TF Risk assessment is process of identifying, measuring and analyzing risks
relevant to a process which is subject to quantitative and qualitative factors and
are independent on the time frame of the review. false TF Internal auditors may fail to identify relevant risks due to their lack of in-depth knowledge of the process being audited. true TF After risks are identified, they must be measured using only quantitative tools. false TF The risk matrix is a widely used and highly effective tool to record, analyze the objectives, risks and controls in the program or process that is being audited as defined in the scope definition. This is an essential ingredient when conducting risk-based audits, as they provide a means to capture and analyze those items. true TF Risk assessment and risk management are the same in that they are both iterative and dynamic. false TF When management is assessing exposures to various risks, they must pay particular attention to data security. This goes beyond assessing the personally identifiable information that tends to be affect integrity and availability of information. true TF Control self-assessments require managers to think about the design and condition of their areas of responsibility and assess the presence and quality of the related controls. true TF The increasing purchasing and wealth creation in emerging markets is hindering new opportunities that organizations can manage. false TF Risk and Control Self-Assessment are effective mechanisms to those who are ownership for risks and controls in the organization by which they can allocate resources appropriately and institute monitoring policies. true TF Control frameworks provide a roadmap to identify, assess and manage objectives, risks and controls. These are able to cover only formal systems. false TF Generally speaking, corrective controls are preferable to preventive controls because they identify issues after the fact. false TF Environmental risks relate to the effects of conditions that allow the entity to operate freely. false TF A person's behavior may be different in unique situations, as the person acts in part in response to the environment. true TF Control environment is the tone at the top and promoted by the board of directors and senior management, and it refers to the general attitude , integrity and ethical practices of the individuals. true TF Establishing objectives is a precondition to risk management. false MC Internal controls are designed to provide reasonable assurance that Control policies have not been circumvented through management's joint effort. Incorrect The internal auditing department's guidance and oversight of management's performance is accomplished economically and efficiently. Incorrect Management's planning, organizing, and directing processes are properly evaluated. Incorrect Material errors or fraud would be prevented or detected an corrected within a timely period by employees in the course of performing their assigned duties. Correct MC Which of the following statements about internal control is correct? Effectively designed internal control reasonably ensures that collusion among employees cannot occur. Incorrect The establishment and maintenance of internal control are important responsibilities of the internal auditor. Incorrect Exceptionally strong internal control is enough for the auditor to eliminate substantive tests on a significant account balance. Incorrect The cost benefit relationship is a primary criteria that should be considered in designing internal control. Correct MC Which of the following is not an assurance to be provided by an effective internal control system? Management is responsible for knowledge and authorization of transactions. Incorrect Transactions are recorded to maintain accountability for assets. Incorrect Access to assets is limited to members of management. Correct Transactions are recorded to permit the preparation of reliable financial statements. Incorrect MC When an organization has strong internal control, management can expect various benefits. The benefit least likely to occur is a reduced cost of an external audit. Incorrect an elimination of employee fraud. Correct the availability of reliable data for decision-making purposes and protection of important documents and records. Incorrect an assurance of compliance to applicable laws and regulations. Incorrect MC External factors can serve to either strengthen or weaken an entity's internal control. Which of the following conditions supports strong internal control? Strict monitoring by the Bureau of Internal Revenue. Correct The existence of related parties and related party transactions. Incorrect Pressure by the financial community to improve earnings performance. Incorrect An economic downturn. Incorrect MC Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of: Authorization, execution, and payment. Incorrect Authorization, recording and custody. Correct Custody, execution and reporting. Incorrect Authorization, payment and recording. Incorrect MC Which of the following procedures is essential to determining whether necessary control activities were prescribed and are being followed? Developing questionnaires and checklists. Incorrect Evaluating the entity's procedures for risk assessment. Incorrect Documenting and testing controls. Correct Observing employees and making inquiries. Incorrect MC The three key concepts that underlie the study of an internal control structure and the assessment of control risk would not include a criterion that the control risk may range from zero to 100%. Correct management, not the auditor, must establish and maintain the entity's controls. Incorrect the internal control structure provides reasonable, but not absolute, assurance that the financial statements