Вы находитесь на странице: 1из 8

Chapter 6 Internal Control in a Financial Statement Audit

Chapter 6 Multiple-Choice Questions

LO 1 Introduction
1. Understanding each of the components of internal control provides knowledge
A. The design of tests of controls.
B. The assessment of inherent risks.
C. Factors that affect the risk of material misstatement.
D. Both a and c.
2. An auditors primary consideration regarding an entitys internal controls is
whether they
A. Prevent management override.
B. Relate to the control environment.
C. Reflect management's philosophy and operating style.
D. Affect the financial statement assertions.
3. Which of the following statements about internal control is correct?
A. A properly maintained internal control system reasonably ensures that collusion
among employees cannot occur.
B. The establishment and maintenance of internal control is an important
responsibility of the internal auditor.
C. An exceptionally strong internal control system is enough for the auditor to
eliminate substantive procedures on a significant account balance.
D. The cost-benefit relationship is a primary criterion that should be considered in
designing an internal control system.

LO 2 Definition of Internal Control

4. Internal controls are designed to achieve company objectives in all of the
following areas except:
A. Safeguarding of assets.
B. Reliability of financial reporting.
C. Reduction of debt financing costs.
D. Compliance with laws and regulations.

LO 3 Control Relevant to the Audit

5. Internal control is a process designed to provide reasonable assurance regarding
the achievement of which objective?
A. Effectiveness and efficiency of operations.
B. Reliability of financial reporting.

Chapter 6 Internal Control in a Financial Statement Audit

C. Compliance with applicable laws and regulations.

D. All of the above.

LO 4 The Effect of Information Technology on Internal Control

6. An auditor anticipates assessing control risk at a low level in an IT environment.
Under these circumstances, on which of the following controls would the auditor
initially focus?
A. Data capture controls.
B. Application controls.
C. Output controls.
D. General controls.

LO 5 The COSO Framework (CRIME)

7. Which of the following is NOT one of the five major components of internal
A. Risk assessment.
B. Control activities.
C. Information and communication system.
D. Human resource background checks.
8. Monitoring is a major component of the COSO Internal Control- Integrated
Framework. Which of the following is not correct in how the company can
implement the monitoring component?
A. Monitoring can be an ongoing process.
B. Monitoring can be conducted as a separate evaluation.
C. Monitoring and other audit work conducted by internal audit staff can reduce
external audit costs.
D. The independent auditor can serve as part of the entity's control environment and
continuous monitoring.

LO 6 Planning an Audit Strategy

9. A reliance strategy is chosen when the auditor
A. Plans on conducting tests of controls.
B. Has set the control risk at a high level.
C. Has set the control risk at a lower level
D. Both A and C.

Regardless of the assessed level of control risk, an auditor would perform some
A. Tests of controls to determine the effectiveness of internal controls.

Chapter 6 Internal Control in a Financial Statement Audit

B. Analytical procedures to verify the design of internal controls.

C. Substantive procedures to restrict detection risk for significant transaction classes.
D. Dual-purpose tests to evaluate both the risk of monetary misstatement and
preliminary control risk.

LO 7 Understanding Internal Control

11. Auditors obtain an understanding of a non-public clients internal control for
the primary purpose of
A. Gathering sufficient evidence to provide a reasonable basis for an opinion on the
financial statements.
B. Determining the nature, extent, and timing of subsequent audit procedures to be
C. Determining whether interim audit testing is appropriate.
D. Providing documentary evidence to present to the audit committee.
12. After obtaining an understanding of an entitys internal control system, an
auditor may set control risk at high for some assertions because he or she
A. Believes the internal controls are unlikely to be effective.
B. Determines that the pertinent internal control components are not well
C. Performs tests of controls to restrict detection risk to an acceptable level.
D. Identifies internal controls that are likely to prevent material misstatements.

LO 8 Obtain an Understanding of Internal Control

13. The effectiveness of internal control is reduced by
A. Computerized accounting records.
B. Flowcharts.
C. Human errors or mistakes.
D. Both A and C.
14. Which of the following is a proper reason for NOT conducting tests of controls
for non-public companies?
A. The internal control structure appears very strong.
B. The procedures require more audit effort than the projected benefits to be
obtained from lowering the control risk.
C. The company does not have any flowcharts of its system available for review.
D. The auditor prefers the control risk to be the minimum.
15. Which of the following statements regarding auditor documentation of the
clients internal control is correct?
A. Documentation must include narrative memorandums.

