Вы находитесь на странице: 1из 56

Collected By : Ch.

Yasir
Chapter 07 - Internal Control

Chapter 07
Internal Control
Chapter 07 Internal Control
True / False Questions

or
ne
r.i

nf
o

1. Internal control is concerned with the reliability of financial information.


TRUE

Difficulty: Easy

es
c

2. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain
business.
FALSE

pl
oy
e

Difficulty: Hard

Difficulty: Easy

.e
m

3. Incompatible duties exist when an employee is in a position to perpetrate and conceal errors
or fraud.
TRUE

w
w

4. Internal auditors should preferably report to the chief accounting officer of the company.
FALSE

Difficulty: Medium

5. Well-designed internal control will prevent all fraud by top management.


FALSE

Difficulty: Easy

7-2

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

6. CPA firms may use written narratives to describe internal control in their audit working
papers.
TRUE

Difficulty: Easy

or
ne
r.i

nf
o

7. The auditors' communication of internal control significant deficiencies should be


addressed only to senior management of the company.
FALSE

Difficulty: Easy

Difficulty: Medium

pl
oy
e

es
c

8. If the auditors' assessment of the design of internal control reveals that it cannot be relied
upon, the auditors are not required to prepare any documentation of internal control for their
working papers.
FALSE

w
w

Difficulty: Easy

.e
m

9. The relatively low number of types of transactions incurred by small firms makes the
segregation of duties impossible.
FALSE

10. In a financial statement audit, CPAs are required to assess the operating effectiveness of
most significant accounting oriented controls.
FALSE

Difficulty: Medium

Multiple Choice Questions

7-3

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

11. Which of the following matters would an auditor most likely consider to be a significant
deficiency to be communicated to the audit committee?
A. Management's failure to renegotiate unfavorable long-term purchase commitments.
B. Recurring operating losses that may indicate going concern problems.
C. Evidence of a lack of objectivity by those responsible for accounting decisions.
D. Management's current plans to reduce its ownership equity in the entity.

or
ne
r.i

Difficulty: Medium
Source: AICPA

es
c

12. In assessing the objectivity of a client's internal auditors, the CPA would be most likely to
consider internal auditor:
A. Education levels.
B. Experience.
C. Organizational status within the company.
D. Training and supervisory skills.

pl
oy
e

Difficulty: Medium

w
w

.e
m

13. In a financial statement audit performed following AICPA Professional Standards, how
frequently must an auditor test operating effectiveness of controls that appear to function as
they have in past years and on which the auditor wishes to rely upon in the current year?
A. Monthly.
B. Each audit.
C. At least every second audit.
D. At least every third audit.

Difficulty: Medium

7-4

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

or
ne
r.i

nf
o

14. After obtaining an understanding of internal control and arriving at a preliminary assessed
level of control risk, an auditor decided to perform tests of controls. The auditor most likely
decided that:
A. Additional evidence to support a reduction in the assessed level of control risk is not
available.
B. An increase in the assessed level of control risk is justified for certain financial statement
assertions.
C. It would be efficient to perform tests of controls that would result in a reduction in planned
substantive procedures.
D. There were many internal control deficiencies that would allow misstatements to enter the
accounting system.

Difficulty: Hard
Source: AICPA

pl
oy
e

es
c

15. Which of the following is least likely to be evidence of operating effectiveness of


controls?
A. Cancelled supporting documents.
B. Confirmations of accounts receivable.
C. Records documenting usage of computer programs.
D. Signatures on authorization forms.

Difficulty: Hard

w
w

.e
m

16. Which of the following is not ordinarily a procedure for documenting an auditor's
understanding of internal control for planning purposes?
A. Checklist.
B. Flowchart.
C. Questionnaire.
D. Confirmation.

Difficulty: Easy

7-5

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

17. Tests of controls do not ordinarily address:


A. By whom a control was applied.
B. How a control was applied.
C. The consistency with which a control was applied.
D. The cost effectiveness of the way a control was applied.

nf
o

Difficulty: Hard

es
c

or
ne
r.i

18. Which is most likely when the assessed level of control risk increases?
A. Change from performing substantive procedures at year-end to an interim date.
B. Perform substantive procedures directed inside the entity rather than tests directed toward
parties outside the entity.
C. Use the maximum number of dual purpose tests.
D. Use larger sample sizes for substantive procedures.

Difficulty: Medium

.e
m

pl
oy
e

19. Which of the following must the auditor communicate to the audit committee?
A. Significant deficiencies and material weaknesses.
B. Only significant deficiencies.
C. Only material weaknesses.
D. Neither significant deficiencies nor material weaknesses.

Difficulty: Medium

w
w

20. A client's internal control appears strong, but the CPA has elected not to perform any tests
of controls. The planned assessed level of control risk is at what level?
A. Zero.
B. Low.
C. Moderate.
D. Maximum.

Difficulty: Hard

7-6

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

21. Which of the following would be least likely to be regarded as a test of a control?
A. Tests of the additions to property by physical inspection.
B. Comparisons of the signatures on cancelled checks to the authorized check signer list.
C. Tests of signatures on purchase orders.
D. Recalculation of payroll deductions.

nf
o

Difficulty: Hard

es
c

or
ne
r.i

22. Which of the following is not considered one of the five major components of internal
control?
A. Risk assessment.
B. Segregation of duties.
C. Control activities.
D. Monitoring.

Difficulty: Medium

w
w

Difficulty: Easy

.e
m

pl
oy
e

23. Which of the following statements is correct concerning the understanding of internal
control needed by auditors?
A. The auditors must understand the information system, not the accounting system.
B. The auditors must understand monitoring and all preliminary accounting controls.
C. The auditors must have a sufficient understanding to assess the risks of material
misstatement.
D. The auditors must understand the control environment, risk assessment, and all control
activities.

24. The effectiveness of controls is not generally tested by:


A. Inspection of documents and reports.
B. Performance of analytical procedures.
C. Observation of the application of accounting policies and procedures.
D. Inquiries of appropriate client personnel.

Difficulty: Medium

7-7

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

25. On financial statement audits, it is required that the auditors obtain an understanding of
internal control, including:
A. Its operating effectiveness.
B. Whether it has been implemented (placed in operation).
C. Performing tests of controls for all material controls.
D. Its ability to provide reasonable assurance.

Difficulty: Medium

es
c

or
ne
r.i

26. A significant deficiency:


A. Differs from a material weakness in that it involves internal control over operations rather
than internal control over financial reporting.
B. Involves an amount of discovered misstatements greater than the amount used as the
planning measure of materiality.
C. Is identical to a material weakness except that it need not be communicated to those
responsible for oversight of the company's financial reporting.
D. Is less severe than a material weakness.

pl
oy
e

Difficulty: Medium

w
w

.e
m

27. This organization developed a set of criteria that provide management with a basis to
evaluate controls not only over financial reporting, but also over the effectiveness and
efficiency of operations and compliance with laws and regulations:
A. Foreign Corrupt Practices Corporation.
B. Committee of Sponsoring Organizations.
C. Cohen Commission.
D. Financial Accounting Standards Board.

Difficulty: Medium

7-8

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

28. Which of the following is most likely to be considered a risk assessment procedure
relating to internal control?
A. Confirm accounts receivable.
B. Perform a test of a control relating to payroll.
C. Take test counts of the year-end inventory.
D. Trace a transaction through the information system relevant to financial reporting.

Difficulty: Hard

es
c

or
ne
r.i

29. Which statement is correct concerning the definition of internal control developed by the
Committee of Sponsoring Organizations (COSO)?
A. Its applicability is largely limited to internal auditing applications.
B. It is recognized in the Statements on Auditing Standards.
C. It emphasizes the effectiveness and efficiency of operations over the reliability of financial
reporting.
D. It suggests that it is important to view internal control as an end product as contrasted to a
process or means to obtain an end.

pl
oy
e

Difficulty: Hard

w
w

.e
m

30. The definition of internal control developed by the Committee of Sponsoring


Organizations (COSO) includes controls related to the reliability of financial reporting, the
effectiveness and efficiency of operations, and:
A. Compliance with applicable laws and regulations.
B. Effectiveness of prevention of fraudulent occurrences.
C. Safeguarding of entity equity.
D. Incorporation of ethical business practice standards.

Difficulty: Medium

7-9

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

31. Which statement is correct concerning the relevance of various types of controls to a
financial statement audit?
A. An auditor may ordinarily ignore the consideration of controls when a substantive audit
approach is used.
B. Controls over the reliability of financial reporting are ordinarily most directly relevant to
an audit, but other controls may also be relevant.
C. Controls over safeguarding assets and liabilities are of primary importance, while controls
over the reliability of financial reporting may also be relevant.
D. All controls are ordinarily relevant to an audit.

or
ne
r.i

Difficulty: Hard

es
c

32. Which of the following is not a component of the control environment?


A. Integrity and ethical values.
B. Risk assessment.
C. Commitment to competence.
D. Organizational structure.

pl
oy
e

Difficulty: Medium

w
w

.e
m

33. Which of the following is not ordinarily considered a factor indicative of increased
financial reporting risk when an auditor is considering a client's risk assessment policies?
A. Salaried sales personnel.
B. Implementation of a new information system.
C. Rapid growth of the organization.
D. Corporate restructuring.

Difficulty: Medium

34. The Sarbanes-Oxley Act of 2002 requires that the audit committee:
A. Annually reassess control risk using information from the CPA firm.
B. Be directly responsible for the appointment, compensation and oversight of the work of the
CPA firm.
C. Require that the company's CPA firm rotate the partner in charge of the audit.
D. Review the level of management compensation.

Difficulty: Medium

7-10

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

35. When tests of controls reveal that controls are operating as anticipated, it is most likely
that the assessed level of control risk will:
A. Be less than the preliminary assessed level of control risk.
B. Equal the preliminary assessed level of control risk.
C. Equal the actual control risk.
D. Be less than the actual control risk.

Difficulty: Hard

es
c

or
ne
r.i

36. Under which circumstance is it likely that the extent of substantive procedures will be
expanded beyond that anticipated in the audit plan?
A. The auditors have determined that controls have been implemented (placed in operation)
but, in accordance with the audit plan, have performed no tests of controls.
B. Certain controls do not leave a trail of documentary evidence.
C. Deviation rates were greater than zero and approached anticipated levels.
D. The operating effectiveness of certain controls was found to be less than expected,
although no material misstatements were identified.

pl
oy
e

Difficulty: Hard

.e
m

37. The provisions of the Foreign Corrupt Practices Act apply to:
A. All U.S. corporations.
B. All U.S. corporations that engage in foreign operations.
C. All corporations that must file under the Securities Exchange Act of 1934.
D. All U.S. partnerships and corporations.

w
w

Difficulty: Medium

38. If the auditors do notperform tests of controls for certain assertions:


A. They have performed a substandard audit.
B. They are not required to communicate significant deficiencies relating to those accounts to
management and the board of directors.
C. They must issue a qualified opinion.
D. They must assess control risk at the maximum level for those assertions.

