Your Results:

The correct answer for each question is indicated by a .

1 Auditors obtain an understanding of a non-public client's internal

INCORRECT control structure for the primary purpose of:
Gathering sufficient evidence to provide a reasonable basis
A)
for an opinion on the financial statements.
Determining the nature, extent, and timing of subsequent
B)
audit procedures to be performed.
C) Determining whether interim audit testing is appropriate.
Providing documentary evidence to present to the audit
D)
committee.

2 Internal controls are designed to achieve company objectives in all of

INCORRECT
the following areas except:
A) Safeguarding of assets
B) Reliability of financial reporting
C) Reduction of debt financing costs
D) Compliance with laws and regulations

3 Which of the following is not one of the five major components of

INCORRECT
internal control?
A) Risk assessment
B) Control activities
C) Information and communication system
D) Human resource background checks

4 Which of the following is a proper reason for not conducting tests of

INCORRECT
controls for non-public companies?
A) The internal control structure appears very strong.
The procedures require more audit effort than the projected
B)
benefits to be obtained from lowering the control risk.
The company does not have any flowcharts of their system
C)
available for review.
D) The auditor prefers the control risk to be the minimum

5 For non-public companies with preliminary control risk assessments

INCORRECT
set at the maximum level, auditors are likely to
A) Use a reliance strategy.
 B) Complete little or no tests of controls.
C) Complete interim testing of account balances.
D) Test controls extensively.

6 According to the COSO Framework, which of the following

INCORRECT
represents the correct sequence of audit steps which come after first
obtaining an understanding and documenting the client's internal
control structure:
Test of Controls, Assess Control Risk, Determine Extent of
A)
Substantive Tests, Reassess Control Risk (CR)
Assess Control Risk, Test of Controls, Determine Extent of
B)
Substantive Testing, Reassess CR
Assess Control Risk, Determine Extent of Substantive
C)
Testing, Test of Controls, Reassess CR
Assess Control Risk, Test of Controls, Reassess CR,
D)
Determine Extent of Substantive Testing

7 Which of the following statements regarding auditor documentation

INCORRECT
of the client's internal control structure is correct?
A) Documentation must include narrative memorandums.
No documentation is necessary to satisfy GAAS, however,
B)
oral inquiry is required at minimum
Internal control questionnaires are specifically tailored to
C)
meet the needs of each individual client
No one particular form of documentation is necessary, and
D)
the extent of documentation may vary.

8 CORRECT An auditor may need to obtain a service auditor's report when a client
receives accounting services such as payroll from a service
organization. Which of the following statements is true regarding this
service audit report?
A) It should include an opinion.
It provides the client auditor with assurance regarding
B)
whether the client's control procedures have been placed in
operation.
The client auditor need not inquire about the service auditor's
C)
professional reputation.
The client auditor should perform the procedures at the
D)
service organization if the report proves to be inappropriate
or unreliable.

9 CORRECT Under the 2002 Sarbanes-Oxley Act, reportable conditions must be:
Reported to the audit committee orally or in writing and also
A)
 documented in the audit workpapers.
B) Reported to the audit committee orally and in writing.
Reported to senior management and documented in the audit
C)
workpapers
D) Reported to senior management orally and in writing.

10 Which of the following is not considered a general control:

INCORRECT
A) Back up and disaster recovery controls.
B) Password protection on the central server.
Reconciliation of payroll record count with the number of
C)
active employees.
Requiring change authorization forms on all program
D)
software.

Your Results:
The correct answer for each question is indicated by a .

1 Auditors obtain an understanding of a non-public client's internal

INCORRECT control for the primary purpose of:
Gathering sufficient evidence to provide a reasonable basis
A)
for an opinion on the financial statements.
Determining the nature, extent, and timing of subsequent
B)
audit procedures to be performed.
C) Determining whether interim audit testing is appropriate.
Providing documentary evidence to present to the audit
D)
committee.

