Name:

Date:
Write your answers before the number.

1. In general, a material weakness in internal control may be defined as a condition in which

material errors or irregularities may occur and not be detected within a timely period by
a. An independent auditor during tests of controls.
b. Employees in the normal course of performing their assigned functions.
c. Management when reviewing interim financial statements and reconciling account balances.
d. Outside consultants who issue a special-purpose report on internal control structure.

2. Internal control procedures are not designed to provide reasonable assurance that
a. Transactions are executed in accordance with management's authorization.
b. Irregularities will be eliminated.
c. Access to assets is permitted only in accordance with management's authorization.
d. The recorded accountability for assets is compared with the existing assets at reasonable
intervals.

3. Which of the following is the correct order for performing the auditing procedures A through
C below?
A = Tests of controls
B= Preparation of a flowchart depicting the client's internal control structure
C= Substantive tests
a. ABC.
b. ACB.
c. BAC.
d. BCA.

4. A secondary purpose of the auditor's consideration of internal control is to provide

a. A basis for constructive suggestions about improvements in internal control structure.
b. A basis for assessing control risk.
c. An assurance that the records and documents have been maintained in accordance with
existing company policies and procedures.
d. A basis for the determination of the resultant extent of the tests to which auditing
procedures are to be restricted.

5. When considering internal control, an auditor must be aware of the concept of reasonable
assurance, which recognizes that
a. Employment of competent personnel provides assurance that the objectives of internal control
will be achieved.
b. Establishment and maintenance of internal control is an important responsibility of the
management and not of the auditor.
c. Cost of internal control procedures should not exceed the benefits expected to be derived from
the control.
d. Segregation of incompatible functions is necessary to ascertain that the control procedures are
effective.
6. After considering a client's internal control, an auditor has concluded that the system is well
designed and is functioning as anticipated. Under these circumstances, the auditor would most
likely
a. Cease to perform further substantive tests.
b. Not increase the extent of planned substantive tests.
c. Increase the extent of anticipated analytical procedures.
d. Perform all tests of controls to the extent outlined in the preplanned audit program.

7. The primary purpose of the auditor's consideration of internal control is to provide a basis for
a. Determining whether procedures and records that are concerned with the safeguarding of
assets are reliable.
b. Constructive suggestions to clients concerning deficiencies in internal control.
c. Determining the nature, timing, and extent of audit tests to be applied.
d. The expression of an opinion.

8. The purpose of tests of controls is to provide reasonable assurance that the

a. Accounting treatment of transactions and balances is valid and proper.
b. Control procedures are functioning as intended.
c. Entity has complied with disclosure requirements of GAAP.
d. Entity has complied with requirements of quality control.

9. The auditor's review of the client's internal control is documented in order to substantiate
a. Conformity of the accounting records with GAAP.
b. Compliance with generally accepted auditing standards.
c. Adherence to requirements of management.
d. The fairness of the financial statement presentation.

10. After consideration of a client's internal control, an auditor might decide to

a. Increase the extent of substantive testing in areas where the control structure is strong.
b. Reduce the extent of tests of controls in areas where the controls are strong.
c. Reduce the extent of both substantive tests and tests of controls in areas where the
controls are strong.
d. Increase the extent of substantive testing in areas where the controls are weak.

11. After documenting internal control in an audit engagement, the auditor may perform tests
on
a. Those controls that the auditor plans to rely on.
b. Those controls in which deficiencies were identified.
c. Those controls that have a material effect on the financial statement balances.
d. A random sample of the controls that were reviewed.

12. The auditor is examining copies of sales invoices only for the initials of the person
responsible for checking the extensions. This is an example of a
a. Test of controls.
b. Substantive test.
c. Dual-purpose test.
d. Test of balances.
13. In an auditor's consideration of internal control, the completion of a questionnaire is most
closely associated with which of the following?
a. Separation of duties.
b. Understanding the system.
c. Flowchart accuracy.
d. Tests of controls.

14. The reliance placed on substantive tests in relation to control risk varies in a relationship
that is ordinarily

a. Parallel.
b. Inverse.
c. Direct.
d. Equal.