Difficulty: Medium

10

7-11

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

39. During financial statement audits, the auditors' consideration of their clients' internal
control is integral to both assess the risk of material misstatement and to:
A. Assess inherent risk.
B. Design further audit procedures.
C. Assess compliance with the Foreign Corrupt Practices Act.
D. Provide a reasonable basis for an opinion on compliance with applicable laws.

Difficulty: Easy

Difficulty: Medium

pl
oy
e

es
c

or
ne
r.i

40. Which of the following comes closest to outlining the auditors' responsibility for
considering internal control in all financial statement audits?
A. An understanding of the control environment, information and communication, risk
assessment and monitoring is necessary; an understanding of control activities is only
necessary for areas in which the auditor is performing tests of controls.
B. The auditor must obtain an understanding of each of the five internal control components
sufficient to assess the risks of material misstatement for the audit.
C. When tests of controls have been performed, control risk must be assessed at a level less
than the maximum.
D. An understanding of the control environment is necessary, but no understanding of the
other components is necessary unless control risk is to be assessed at a level less than the
maximum.

w
w

.e
m

41. Which of the following is not a primary procedure auditors use to obtain sufficient
knowledge about the design of the relevant controls and to determine whether they have been
implemented (placed in operation)?
A. Previous experience with the entity.
B. Inquiries of appropriate management personnel.
C. Performance of substantive procedures.
D. Inspection of document and records.

Difficulty: Medium

11

7-12

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

42. A control deficiency that is less severe than a material weakness, but important enough to
merit attention by those responsible for oversight of the company's financial reporting is
referred to as a(n):
A. Control deficiency.
B. Inherent limitation.
C. Reportable deficiency.
D. Significant deficiency.

or
ne
r.i

Difficulty: Medium

es
c

43. For effective internal control, which of the following functions should not be assigned to
the company's accounting department?
A. Reconciling accounting records with existing assets.
B. Recording financial transactions.
C. Signing payroll checks.
D. Preparing financial reports.

pl
oy
e

Difficulty: Medium

w
w

Difficulty: Hard

.e
m

44. Which of the following is not a responsibility that should be assigned to a company's
internal audit department?
A. Evaluating internal control.
B. Approving disbursements.
C. Reporting on the effectiveness of operating segments.
D. Investigating potential merger candidates.

12

7-13

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

45. Which of the following is true about the auditors' consideration of internal control in a
financial statement audit?
A. The auditors must assess control risk at a level lower than the maximum.
B. The auditors must prepare a flowchart description of internal control for their working
papers.
C. The auditors must obtain an understanding of the steps in processing major types of
transactions.
D. The auditors must perform tests of controls.

or
ne
r.i

Difficulty: Medium

Difficulty: Medium

pl
oy
e

es
c

46. Which of the following is an advantage of describing internal control through the use of a
standardized questionnaire?
A. Questionnaires highlight weaknesses in the system.
B. Questionnaires are more flexible than other methods of describing internal control.
C. Questionnaires usually identify situations in which internal control weaknesses are
compensated for by other strengths in the system.
D. Questionnaires provide a clearer and more specific portrayal of a client's system than other
methods of describing internal control.

w
w

.e
m

47. Which of the following is least likely to be considered a risk assessment procedure
relating to internal control?
A. Counting marketable securities at year-end.
B. Inquiries of client personnel.
C. Inspecting documents and reports.
D. Observing the application of specific controls.

Difficulty: Hard

13

7-14

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

48. Which of the following is least likely to be considered a risk assessment procedure?
A. Analytical procedures.
B. Inspection of documents.
C. Observation of the counting of inventory.
D. Observation of the performance of certain accounting procedures.

nf
o

Difficulty: Hard

es
c

or
ne
r.i

49. Which of the following is not a factor that is considered a part of the client's overall
control environment?
A. The organizational structure.
B. The information system.
C. Management philosophy and operating style.
D. Board of directors.

Difficulty: Medium

.e
m

pl
oy
e

50. Which of the following would be least likely to be considered a benefit of effective
internal control?
A. Eliminating all employee fraud.
B. Restricting access to assets.
C. Detecting ineffectiveness.
D. Ensuring authorization of transactions.

w
w

Difficulty: Medium

51. After documenting the client's prescribed internal control, the auditors will often perform
a walk-through of each transaction cycle. An objective of a walk-through is to:
A. Verify that the controls have been implemented (placed in operation).
B. Replace tests of controls.
C. Evaluate the major strengths and weaknesses in the client's internal control.
D. Identify weaknesses to be communicated to management in the management letter.

Difficulty: Medium

14

7-15

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

52. The major components of internal control include all of the following, except:
A. Risk assessment.
B. The control environment.
C. Internal auditing.
D. Control activities.

nf
o

Difficulty: Medium

es
c

or
ne
r.i

53. Which of the following is correct with respect to control deficiencies discovered during an
audit?
A. Auditors must communicate and recommend corrections relating to all material
weaknesses in internal control to management.
B. All material weaknesses in internal control should be reported to the audit committee.
C. All such matters must be communicated to the audit committee and regulatory agencies.
D. All control deficiencies are also significant deficiencies.

Difficulty: Hard

w
w

.e
m

pl
oy
e

54. After considering the client's internal control the auditors have concluded that it is well
designed and is functioning as anticipated. Under these circumstances the auditors would
most likely:
A. Cease to perform further substantive procedures.
B. Reduce substantive procedures in areas where the internal control was found to be
effective.
C. Increase the extent of anticipated analytical procedures.
D. Perform all tests of controls to the extent outlined in the preplanned audit program.

Difficulty: Easy
Source: AICPA

15

7-16

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

55. The use of fidelity bonds protects a company from embezzlement loses and also:
A. Minimizes the possibility of employing persons with dubious records in positions of trust.
B. Reduces the company's need to obtain expensive business interruption insurance.
C. Allows the company to substitute the fidelity bonds for various parts of internal control.
D. Protects employees who made unintentional errors from possible monetary damages
resulting from such errors.

or
ne
r.i

Difficulty: Medium
Source: AICPA

es
c

56. The independent auditors might consider the procedures performed by the internal
auditors because:
A. They are employees whose work must be reviewed during substantive testing.
B. They are employees whose work might affect the independent auditors' work.
C. Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations.
D. Their degree of independence may be inferred by the nature of their work.

pl
oy
e

Difficulty: Medium
Source: AICPA

w
w

Difficulty: Easy
Source: AICPA

.e
m

57. In the consideration of internal control, the operating effectiveness of controls is tested
by:
A. Flowcharts verification.
B. Tests of controls.
C. Substantive procedures.
D. Decision tables.

16

7-17

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

58. The auditors who become aware of an internal control significant deficiency are required
to communicate this to the:
A. Client's legal counsel.
B. Compensation committee.
C. Audit committee.
D. Internal auditors.

or
ne
r.i

Difficulty: Medium
Source: AICPA

es
c

59. A material weakness involves an amount that could result in a misstatement that is
A. Smaller than inconsequential.
B. Larger than inconsequential.
C. Tolerable.
D. Material.

Difficulty: Medium

.e
m

pl
oy
e

60. At least what level of probability of a material misstatement is required for a control
deficiency to be considered a material weakness?
A. More than remote.
B. Probable.
C. Reasonable possibility.
D. Sufficient.

w
w

Difficulty: Medium

61. A situation in which the design or operation of a control does not allow management or
employees, in the normal course of performing their assigned functions, to prevent or detect
material misstatements on a timely basis is referred to as a:
A. Control deficiency.
B. Material weakness.
C. Reportable condition.
D. Significant deficiency.

Difficulty: Medium

17

7-18

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

62. To provide for the greatest degree of independence in performing internal auditing
functions, an internal auditor most likely should report to the:
A. Financial vice-president.
B. Corporate controller.
C. Audit committee.
D. Corporate stockholders.

or
ne
r.i

Difficulty: Medium
Source: AICPA

es
c

63. Well-designed internal control that is functioning effectively is most likely to detect an
fraud arising from:
A. The fraudulent action of several employees.
B. The fraudulent action of an individual employee.
C. Informal deviations from the official organization chart.
D. Management fraud.

pl
oy
e

Difficulty: Medium
Source: AICPA

.e
m

64. The program flowcharting symbol representing a decision is a:


A. Triangle.
B. Circle.
C. Rectangle.
D. Diamond.

w
w

Difficulty: Medium
Source: AICPA

65. Controls are not designed to provide assurance that:


A. Transactions are executed in accordance with management's authorization.
B. Fraud will be eliminated.
C. Access to assets is permitted only in accordance with management's authorization.
D. The recorded accountability for assets is compared with the existing assets at reasonable
intervals.

Difficulty: Medium
Source: AICPA

18

7-19

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

66. The scope of substantive procedures as compared to the scope of tests of controls
generally vary:
A. In a parallel manner.
B. Inversely.
C. Directly.
D. Equally.

or
ne
r.i

Difficulty: Medium
Source: AICPA

es
c

67. Which of the following is least likely to be a factor that might indicate to an auditor that
an identified risk of misstatement requires special audit consideration?
A. Complex calculations are involved.
B. The rate of technological change is moderate in the industry.
C. The potential for fraud seems high.
D. Various subjective methods of application of a key accounting policy exist.

pl
oy
e

Difficulty: Easy

.e
m

68. Which of the following audit tests would be regarded as a test of a control?
A. Tests of the specific items making up the balance in a given general ledger account.
B. Tests confirming receivables.
C. Tests of the signatures on canceled checks to board of director's authorizations.
D. Tests of the additions to property, plant, and equipment by physical inspection.

w
w

Difficulty: Medium
Source: AICPA

69. If the independent auditors decide that the work performed by the internal auditors may
have a bearing on their own procedures, they should consider the internal auditors':
A. Competence and objectivity.
B. Efficiency and experience.
C. Independence and review skills.
D. Training and supervisory skills.