2 Internal controls are designed to achieve company objectives in all of

INCORRECT the following areas except:
A) Safeguarding of assets.
B) Reliability of financial reporting.
C) Reduction of debt financing costs.
D) Compliance with laws and regulations.

3 Which of the following is not one of the five major components of

INCORRECT
internal control?
 A) Risk assessment.
B) Control activities.
C) Information and communication system.
D) Human resource background checks.

4 Which of the following is a proper reason for not conducting tests of

INCORRECT
controls for non-public companies?
A) The internal control structure appears very strong.
The procedures require more audit effort than the projected
B)
benefits to be obtained from lowering the control risk.
The company does not have any flowcharts of their system
C)
available for review.
D) The auditor prefers the control risk to be the minimum.

5 For non-public companies with preliminary control risk assessments

INCORRECT
set at the maximum, auditors are likely to
A) Use a reliance strategy.
B) Complete little or no tests of controls.
C) Complete interim testing of account balances.
D) Test controls extensively.

6 Which of the following represents the correct sequence of audit steps

INCORRECT
which come after first obtaining an understanding and documenting
the client's internal control?
Test of Controls, Assess Control Risk, Determine Extent of
A)
Substantive Tests, Reassess Control Risk.
Assess Control Risk, Test of Controls, Determine Extent of
B)
Substantive Testing, Reassess Control Risk.
Assess Control Risk, Determine Extent of Substantive
C)
Testing, Test of Controls, Reassess Control Risk.
Assess Control Risk, Test of Controls, Reassess Control
D)
Risk, Determine Extent of Substantive Testing.

7 Which of the following statements regarding auditor documentation

INCORRECT
of the client's internal control is correct?
A) Documentation must include narrative memorandums.
No documentation is necessary to satisfy GAAS, however,
B)
oral inquiry is required at minimum.
Internal control questionnaires are specifically tailored to
C)
meet the needs of each individual client.
 No one particular form of documentation is necessary, and
D)
the extent of documentation may vary.

8 CORRECT An auditor may need to obtain a service auditor's report when a client
receives accounting services such as payroll from a service
organization. Which of the following statements is true regarding this
service audit report?
A) It should include an opinion.
It provides the client auditor with a guarantee regarding
B)
whether the client's control procedures have been placed in
operation.
The client auditor need not inquire about the service auditor's
C)
professional reputation.
The client auditor should perform the procedures at the
D)
service organization to verify the information in the report.

9 The auditor must report the following to the audit committee or others
INCORRECT
charged with governance:
A) Only material weaknesses.
B) Only significant deficiencies.
C) Significant deficiencies and material weaknesses.
D) All control deficiencies identified during the audit.

10 Which of the following is not considered a general control?

INCORRECT
A) Back up and disaster recovery controls
B) Password protection on the central server
Reconciliation of payroll record count with the number of
C)
active employees
Requiring change authorization forms on all program
D)
software

11 A reliance strategy is chosen when the auditor:

INCORRECT
A) Plans on conducting tests of controls.
B) Has set the control risk at the maximum level.
C) Has set the control risk below the maximum level.
D) Both a and c.

12 Understanding each of the components of internal control provides

INCORRECT
knowledge about:
 A) The design of tests of controls.
B) The assessment of inherent risks.
C) Factors that affect the risk of material misstatement.
D) Both a and c.

13 The effectiveness of internal control is reduced by:

INCORRECT
A) New personnel.
B) Flowcharts.
C) Human errors or mistakes.
D) Both a and c.

14 In order to be able to set control risk below the maximum, the auditor
CORRECT
must do all of the following except:
A) Identify general IT controls.
B) Identify specific controls that will be relied upon.
C) Perform tests of controls.
D) Conclude on the achieved level of control risk.

15 The auditor may document the achieved level of control risk using all
INCORRECT
of the following except:
A) Structured working papers.
B) Flowcharts.
C) Internal control questionnaire.
D) A memorandum.
Your Results:
The correct answer for each question is indicated by a .