15. The auditor observes client employees in order to

a. Prepare a flowchart.
b. Update information contained in the organization and procedure manuals.
c. Corroborate the information obtained during the initial review of the system.
d. Determine the extent of compliance with quality control standards.

16. A consideration of internal control made during an audit is usually not sufficient to
express an opinion on an entity's controls because
a. Weaknesses in the system may go unnoticed during the audit engagement.
b. A consideration of internal control is not necessarily made during an audit engagement.
c. Only those controls on which an auditor intends to rely are reviewed, tested, and
evaluated.
d. Controls can change each year.

17. An auditor's report on internal control of a publicly held company would ordinarily be of
least use to
a. Shareholders.
b. Officers.
c. Directors.
d. Regulatory agencies.

18. The accountant's report expressing an opinion on an entity's internal controls should state
that the
a. Establishment and maintenance of internal control is the responsibility of management.
b. Objectives of the client's internal controls are being met.
c. Consideration of the internal controls was conducted in accordance with generally
accepted auditing standards.
d. Inherent limitations of the client's internal controls were examined.

19. The accountant's report expressing an opinion on an entity's internal controls would not
include a
a. Description of the scope of the engagement.
b. Specific date that the report covers rather than a period of time.
c. Brief explanation of the broad objectives and inherent limitations of internal control.
d. Statement that the entity's internal controls are consistent with that of the prior year after
giving effect to subsequent changes.

20. A CPA's consideration of internal control in an audit

a. Is generally more limited than that made in connection with an engagement to express an
opinion on internal control.
b. Is generally more extensive than that made in connection with an engagement to express
an opinion on internal control.
c. Will generally be identical to that made in connection with an engagement to express an
opinion on internal control.
d. Will generally result in the CPA expressing an opinion on the internal control.

21. The auditor who becomes aware of reportable conditions is required to communicate this
to the
a. Audit committee and client's legal counsel.
b. Board of directors and internal auditors.
c. Senior management and board of directors.
d. Internal auditors and senior management.

22. Which of the following is not a purpose of an auditor's attempt to understand internal
control when a client processes accounting information by computer?
a. Determine the extent to which the computer is used in significant accounting
applications.
b. Understand the flow of transactions in the system.
c. Comprehend the basic structure of accounting control.
d. Identify the controls that can be relied on when designing substantive tests of details.

23. Which of the following is likely to be of least importance to an auditor when assessing
control risk in a company that processes data by computer?
a. The segregation of duties within the computer department.
b. The control over source documents.
c. The documentation maintained for accounting applications.
d. The cost-benefit ratio of data processing operations.

24. Transaction authorization within an organization may be either specific or general. An

example of specific transaction authorization is the
a. Setting of automatic reorder points.
b. Approval of a construction budget for a new warehouse.
c. Establishment of a customer's credit limits.
d. Establishment of sales prices.

25. Proper segregation of functional responsibilities calls for separation of the functions of
a. Authorization, execution, and recording.
b. Authorization, execution, and payment.
c. Custody, execution, and reporting.
d. Authorization, payment, and recording.
26. An auditor should consider the competence of a client's employees because their
competence bears directly and importantly on the
a. Cost benefit relationship of internal control.
b. Achievement of the objectives of internal control.
c. Comparison of recorded accountability with assets on hand.
d. Timing of the tests to be performed.

27. Which of the following elements is not a part of an entity's internal controls?
a. Control risk.
b. Control activities.
c. The accounting system.
d. The control environment.

28. Which of the following statements about internal control is correct?

a. Properly maintained internal controls reasonably assure that collusion among employees
cannot occur.
b. Establishing and maintaining internal control is the internal auditor's responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests of details.
d. The cost benefit relationship should be considered in designing internal controls.

29. Which of the following is not done by an auditor when obtaining an understanding of an
entity's internal controls?
a. Identify the types of potential misstatements that can occur.

b. Consider the operating effectiveness of the internal controls.

c. Design substantive tests.
d. Consider factors that affect the risk of material misstatements.

30. Which of the following audit tests would be a test of controls?

a. Tests of the specific items making up the balance in a financial statement account.
b. Comparing inventory prices to vendors' invoices.
c. Comparing signatures on canceled checks to board of directors' authorizations.
d. Tests of the additions to property, plant, and equipment by physical inspections.