are fairly stated. Incorrect the internal control structure can never be regarded as completely effective. Incorrect MC Auditors frequently use flowcharts in connection with which of the following? Preparation of generalized computer audit programs. Incorrect Review of the client's internal control procedures. Correct Use of statistical sampling in performing an audit. Incorrect Performance of analytical review procedures for account balances. Incorrect MC Which of the following is not a medium that can normally be used by an auditor to record information concerning a client's internal control policies and procedures? Narrative memorandum. Incorrect Procedures manual. Correct Flowchart. Incorrect Questionnaire. Incorrect MC Controls that enhance the reliability of the financial statements may be classified as prevention controls and detection controls. Which of the following is primary a detection control? Separation of duties between recording cash receipts and depositing cash. Incorrect Bank accounts are reconciled monthly by persons independent of cash recording and cash custody. Correct The human resource department authorizes the hiring of only those persons for accounting positions that meet the written job requirements specified by the corporate controller. Incorrect An accounting manual, accompanied by a detailed chart of accounts, carefully and clearly describes each type of transaction affecting the entity. Incorrect MC One aspect of internal controls requires companies to maintain adequate documents and records. Which of the following statements is not correct with respect to an entity's maintenance of documents and records? Documents should be prenumbered only if the client has no other means to maintain records of which documents have been used. Correct Documents should be sufficiently simple to ensure that they are clearly understood. Incorrect Documents should be prepared at the time a transaction occurs or as soon thereafter as possible. Incorrect Documents should be prenumbered consecutively to facilitate control over missing documents. Incorrect MC Corporate directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Top management is primarily responsible for: Establishing a proper environment and specifying overall internal control. Correct Reviewing the reliability and integrity of financial information and the means used to collect and report such information. Incorrect Ensuring that external and internal auditors adequately monitor the control environment. Incorrect Implementing and monitoring controls that are designed by the board of directors. Incorrect MC Which of the following is not a part of the control environment? Management philosophy and operating style. Incorrect Organizational structure. Incorrect Information and communications systems. Correct Assignment of authority and responsibility. Incorrect MC In general, a material internal control weakness may be defined as a condition in which material errors or fraud would ordinarily not be detected within a timely period by An auditor during the normal study and evaluation of the system of internal control. Incorrect A controller when reconciling accounts in the general ledger. Incorrect Employees in the normal course of performing their assigned functions. Correct The chief financial officer when reviewing interim financial statements. Incorrect MC Control risk is a measure of the auditor's expectation that the internal control structure Will prevent material misstatements from occurring. Incorrect Will detect and correct material misstatements. Incorrect Will either prevent material misstatements or detect and correct them. Incorrect Will neither prevent material misstatements nor detect and correct them.Correct MC Which of the following statements is correct concerning an auditor's assessment of control risk? Assessing control risk may be performed concurrently during an audit with obtaining an understanding of the entity's internal control. Correct Evidence about the operation of internal control in prior audits may not be considered during the current year's assessment of control risk. Incorrect The basis for an auditor's conclusions about the assessed level of control risk need not be documented unless control risk is assessed at the maximum level. Incorrect The lower the assessed level of control risk, the less assurance the evidence must provide that the control procedures are operating effectively. Incorrect MC Assume that a company has a control deficiency regarding the processing of cash receipts. Reconciliation of cash accounts by a competent individual otherwise independent of the cash function might make the likelihood of a significant misstatement due to the control deficiency remote. In this situation, reconciliation may be referred to as what type of control? Compensating. Correct Preventive. Incorrect Adjustive. Incorrect Nonroutine. Incorrect MC Management philosophy and operating style mostly would have a significant influence on an entity's control environment when: The internal auditor reports directly to management. Incorrect Management is dominated by one individual. Correct Accurate management job descriptions delineate specific duties. Incorrect The audit committee actively oversees the financial reporting process. Incorrect MC Monitoring is accomplished by the client through Continuing and periodic evaluations. Correct SEC reports on the client. Incorrect Its Risk Management Department Incorrect Analyst's report on the stock of the client. Incorrect MC Which of the following is not a reason that auditors should understand information technology of the client? To plan the audit engagement. Incorrect To be able to run audit software on the client's computers.Correct To have the ability to effectively perform