CHAPTER 10

MULTIPLE CHOICE QUESTIONS

1. Which of the following parties is responsible for establishing an entity’s internal
controls?
A. Management
B. Auditors
C. Management and auditors
D. Committee of Sponsoring Organizations

2. Which of the following is not one of the three primary objectives of effective internal
control?
A. Reliability of financial reporting
B. Efficiency and effectiveness of operations
C. Compliance with laws and regulations
D. Each of the above is a primary objective of effective internal control

3. The PCAOB states that reasonable assurance allows for

A. A nominal likelihood of ineffective internal controls
B. A remote likelihood that material misstatements will not be prevented or detected
by internal control
C. A likelihood that material misstatements will not be prevented or detected by
internal control.
D. A high likelihood that material misstatements will not be prevented or detected by
internal control.

4. Internal controls can never be considered as absolutely effective because

A. Their effectiveness is limited by the competency and dependability of employees
B. Controls always have inherent weaknesses that can be exploited
C. Controls are designed to prevent and detect only material misstatements
D. None of the above

5. A major control available in a small company, which might not be feasible in a large
company, is
A. A wider segregation of duties
B. A voucher system
C. Fewer transactions to process
D. The owner-manager’s personal interest and close relationship with personnel.

6. An act of two or more employees to steal assets or misstate records is frequently referred
to as
A. Collusion
B. A material weakness
C. A control deficiency
D. Any of the above

7. When the auditor attempts to understand the operation of the accounting system by
tracing a few transactions through the accounting system, this is referred to as
A. Tracing
B. Vouching
C. A walk-through
D. Tests of controls

8. Sarbanes-Oxley requires management to issue an internal control report that includes

two specific items. Which of the following is one of these two requirements?
A. A statement that management is responsible for establishing and maintaining an
adequate internal control structure and procedures for financial reporting.
 B. A statement that management and the board of directors are responsible for
establishing and maintaining an adequate internal control structure and procedures
for financial reporting.
C. A statement that management, the board of directors, and the external auditors for
establishing and maintaining an adequate internal control structure and procedures
for financial reporting.
D. None of the above is correct.

9. When management is evaluating the design of internal control, management evaluates

whether the control can do all but which of the following?
A. Prevent material misstatements
B. Detect material misstatements
C. Correct material misstatements
D. None of the above is correct

10. Auditor’s tests of operating effectiveness of internal controls might include which of the
following types of procedures?
A. Inspection of relevant documentation
B. Inquiries of personnel
C. Reperformance of the application of controls
D. All of the above

11. With which one of management’s concerns with respect to implementing internal controls
is the auditor primarily concerned?
A. Efficiency of operations
B. Reliability of financial reporting
C. Effectiveness of operations
D. Compliance with applicable laws and regulations

12. Which of the following activities would be least likely to strengthen a company’s internal
control?
A. Separating accounting from other financial operations
B. Maintaining insurance for fire and theft.
C. Fixing responsibility for the performance of employee duties
D. Carefully selecting and training employees

13. Management must disclose material weaknesses in internal control

A. Whenever the weakness is deemed significant to a single class of transactions.
B. Whenever the weakness is significant to overall financial reporting objectives
C. Even if just one weakness is found
D. Only if the auditor identifies the weakness as significant

14. When auditing a nonpublic company, the auditor should obtain an understanding of
internal control sufficient
A. To provide reasonable protection against client fraud and defalcations by client
employees.
B. To assess control risk.
C. To provide a basis for constructive suggestions to the client for improving the
accounting system
D. To provide a method for safeguarding assets, checking the accuracy and reliability of
accounting data, promoting operational efficiency, and encouraging adherence to
prescribed managerial policies.

15. Which of the following audit tests would be regarded as a test of a control?
A. Tests of the specific items making up the balance in a given general ledger account.
B. Tests of the inventory pricing to vendor’s invoices.
C. Tests of the signatures on canceled checks to management’s authorizations.
D. Tests of the additions to property, plant, and equipment by physical inspections.
16. During which part of an audit examination is the preparation of flowcharts most
appropriate?
A. When performing preliminary analytical procedures.
B. When performing tests of controls.
C. When evaluating the system of administrative control.
D. When reviewing the system of internal control.