31. The sequence of steps in gathering evidence as the basis of the auditor's opinion is:
a. Substantive tests, documentation of control structure, and tests of controls.
b. Documentation of control structure, substantive tests, and tests of controls.
c. Documentation of control structure, tests of controls, and substantive tests.
d. Tests of controls, documentation of control structure, and substantive tests.

32. Which of the following procedures is essential to determining whether necessary control
activities were prescribed and are being followed?
a. Developing questionnaires and checklists.
b. Evaluating the entity's procedures for risk assessment.
c. Documenting and testing controls.
d. Observing employees and making inquiries.

33. Evidence about segregation of duties is best obtained by

a. Inspecting documents that contain the initials of who performed control activities.
b. Direct personal observation of employees who perform control activities.
c. Preparing a flowchart of who performs the duties.
d. Making inquiries of coworkers about the employee who performs the duties.

34. An auditor's flowchart of a client's internal controls is a diagram depicting the auditor's
a. Understanding of the internal controls.
b. Program for tests of controls.
c. Documentation of having considered the internal controls.
d. Understanding of the types of irregularities that are probable.

35. An auditor is required to communicate significant deficiencies in internal control to

a. Audit committee of the board of directors.
b. Creditors and board of directors.
c. Board of directors and internal auditors.
d. Internal auditors and senior management.

36. An auditor has concluded that a client's internal controls are well designed and
functioning as expected. Under these circumstances the auditor would most likely

a. Cease to perform further substantive tests.

b. Not increase the extent of planned substantive tests.
c. Increase the extent of planned analytical procedures.
d. Perform all tests of controls to the extent outlined in the audit program.

37. Reportable conditions are matters that come to an auditor's attention and that should be
communicated to an entity's audit committee because they represent
a. Material irregularities or illegal acts perpetrated by management.
b. Significant deficiencies in the design or operation of internal control.
c. Flagrant violations of the entity's documented conflict of interest policies.
d. Intentional attempts by client personnel to limit the scope of the auditor's work.

38. The primary objective of procedures performed to obtain an understanding of internal

control is to provide an auditor with
a. Evidential matter to use in reducing detection risk.
b. Knowledge necessary to plan the audit.
c. A basis from which to modify tests of controls.
d. Information necessary to prepare flowcharts.

39. To obtain an understanding of an entity’s control environment, an auditor should concentrate

on the substance of management’s policies and procedures rather than their form because:
a. management may establish appropriate policies and procedures but not act on them.
b. the board of directors may not be aware of management’s attitude toward the control
environment.
c. the auditor may believe that the policies and procedures are inappropriate for that
particular entity.
d. the policies and procedures may be so weak that no reliance is contemplated by the auditor.

40. After considering a client’s internal controls, an auditor has concluded that it is well designed
and is functioning as intended. Under these circumstances the auditor would most likely:
a. perform tests of controls to the extent outlined in the audit program.
b. determine the control procedures that should prevent or detect errors and irregularities.
c. not increase the extent of predetermined substantive tests.
d. determine whether transactions are recorded to permit preparation of financial statements
in conformity with generally accepted accounting principles.

41. Hanlon Corp. maintains a large internal audit staff that reports directly to the chief financial
officer. Audit reports prepared by the internal auditors indicate that the system is functioning as it
should and that the accounting records are reliable. An independent auditor will probably:
a. eliminate tests of controls.
b. increase the depth of the study and evaluation of administrative controls.
c. avoid duplicating the work performed by the internal audit staff.

42. To be effective, an internal audit department must be independent of:

a. operating departments.
b. the accounting department.
c. both a and b.
d. either a or b, but not both.

43. The independent auditor should acquire an understanding of the internal audit function as it
relates to the independent auditor’s study and evaluation of internal control because the:
a. audit programs, working papers, and reports of internal auditors can often be used as a
substitute for the work of the independent auditor’s staff.
b. procedures performed by the internal audit staff may eliminate the independent auditor’s
need for an extensive study and evaluation of internal control.
c. work performed by internal auditors may be a factor in determining the nature, timing, and
extent of the independent auditor’s procedures.