Difficulty: Medium
Source: AICPA

19

7-20

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

70. In the consideration of internal control, the auditor is basically concerned that it provides
reasonable assurance that:
A. Management can not override the system.
B. Operational efficiency has been achieved in accordance with management plans.
C. Misstatements have been prevented or detected.
D. Controls have not been circumvented by collusion.

or
ne
r.i

Difficulty: Medium
Source: AICPA

es
c

71. Which of the following is least likely to be considered an appropriate response relating to
risks the auditors identify at the financial statement level?
A. Assign more experienced staff.
B. Incorporate additional elements of unpredictability in the selection of audit procedures.
C. Increase the scope of auditor procedures.
D. Emphasize the need to remain neutral, rather than to exercise professional skepticism.

pl
oy
e

Difficulty: Easy

.e
m

72. In assessing the competence of a client's internal auditor, an independent auditor most
likely would consider the
A. Internal auditor's compliance with professional internal auditing standards.
B. Client's policies that limit the internal auditor's access to management salary data.
C. Evidence supporting a further reduction in the assessed level of control risk.
D. Results of ratio analysis that may identify unusual transactions and events.

w
w

Difficulty: Medium
Source: AICPA

73. Which of the following factors would most likely be considered an inherent limitation to
an entity's internal control?
A. The complexity of the information processing system.
B. Human judgment in the decision making process.
C. The ineffectiveness of the board of directors.
D. The lack of management incentives to improve the control environment.

Difficulty: Medium
Source: AICPA

20

7-21

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

74. Proper segregation of duties reduces the opportunities to allow any employee to be in a
position to both
A. Journalize cash receipts and disbursements and prepare the financial statements.
B. Monitor internal controls and evaluate whether the controls are operating as intended.
C. Adopt new accounting pronouncements and authorize the recording of transactions.
D. Record and conceal fraudulent transactions in the normal course of assigned tasks.

or
ne
r.i

Difficulty: Easy
Source: AICPA

es
c

75. Which of the following is intended to detect deviations from prescribed controls?
A. Substantive procedures specified by a standardized audit program.
B. Tests of controls designed specifically for the client.
C. Analytical procedures as set forth in an industry audit guide.
D. Computerized analytical procedures tailored for the configuration of the computer
equipment in use.

pl
oy
e

Difficulty: Medium
Source: AICPA

w
w

.e
m

76. An auditor's purpose for performing tests of controls is to provide reasonable assurance
that:
A. Controls are operating effectively.
B. The risk that the auditor may unknowingly fail to modify the opinion on the financial
statements is minimized.
C. Transactions are executed in accordance with management's authorization and access to
assets is limited by a segregation of functions.
D. Transactions are recorded as necessary to permit the preparation of the financial statements
in conformity with generally accepted accounting principles.

Difficulty: Medium
Source: AICPA

21

7-22

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

77. Of the following statements about internal control, which one is not valid?
A. No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
B. Transactions must be properly authorized before such transactions are processed.
C. Because of the cost/benefit relationship, a client may apply control procedures on a test
basis.
D. Control activities reasonably insure that collusion among employees can not occur.

or
ne
r.i

Difficulty: Easy
Source: AICPA

es
c

78. Tests of controls are most likely to be performed when:


A. Controls seem weak and must be properly documented.
B. Inadequate substantive procedures exist to restrict audit risk to an acceptable level.
C. The auditor wishes to assess control risk at the maximum.
D. The client's control environment appears weak.

pl
oy
e

Difficulty: Hard

.e
m

79. Which of the following would be least likely to be included in an auditor's tests of
controls?
A. Inspection.
B. Observation.
C. Inquiry.
D. Analytical procedures.

w
w

Difficulty: Medium
Source: AICPA

80. The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to which
companies in the United States:
A. All companies.
B. SEC registrants.
C. Only those companies included in the Fortune 500.
D. All nonpublic companies.

Difficulty: Medium

22

7-23

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

81. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses
financial statements and:
A. Compliance with laws.
B. Internal control over asset safeguarding.
C. Internal control over financial reporting.
D. Suitable criteria.

Difficulty: Medium

es
c

or
ne
r.i

82. A report on internal control performed in accordance with PCAOB Standard No. 2
includes an opinion on internal control for:
A. The entire year.
B. The prior quarter.
C. The "as of date."
D. The end of each quarter.

Difficulty: Hard

.e
m

pl
oy
e

83. When performing an audit of internal control under PCAOB requirements, auditors
evaluate control:

w
w

A. Option A
B. Option B
C. Option C
D. Option D

Difficulty: Medium

23

7-24

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

nf
o

84. When performing an internal control audit under PCAOB requirements, one or more
material weaknesses in internal control that exist at year-end may result in what type of
report(s):

or
ne
r.i

A. Option A
B. Option B
C. Option C
D. Option D

Difficulty: Hard

.e
m

A. Option A
B. Option B
C. Option C
D. Option D

pl
oy
e

es
c

85. When performing an internal control audit under PCAOB standards, one or more material
weaknesses in internal control that exist at year-end may result in what type of report(s):

w
w

Difficulty: Medium

24

7-25

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

Essay Questions

nf
o

86. Independent auditors should consider the work of internal auditors in their assessment of
control risk.
a. Are internal auditors independent of management? Explain.
b. What is the difference between the primary objective of the independent auditors and that
of internal auditors? Explain.
c. Discuss the factors that should be considered by the independent auditors in deciding how
much, if any, reliance should be placed on the work of the internal auditors.

es
c

or
ne
r.i

a. No. However, internal auditors may achieve independence from departments they evaluate
by reporting to a senior officer or the board of directors.
b. The independent auditors' objective is to express an opinion on the client's financial
statements. The internal auditors' primary objective is to aid management in achieving the
most efficient and effective administration of the business.
c. In deciding the degree of reliance to be placed on the work of the internal auditors, the
independent auditors should consider the competence and objectivity of the internal auditors,
and evaluate their work.

pl
oy
e

Difficulty: Hard

87. Auditors are required to consider a client's internal control.


a. Describe the two purposes of the auditors' consideration of a client's internal control.
b. Even the best internal control has certain limitations. List three of those limitations.

w
w

.e
m

a. The auditors' consideration of their clients' internal control is integral to both (1) to assess
the risks of material misstatement in the financial statements and (2) to design the nature,
timing and extent of further audit procedures.
b. The limitations of internal control include (only three required):
Carelessness.
Misunderstanding of instructions.
Top management may override the system
Collusion among employees may circumvent controls dependent upon segregation of duties.
Cost considerations often limit the effectiveness of the design of the structure.

Difficulty: Medium

25

7-26

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

88. When considering a client's internal control, the auditors focus on its various
characteristics. For each of the following characteristics indicate the auditors' responsibility
under generally accepted auditing standards and the procedures used to meet that
responsibility.
a. The design of internal control.
b. Controls have been implemented (placed in operation).
c. The operating effectiveness of controls.

w
w

.e
m

Difficulty: Medium

pl
oy
e

es
c

or
ne
r.i

nf
o

a. The auditors have a responsibility to obtain an understanding of internal control that is


sufficient to plan the audit. An understanding of the design of the structure is obtained by
inspecting control manuals, organization charts, and job descriptions, and by interviewing
client personnel.
b. The auditors have a responsibility to determine whether significant internal control policies
and procedures are implemented (placed in operation) in every audit. The auditors may
determine whether the controls have been implemented (placed in operation) by observation,
inspection, and inquiry. Walk-through tests may also be used.
c. The auditors have a responsibility to determine the operating effectiveness of controls that
provide the basis for the auditors' assessment of control risk at levels below the maximum.
The auditors use observation, inspection, inquiry, and reperformance to test the operating
effectiveness of controls.

26

7-27

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Chapter 07 - Internal Control

or
ne
r.i

nf
o

89. Assume that you have assessed inherent risk for an audit area at a very high level. While
obtaining an understanding of internal control, you have determined that it appears to be very
strong. Nonetheless, due to the large number of transactions involved, you have chosen not to
test controls in the area.
a. At what level will the planned assessed level of control risk be established?
b. Describe the scope of tests of controls that will be performed.
c. At what level will the assessed level of control risk be established?
d. What must be documented in the working papers relating to internal control?
e. At what level will detection risk be established?
f. Describe the required scope of substantive procedures, if any. Make certain to discuss
details of likely nature, timing and extent.

pl
oy
e

es
c

a. Maximum, High or Highest.


b. None will be performed (because control risk is being assessed at the maximum level).
c. Maximum, High or Highest
d. Control risk assessed at maximum (or high or highest) level. The auditor need not
document the reason for assessing control risk at the maximum (we delete points from scores
of students who state that the auditor needs to document the reason).
e. Minimum, low, or lowest
f. Nature--External sources rather than internal Timing--Year-end testing rather than interim
testing. Extent--Greatest extent

w
w

.e
m

Difficulty: Hard

27

7-28

Share By : Faisal Qureshi

Collected By : Ch. Yasir

Chapter 10

Internal Control
Multiple-Choice Questions
Which of the following is responsible for establishing a private companys internal control?
a. Management.
b. Auditors.
c. Management and auditors.
d. Committee of Sponsoring Organizations.

2.
easy
d

Which of the following is not one of the three primary objectives of effective internal control?
a. Reliability of financial reporting
b. Efficiency and effectiveness of operations
c. Compliance with laws and regulations
d. Assurance of elimination of business risk.

3. (Public)
easy
b

The Public Company Accounting Oversight Board states that reasonable assurance allows a:
a. small likelihood of ineffective internal controls.
b. remote likelihood that material misstatements will not be prevented or detected by
internal control.
c. likelihood that material misstatements will not be prevented or detected by internal
control.
d. high likelihood that material misstatements will not be prevented or detected by
internal control.

4.
easy
c

Two
are:
a.
b.
c.
d.

5.
easy
a

Internal controls can never be considered as absolutely effective because:


a. their effectiveness is limited by the competency and dependability of employees.
b. not all organizations have internal audit departments.
c. controls are designed to prevent and detect only material misstatements.
d. internal controls prevent separation of duties.

or
ne
r.i

es
c

pl
oy
e

key concepts that underlie managements design and implementation of internal control

.e
m

costs and materiality.


absolute assurance and costs.
inherent limitations and reasonable assurance.
collusion and materiality.

w
w

6.
easy
d

nf
o

1.
easy
a

A major control available in a small company, which might not be feasible in a big company, is:
a. a wider segregation of duties.
b. a voucher system.
c. fewer transactions to process.
d. the owner-managers personal interest and close relationship with personnel.

7. (Public)
easy
a

Which of the following is responsible for establishing internal controls for a public company?
a. Management.
b. The PCAOB.
c. Management and auditors.
d. Committee of Sponsoring Organizations.

8.
medium
a

Which of the following parties provides an assessment of the effectiveness of internal control
over financial reporting for public companies?

Arens/Elder/Beasley

28

Share By : Faisal Qureshi

Collected By : Ch. Yasir

a.
b.
c.
d.

Management
Yes
No
Yes
No

Financial statement auditors


Yes
No
Yes
No

An act of two or more employees to steal assets or misstate records is frequently referred to as:
a. collusion.
b. a material weakness.
c. a control deficiency.
d. a significant deficiency.