the audit engagement. Incorrect To know when to engage specialists for the engagement. Incorrect MC When auditing a private company, an auditor should obtain an understanding of internal control sufficient to Provide reasonable protection against client fraud and defalcations by client employees. Incorrect Assess control risk. Correct Provide a basis for suggestions to the client for improving the accounting system. Incorrect Provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency and encouraging adherence to prescribed managerial policies. Incorrect MC In making its assessment of internal control, management Allow internal auditors to perform the assessment and take responsibility for it. Incorrect Must support the evaluation with documentation. Correct Must perform its evaluations on an annual basis. Incorrect May choose to contract with third parties to make the assessment and issue the report. Incorrect MC Internal control reports issued by public companies must identify the framework used to evaluate the effectiveness of internal control. Which of the following is the most common framework in the U.S.? Effective Internal Control Framework – AICPA. Incorrect Internal Control – Integrated Framework – COSO. Correct Enterprise Internal Control – COSO. Incorrect Enterprise Internal Control – AICPA. Incorrect MC Authorizations can be either general or specific. Which of the following is not an example of a general authorization? Automatic reorder points for raw materials. Incorrect A sales manager's authorization for a sales return. Incorrect Credit limits for various classes of customers. Correct A sales price list for merchandise. Incorrect MC The most important type of protective measure for safeguarding assets is: Adequate separation of duties among personnel. Incorrect Proper authorization of transactions. Incorrect The use of physical precautions. Correct Adequate documentation. Incorrect MC Which of the following is likely to be of least importance to an auditor when assessing control risk in a company that processes data by computer? The segregation of duties within the computer department. Incorrect The control over source documents. Incorrect The documentation maintained for accounting applications. Incorrect The cost-benefit ratio of data processing operations Correct MC Which of the following is TRUE about the auditor's consideration of internal control? The auditors must assess control risk at a level lower than the maximum. Incorrect The auditors must prepare a flowchart description of internal control for their working papers. Incorrect The auditors must obtain an understanding of the steps in processing major types of transactions. Correct The auditors must perform tests of controls. Incorrect MC Which of the following would be of least interest to the auditors in considering internal control? Procedures that are concerned with the decision processes leading to management's authorization of transactions. Correct Procedures restricting access to assets. Incorrect Procedures related to recording transactions. Incorrect Policies concerning the reconciliation of accounting records to existing assets. Incorrect MC An objective of a walk-through is to Verify that the structure has been placed in operation. Correct Replace tests of controls. Incorrect Evaluate the major strengths and weaknesses in the client's structure. Incorrect Identify weaknesses to be communicated to management in the management letter. Incorrect MC Which of the following is an advantage of describing internal control through the use of a standardized questionnaire? Questionnaires highlight weaknesses in the system. Correct Questionnaires are more flexible than other methods of describing internal control. Incorrect Questionnaires usually identify situations which internal control weaknesses are compensated for by other strengths in the system. Incorrect Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internal control. Incorrect MC The four functions that are common to all accounting systems regardless of complexity are: Journalizing, posting, trial balance and reports. Incorrect Data preparation, data entry, transaction processing and master file update, and document and report generation. Correct Data preparation, journalizing, posting and reports. Incorrect Data entry, transaction processing and master file update, report generation and document generation functions. Incorrect MC Of the following control environment characteristics, identify the one that contributes most to effective internal control The audit committee consists of the president, two vice-presidents and the corporate controller. Incorrect The company does not have a centralized human resources function. Incorrect The company routinely transacts business with related parties. Incorrect The company has an effective internal audit staff that monitors controls on a continuous basis. Correct MC Which of the following is not a valid concept of internal control? When one person is responsible for all phases of a transaction, there should be a clear designation of the person's responsibility. Correct The recorded accountability for assets should be compared with the existing assets at reasonable intervals and appropriate action should be taken if there are differences. Incorrect Accounting control procedures may appropriately be applied on a test basis in some circumstances. Incorrect Procedures designed to detect errors and irregularities should be performed by persons other than those in a position to perpetuate irregularities. Incorrect MC Control procedures do not encompass: Comparison of assets with recorded accountability. Incorrect Design and use of documents. Incorrect Proper safeguards over access to assets. Incorrect An internal audit function. Correct