorrect The cost benefit
relationship is a primary criteria that should be considered in designing internal
control. Correct
MC Which of the following is not an assurance to be provided by an effective
internal control system? Management is responsible for knowledge and
authorization of transactions. Incorrect Transactions are recorded to
maintain accountability for assets. Incorrect Access to assets is limited to
members of management. Correct Transactions are recorded to permit the
preparation of reliable financial statements. Incorrect
MC When an organization has strong internal control, management can expect
various benefits. The benefit least likely to occur is a reduced cost of an
external audit. Incorrect an elimination of employee fraud. Correct the
availability of reliable data for decision-making purposes and protection of
important documents and records. Incorrect an assurance of compliance to
applicable laws and regulations. Incorrect
MC External factors can serve to either strengthen or weaken an entity's
internal control. Which of the following conditions supports strong internal
control? Strict monitoring by the Bureau of Internal Revenue. Correct The
existence of related parties and related party transactions. Incorrect
Pressure by the financial community to improve earnings performance.
Incorrect An economic downturn. Incorrect
MC Proper segregation of functional responsibilities in an effective system of
internal control calls for separation of the functions of: Authorization,
execution, and payment. Incorrect Authorization, recording and custody.
Correct Custody, execution and reporting. Incorrect Authorization,
payment and recording. Incorrect
MC Which of the following procedures is essential to determining whether
necessary control activities were prescribed and are being followed? Developing
questionnaires and checklists. Incorrect Evaluating the entity's procedures
for risk assessment. Incorrect Documenting and testing controls. Correct
Observing employees and making inquiries. Incorrect
MC The three key concepts that underlie the study of an internal control
structure and the assessment of control risk would not include a criterion that
the control risk may range from zero to 100%. Correct management, not
the auditor, must establish and maintain the entity's controls. Incorrect the
internal control structure provides reasonable, but not absolute, assurance that
the financial statements are fairly stated. Incorrect the internal control
structure can never be regarded as completely effective. Incorrect
MC Auditors frequently use flowcharts in connection with which of the following?
Preparation of generalized computer audit programs. Incorrect Review of
the client's internal control procedures. Correct Use of statistical sampling
in performing an audit. Incorrect Performance of analytical review procedures for
account balances. Incorrect
MC Which of the following is not a medium that can normally be used by an
auditor to record information concerning a client's internal control policies and
procedures? Narrative memorandum. Incorrect Procedures manual. Correct
Flowchart. Incorrect Questionnaire. Incorrect
MC Controls that enhance the reliability of the financial statements may be
classified as prevention controls and detection controls. Which of the following
is primary a detection control? Separation of duties between recording cash
receipts and depositing cash. Incorrect Bank accounts are reconciled monthly by
persons independent of cash recording and cash custody. Correct The human
resource department authorizes the hiring of only those persons for accounting
positions that meet the written job requirements specified by the corporate
controller. Incorrect An accounting manual, accompanied by a detailed chart of
accounts, carefully and clearly describes each type of transaction affecting the
entity. Incorrect
MC One aspect of internal controls requires companies to maintain adequate
documents and records. Which of the following statements is not correct with
respect to an entity's maintenance of documents and records? Documents should
be prenumbered only if the client has no other means to maintain records of which
documents have been used. Correct Documents should be sufficiently simple
to ensure that they are clearly understood. Incorrect Documents should be
prepared at the time a transaction occurs or as soon thereafter as possible.
Incorrect Documents should be prenumbered consecutively to facilitate
control over missing documents. Incorrect
MC Corporate directors, management, external auditors, and internal auditors all
play important roles in creating a proper control environment. Top management is
primarily responsible for: Establishing a proper environment and specifying
overall internal control. Correct Reviewing the reliability and integrity
of financial information and the means used to collect and report such information.
Incorrect Ensuring that external and internal auditors adequately monitor
the control environment. Incorrect Implementing and monitoring controls that
are designed by the board of directors. Incorrect
MC Which of the following is not a part of the control environment? Management
philosophy and operating style. Incorrect Organizational structure.
Incorrect Information and communications systems. Correct Assignment
of authority and responsibility. Incorrect
MC In general, a material internal control weakness may be defined as a
condition in which material errors or fraud would ordinarily not be detected within
a timely period by An auditor during the normal study and evaluation of the
system of internal control. Incorrect A controller when reconciling accounts in
the general ledger. Incorrect Employees in the normal course of performing
their assigned functions. Correct The chief financial officer when
reviewing interim financial statements. Incorrect
MC Control risk is a measure of the auditor's expectation that the internal
control structure Will prevent material misstatements from occurring. Incorrect
Will detect and correct material misstatements. Incorrect Will either
prevent material misstatements or detect and correct them. Incorrect Will neither
prevent material misstatements nor detect and correct them.Correct
MC Which of the following statements is correct concerning an auditor's
assessment of control risk? Assessing control risk may be performed concurrently
during an audit with obtaining an understanding of the entity's internal control.
Correct Evidence about the operation of internal control in prior audits
may not be considered during the current year's assessment of control risk.
Incorrect The basis for an auditor's conclusions about the assessed level
of control risk need not be documented unless control risk is assessed at the
maximum level. Incorrect The lower the assessed level of control risk, the
less assurance the evidence must provide that the control procedures are operating
effectively. Incorrect
MC Assume that a company has a control deficiency regarding the processing of
cash receipts. Reconciliation of cash accounts by a competent individual otherwise
independent of the cash function might make the likelihood of a significant
misstatement due to the control deficiency remote. In this situation,
reconciliation may be referred to as what type of control? Compensating.