10.
easy
c

When the auditor attempts to understand the operation of the accounting system by tracing a
few transactions through the accounting system, the auditor is said to be:
a. tracing.
b. vouching.
c. performing a walk-through.
d. testing controls.

11. (SOX)
easy
c

Which section of the Sarbanes-Oxley Act requires management to issue an internal control
report?
a. 202
b. 203
c. 404
d. 408

12. (SOX)
easy
a

Sarbanes-Oxley requires management to issue an internal control report that includes two
specific items. Which of the following is one of these two requirements?
a. A statement that management is responsible for establishing and maintaining an adequate
internal control structure and procedures for financial reporting.
b. A statement that management and the board of directors are jointly responsible for
establishing and maintaining an adequate internal control structure and procedures for
financial reporting.
c. A statement that management, the board of directors, and the external auditors are jointly
responsible for establishing and maintaining an adequate internal control structure and
procedures for financial reporting.
d. A statement that the external auditors are solely responsible.

es
c

pl
oy
e

.e
m

When management is evaluating the design of internal control, management evaluates whether
the control can do which of the following?

w
w

13. (SOX)
easy
c

or
ne
r.i

nf
o

9.
easy
a

Detect material misstatements


a.
Yes
b.
No
c.
Yes
d.
No

Correct material misstatements


Yes
No
No
Yes

14. (SOX)
easy
b

Internal control reports issued by public companies must identify the framework used to
evaluate the effectiveness of internal control. Which of the following is the most common
framework in the U.S.?
a. Effective Internal Control Framework - AICPA
b. Internal Control - Integrated Framework - COSO
c. Enterprise Internal Control - COSO
d. Enterprise Internal Control - AICPA

15. (Public)

When one material weakness is present at the end of the year, management of a public company

Arens/Elder/Beasley

29

Share By : Faisal Qureshi

Collected By : Ch. Yasir


must conclude that internal control over financial reporting is:
a. insufficient.
b. inadequate.
c. ineffective.
d. inefficient.

16. (Public)
easy
a

The auditors tests to understand the clients internal controls might include which of the
following types of procedures?

a.
b.
c.
d.

Observation of employees
Yes
No
Yes
No

Inquiries of personnel
Yes
No
No
Yes

nf
o

easy
c

Which of managements concerns with respect to implementing internal controls is the auditor
primarily concerned?
a. Efficiency of operations.
b. Reliability of financial reporting.
c. Effectiveness of operations.
d. Compliance with applicable laws and regulations.

18.
easy
b

Which of the following activities would be least likely to strengthen a companys internal
control?
a. Separating accounting from other financial operations.
b. Maintaining insurance for fire and theft.
c. Fixing responsibility for the performance of employee duties.
d. Carefully selecting and training employees.

19. (Public)
medium
c

Management must disclose material weaknesses in internal control:


a. whenever the weakness is deemed significant to a single class of transactions.
b. whenever the weakness is significant to overall financial reporting objectives.
c. if the weakness exists at the end of the year.
d. only if the auditor identifies the weakness as significant.

20.
easy
b

When auditing a private company, the auditor should obtain an understanding of internal control
sufficient to:
a. provide reasonable protection against client fraud and defalcations by client employees.
b. assess control risk.
c. provide a basis for suggestions to the client for improving the accounting system.
d. provide a method for safeguarding assets, checking the accuracy and reliability of
accounting data, promoting operational efficiency, and encouraging adherence to
prescribed managerial policies.

w
w

.e
m

pl
oy
e

es
c

or
ne
r.i

17.
easy
b

The initial presumption in the audit of a public company is that control risk is:
a. low.
b. moderate.
c. high.
d. low or moderate, but not high.

22.

In the audit of a private company, the auditor will test controls when control risk is initially
assessed at:

21. (Public)
medium
a

medium
c
a.
b.
c.

Low
Yes
No
Yes

Moderate
No
No
Yes

High
Yes
Yes
No

Arens/Elder/Beasley

30

Share By : Faisal Qureshi

Collected By : Ch. Yasir


d.

No

Yes

No

The auditors study of a public companys internal control is:


a. required by GAAS.
b. required by the AICPA.
c. required by the Sarbanes-Oxley Act.
d. recommended by the AICPA.

24.
medium
b

The auditors consideration of a private companys internal control is:


a. required by GAAP.
b. required by GAAS.
c. required by the IRS.
d. recommended by the SEC.

25.
medium
d

Internal controls can never be regarded as completely effective. Even if company personnel
could design an ideal system, its effectiveness depends on the:
a. adequacy of the computer system.
b. proper implementation by management.
c. ability of the internal audit staff to maintain it.
d. competency and dependability of the people using it.

26.
medium
c

Even with the most effectively designed internal control, the auditor must obtain audit evidence,
beyond testing the controls, for every:
a. transaction.
b. financial statement account.
c. material financial statement account.
d. financial statement account that will be relied upon by third parties.

27.
medium
d

The essence of an effectively controlled organization lies in the:


a. effectiveness of its independent auditor.
b. effectiveness of its internal auditor.
c. attitude of its employees.
d. attitude of its management.

28. (Public)
medium
c

To issue a report on internal control over financial reporting for a public company, an auditor
must:
a. evaluate managements assessment process.
b. independently assess the design and operating effectiveness of internal control.
c. evaluate managements assessment process and independently assess the design and
operating effectiveness of internal control.
d. test controls over significant account balances.

w
w

.e
m

pl
oy
e

es
c

or
ne
r.i

nf
o

23. (Public)
medium
c

29. (Public)
medium
a

30.
Medium
a

Which of the stock exchanges require listed companies to have an audit committee composed
entirely of independent directors?

a.
b.
c.
d.

NYSE
Yes
No
Yes
No

NASDAQ
Yes
No
No
Yes

Which of the following factors may increase risks to an organization?

a.

Geographic dispersion of
company operations
Yes

Presence of new information technologies


Yes

Arens/Elder/Beasley

31

Share By : Faisal Qureshi

Collected By : Ch. Yasir


b.
c.
d.

No
Yes
No

No
No
Yes

Which of the following statements is correct with respect to separation of duties?


a.
Employees should not have temporary and permanent custody of assets.
b.
Employees who authorize transactions should not have custody of related assets.
c.
It is permissible to allow an employee to open cash receipts and record those receipts.
d.
Employees who authorize transactions should have recording responsibility for these
transactions.

32.
medium
b

Authorizations can be either general or specific. Which of the following is not an example of a
general authorization?
a. Automatic reorder points for raw materials inventory.
b. A sales managers authorization for a sales return.
c. Credit limits for various classes of customers.
d. A sales price list for merchandise.

33.
medium
c

The most important type of protective measure for safeguarding assets is:
a. adequate separation of duties among personnel.
b. proper authorization of transactions.
c. the use of physical precautions.
d. adequate documentation.

34.
medium
a

Which of the following is correct with respect to the design and use of business documents?
a. Not all documents used for internal purposes need to be prenumbered.
b. Documents should be designed for single purposes only to avoid confusion in their use.
c. Documents should be designed to be understandable only by those who use them.
d. Documents designed for external use must be prenumbered.

35. (Public)
medium
a

PCAOB Standard 2 requires auditors to evaluate the effectiveness of the audit committees
oversight of the companys:
Efficiency of
operations
No
No
Yes
Yes

Internal control over financial


reporting
Yes
Yes
No
No

Which of the following is correct?


a. Approval is a policy decision implemented by employees.
b. Approval occurs as a matter of general policy and includes significant transactions only.
c. Authorization is a policy decision for either a general class of transactions or specific
transactions.
d. Approval should be given by the employee responsible for recording the transaction.

w
w

36.
medium
c

External financial
reporting
Yes
No
Yes
No

.e
m

a.
b.
c.
d.

pl
oy
e

es
c

or
ne
r.i

nf
o

31.
medium
b

37.
medium
a

Which of the following principles is not necessary for the proper design and use of documents
and records?
a. Designed for a single use to increase efficiency of operations.
b. Constructed in a manner that encourages correct preparation.
c. Prepared at the time a transaction takes place.
d. Designed for multiple uses to increase efficiency of operations.

38.
medium
b

Narratives, flowcharts, and internal control questionnaires are three common methods of:
a. testing the internal controls.
b. documenting the auditors understanding of internal controls.

Arens/Elder/Beasley

32

Share By : Faisal Qureshi

Collected By : Ch. Yasir


c.
d.

designing the audit manual and procedures.


documenting the auditors understanding of a clients organizational structure.

_____ deal with ongoing or periodic assessment of the quality of internal control by
management.
a. Quality monitoring activities
b. Monitoring activities
c. Oversight activities
d. Management activities

40. (Public)
medium
c

Smaller public companies face challenges implementing effective internal control due to
______.
a. a lack of expertise
b. reduced importance
c. limited resources
d. limited available guidance

41.
medium
a

Which of the following is not one of the levels of an absence of internal controls?
a. Major deficiency.
b. Material weakness.
c. Significant deficiency.
d. Control deficiency.

42.
medium
a

Which of the following is the correct definition of control deficiency?


a. A control deficiency exists if the design or operation of controls does not permit company
personnel to prevent or detect misstatements on a timely basis.
b. A control deficiency exists if one or more deficiencies exist that adversely affect a
companys ability to prepare external financial statements reliably.
c. A control deficiency exists if the design or operation of controls results in a more than
remote likelihood that controls will not prevent or detect misstatements.
d. A control deficiency exists if the design or operation of controls results in a more than
probable likelihood that controls will prevent or detect misstatements.

43.
medium
c

A(n) _______ deficiency exists if a necessary control is missing or not properly formulated.
a. control
b. significant
c. design
d. operating

or
ne
r.i

es
c

pl
oy
e

.e
m

To determine if significant internal control deficiencies are material weaknesses, they must be
evaluated on their:

w
w

44.
medium
a

nf
o

39.
medium
b

45.
medium
d

a.
b.
c.
d.

Likelihood
Yes
No
Yes
No

Significance
Yes
No
No
Yes

The purpose of an entitys accounting information and communication system is to ______.

a.
b.
c.
d.

Monitor
transactions
Yes
No
Yes
No

Record and
process
transactions
Yes
No
No
Yes

Initiate transactions
Yes
No
No
Yes

Arens/Elder/Beasley

33

Share By : Faisal Qureshi

Collected By : Ch. Yasir

A procedure that would most likely be used by an auditor in performing tests of control
procedures that involve segregation of functions and that leave no transaction trail is:
a. inspection.
b. observation.
c. reperformance.
d. reconciliation.

47.
medium
b

If the results of tests of controls support the design and operations of controls as expected, the
auditor uses ____ control risk as the preliminary assessment.
a. a lower
b. the same
c. a higher
d. either a lower or higher

48.
medium
b

Internal controls normally include procedures designed to provide reasonable assurance that:
a. employees act with integrity when performing their assigned tasks.
b. transactions are executed in accordance with managements authorization.
c. decision processes leading to managements authorization of transactions are sound.
d. collusive activities would be detected by segregation of employee duties.