1 Internal control is primarily established within a company to do

INCORRECT which of the following?
A) Prevent fraud
Provide reasonable assurance that the company's objectives
B)
will be achieved
C) Catch all errors that may occur in the company.
D) Aid in the effective auditing of the company.

2 Providing reasonable assurance with respect to which of the following

INCORRECT is not required under the internal control provisions of the Foreign
Corrupt Practices Act?
Management is responsibility for knowledge and
A)
authorization of transactions.
Transactions are recorded to maintain accountability for
B)
 assets.
C) Access to assets is limited to members of management.
Transactions are recorded to permit the preparation of
D)
reliable financial statements.

3 Which of the following is considered a control environment factor by

INCORRECT the COSO definition of internal control?
A) Control objectives.
B) Integrity and ethical values.
C) Reasonable assurance.
D) Risk assessment.

4 Billy Jo is responsible for custody of the finished goods in the

INCORRECT
warehouse. If his company wishes to maintain strong internal control,
which of the following responsibilities are incompatible with his
primary job?
He is also responsible for the company's fixed asset control
A)
ledger.
B) He is responsible for receiving of goods into the warehouse.
He is responsible for the accounting records for all receipts
C)
and shipments of goods from the warehouse.
D) He is responsible for issuing goods for shipment.

5 Which of the following is least likely when an auditor performs an

INCORRECT
integrated audit of a public company's financial statements?
Issuing an audit report on internal control over financial
A)
reporting.
B) Issuing an audit report on the financial statements.
C) Omitting tests of controls for several major accounts.
D) Performing tests of internal control design effectiveness.

6 CORRECT Which of the following describes the function of a fidelity bond?

A) An insurance policy that covers theft by a bonded employee.
B) A short term investment that is secured by a bank.
C) It is a procedure to separate the duties of employees.
A contract between parents and their children to remain
D)
celibate.

7 CORRECT Tests of controls are used to test whether controls are

 A) Operating effectively.
B) Implemented (placed in operation).
C) Properly accumulated into balance sheet totals.
D) Properly documented by the client.

8 CORRECT Tests of controls are least likely to include:

A) Inquiries of appropriate client vendors.
B) Reperformance of a control.
C) Observation of the application of an accounting procedure.
D) Inspection of documents.

9 Which of the following is most likely to be considered an inherent

INCORRECT
limitation of a client's internal control?
A) Complexity of the information system.
B) Human errors.
C) Management's interest in a profitable enterprise.
D) An ineffective audit committee.

10 Which of the following is one of the most fundamental and effective

INCORRECT
controls?
Increased use of computers for recording accounting
A)
transactions.
Increased reliance on internal auditors to monitor accounting
B)
systems.
C) Segregation of incompatible duties across several people.
Having internal auditors report only to the Board of
D)
Directors.

11 Control risk is most likely to be assessed at a level below the

INCORRECT
maximum when?
A) No tests of controls have been performed.
B) Tests of controls have been performed.
Externally generated evidence supports management's
C)
contentions relating to internal control.
The results of the consideration of internal control suggest
D)
that controls are not operating effectively.

12 The results of the consideration of internal control are least likely to

INCORRECT
 affect the auditors' decisions pertaining to:
A) The use of analytical procedures.
B) The assessment of control risk.
C) The assessment of inherent risk.
D) Detailed tests of ending balance.

Your Results:
The correct answer for each question is indicated by a .

1 An entity's internal control consists of the policies and procedures

INCORRECT
established to provide reasonable assurance that specific entity
 objectives will be achieved. Only some of these objectives, policies,
and procedures are relevant to a financial statement audit. Which one
of the following would most likely be considered in such an audit?
A) Timely reporting and review of quality control results.
B) Maintenance of control over unused checks.
C) Marketing analysis of sales generated by advertising projects.
D) Maintenance of statistical production analyses.