44. An auditor should consider two key issues when obtaining an understanding of a client’s
internal controls. These issues are:
a. the effectiveness and efficiency of the controls.
b. the frequency and effectiveness of the controls.
c. the design and utilization of the controls.
d. The implementation and efficiency of the controls.

45. Compared to a public company, the most important difference in a nonpublic company in
assessing control risk is the ability to assess control risk at _______ for any or all control-related
objectives.
a. low
b. moderately low
c. medium
d. high

46.
The primary emphasis by auditors is on controls over:
a. classes of transactions.
b. account balances.
c. both a and b, because they are equally important.
d. both a and b, because they vary from client to client.

47.
The financial statements are not likely to correctly reflect GAAP if the:
a. controls affecting the reliability of financial reporting are inadequate.
b. company’s controls do not promote efficiency.
c. company’s controls do not promote effectiveness.
d. company’s control do not promote compliance with applicable rules and regulations.

48. When considering internal control, an auditor should be aware of the concept of reasonable
assurance, which recognizes that the:
a. segregation of incompatible functions is necessary to ascertain that internal control is
effective.
b. employment of competent personnel provides assurance that the objectives of internal
control will be achieved.
c. establishment and maintenance of internal control is an important responsibility of the
management and not of the auditor.
d. costs of internal control should not exceed the benefits expected to be derived from internal
control.

49.
How must significant deficiencies and material weaknesses be communicated to those charged
with governance?
a. Either oral or written communication is acceptable.
b. Oral communication is required.
c. Written communication is required.
d. Written communication is required for material weaknesses, but oral communication is
allowed for significant deficiencies.

50.
Significant deficiencies are matters that come to an auditor’s attention and should be
communicated to an entity’s audit committee because they represent:
a. material frauds perpetrated by high-level management.
b. internal control deficiencies that could adversely affect a company’s ability to initiate,
record, process, or report external financial statements reliably.
c. flagrant violations of the entity’s documented conflict-of-interest policies.
d. intentional attempts by client personnel to limit the scope of the auditor’s field work.

51.
Which of the following statements about auditor documentation of the client’s internal controls is
correct?
a. Documentation must include flow charts.
b. Documentation must include procedural write-ups.
c. No documentation is necessary although it is desirable.
d. No one particular form of documentation is necessary.
52.
Internal controls are not designed to provide reasonable assurance that:
a. all frauds will be eliminated.
b. transactions are executed in accordance with management’s authorization.
c. access to assets is permitted only in accordance with management’s authorization.
d. company personnel comply with applicable rules and regulations.

53.

Which of the following is not one of the subcomponents of the control environment?
a. Management’s philosophy and operating style.
b. Organizational structure.
c. Adequate separation of duties.
d. Commitment to competence.

54.
Which of the following best describes the inherent limitations that should be recognized by an
auditor when considering the potential effectiveness of internal control?
a. Procedures that depend on segregation of duties can be circumvented by collusion.
b. Competent and honest client personnel provide an environment conducive to accounting
control and provide absolute assurance that effective control will be achieved.
c. Procedures designed to assure the execution and recording of transactions in accordance
with proper authorizations are effective against irregularities perpetrated by management.
d. The benefits expected to be derived from effective internal accounting control usually do
not exceed the costs of such control.

55.
Of the following statements about internal controls, which one is not valid?
a. No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
b. Transactions must be properly authorized before such transactions are processed.
c. Because of the cost-benefit relationship, a client may apply controls on a test basis.
d. Control procedures reasonably ensure that collusion among employees cannot occur.

56.
Internal controls normally include procedures designed to provide reasonable assurance that:
a. employees act with integrity when performing their assigned tasks.
b. transactions are executed in accordance with management’s authorization.
c. decision processes leading to management’s authorization of transactions are sound.
d. collusive activities would be detected by segregation of employee duties.

57.
If the results of tests of controls support the design and operations of controls as expected, the
auditor uses ____ control risk as the preliminary assessment.
a. a lower
b. the same
c. a higher
d. either a lower or higher

58.
A procedure that would most likely be used by an auditor in performing tests of control
procedures that involve segregation of functions and that leave no transaction trail is:
a. inspection.
b. observation.
c. reperformance.
d. reconciliation.