49.
medium
d

Which of the following is correct?


a. A significant deficiency is always a material weakness.
b. A control deficiency is always a material weakness.
c. A material weakness is less significant that a control deficiency.
d. A material weakness is always a significant deficiency.

50.
medium
d

Which of the following is not a likely procedure to support the operating effectiveness of internal
controls?
a. Inquiry of client personnel.
b. Observation of control-related activities.
c. Reperformance of client procedures.
d. Completing an internal control questionnaire.

51. (Public)
medium
a

Before making the final assessment of internal control at the end of an integrated audit, the
auditor must:

.e
m

pl
oy
e

es
c

or
ne
r.i

nf
o

46.
medium
b

w
w

a.
b.
c.
d.

Test controls
Yes
No
Yes
No

Perform substantive tests of details


Yes
No
No
Yes

Significant deficiencies and material weaknesses in internal control of a public company must
be reported to which of the following?
a. The Public Company Accounting Oversight Board.
b. Members of management who are responsible for the related area of the company.
c. Audit committee of the companys board of directors.
d. The AICPA.

53.
medium
d

Of the following statements about internal controls, which one is not valid?
a. No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
b. Transactions must be properly authorized before such transactions are processed.
c. Because of the cost-benefit relationship, a client may apply controls on a test basis.
d. Control procedures reasonably ensure that collusion among employees cannot occur.

52. (Public)
medium
c

Arens/Elder/Beasley

34

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Which of the following best describes the inherent limitations that should be recognized by an
auditor when considering the potential effectiveness of internal control?
a. Procedures that depend on segregation of duties can be circumvented by collusion.
b. Competent and honest client personnel provide an environment conducive to accounting
control and provide absolute assurance that effective control will be achieved.
c. Procedures designed to assure the execution and recording of transactions in accordance
with proper authorizations are effective against irregularities perpetrated by management.
d. The benefits expected to be derived from effective internal accounting control usually do
not exceed the costs of such control.

55.
medium
c

Which of the following is not one of the subcomponents of the control environment?
a. Managements philosophy and operating style.
b. Organizational structure.
c. Adequate separation of duties.
d. Commitment to competence.

56.
medium
b

It is important for the CPA to consider the competence of the clients personnel because their
competence bears directly and importantly upon the:
a. cost/benefit relationship of the system of internal control.
b. achievement of the objectives of internal control.
c. comparison of recorded accountability with assets.
d. timing of the tests to be performed.

57.
medium
a

Audit evidence concerning proper segregation of duties normally is best obtained by:
a. direct personal observation of the employee who applies control procedures.
b. making inquiries of co-workers about the employee who applies control procedures.
c. preparation of a flowchart of duties performed and available personnel.
d. inspection of third-party documents containing the initials of who applied control
procedures.

58.
medium
b

Proper segregation of functional responsibilities calls for separation of:


a. authorization, execution, and payment.
b. authorization, recording, and custody.
c. custody, execution, and reporting.
d. authorization, payment, and recording.

59.
medium
a

Internal controls are not designed to provide reasonable assurance that:


a. all frauds will be eliminated.
b. transactions are executed in accordance with managements authorization.
c. access to assets is permitted only in accordance with managements authorization.
d. company personnel comply with applicable rules and regulations.

w
w

.e
m

pl
oy
e

es
c

or
ne
r.i

nf
o

54.
medium
a

60.
medium
d

61.
medium
b

Which of the following statements about auditor documentation of the clients internal controls
is correct?
a. Documentation must include flow charts.
b. Documentation must include procedural write-ups.
c. No documentation is necessary although it is desirable.
d. No one particular form of documentation is necessary.
Significant deficiencies are matters that come to an auditors attention and should be
communicated to an entitys audit committee because they represent:
a. material frauds perpetrated by high-level management.
b. internal control deficiencies that could adversely affect a companys ability to initiate,
record, process, or report external financial statements reliably.
c. flagrant violations of the entitys documented conflict-of-interest policies.
d. intentional attempts by client personnel to limit the scope of the auditors field work.

Arens/Elder/Beasley

35

Share By : Faisal Qureshi

Collected By : Ch. Yasir


How must significant deficiencies and material weaknesses be communicated to those charged
with governance?
a. Either oral or written communication is acceptable.
b. Oral communication is required.
c. Written communication is required.
d. Written communication is required for material weaknesses, but oral communication is
allowed for significant deficiencies.

63.
challenging
a

Which of the following statements, if any, is correct?


a. The NASDAQ market requires listed companies to have audit committees that have only
independent directors.
b. The NASDAQ market requires listed companies to have audit committees that have a
minority of the positions held by independent directors.
c. The NASDAQ market recommends, but does not require, listed companies to have audit
committees.
d. The NASDAQ market recommends, but does not require, listed companies to have audit
committees that have a minority of the positions held by independent directors.

64. (SOX)
challenging
a

The Sarbanes-Oxley Act requires:


a. all public companies to issue reports on internal controls.
b. all public companies to define adequate internal controls.
c. the auditor of public companies to design effective ICFR.
d. the auditor of public companies to provide recommendations to correct material
weaknesses.

65.
challenging
d

When considering internal control, an auditor should be aware of the concept of reasonable
assurance, which recognizes that the:
a. segregation of incompatible functions is necessary to ascertain that internal control is
effective.
b. employment of competent personnel provides assurance that the objectives of internal
control will be achieved.
c. establishment and maintenance of internal control is an important responsibility of the
management and not of the auditor.
d. costs of internal control should not exceed the benefits expected to be derived from
internal control.

66.
challenging
a

The financial statements are not likely to correctly reflect GAAP if the:
a. controls affecting the reliability of financial reporting are inadequate.
b. companys controls do not promote efficiency.
c. companys controls do not promote effectiveness.
d. companys control do not promote compliance with applicable rules and regulations.

w
w

.e
m

pl
oy
e

es
c

or
ne
r.i

nf
o

62.
medium
c

67.
challenging
a

68.
challenging

The primary emphasis by auditors is on controls over:


a. classes of transactions.
b. account balances.
c. both a and b, because they are equally important.
d. both a and b, because they vary from client to client.

Compared to a public company, the most important difference in a nonpublic company in


assessing control risk is the ability to assess control risk at _______ for any or all control-related
objectives.
a. low
b. moderately low
c. medium
d. high

69.

An auditor should consider two key issues when obtaining an understanding of a clients

Arens/Elder/Beasley

36

Share By : Faisal Qureshi

Collected By : Ch. Yasir


internal controls. These issues are:
a. the effectiveness and efficiency of the controls.
b. the frequency and effectiveness of the controls.
c. the design and utilization of the controls.
d. The implementation and efficiency of the controls.

70.
challenging
c

The independent auditor should acquire an understanding of the internal audit function as it
relates to the independent auditors study and evaluation of internal control because the:
a. audit programs, working papers, and reports of internal auditors can often be used as a
substitute for the work of the independent auditors staff.
b. procedures performed by the internal audit staff may eliminate the independent auditors
need for an extensive study and evaluation of internal control.
c. work performed by internal auditors may be a factor in determining the nature, timing, and
extent of the independent auditors procedures.
d. understanding of the internal audit function is an important substantive test to be
performed by the independent auditor.

71.
challenging
c

To be effective, an internal audit department must be independent of:


a. operating departments.
b. the accounting department.
c. both a and b.
d. either a or b, but not both.

72.
challenging
d

Hanlon Corp. maintains a large internal audit staff that reports directly to the chief financial
officer. Audit reports prepared by the internal auditors indicate that the system is functioning as
it should and that the accounting records are reliable. An independent auditor will probably:
a. eliminate tests of controls.
b. increase the depth of the study and evaluation of administrative controls.
c. avoid duplicating the work performed by the internal audit staff.
d. place limited reliance on the work performed by the internal audit staff.

73.
challenging
d

External financial statement auditors must obtain evidence regarding what attributes of an
internal audit (IA) department if the external auditors intend to rely on IAs work?
a. Integrity
b. Objectivity
c. Competence
d. All of the above

es
c

pl
oy
e

.e
m

When planning an audit, the auditors assessed level of control risk is:
a. determined by using actuarial tables.
b. calculated by using the audit risk model.
c. an economic issue, trading off the costs of testing controls against the cost of testing
balances.
d. calculated by using the formulas provided in the AICPAs auditing standards.

w
w

74.
challenging
c

or
ne
r.i

nf
o

challenging
c

When a compensating control exists, the absence of a key control:


a. is no longer a concern because there is no longer a significant deficiency or material
weakness.
b. is still a major concern to the auditor.
c. could cause a material loss, so it must be tested using substantive procedures.
d. is magnified and must be removed from the sampling process and examined in its entirety.

76.
challenging
c

After considering a clients internal controls, an auditor has concluded that it is well designed
and is functioning as intended. Under these circumstances the auditor would most likely:
a. perform tests of controls to the extent outlined in the audit program.
b. determine the control procedures that should prevent or detect errors and irregularities.
c. not increase the extent of predetermined substantive tests.

75.
challenging
a

Arens/Elder/Beasley

37

Share By : Faisal Qureshi

Collected By : Ch. Yasir


d.

determine whether transactions are recorded to permit preparation of financial statements


in conformity with generally accepted accounting principles.

To obtain an understanding of an entitys control environment, an auditor should concentrate on


the substance of managements policies and procedures rather than their form because:

77.
challenging
a

a.
b.
c.

nf
o

d.

management may establish appropriate policies and procedures but not act on them.
the board of directors may not be aware of managements attitude toward the control
environment.
the auditor may believe that the policies and procedures are inappropriate for that
particular entity.
the policies and procedures may be so weak that no reliance is contemplated by the
auditor.

78.
medium

or
ne
r.i

Essay Questions

Describe each of the three broad objectives management typically has for internal control. With
which of these objectives is the auditor primarily concerned?

pl
oy
e

es
c

Answer:
The three objectives are:
Reliability of financial reporting. Management has both a legal and professional
responsibility to be sure that the information is fairly presented in according with
reporting requirements such as GAAP.
Efficiency and effectiveness of operations. Controls within an organization are meant
to encourage efficient and effective use of its resources to optimize the companys
goals.
Compliance with laws and regulations. Public and non-public organizations are
required to follow many laws and regulations. Some relate to accounting only
indirectly, such as environmental protection and civil rights laws. Others are closely
related to accounting, such as income tax regulations and fraud.

79.
medium

.e
m

The auditor is primarily concerned with the objective of reliable financial reporting.

