Nation’s Foremost Review Center

1. It is a process, effected by those charged with governance, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives in the
following categories:
 Effectiveness and efficiency of operations
 Reliability of financial reporting
 Compliance with applicable laws and regulations

a. Internal auditing b. Internal control c. Business strategy d. Accounting process

2. Which of the following best describes an internal control system?

a. All the policies and procedures adopted by the management of an entity to assist in
achieving management’s objective of ensuring, as far as practicable, orderly and efficient
conduct of its business, including adherence to management policies; safeguarding of
assets; prevention; prevention and detection of fraud and error; accuracy and completeness
of the accounting records; and timely preparation of reliable financial information.
b. The series of tasks and records of an entity by which transactions are processed as a means
of maintaining financial records. Such systems identify, assemble, analyze calculate, classify,
record, summarize and report transactions and other events.
c. This includes, but is not limited to, plan of organization and the procedures and records that
are concerned with the decision processes leading to management’s authorization of
transactions. It promotes operational efficiency and adherence to managerial policies.
d. This comprises the plan of organization and the procedures and records that are concerned
with the safeguarding of assets and the reliability of financial records. It involves systems of
authorization and approval controls over assets, internal audit and all other financial
matters.

3. Which of the following is not one of the essential concepts of internal controls?
a. It is a process
b. It is effected by those charged with governance, management, and other personnel in an
entity
c. It is a means or tool used by management to achieve the entity’s objectives
d. It can be expected to absolute assurance regarding that the achievement of the entity’s
objectives

4. A reason to establish internal control is to:

a. Have a basis for planning the audit
b. Provide reasonable assurance that the objectives of the organization are achieved
c. Encourage compliance with organizational objectives
 d. The recorder accountability for assets is compared with the existing assets at reasonalble
intervals

5. Internal controls are not designed to provide reasonable assurance that

a. Transactions are executed in accordance with management’s authorization
b. Irregularities will be eliminated
c. Access to assets is permitted only in accordance with management’s authorization
d. The recorded accountability for assets is compared with the existing assets at reasonable
intervals

6. Internal control can only provide reasonable, not absolute, assurance of achieving entity control
objectives. One of the factors limiting the likelihood of achieving those objectives is that:
a. The auditor’s primary responsibility is the detection of fraud
b. The board of directors is active and independent
c. The cost of internal control should not exceed its benefits
d. Management monitors internal control

7. Which of the following is an example of an inherent limitation in a client’s internal control

system?
a. The effectiveness of procedures depends on the segregation of employee duties
b. Procedures are designed to assure the execution and recording of transactions in
accordance with management’s authorization.
c. In the performance of most control procedures, there are possibilities of errors arising from
mistakes in judgment.
d. Procedures for handling large numbers of transactions are processed by information
technology (IT) equipment
8. An internal control system that is working effectively
a. Eliminates risk and potential loss of to the entity
b. Cannot be circumvented by management
c. Reduces the need for management the review exception reports on a day-to-day basis
d. Is unaffected by changing circumstances and conditions encountered by the entity
9. Which of the following most likely would not be considered an inherent limitation of the
potential effectiveness of an entity’s internal control?
a. Incompatible duties c. Management override
b. Mistakes in judgment d. Collusion among employees
10. This internal control component is the foundation of all other components. It set the tone of the
organization, provides discipline and structure, and influences the control consciousness of
employees.
a. Control activities c. Control environment
b. Monitoring of control d. Entity’s risk assessment process
11. Which of the following statements best describes “control environment”?
 a. The entity’s process for identifying business risk relevant to financial reporting objectives
and deciding about actins to address those risks, and the results thereof.
b. The system for transferring information from transaction processing systems to the general
ledger or the financial reporting system.
c. Policies and procedures that help ensure that management directives are carried out
d. This includes the governance and management functions and attitudes, awareness, and
actions of those charged with governance and management concerning the entity’s internal
control and its importance to the entity.
12. Which of the following considered control environment elements?