17. The __________ consists of the actions, policies, and procedures that reflect the overall
attitudes of top management.
A. Control activities
B. Management philosophy.
C. Control environment
D. Monitoring function

18. An auditor’s primary emphasis is internal controls over

A. Material account balances
B. Classes of transactions
C. Account balances and classes of transactions
D. Immaterial and material account balances

19. The auditor’s study of a nonpublic client’s internal control is

A. Required by GAAP
B. Required by GAAS
C. Required by the IRS
D. Recommended by the AICPA.

20. Internal controls can never be regarded as completely effective. Even if company
personnel could design an ideal system, its effectiveness depends on the
A. Adequacy of the computer system
B. Proper implementation by management
C. Ability of the internal audit staff to maintain it
D. Competency and dependability of the people using it.

21. Even with the most effectively designed internal control, the auditor must obtain audit
evidence, beyond testing the controls, for every
A. Transaction
B. Financial statement account
C. Material financial statement account
D. Financial statement account that will be relied upon by third parties

22. To express an opinion on internal controls, and auditor obtains an understanding of and
performs tests of controls related to all but which of the following?
A. Account balances
B. Significant account balances
C. Classes of transactions
D. Disclosures and related assertions in the financial statements

23. The essence of an effectively controlled organization lies in the

A. Effectiveness of its independent auditor
B. Effectiveness of its internal auditor
C. Attitude of its employees
D. Attitude of its management.

24. To issue a report on internal control over financial reporting for a public company, an
auditor must
A. Evaluate management’s assessment process
B. Independently assess the design and operating effectiveness of internal control
 C. Evaluate management’s assessment process and independently assess the design
and operating effectiveness of internal control
D. Test controls over significant account balances

25. Which of the following factors may increase risks to an organization?

A. Geographic dispersion of company operations
B. Decreasing quality of personnel
C. Presence of new information technologies
D. All of the above

26. Which of the following statements is correct with respect to separation of duties?
A. Employees should not have temporary and permanent custody of assets.
B. If is desirable to prevent employees who authorize transactions from having custody
of related assets
C. It is permissible to allow an employee to open cash receipts and record those receipts
D. None of the above is correct

27. Authorizations can be either general or specific. Which of the following is not an example
of a general authorization?
A. Automatic reorder points for raw materials inventory
B. A sales manager’s authorization for a sales return.
C. Credit limits for various classes of customers
D. A sales price list for merchandise

28. The most important type of protective measure for safeguarding assets and records is
A. Adequate separation of duties among personnel
B. Proper authorization of transactions
C. The use of physical precautions
D. Adequate documentation

29. Which of the following statements is correct with respect to the design and use of
business documents?
A. Only documents used for internal purposes must be prenumbered
B. Documents should be designed for single purposes only to avoid confusion in their
use.
C. Documents should be designed to be understandable only to those responsible for
their use.
D. None of the above statements is correct.

30. The SEC prohibits US stock exchanges from listing securities if a company’s audit
committee is
A. Not comprised of solely independent directors
B. Inadequately funded
C. Not solely responsible for hiring and firing the company’s auditors
D. All of the above are correct.

31. All of the following are substantive tests except

A. Tests of controls
B. Test of details of transactions
C. Tests of details of balances
D. Analytical procedures

32. Most audits of a company are done annually by the same CPA firm. Except for initial
engagements, the auditor begins the audit with a great deal of information about the
internal controls developed in prior years. Because systems and controls usually do not
change often
A. The auditor can skip the evaluation of this area on repeat engagements.
B. This information can be updated and carried forward to the current year’s audit.
 C. It eases the burden on the auditor’s requirement to do a complete study of the
controls this year.
D. It is sufficient for the auditor just to inquire of client whether the controls have been
changed since last year.