Briefly describe the responsibilities of management and external auditors for internal controls.
Answer:

w
w

Management is responsible for establishing and maintaining the entitys internal controls.
For public companies, management is also required by Section 404 to publicly report on
the operating effectiveness of those controls. In contrast, the auditors responsibilities
include understanding and testing internal control over nancial reporting. For public
company clients, the auditor is also required by Section 404 to issue an audit report on
managements assessment of its internal controls, including the auditors opinion on the
operating effectiveness of those controls.

80. (Public)
medium

There are four steps in the auditors process of understanding internal control and assessing
control risk for a public company. Step one is obtain and document an understanding of
internal control: design and operation. What are the remaining three steps?

Arens/Elder/Beasley

38

Share By : Faisal Qureshi

Collected By : Ch. Yasir

Answer:
The remaining three steps are:
Assess control risk.
Design, perform, and evaluate tests of controls.
Decide planned detection risk and substantive tests.
81.
medium

Certain principles dictate the proper design and use of documents and records. Briefly describe
several of these principles.
Answer:

Managements identification and analysis of risk is an ongoing process and is a critical


component of effective internal control. An important first step is for management to identify
factors that may increase risk. Identify at least five factors, observable by management, which
may lead to increased risk in a typical business organization.

pl
oy
e

82.
medium

es
c

nf
o

Documents should be prenumbered consecutively to facilitate control over missing


documents and as an aid in locating documents when they are needed at a later date.
Documents and records should be prepared at the time a transaction takes place, or as
soon as possible thereafter, to minimize timing errors.
Documents and records should be designed for multiple uses, when possible, to
minimize the number of different forms. For example, a properly designed and used
shipping document can be the basis for releasing goods from storage to the shipping
department, informing billing of the quantity of goods to bill to the customer and the
appropriate billing date, and updating the perpetual inventory records.
Documents and records constructed in a manner that encourages correct preparation.
This can be done by providing internal checks within the form or record. For example,
a document might include instructions for proper routing, blank spaces for
authorizations and approvals, and designated column spaces for numerical data.

or
ne
r.i

w
w

.e
m

Answer:
There are many factors that may lead to increased risk in an organization. Some examples
include:
failure to meet prior objectives,
decreasing quality of personnel,
increasing geographic dispersion of company operations,
increasing significance and complexity of core business processes,
introduction of new information technologies, and
entrance of new competitors.

83.
medium

During a financial statement audit of a private company, three steps must be completed by the
auditor before concluding that control risk is low. What are these steps?
Answer:
The three steps that must be completed by the auditor before concluding that control risk is
low are:
1. obtaining an understanding of the control environment, risk assessment procedures,
accounting information and communication system, and monitoring methods at a
fairly detailed level;
2. identify specific controls that will reduce control risk and make an assessment of
control risk; and
3. test the effectiveness of controls.

Arens/Elder/Beasley

39

Share By : Faisal Qureshi

Collected By : Ch. Yasir

84.
medium

What are the two primary factors that auditors consider in determining if an entity is auditable?
Answer:
The two primary factors are the integrity of management and the adequacy of accounting
records.

85.
medium

Define the following terms: control deficiency, significant deficiency, and material weakness.
Answer:

A signicant deciency exists if one or more control deciencies exist that results in
more than a remote likelihood that a misstatement that is more than inconsequential
will not be prevented or detected.

A material weakness exists if a signicant deciency, by itself, or in combination with


other signicant deciencies, results in a more than remote likelihood that internal
control will not prevent or detect material nancial statement misstatements.

or
ne
r.i

nf
o

A control deciency exists if the design or operation of controls does not permit
company personnel to prevent or detect misstatements on a timely basis.

Describe three inherent limitations of internal control.

es
c

86.
medium

The internal control framework developed by COSO includes five so-called components of
internal control. Discuss each of these five components.

.e
m

87.
medium

pl
oy
e

Answer:
The effectiveness of internal controls depends on the competency and dependability of the
people using it. Inherent limitations of internal control include:
employee carelessness,
lack of understanding,
management override, and
collusion.

w
w

Answer:
Five components of internal control are:
The control environment. The control environment consists of the actions, policies,
and procedures that reflect the overall attitudes of top management about control and
its importance to the company.
Risk assessment. This is managements identification and analysis of risks relevant to
the preparation of financial statements in accordance with GAAP.
Information and communication. This is the set of manual and/or computerized
procedures that identifies, assembles, classifies, analyzes, records, and reports a
companys transactions and maintains accountability for the related assets.
Control activities. These are the policies and procedures that help ensure necessary
actions are taken to address risks in the achievement of the companys objectives.
Monitoring. This is managements ongoing and periodic assessment of the quality of
internal control performance to determine that controls are operating as intended and
modified when needed.

Arens/Elder/Beasley

40

Share By : Faisal Qureshi

Collected By : Ch. Yasir


Discuss what is meant by the term control environment and identify four control environment
subcomponents that the auditor should consider.
Answer:
The control environment consists of the actions, policies, and procedures that reflect the
overall attitudes of top management, directors, and owners of an entity about control and
its importance to the entity. Subcomponents include integrity and ethical values,
commitment to competence, board of directors or audit committee participation,
managements philosophy and operating style, organizational structure, assignment of
authority and responsibility and human resource policies and practices.

89.
challenging

Describe the auditors responsibilities related to communications regarding internal control


matters.

nf
o

88.
medium

90.
challenging

es
c

or
ne
r.i

Answer:
The auditor must communicate signicant deciencies and material weaknesses in writing
to those charged with governance as soon as they become aware of their existence. The
communication is usually addressed to the audit committee and to management. Timely
communications may provide management an opportunity to address control deciencies
before managements report on internal control must be issued. In some instances,
deciencies can be corrected sufciently early such that both management and the auditor
can conclude that controls are operating effectively as of the balance sheet date.

The text suggested a five-step approach to identify deficiencies, significant deficiencies, and
material weaknesses. Describe this approach.

pl
oy
e

Answer:

w
w

.e
m

1. Identify existing controls. Because deciencies and material weaknesses are the
absence of adequate controls, the auditor must rst know which controls exist.
2. Identify the absence of key controls. Internal control questionnaires, owcharts, and
walkthroughs are useful tools to identify where controls are lacking and the likelihood
of misstatement is therefore increased.
3. Consider the possibility of compensating controls. A compensating control is one
elsewhere in the system that offsets the absence of a key control. When a
compensating control exists, there is no longer a signicant deciency or material
weakness.
4. Decide whether there is a signicant deciency or material weakness. The
likelihood of misstatements and their materiality are used to evaluate if there are
signicant deciencies or material weaknesses.
5. Determine potential misstatements that could result. This step is intended to identify
specic misstatements that are likely to result because of the signicant deciency or
material weakness. The importance of a signicant deciency or material weakness is
directly related to the likelihood and materiality of potential misstatements.

Arens/Elder/Beasley

41

Share By : Faisal Qureshi

Collected By : Ch. Yasir


91.
challenging

Auditing standards related to the audits of private companies specify the extent to which
auditors can rely on evidence about internal controls obtained in prior years. Briefly describe
this guidance.

Adequate separation of duties is an important control activity. Discuss the four general
guidelines for separation of duties to prevent both intentional and unintentional misstatements
that are of significance to auditors.

or
ne
r.i

92.
challenging

nf
o

Answer:
When auditors plan to use evidence about the operating effectiveness of internal control
obtained in prior audits, SAS 110 requires them to test their effectiveness at least every
third year. If auditors determine that a key control has been changed since it was last
tested, they should test it in the current year. When there are a number of controls tested in
prior audits that have not been changed, SAS 110 requires auditors to test some of those
controls each year to ensure there is a rotation of controls testing throughout the three-year
period.

es
c

Answer:
The general guidelines are:
Custody of assets should be separated from accounting,
Authorizing transactions should be separated from custody of related assets,
Operational responsibility should be separated from record-keeping, and
Duties within IT should be separated.

Match seven of the terms (a-i) with the definitions provided below (1-7):
a. Control environment
b. Control activities
c. Independent checks on performance
d. Internal control
e. Monitoring
f.
Separation of duties
g. General authorization
h. Specific authorization
i.
Risk assessment

.e
m

93.
medium

pl
oy
e

Other Objective Answer Format Questions

1.

Managements ongoing and periodic assessment of the quality of internal


control performance to determine that controls are operating as intended and
modified when needed.

2.

Company-wide policies for the approval of all transactions within stated


limits.

3.

The actions, policies, and procedures that reflect the overall attitudes of top
management, directors, and owners of an entity about control and its
importance to the entity.

4.

Segregation of the following activities in an organization: custody of assets,


accounting, authorization, and operational responsibility.

w
w

Arens/Elder/Beasley

42

Share By : Faisal Qureshi

Collected By : Ch. Yasir

5.

Managements identification and analysis of risks relevant to the preparation


of financial statements in accordance with generally accepted accounting
principles.

6.

Policies and procedures that help ensure necessary actions are taken to address
risks in the achievement of the entitys objectives.

7.

A process designed to provide reasonable assurance regarding the


achievement of managements objectives in the following categories: (1)
reliability of financial reporting, (2) effectiveness and efficiency of operations,
and (3) compliance with applicable laws and regulations.

nf
o

If, when obtaining an understanding of control activities of a relatively small client, the auditor
identified no control activities, the auditor would probably set a high assessment of control risk.
a. True
b. False
If, when obtaining an understanding of control activities of a relatively small client, the auditor
identified no control activities, the auditor would probably determine the client were
unauditable.
a. True
b. False

or
ne
r.i

94.
easy
a
95.
easy
a

When internal controls are effective, then substantive audit tests are more reliable; thus, the
extent of substantive tests should be reduced.
a. True
b. False

97.
easy
b

Auditors of private companies may rely on prior periods tests of controls for a period not to
exceed four years.
a. True
b. False

98.
easy
a

In an audit of a non-public company, the less control risk there is, the smaller the amount of
planned substantive evidence that is required.
a. True
b. False

pl
oy
e

.e
m

As a clients information system becomes more complex, it is likely that an auditor will
decrease reliance on controls and increase substantive tests to support a control risk assessment.
a. True
b. False

w
w

99.
easy
b

es
c

96.
easy
b

When a company designs and implements internal controls, cost of the controls is not a valid
consideration.
a. True
b. False

101. (Public)
easy
a

PCAOB Standard 2 requires auditors to perform walkthroughs to assist in understanding


internal control.
a. True
b. False

102.
easy
b

Adequate documents and records is a subcomponent of the control environment.


a. True
b. False

100.
easy
b

Arens/Elder/Beasley

43

Share By : Faisal Qureshi

Collected By : Ch. Yasir

For proper internal control, there should be adequate separation of duties. However, the extent
of separation of duties considered adequate depends heavily on the size of the organization.
a. True
b. False