Commitment To Organizational
competence Detection Risk Structure
a Yes No Yes
b Yes Yes Yes
c No No No
d No No Yes

13. The information system consists of the following:

A B C D
 Infrastracture (physical and hardware components) Yes Yes No Yes
 Software Yes Yes Yes Yes
 People No Yes No No
 Procedures and inputs No Yes Yes No

14. An entity’s risk assessment process includes how management:

A B C D
 Identifies risk Yes Yes No Yes
 Assesses significande and likelihood of
occurrence of these identified risks Yes Yes Yes No
 Decides upon actions to manage these risks Yes No Yes No

15. Risks can arise or change due to circumstances such as the following, except:
a. There is a change in the regulatory or operating environment (i.e. a new law has been
passed which prohibits the use of a chemical which is a main ingredient of the company’s
major product).
b. New employees have been hired by the company.
 c. The company switched from manual information systems to a computerized system.
d. The accounting and financial reporting framework has remained stable for the past five
years, and no new pronouncements have been made.
16. Under PSA 315, monitoring of controls is an integral control component that involves a process
of assessing the quality of internal performance over time. It involves assessing the design and
operation of controls on a timely basis and taking necessary corrective actions. Monitoring of
controls is accomplished through ongoing monitoring activities, separate evaluations, or a
combination of the two. An entity’s ongoing monitoring activities often include
a. Periodic reporting by the entity’s internal auditors about the functioning of internal control
b. Reviewing the purchasing account
c. Periodic audits by the audit committee
d. The audit of the annual financial statements
17. Control activities constitute one of the five components of internal control. Which of the
following is not included in this internal control component?
a. Segregation of duties c. An internal audit function
b. Performance reviews d. Authorization
18. Which of the following statements concerning the relevance of various types of to a financial
statement audit is correct?
a. All the controls are ordinarily relevant to a financial statement audit.
b. Controls over the reliability of assets and liabilities are of primary importance, while controls
over the reliability of financial reporting may also be relevant.
c. Controls over the reliability of financial reporting are ordinarily most directly relevant to a
financial statement audit, but other controls may also be relevant.
d. An auditor may ordinarily ignore a consideration of controls when a substantive audit
approach is taken.
19. Control activities are the policies and procedures that help ensure that management directives
are carried out. These include activities relating authorization, performance reviews,
information processing, physical controls and segregation of duties. There is proper segregation
of duties when an individual who
a. Authorizes a transaction records it.
b. Maintains custody of an asset has access to the accounting records for the asset.
c. Authorizes transaction maintains custody of the asset that resulted from the transaction.
d. Records a transaction do not compare the accounting record of the asset with the asset itself.
20. Which of the following statements is most correct with respect to separation of duties?
a. Employees should not have temporary and permanent custody of assets.
b. Employees who authorize transactions should not have custody of related assets.
c. It is permissible to allow an employee to open cash receipts and record those receipts.
d. Employees who authorize transactions should have recording responsibility for these
transactions.
21. Which of the following is not an example of a general authorization?
a. Automatic reorder points for raw material inventory.
b. A sales manager’s authorization for sales return.
 c. Credit limits for various classes of transactions.
d. A sales price list for merchandise.
22. Which of the following is a management control method that most likely could improve
management’s ability to supervise company activities effectively?
a. Monitoring compliance with internal control requirements imposed by regulatory bodies.
b. Limiting directs access to assets by physical segregation and protective devices.
c. Establishing budgets and forecasts to identify variances form expectations.
d. Supporting employees with the resources necessary to discharge their responsibilities.

ASSESSING AND RESPONDING TO RISKS

23. In an audit of financial statements, an auditor’s primary consideration regarding a control is

whether it:
a. Enhances management’s decision-making process.
b. Affects management’s financial statement assertions.
c. Reflects management’s philosophy and operating style.
d. Provides adequate safeguards over access to assets.
24. PSA 315 requires the auditor to obtain an understanding of the client’s internal controls
a. For every audit c. For first-time audits
b. Sufficient to find any fraud which may exist d. Whenever it would be appropriate
25. Obtaining an understanding of internal control involves:

A B C D
 Evaluating the design of a control Yes Yes Yes No
 Determining whether the control has been
implemented Yes Yes No Yes
 Testing the effectiveness of a control No Yes Yes Yes