Correct Preventive. Incorrect Adjustive. Incorrect Nonroutine.
Incorrect
MC Management philosophy and operating style mostly would have a significant
influence on an entity's control environment when: The internal auditor reports
directly to management. Incorrect Management is dominated by one individual.
Correct Accurate management job descriptions delineate specific duties.
Incorrect The audit committee actively oversees the financial reporting
process. Incorrect
MC Monitoring is accomplished by the client through Continuing and periodic
evaluations. Correct SEC reports on the client. Incorrect Its Risk
Management Department Incorrect Analyst's report on the stock of the client.
Incorrect
MC Which of the following is not a reason that auditors should understand
information technology of the client? To plan the audit engagement. Incorrect
To be able to run audit software on the client's computers.Correct To
have the ability to effectively perform the audit engagement. Incorrect To
know when to engage specialists for the engagement. Incorrect
MC When auditing a private company, an auditor should obtain an understanding of
internal control sufficient to Provide reasonable protection against client
fraud and defalcations by client employees. Incorrect Assess control risk.
Correct Provide a basis for suggestions to the client for improving the
accounting system. Incorrect Provide a method for safeguarding assets,
checking the accuracy and reliability of accounting data, promoting operational
efficiency and encouraging adherence to prescribed managerial policies.
Incorrect
MC In making its assessment of internal control, management Allow internal
auditors to perform the assessment and take responsibility for it. Incorrect
Must support the evaluation with documentation. Correct Must perform its
evaluations on an annual basis. Incorrect May choose to contract with third
parties to make the assessment and issue the report. Incorrect
MC Internal control reports issued by public companies must identify the
framework used to evaluate the effectiveness of internal control. Which of the
following is the most common framework in the U.S.? Effective Internal Control
Framework – AICPA. Incorrect Internal Control – Integrated Framework – COSO.
Correct Enterprise Internal Control – COSO. Incorrect Enterprise
Internal Control – AICPA. Incorrect
MC Authorizations can be either general or specific. Which of the following is
not an example of a general authorization? Automatic reorder points for raw
materials. Incorrect A sales manager's authorization for a sales return.
Incorrect Credit limits for various classes of customers. Correct A
sales price list for merchandise. Incorrect
MC The most important type of protective measure for safeguarding assets is:
Adequate separation of duties among personnel. Incorrect Proper
authorization of transactions. Incorrect The use of physical precautions.
Correct Adequate documentation. Incorrect
MC Which of the following is likely to be of least importance to an auditor when
assessing control risk in a company that processes data by computer? The
segregation of duties within the computer department. Incorrect The control over
source documents. Incorrect The documentation maintained for accounting
applications. Incorrect The cost-benefit ratio of data processing operations
Correct
MC Which of the following is TRUE about the auditor's consideration of internal
control? The auditors must assess control risk at a level lower than the
maximum. Incorrect The auditors must prepare a flowchart description of
internal control for their working papers. Incorrect The auditors must obtain
an understanding of the steps in processing major types of transactions.
Correct The auditors must perform tests of controls. Incorrect
MC Which of the following would be of least interest to the auditors in
considering internal control? Procedures that are concerned with the decision
processes leading to management's authorization of transactions. Correct
Procedures restricting access to assets. Incorrect Procedures related to
recording transactions. Incorrect Policies concerning the reconciliation of
accounting records to existing assets. Incorrect
MC An objective of a walk-through is to Verify that the structure has been
placed in operation. Correct Replace tests of controls. Incorrect
Evaluate the major strengths and weaknesses in the client's structure.
Incorrect Identify weaknesses to be communicated to management in the
management letter. Incorrect
MC Which of the following is an advantage of describing internal control through
the use of a standardized questionnaire? Questionnaires highlight weaknesses in
the system. Correct Questionnaires are more flexible than other methods of
describing internal control. Incorrect Questionnaires usually identify
situations which internal control weaknesses are compensated for by other strengths
in the system. Incorrect Questionnaires provide a clearer and more specific
portrayal of a client's system than other methods of describing internal control.
Incorrect
MC The four functions that are common to all accounting systems regardless of
complexity are: Journalizing, posting, trial balance and reports. Incorrect
Data preparation, data entry, transaction processing and master file update,
and document and report generation. Correct Data preparation, journalizing,
posting and reports. Incorrect Data entry, transaction processing and master
file update, report generation and document generation functions. Incorrect
MC Of the following control environment characteristics, identify the one that
contributes most to effective internal control The audit committee consists of the
president, two vice-presidents and the corporate controller. Incorrect The
company does not have a centralized human resources function. Incorrect The
company routinely transacts business with related parties. Incorrect The company
has an effective internal audit staff that monitors controls on a continuous basis.
Correct
MC Which of the following is not a valid concept of internal control? When
one person is responsible for all phases of a transaction, there should be a clear
designation of the person's responsibility. Correct The recorded
accountability for assets should be compared with the existing assets at reasonable
intervals and appropriate action should be taken if there are differences.
Incorrect Accounting control procedures may appropriately be applied on a
test basis in some circumstances. Incorrect Procedures designed to detect
errors and irregularities should be performed by persons other than those in a
position to perpetuate irregularities. Incorrect
MC Control procedures do not encompass: Comparison of assets with recorded
accountability. Incorrect Design and use of documents. Incorrect Proper
safeguards over access to assets. Incorrect An internal audit function.
Correct