104.
medium
a

In an audit of a non-public company, the auditors assessment of control risk and the extent of
tests of controls are inversely related.
a. True
b. False

105.
medium
b

Smaller companies usually have more extensive internal controls than larger companies which
result in fewer frauds being committed at small companies.
a. True
b. False

106. (Public)
medium
a

To issue an unqualified opinion on internal control over financial reporting, there must be no
identified material weaknesses and no restrictions on the scope of the audit.
a. True
b. False

107. (SOX)
medium
a

The Sarbanes-Oxley Act of 2002 requires that public companies issue an internal control report.
a. True
b. False

108.
medium
b

The most important component of internal control is risk assessment.


a. True
b. False

109.
medium
a

The primary emphasis by auditors when evaluating and testing internal control is on controls
over classes of transactions rather than controls over account balances.
a. True
b. False

110.
medium
b

When internal controls over a given financial statement account are assessed as highly effective,
the auditor need not obtain audit evidence for that account beyond testing the controls.
a. True
b. False

or
ne
r.i

es
c

pl
oy
e

.e
m

The chart of accounts is a control and is closely related to the controls related to adequate
documents and records.
a. True
b. False

w
w

111.
medium
a

nf
o

103.
easy
a

Auditing standards prohibit reliance on the work of internal auditors due to the lack of
independence of the internal auditors.
a. True
b. False

113.
medium
a

If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain
satisfactory evidence related to the IAs competence, integrity, and objectivity.
a. True
b. False

112.
medium
b

Arens/Elder/Beasley

44

Share By : Faisal Qureshi

Collected By : Ch. Yasir

Procedures used to obtain an understanding of internal control are normally performed on fewer
transactions than procedures used to test controls.
a. True
b. False

115.
medium
a

For most uses, flowcharts are superior to narratives as a method of communicating the
characteristics of internal control.
a. True
b. False

116.
medium
b

When documenting their understanding of a clients internal controls, auditors are required to
use narratives.
a. True
b. False

w
w

.e
m

pl
oy
e

es
c

or
ne
r.i

nf
o

114.
medium
a

Arens/Elder/Beasley

45

Share By : Faisal Qureshi

Collected By : Ch. Yasir

Chapter 26

Internal Control

nf
o

Multiple-Choice Questions
The IIA Code of Ethics is based on all but which of the following ethical principles?
a. Integrity.
b. Independence.
c. Competency.
d. Confidentiality.

2.
easy
c

Statements on Internal Auditing Standards are issued by the:


a. AICPA.
b. SEC.
c. Internal Auditing Standards Boards.
d. Auditing Standards Boards.

3.
easy
c

Internal auditors are responsible to:


a. the board of directors.
b. management.
c. both a and b.
d. neither a nor b.

4.
easy
a

Which of the following is not a similarity between external and internal auditors?
a. Both must be independent of the company.
b. Both must be competent.
c. Both use similar methodologies in performing their work.
d. Both consider risk and materiality in their work.

es
c

pl
oy
e

.e
m

External auditors consider internal auditors effective if they are:


a. independent of the operating units being evaluated.
b. competent and well trained.
c. have performed relevant audit tests of the internal controls and financial statements.
d. all of the above.

w
w

5.
easy
d

or
ne
r.i

1.
easy
b

Auditing standards _______ external auditors to use the internal auditors for direct assistance on
the audit.
a. discourage
b. prohibit
c. encourage
d. permit

7.
easy
b

The primary source of authoritative literature for doing government audits is the:
a. Purple Book.
b. Yellow Book.
c. Green Book.
d. Red Book.

6.
easy
d

Arens/Elder/Beasley

46

Share By : Faisal Qureshi

Collected By : Ch. Yasir

8.
easy
c
a

When a state or local government agency receives federal financial assistance, it is subject to
the audit requirements of:
Yellow Book
Yes
No
Yes
Yes

a.
b.
c.
d.

Single Audit Act


Yes
No
Yes
No

OMB Circular A-133


No
Yes
Yes
No

Which of the following is not one of the broad categories of operational audits?
a. Functional audits.
b. Organizational audits.
c. Single Audit Act audits.
d. Special assignment audits.

10.
easy
d

Which of the following groups could not be involved in an operational audit?


a. CPA firms.
b. Internal auditors.
c. Government auditors.
d. None of the above answers is correct; that is, all of the above could be involved.

11.
easy
b

The IIAs professional practice framework (including its code of ethics and International
Standards for the Professional Practice of Internal Auditing) is commonly referred to as the:
a. Blue Book.
b. Red Book.
c. Green Book.
d. Yellow Book.

12.
easy
b

The professional organization which is responsible for providing guidance for internal auditors
is the:
a. APA.
b. IIA.
c. ABA.
d. AIA.

or
ne
r.i

es
c

pl
oy
e

.e
m

The financial auditing standards of the Yellow Book are ______ the 10 GAAS of the AICPA.
a. the same as
b. quite different from
c. incompatible with
d. consistent with

w
w

13.
easy
d

nf
o

9.
easy
c

Which of the following is not one of the three phases in an operational audit?
a. Planning.
b. Training and supervising employees.
c. Evidence accumulation and evaluation.
d. Reporting and follow-up.

15.
medium
a

The correct title of the Yellow Book is:


a. Government Auditing Standards.
b. IIA Practice Standards.
c. Statement of Responsibilities of Internal Auditing.
d. Statement of Standards on Accounting and Review Services.

16.
medium

The Yellow Book recognizes that, because of the sensitivity of government activities and their
public accountability, in government audits the thresholds of acceptable audit risk and tolerable

14.
easy
b

Arens/Elder/Beasley

47

Share By : Faisal Qureshi

Collected By : Ch. Yasir

misstatement compared to an audit of a commercial enterprise may be:


a. equal.
b. lower.
c. higher.
d. indeterminable.

17.
medium
b

The Single Audit Act requires that an audit be conducted for recipients who receive total federal
funds in any fiscal year of:
a. $1,000,000 or more.
b. $500,000 or more.
c. $300,000 or more.
d. $100,000 or more.

18.
medium
b

An audit conducted in accordance with the Yellow Book must include an audit report that states
the audit was performed in accordance with:
a. GAAS.
b. GAGAS.
c. GASA.
d. SAS.

19.
medium
d

An audit designed to evaluate the efficiency and effectiveness of an organization or some part
of an organization would not be called a(n):
a. performance audit.
b. management audit.
c. operational audit.
d. compliance audit.

20.
medium
c

Which of the following is not one of the major differences between financial and operational
auditing?
a. The financial audit is oriented to the past, but an operational audit concerns performance
for the future.
b. The financial audit report is distributed to many readers, but the operational audit report
goes to a few managers.
c. Financial audits deal with the information on the financial statements, but operational
audits are concerned with the information in the ledgers.
d. Financial audits are limited to matters that directly affect the financial statements, but
operational audits cover any aspect of efficiency and effectiveness.

or
ne
r.i

es
c

pl
oy
e

.e
m

Before an operational audit for effectiveness can be performed, there must be:
a. a financial audit by an independent auditor.
b. a financial audit by an internal auditor.
c. a review performed by either an independent or an internal auditor.
d. specific criteria developed to define effectiveness.

w
w

21.
medium
d

nf
o

22.
medium
d

Auditors involved in planning, performing, or reporting on audits under GAGAS must complete
____ hours of continuing professional education in each two-year period.
a. 20
b. 40
c. 60
d. 80

23.
medium
b

Which of the following statements regarding types of operational audits is false?


a. A functional audit has the advantage of permitting specialization by auditors.
b. An advantage of functional auditing is its ability to evaluate interrelated functions.
c. The emphasis in an organizational audit is on how efficiently and effectively functions

Arens/Elder/Beasley

48

Share By : Faisal Qureshi

Collected By : Ch. Yasir

d.

interact.
Special operational auditing assignments arise at the request of management.

The two most important qualities for an operational auditor are:


a. personality and appearance.
b. independence and competence.
c. competence and technical training.
d. academic background and sufficient experience.

25.
medium
a

Which of the following is not a difference between operational auditing and financial auditing?
a. Both must be CPAs.
b. Operational audit reports are usually of a restricted distribution while financial audit
reports are widely distributed.
c. Operational audits often cover non-financial issues while financial audits do not.
d. None of the above is a difference.

26.
medium
c

A typical objective of an operational audit is to determine whether an entitys:


a. internal control is adequately operating as designed.
b. financial statements present fairly the results of operations.
c. specific operating units are functioning efficiently and effectively.
b. operational information is in accordance with generally accepted government auditing
standards.

27.

Which of the following can affect the independence of operational auditors?

or
ne
r.i

es
c

pl
oy
e

Responsibilities
Yes
No
No
Yes

Reporting Structure
No
No
Yes
Yes

Which is not a purpose of an economy and efficiency audit?


a. Whether the entity is acquiring, protecting, and using resources economically and
efficiently.
b. The causes of inefficiencies and uneconomical practices.
c. Whether the entity has complied with laws and regulations concerning matters of economy
and efficiency.
d. Each of the above is a purpose.

w
w

28.
challenging
d

a.
b.
c.
d.

.e
m

medium
d

nf
o

24.
medium
b

29.
challenging
d

30.
challenging
b

A(n) _________ audit emphasizes how efficiently and effectively functions interact.
a. operational
b. compliance
c. financial
d. organizational
Which of the following is not a purpose of a program audit as performed by government
auditors?
a. Determination of the extent to which the desired results established by the legislature are
being achieved.
b. Determination of the causes of inefficiencies in sponsored programs.
c. Determination of the effectiveness of organizations, programs and activities.
d. Determination as to whether the entity has complied with laws and regulations applicable
to the program.

Arens/Elder/Beasley

49

Share By : Faisal Qureshi

Collected By : Ch. Yasir

What distinguishes internal control evaluation and testing for financial and operational
auditing?
a. Purpose of the work.
b. Scope of the work.
c. Both a and b.
d. Neither a nor b.

32.
challenging
c

Of the many hours of continuing professional education required every two years, how many
must be in subjects related to the government environment and government auditing for auditors
involved in planning, performing and reporting on audits under GAGAS?
a. 8 hours
b. 16 hours
c. 24 hours
d. 32 hours

33.
Challenging
b

To be effective, an internal audit department must report to:


Operating departments
Yes
No
Yes
No

a.
b.
c.
d.

Independence from the Audit Committee


Yes
No
Yes
No

Competence
Yes
No
No
Yes

.e
m

Essay Questions
35.
easy

The accounting department


Yes
No
No
Yes

External financial statement auditors must obtain evidence regarding what attributes of an
internal audit department if the external auditors intend to rely on the internal auditors work?

pl
oy
e

34.
challenging
d

es
c

a.
b.
c.
d.

or
ne
r.i

nf
o

31.
challenging
c

What organization establishes auditing standards for internal auditors and what are those
standards commonly called?

w
w

Answer:

Auditing standards for internal auditors are established by the Internal Auditing
Standards Board. They are commonly known as the Red Book.