26. In planning the audit, the auditor obtains sufficient understanding of the existing internal
control. Which one of the following is not among the auditor’s primary objectives for obtaining
such knowledge?
a. Identify types of material misstatements.
b. Consider the factors that affect the risk of material misstatement.
c. Make constructive suggestions to the client for improvement.
d. Design effective substantive tests.
27. The primary purpose of the auditor’s consideration of internal control is to provide a basis for
a. Determining whether procedures and records that are concerned with the safeguarding of
assets are reliable.
b. Constructive suggestions to clients concerning deficiencies in internal control.
c. Determining the nature, timing and extent of audit tests to be applied.
d. The expression of an opinion.
28. When obtaining knowledge about an entity’s internal control, it is important for the auditor to
consider the competence of its employees, because their competence bears directly and
importantly upon the
a. Cost-benefit relationship of internal control
b. Timing of substantive tests to be performed
c. Comparison of recorded accountability with assets
d. Achievement of the objectives of internal control
29. Which of the following statements, best describes the phrase “evaluating the design of a
control”?
a. Considering whether the control, individually or in combination with other controls, capable
of effectively preventing, or detecting and correcting, material misstatements.
b. Determining whether the control exists and that the entity is using it.
c. Expressing an opinion as to the effectiveness of a control.
d. Observing the application of specific controls.
30. When obtaining an understanding of the accounting and internal control system the auditor
may trace a few transactions through the accounting system. The technique is:
a. Reperformance b. Walk-through c. Control test d. Validity test
31. Control risk assessment procedures include all of the following except
a. Inspection of documents c. Confirmation of bank balances
b. Observation of procedures d. Inquiry of client personnel
32. When obtaining an understanding of an entity’s internal control, an auditor should concentrate
on the substance of controls rather than their form because:
a. The controls may be operating effectively but may not be documented.
b. Management may establish appropriate controls but not act on them.
c. The controls may be so inappropriate that no reliance is contemplated by the auditor.
d. Management may implement controls with costs in excess of benefits.
33. An auditor should obtain sufficient knowledge of an entity’s information system, including the
related business processes relevant to financial reporting, to understand the
a. Policies used to detect the concealment of fraud
b. Process used to prepare significant accounting estimates
c. Safeguards used to limit access to computer facilities
d. Produces used to assure proper authorization of transactions.
34. After obtaining an understanding of an entity’s internal control structure and assessing control
risk, an auditor may next:
a. Perform tests of control to verify management’s assertions that are embodied in the financial
statements.
b. Apply analytical procedures as substantive test to validate the assessed level of control risk.
c. Consider whether evidential matter is available to support a further reduction in the assessed
level of control risk.
d. Evaluate whether the internal control structure policies and procedures detected material
misstatements in the financial statements.
35. After obtaining an understanding of an entity’s internal control, an auditor may assess control
risk at the maximum level for some assertions because the auditor
a. Believes the internal control policies and procedures are unlikely to be effective.
b. Determines that the pertinent internal control components are not well documented.
c. Performs tests of controls to restrict detection risk to an acceptable level
d. Identifies internal control policies and procedures that are likely to prevent material
misstatements.
36. After obtaining an understanding of internal control and assessing control risk, an auditor
decided to perform tests of controls. The auditor most likely decided that
a. Additional evidence to support a further reduction in control risk is not available.
b. It would be efficient to perform tests of controls that would result in a reduction in planned
substantive tests.
c. An increase in the assessed level of control risk is justified for certain financial statement
assertions.
d. There were many internal control weaknesses that could allow errors to enter the accounting
system.
37. An auditor may decide to assess control risk at the maximum level for certain assertions because
the auditor believes
a. Sufficient evidential matter to support the assertions is likely to be available.
b. Evaluating the effectiveness of policies and procedures is inefficient.
c. More emphasis on tests of controls than substantive tests is warranted.
d. Considering the relationship of assertions to specific account balances is more efficient.
38. In a financial statement audit, the auditor is required to perform test of controls when
I. The auditor’s risk assessment includes expectation of the operating effectiveness of controls.
II. When substantive procedures alone do not provide sufficient appropriate audit evidence at
the assertion level.
a. I only b. II only c. Either I and II d. Neither I nor II
39. The more the planned reliance of the auditor on the operating effectiveness of internal controls,
a. The more the extent of the auditor’s test of controls.
b. The less the extent of the auditors test of controls.
c. The more the reliance of the auditor on information generated by the entity.
d. The less the reliance of the auditor on information generated by the entity.
40. Test of controls are used to test whether controls are:
a. Operating effectively c. Properly incorporated in the financial statements
b. Placed in operation or implemented d. Properly documented by the client