33. Narratives, flowcharts, and internal control questionnaires are three common methods of
A. Testing the internal controls
B. Documenting the auditor’s understanding of internal controls.
C. Designing the audit manual and procedures
D. Documenting the auditor’s understanding of client’s organizational structure

34. Which of the following is not an element of a proper narrative of an accounting system
and related controls?
A. The origin of every document and record in the system should be stated
B. All processing that takes place should be described
C. The disposition of every document and record in the system should be stated
D. There should be an indication of all controls affecting the applicable process

35. Which of the following statements about the internal control questionnaire is not correct?
A. A questionnaire can lead to a piecemeal view of a client’s control without providing an
overall view
B. The questionnaire can be prepared reasonably quickly
C. A questionnaire is usually applicable to a wide variety of companies, especially
smaller ones
D. Each of the above statements is correct.

36. Specific assessments must be made to arrive at the preliminary assessment of control
risk. Which of the following is not one of these assessments?
A. Is the entity auditable?
B. What is the expectation that internal controls will neither prevent material
misstatements from occurring nor detect and correct them if they have occurred?
C. Is management committed to internal control?
D. Each of the above is required assessment.

37. Which of the following is not one of the levels of an absence of internal controls?
A. Internal control weakness
B. Material weakness
C. Significant deficiency
D. None of the above

38. Which of the following is the correct definition of “control deficiency”

A. A control deficiency exists if the design or operation of controls does not permit
company personnel to prevent or detect misstatements on a timely basis
B. A control deficiency exists if one or more deficiencies exist that adversely affect a
company’s ability to prepare external financial statements reliably
C. A control deficiency exists if the design or operation of controls results in a more than
remote likelihood that controls will not prevent or detect misstatements.
D. None of the above is a correct definition.

39. The purpose of an entity’s accounting information and communication system is to

________ .
A. Initiate transactions
B. Record and process transactions
C. Monitor transactions
D. A and B only

40. A procedure that would most likely be used by an auditor in performing tests of control
procedures that involve segregation of functions and that leave no transaction trail is
 A. Inspection
B. Observation
C. Reperformance
D. Reconciliation

41. Internal controls normally include procedures designed to provide reasonable assurance
that
A. Employees act with integrity when performing their assigned tasks.
B. Transactions are executed in accordance with management’s general or specific
authorization.
C. Decision processes leading to management’s authorization of transactions are sound.
D. Collusive activities would be detected by segregation of employee duties.

42. Which of the following is not a common step used to identify internal control deficiencies?
A. Decide whether there is a significant deficiency or material weakness
B. Identify existing controls
C. Identify the absence of key controls
D. Each of the above is a common step used to identify internal control deficiencies.

43. Which of the following is not a component of an entity’s internal control?

A. Control risk
B. Control procedures
C. The accounting system
D. The control environment

44. Before making the final assessment of internal control at the end of an integrated audit,
the auditor must
A. Test controls
B. Perform substantive tests of details
C. A only
D. A and B

45. Significant deficiencies and material weaknesses in internal control of a public company
must be reported to which of the following?
A. The Public Company Accounting Oversight Board
B. Members of management who are responsible for the related area of the company
C. Audit committee of the company’s board of director
D. None of the above

46. Of the following statements about internal controls, which one is not valid?
A. No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
B. Transactions must be properly authorized before such transactions are processed.
C. Because of the cost benefit relationship, a client may apply control procedures on a
test basis.
D. Control procedures reasonably ensure that collusion among employees cannot occur.

47. Which of the following best describes the inherent limitations that should be recognized
by an auditor when considering the potential effectiveness of internal control?
A. Procedures whose effectiveness depends on segregation of duties can be
circumvented by collusion.
B. The competence and integrity of client personnel provides an environment conducive
to accounting control and provides assurance that effective control will be achieved.
C. Procedures designed to assure the execution and recording of transactions in
accordance with proper authorizations are effective against irregularities perpetrated
by management
D. The benefits expected to be derived from effective internal accounting control usually
do not exceed the costs of such control.
48. Which of the following is not one of the subcomponents of the control environment?
A. Management’s philosophy and operating style.
B. Organizational structure
C. Adequate separation of duties
D. Commitment to competence

49. It is important for the CPA to consider the competence of the audit client’s employees
because their competence bears directly and importantly upon the
A. Cost/benefit relationship of the system of internal control
B. Achievement of the objectives of internal control
C. Comparison of recorded accountability with assets
D. Timing of the tests to be performed

50. Effective internal control in a small company that has an insufficient number of
employees to permit proper division of responsibilities can best be enhanced by
A. Employment of temporary personnel to aid in the separation of duties
B. Direct participation by the owner of the business in the record-keeping activities of
the business
C. Engaging a CPA to perform monthly “write-up” work
D. Delegation of full, clear-cut responsibility to each employee for the functions assigned
to each.