Chapter 6 Internal Control in a Financial Statement Audit

B. No documentation is necessary to satisfy GAAS, however, oral inquiry is required

at minimum.
C. Internal control questionnaires are specifically tailored to meet the needs of each
individual client.
D. No one particular form of documentation is necessary, and the extent of
documentation may vary.
16. The auditor may document the achieved level of control risk using all of the
following except:
A. Structured working papers.
B. Flowcharts.
C. Internal control questionnaire.
D. A memorandum.

LO 9 Assessing Control Risk

17. Which of the following represents the correct sequence of audit steps that come
after first obtaining an understanding and documenting the clients internal
A. Test of Controls, Assess Control Risk, Determine Extent of Substantive Tests,
Reassess Control Risk.
B. Assess Control Risk, Test of Controls, Determine Extent of Substantive Testing,
Reassess Control Risk.
C. Assess Control Risk, Determine Extent of Substantive Testing, Test of Controls,
Reassess Control Risk.
D. Assess Control Risk, Test of Controls, Reassess Control Risk, Determine Extent
of Substantive Testing.
18. For non-public companies with preliminary control risk assessments set at high,
auditors are likely to
A. Use a reliance strategy.
B. Complete little or no tests of controls.
C. Complete interim testing of account balances.
D. Test controls extensively.
19. In order to be able to set control risk at a lower level, the auditor must do all of
the following except:
A. Identify all general IT controls.
B. Identify specific controls that will be relied upon.
C. Perform tests of controls.
D. Conclude on the achieved level of control risk.
20. Assessing control risk below high involves all of the following except

Chapter 6 Internal Control in a Financial Statement Audit


Identifying specific controls to rely on.

Concluding that controls are ineffective.
Performing tests of controls.
Analyzing the achieved level of control risk after performing tests of controls.

LO 10 Performing Testing of Control

21. Which of the following audit techniques would most likely provide an auditor
with the most assurance about the effectiveness of the operation of a control?
A. Inquiry of client personnel.
B. Reperformance of the control by the auditor.
C. Observation of client personnel.
D. Walkthrough.

22. The highest quality and most reliable audit evidence that segregation of duties is
properly implemented is obtained by
A. Inspection of documents prepared by a third party, but which contain the initials
of those applying client controls.
B. Observation by the auditor of the employees performing control activities.
C. Inspection of a flowchart of duties performed and available personnel.
D. Making inquiries of employees who apply control activities.

LO 13 Auditing Accounting Applications Processed by Service Organizations

23. Reports by the service organization's auditor typically

A. Provide reasonable assurance that their financial statements are free of material
B. Ensure that the client will not have any misstatements in areas related to the
service organization's activities.
C. Ensure that the client is billed correctly.
D. Assess whether the service organizations controls are suitably designed and
operating effectively.
24. An auditor may need to obtain a service auditors report when a client receives
accounting services such as payroll from a service organization. Which of the
following statements is true regarding this service audit report?
A. It should include an opinion.
B. It provides the client auditor with a guarantee regarding whether the clients
control procedures have been placed in operation.

Chapter 6 Internal Control in a Financial Statement Audit

C. The client auditor need not inquire about the service auditors professional
D. The client auditor should perform the procedures at the service organization to
verify the information in the report.

LO 14 Communicating of Internal Control-Related Matters

25. Significant deficiencies are matters that come to an auditors attention that
should be communicated to an entitys audit committee because they represent
A. Disclosures of information that significantly contradict the auditor's going
concern assumption.
B. Material fraud or illegal acts perpetrated by high-level management.
C. Significant deficiencies in the design or operation of the internal control.
D. Manipulation or falsification of accounting records or documents from which
financial statements are prepared.
26. The auditor must report the following to the audit committee or others charged
with governance
A. Only material weaknesses.
B. Only significant deficiencies.
C. Significant deficiencies and material weaknesses.
D. All control deficiencies identified during the audit.

LO 15 Be Familiar with General and Application Controls

27. Which of the following is not considered a general control
A. Back up and disaster recovery controls.
B. Password protection on the central server.
C. Reconciliation of payroll record count with the number of active employees.
D. Requiring change authorization forms on all program software.

LO 16 Understand How to Flowchart a Business Process

28. An auditor's flowchart of a client's accounting system is a diagrammatic
representation that depicts the auditor's
A. Program for tests of controls.
B. Understanding of the system.
C. Understanding of the types of fraud that are probable, given the present
D. Documentation of the study and evaluation of the system.

Chapter 6 Internal Control in a Financial Statement Audit

Answer Key
1. D
2. D
3. D
4. C
5. D
6. D
7. D
8. D
9. D
10. C
11. B
12. A
13. C
14. B
15. D
16. B
17. D
18. B
19. A
20. B
21. B
22. B
23. D
24. A
25. C
26. C
27. C
28. B

Chapter 6 Internal Control in a Financial Statement Audit