INTERNAL CONTROL

1. Which of the following is not one of the five components of internal control according to
COSO?
a. materiality
b. control environment
c. control activities
d. monitoring
2. Which of the following controls would be most effective in controlling unauthorized access to
information communicated on the Internet?
a. terminal access controls
b. encryption
c. biometric controls
d. firewalls
3. Which of the following elements of computer control includes separation of incompatible
duties?
a. processing controls
b. output controls
c. general control
d. application controls
4. Risk assessment described by COSO associates risk with change including all but:
a. slow growth.
b. new CEO.
c. new technology.
d. new products or services.
5. To assess the effectiveness of an audit committee, the auditor evaluates all of the following
characteristics of the committee except:
a. independence
b. character
c. resolve
d. diligence
6. Control activities are policies and procedures that pertain to:
a. a commitment to competence.
b. a proper organizational structure.
c. verifying input data.
d. maintaining effective human resource policies.
7. In an audit of financial statements in accordance with generally accepted auditing standards
(GAAS), an auditor is required to:
a. perform test of controls.
b. search for control weaknesses that could permit fraud to occur.
c. make suggestions for improvements in internal control to the client.

d. obtain an understanding of the entity's internal control.

8. To determine the assessed level of control risk, the auditor will do all of the following except:
a. form an opinion on management's assessment of the effectiveness of internal controls over
financial reporting.
b. consider errors or frauds that could occur.
c. identify relevant control activities.
d. perform tests of controls.
9. What type of engagement does a CPA undertake when reporting on an entity's internal
control?
a. a consulting engagement
b. an audit engagement
c. an assurance engagement
d. an attestation engagement
10. If one or more material weaknesses in internal control are detected:
a. management must correct the problem before the financial statement audit can take place.
b. the auditor will issue a qualified opinion on internal controls if management agrees that
internal control over financial reporting is ineffective.
c. the auditor will issue an adverse opinion on internal controls if management assesses that
internal control over financial reporting as effective.
d. the auditor will be unable to accept the auditee as a client for a financial statement audit.
11. Detective controls detect and correct misstatements.
True
False
12. Monitoring should be performed by personnel who are actively involved in operations.
True
False
13. Under section 404 of Sarbanes-Oxley, the auditee's management must certify that internal
control over financial reporting is effective.
True
False
14. Tests of controls are not required if the auditor decided to assess control risk at the maximum
level.
True
False
15. Material weaknesses are reportable conditions that have a higher risk of permitting material
misstatements in the financial statements.
True
False