51. Evidential matter concerning proper segregation of duties ordinarily is best obtained by
A. Direct personal observation of the employee who applies control procedures
B. Making inquiries of co-workers about the employee who applies control procedures
C. Preparation of a flowchart of duties performed and available personnel
D. Inspection of third-party documents containing the initials of who applied control
procedures

52. Proper segregation of functional responsibilities calls for separation of the functions of
A. Authorization, execution, and payment
B. Authorization, recording and custody
C. Custody, execution, and reporting
D. Authorization, payment and recording

53. When considering the objectivity of internal auditors, an independent auditor should
A. Evaluate the quality control program in effect for the internal auditors
B. Examine documentary evidence of the work performed by the internal auditors
C. Test a sample of the transactions and balances that the internal auditors examined
D. Determine the organizational level to which the internal auditors report

54. Internal controls are not designed to provide reasonable assurance that
A. All frauds will be eliminated
B. Transactions are executed in accordance with management’s authorization
C. Access to assets is permitted only in accordance with management’s authorization
D. The recorded accountability for assets is compared with the existing assets at
reasonable intervals.

55. Which of the following statements regarding auditor documentation of the client’s
internal controls is correct?
A. Documentation must include flow charts
B. Documentation must include procedural write-ups
C. No documentation is necessary although it is desirable
D. No one particular form of documentation is necessary

56. Significant deficiencies are matters that come to an auditor’s attention, which should be
communicated to an entity’s audit committee because they represent
 A. Material frauds perpetrated by high-level management
B. Internal control deficiencies that could adversely affect a company’s ability to initiate,
record, process, or report external financial statements reliably
C. Flagrant violations of the entity’s documented conflict-of-interest policies
D. Intentional attempts by client personnel to limit the scope of the auditor’s field work.

57. Which of the following is not typically one of management’s concerns in designing
effective internal controls?
A. Reliability of financial reporting
B. Efficiency and effectiveness of operations
C. Compliance with applicable laws and regulations
D. Obtaining the best internal control possible

58. When considering internal control, an auditor should be aware of the concept of
reasonable assurance, which recognizes that the
A. Segregation of incompatible functions is necessary to ascertain that internal control is
effective
B. Employment of competent personnel provides assurance that the objectives of
internal control will be achieved
C. Establishment and maintenance of internal control is an important responsibility of
the management and not of the auditor
D. Costs of internal control should not exceed the benefits expected to be derived from
internal control.

59. To comply with the second standard of fieldwork, the auditor need not be concerned with
all five areas of internal control that apply to management. The auditor’s primary
concerns are with the internal control’s ability to
A. Ensure reliability of financial reporting for external purposes
B. Provide reliable data and promote efficiency
C. Promote efficiency and encourage adherence to policy
D. Provide reliable data, safeguard assets, and comply with the Sarbanes-Oxley Act of
2002.

60. The financial statements are not likely to correctly reflect generally accepted accounting
principles if
A. The controls affecting the reliability of financial reporting are inadequate
B. The company’s controls do not promote efficiency
C. The company’s controls do not promote effectiveness
D. All three of the above are true

61. The primary emphasis by auditors is on controls over

A. Classes of transactions
B. Account balances
C. Both A and B, because they are equally important
D. Both A and B, because they are vary from client to client.