Feedback: Quality control results, although important to the

business, do not directly affect the fairness of the financial
statements.
2 An internal control questionnaire (ICQ) contains the following
INCORRECT
question: "Does a single individual receive and list cash receipts and
perform posting to sales and general ledgers?" What action should an
auditor take if the manager of accounting responds "yes" to the
question?
No action is required because "yes" responses on an ICQ
A)
indicate the presence of good control.
Statistically sample the response along with all other "yes"
B)
responses to verify their accuracy.
Treat it as a potential control weakness and perform
C)
appropriate testing.
Include it with other reportable findings in the next audit
D)
report.

Feedback: The situation described isa lack of separation of duties as

one individual has both custody and recording responsibilities. This
situation does not indicate the presence of good control.
3 The primary responsibility for establishing and maintaining internal
INCORRECT
controls rests with
A) The internal auditors.
B) Management.
C) The Public Company Accounting Oversight Board.
D) The external auditors.

Feedback: Management has primary responsibility for maintaining

internal control.
4 CORRECT Which method provides the auditor with the best visual grasp of a
system and a means for analyzing complex operations?
A) A flowcharting approach.
B) A questionnaire approach.
 C) A matrix approach.
D) A detailed narrative approach.

Feedback: Flowcharts provide a diagrammatic representation of a

client's system, facilitating analysis of complex operations.
5 Which of the following factors are included in an entity's control
INCORRECT
environment?
A) Audit Committee Internal Audit Management Style
Function
Yes Yes No

B) Yes No Yes

C) No Yes Yes

D) Yes Yes Yes

Feedback: All three factors are part of the entity's control

environment.
6 An auditor would most likely be concerned with internal control
INCORRECT
policies and procedures that provide reasonable assurance about
A) The efficiency of management's decision making process.
B) Appropriate prices the entity should charge for its products.
C) Methods of assigning production tasks to employees.
D) The entity's ability to process and summarize financial data.

Feedback: Auditors are most concerned with policies and procedures

affecting the entity's ability to process and summarize financial data.
7 In addition to gaining an understanding of the internal controls for a
INCORRECT
private company, an external auditor, at minimum, would be expected
to
Evaluate the internal auditors' work as an important part of
A)
the accounting system element of the internal controls.
Observe client employees to determine the extent of their
B)
compliance with quality control standards.
Trace a few transactions through the control process to obtain
C)
evidence that the controls have been placed in operation.
Study organization charts to obtain an understanding of the
D)
informal lines of communication.

Feedback: Although internal auditors are considered to be part of the

client's internal control, auditors need not rely on internal auditors'
work
8 An advantage of an internal control questionnaire is
INCORRECT
A) Flexibility in design and application.
B) Its strict adherence to a yes/no format.
That it provides sufficient data for the assessment of control
C)
risk.
D) Ease of completion.

Feedback: Internal control questionnaires tend to be generic and not

tailored to the client.
9 Which of the following is an inherent limitation of any client's
INCORRECT
internal control?
The benefits expected to be derived from effective internal
A)
controls usually do not exceed the costs of such control.
The competence and integrity of client personnel provide an
B)
environment conducive to control and provides assurance
that effective control will be achieved.
Procedures designed to assure the execution and recording of
C)
transactions in accordance with proper authorizations are
effective against frauds perpetrated by management.
Procedures whose effectiveness depends on separation of
D)
duties can be circumvented by collusion.

Feedback: While the cost-benefit ratio of controls should be

considered, the fact that controls are in place means that the benefits
often outweigh the costs.
10 Internal controls are designed to provide reasonable assurance that
INCORRECT
Management's plans have not been circumvented by worker
A)
collusion.
The internal auditing department's guidance and oversight of
B)
management's performance is accomplished economically
and efficiently.
Management's planning, organizing, and directing processes
C)
are properly evaluated.
Material errors or fraud would be prevented or detected and
D)
corrected within a timely period by employees in the course
of performing their assigned duties.

Feedback: Collusion is an inherent weakness in internal control that

can not be eliminated.