36.
medium

What are several similarities between internal and external auditors?


Answer:
Both must be competent as auditors and remain objective in performing their work and
reporting their results.
Both follow a similar methodology in performing their audits, including planning and
performing tests of controls and substantive tests.
Both consider risk and materiality in deciding the extent of their tests and evaluating
results. However, their decisions about materiality and risks may differ, because
external users may have different needs than management or the board.

Arens/Elder/Beasley

50

Share By : Faisal Qureshi

Collected By : Ch. Yasir

37.
medium

External auditors typically consider internal auditors effective if they meet three criteria. What
are these criteria?
Answer:
External auditors typically consider internal auditors effective if they are:
Independent of the operating units being evaluated
Competent and well-trained
Have performed relevant audit tests of the internal controls and financial statements

How do the risk and materiality thresholds change in a government audit compared to a
financial statement audit of a public company?

nf
o

38.
medium

39.
medium

or
ne
r.i

Answer:
The Yellow Book recognizes that in government audits the thresholds of acceptable audit
risk and materiality may be lower than in an audit of a commercial enterprise. This is
because of the sensitivity of government activities and their public accountability.

Discuss each of the three phases of an operational audit.

The Institute of Internal Auditors has established Ethical Principles for its members. List each
of the principles.

w
w

40.
medium

.e
m

pl
oy
e

es
c

Answer:
Planning. In the planning phase, the auditor must determine the scope of the
engagement, staff the engagement, obtain background information about the
organizational unit, understand internal control, and decide on the appropriate
evidence to accumulate.
Evidence accumulation and evaluation. In operational auditing, it is common to use
documentation, client inquiry, and observation extensively, while confirmation and
reperformance are used less extensively for most operational audits than for financial
audits.
Reporting and follow-up. The audit report is tailored to address the scope of the audit,
findings, and recommendations and is typically sent only to management. When
recommendations are made to management, follow-up is done to determine whether
the recommended changes were made, and if not, why.

41.
medium

Answer:
The IIAs ethical principles are:
Integrity.
Objectivity.
Confidentiality.
Competency.

Define internal auditing.


Answer:
According to the IIA: Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an organizations operations. It

Arens/Elder/Beasley

51

Share By : Faisal Qureshi

Collected By : Ch. Yasir

helps an organization accomplish its objectives by bringing a systematic, disciplined


approach to evaluate and improve the effectiveness of risk management, control, and
governance processes.

42.
medium

Discuss three major differences between operational and financial auditing.

43.
medium

or
ne
r.i

nf
o

Answer:
Purpose of the audit. Financial auditing emphasizes whether historical information
was correctly recorded, whereas operational auditing emphasizes effectiveness and
efficiency.
Distribution of the reports. For financial auditing, the report typically goes to many
users of financial statements, such as stockholders and bankers, whereas operational
audit reports are intended primarily for management.
Inclusion of nonfinancial areas in operational auditing. Operational audits cover any
aspect of efficiency and effectiveness in an organization, whereas financial audits are
limited to matters that directly affect the fairness of financial statement presentations.

Discuss each of the three broad categories (types) of operational audits.

Operational auditing is the review of an organization for efficiency and effectiveness. Discuss
what is meant by the terms effectiveness and efficiency.

.e
m

44.
medium

pl
oy
e

es
c

Answer:
Functional. A functional audit deals with auditing one or more functions (e.g.,
purchasing) in an organization.
Organizational. An organizational audit deals with an entire organizational unit, such
as a department, branch, or subsidiary.
Special assignments. Special assignments audits arise at the request of management
when there is a need to investigate a particular area, such as investigating the
possibility of fraud in a division, or determining the cause of an ineffective EDP
system.

w
w

Answer:
Effectiveness refers to the degree to which the organizations objectives and goals are
accomplished.
Efficiency refers to the degree to which costs are reduced without reducing
effectiveness.

45.
challenging

Audit tests as required by the Single Audit Act must meet several specific objectives. One
objective is to determine whether the amounts reported as expenditures were for allowable
services. Identify three other specific objectives.
Answer:
Whether the records show that those who received services or benefits were eligible to
receive them.
Whether matching requirements, levels of effort, and earmarking limitations were
met.
Whether federal financial reports and claims for advances and reimbursements
contain information that is supported by the books and records from which the basic
financial statements have been prepared.

Arens/Elder/Beasley

52

Share By : Faisal Qureshi

Collected By : Ch. Yasir

46.
challenging

Whether amounts claimed or used for matching were determined in accordance with
OMB Circular A-87 and OMB Circular A-102.

The auditing standards of the Yellow Book are consistent with the ten generally accepted
auditing standards of the AICPA. There are, however, important additions/modifications in the
Yellow Book. For example, the Yellow Book recognizes that materiality and risk are lower due
to the nature of the government enterprise. Discuss the other additions/modifications.

In addition to an opinion on whether the financial statements are in accordance with GAAP,
identify four other reports required by the OMB Circular A-133.

es
c

47.
challenging

or
ne
r.i

nf
o

Answer:
Quality control. Auditors of government entities must have an appropriate system of
internal quality control and participate in an external quality control review program.
Compliance auditing. The audit should be designed to provide reasonable assurance
of detecting material misstatements resulting from noncompliance with provisions of
contracts or grant agreements that have a material and direct effect on the financial
statements.
Reporting. The report on financial statements must describe the scope of the auditors
testing of compliance with laws and regulations and internal controls and present the
results of those tests, or refer to a separate report containing that information.

Answer:
The following reports are required:

An opinion as to whether the schedule of federal awards is presented fairly in all


material respects in relation to the financial statements as a whole.
A report on internal control related to the financial statements and major programs.
A report on compliance with laws, regulations, and the provisions of contracts or
grant agreements, noncompliance with which could have a material effect on the
financial statements. This report can be combined with the report on internal control.
A schedule of findings and questioned costs.

pl
oy
e

.e
m

Other Objective Answer Format Questions


Match seven of the terms (a-o) with the descriptions/definitions provided below (1-7):

w
w

48.
medium

a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
l.
m.
n.

Compliance audit
Economy and efficiency audit
Effectiveness
Efficiency
Functional audit
Government Auditing Standards
Government audit
Institute of Internal Auditors
Operational auditing
Organizational audit
Program audit
Single Audit Act
Special assignment
IIA Practice Standards

Arens/Elder/Beasley

53

Share By : Faisal Qureshi

Collected By : Ch. Yasir

o.

Statements on Internal Auditing Standards


1.

The official title of the Yellow Book.

2.

A management request for an operational audit for a specific purpose, such as


investigating the possibility of fraud in a division or making recommendations
for reducing the cost of a manufactured product.

3.

A government audit to determine whether an entity is acquiring, protecting, and


using its resources economically and efficiently and whether the entity has
complied with laws and regulations concerning such matters.

4.

The degree to which the organizations objectives are accomplished.

5.

The review of an organization for efficiency and effectiveness.

6.

Federal legislation that provides for a single coordinated audit to satisfy the
audit requirements of all federal funding agencies.

7.

Statements issued by the Internal Auditing Standards Board of the IIA to


provide authoritative interpretation of the IIA Practice Standards.

or
ne
r.i

nf
o

Independence is a fundamental ethical principle for internal auditors.


a. True
b. False

50.
easy
b

Current professional auditing standards prohibit external auditors from using internal auditors
for direct assistance on external audits.
a. True
b. False

51.
easy
b

Current professional auditing standards require external auditors to use internal auditors for
direct assistance on external audits.
a. True
b. False

pl
oy
e

.e
m

The objectives of internal auditors are considerably broader than the objectives of external
auditors.
a. True
b. False

w
w

52.
easy
a

es
c

49.
easy
b

53.
easy
a

For financial auditing, the audit report typically goes to many users of financial statements,
whereas operational audit reports are intended primarily for management.
a. True
b. False

54.
easy
a

Integrity is one of the IIAs ethical principles.


a. True
b. False

55.
easy
b

Operational audits are primarily geared toward compliance.


a. True
b. False

56.
easy

Effectiveness refers to the degree to which costs are reduced without reducing efficiency.
a. True

Arens/Elder/Beasley

54

Share By : Faisal Qureshi

Collected By : Ch. Yasir

b.

57.
easy
a

Efficiency refers to the degree to which costs are reduced without reducing effectiveness.
a. True
b. False

58.
easy
b

Internal auditing standards are included in the Yellow Book.


a. True
b. False

59.
easy
a

Government auditing standards are included in the Yellow Book.


a. True
b. False

60.
easy
a

Effectiveness is concerned with whether defined goals are achieved, whereas efficiency is
concerned with whether the goals are achieved with a minimum use of resources.
a. True
b. False

61.
easy
b

Operational audits may be performed by internal auditors and government auditors, but not by
external auditors.
a. True
b. False
Benchmarking is one source of evaluation criteria for completing an operational audit.
a. True
b. False

or
ne
r.i

es
c

62.
easy
a

False

nf
o

The two most important qualities for an internal auditor to possess are independence and
competence.
a. True
b. False

64.
easy
b

Program audits are primarily focused on inefficient uses of federal funds in sponsored
programs.
a. True
b. False

.e
m

The formal name of the Yellow Book is Government Auditing Standards.


a. True
b. False

w
w

65.
easy
a

pl
oy
e

63.
easy
a

66.
medium
a

Professional guidelines for performing internal audits for companies are not as well-defined as
for external audits.
a. True
b. False

67.
medium
b

To help them remain independent of the operations they audit, internal auditors should report
directly to the controller.
a. True
b. False

68.
medium
a

An operational auditor may use engineered standards as evaluation criteria.


a. True
b. False

69.

The Internal Auditing Standards Board issues Statements on Internal Auditing Standards.

Arens/Elder/Beasley

55

Share By : Faisal Qureshi

Collected By : Ch. Yasir

a.
b.

True
False

70.
medium
a

Operational audits are often categorized as functional, organizational, or special assignments.


a. True
b. False

71.
medium
b

Internal auditors should have the authority to require implementation of suggestions for
improvement.
a. True
b. False

72.
medium
b

The Red Book specifies all auditing standards issued by the U.S. General Accounting Office.
a. True
b. False

73.
challenging
a

One disadvantage of functional auditing is the failure to evaluate interrelated functions.


a. True
b. False

w
w

.e
m

pl
oy
e

es
c

or
ne
r.i

nf
o

medium
a

Arens/Elder/Beasley

56

Share By : Faisal Qureshi