62. The most important difference in a nonpublic company in assessing control risk is the
ability to assess control risk at ____________ for any or all control-related objectives.
A. Low
B. Medium
C. High
D. None of the above

63. An auditor should consider two key issues when obtaining an understanding of a client’s
internal controls. These issues are
A. The effectiveness and efficiency of the controls
B. The frequency and effectiveness of the controls
C. The design and utilization of the controls
 D. None of the above

64. The independent auditor should acquire an understanding of the internal audit function
as it relates to the independent auditor’s study and evaluation of internal accounting
control because
A. The audit programs, working papers, and reports of internal auditors can often be
used as substitute for the work of the independent auditor’s staff.
B. The procedures performed by the internal audit staff may eliminate the independent
auditor’s need for an extensive study and evaluation of internal control.
C. The work performed by internal auditors may be a factor in determining the nature,
timing, and extent of the independent auditor’s procedures.
D. The understanding of the internal audit function is an important substantive test to be
performed by the independent auditor.

65. Taylor Sales Corp. maintains a large full-time internal audit staff that reports directly to
the chief accountant. Audit reports prepared by the internal auditors indicate that the
system is functioning as it should and that the accounting records are reliable. The
independent auditor will probably
A. Eliminate tests of controls
B. Increase the depth of the study and evaluation of administrative controls
C. Avoid duplicating the work performed by the internal audit staff
D. Place limited reliance on the work performed by the internal audit staff.

66. When planning an audit, the auditor’s assessed level of control risk is
A. Determined by using actuarial tables
B. Calculated by using the audit risk model
C. An economic issue, trading off the costs of testing controls against the cost of testing
balances
D. Calculated by using the formulas provided in the AICPA’s auditing standards

67. When a compensating control exists, the absence of a key control

A. Is no longer a concern because there is no longer a significant deficiency or material
weakness
B. Is a slight concern to the auditor
C. Could cause a material loss, so it must be tested using substantive procedures
D. Is magnified and must be removed from the sampling process and examined in its
entirety.

68. An internal control narrative indicates that an approved voucher is required to support
every check request for payment of merchandise. Which of the following procedures
provides the greatest assurance that this control is operating effectively?
A. Select and examine canceled checks and ascertain that the related vouchers are
dated no later than the checks
B. Select and examine vouchers and ascertain that the related canceled checks are
dated no earlier than the vouchers.
C. Select and examined canceled checks and ascertain than the related vouchers are
dated no earlier than the checks
D. Select and examine vouchers and ascertain that the related canceled checks are
dated no later than the vouchers.

69. When obtaining an understanding of an entity’s control environment, an auditor should

concentrate on the substance of management’s policies and procedures rather than
their form because
A. Management may establish appropriate policies and procedures but not act on them.
B. The board of directors may not be aware of management’s attitude toward the control
environment
C. The auditor may believe that the policies and procedures are inappropriate for that
particular entity.
 D. The policies and procedures may be so weak that no reliance is contemplated by the
auditor.

70. If, when obtaining an understanding of control activities of a relatively small client, the
auditor identified no control activities, the auditor would probably set a low assessment
of control risk.
A. True
B. False

71. When internal controls are not effective, then substantive audit tests are less reliable;
thus, the extent of substantive tests should be reduced.
A. True
B. False

72. In an audit of a non-public company, the less control risk there is, the smaller the
amount of planned substantive evidence required.
A. True
B. False

73. As a client’s information system becomes more complex, it is likely that an auditor will
decrease reliance on controls and increase substantive tests to support a control risk
assessment.
A. True
B. False

74. When a company designs and implements internal controls, cost of the controls is not a
valid consideration.
A. True
B. False

75. Adequate documents and records is a subcomponent of the control environment.

A. True
B. False

76. For proper internal control, there should be adequate separation of duties. However, the
extent of separation of duties considered “adequate” depends heavily on the size of the
organization.
A. True
B. False

77. In an audit of a non-public company, the auditor’s assessment of control risk and the
extent of tests of controls are inversely related; that is, if the auditor’s assessment of
control risk decreases, more extensive tests of controls are applied.
A. True
B. False

78. Smaller companies usually have more extensive internal controls than larger companies
which result in fewer frauds being committed at small companies.
A. True
B. False

79. The most important component of internal control is risk assessment

A. True
B. False

80. The primary emphasis by auditors when evaluating and testing internal control is on
controls over account balances rather than controls over classes of transactions.
A. True
 B. False

81. When internal controls over a given financial statement account are assessed by the
auditor as highly effective, the auditor need not obtain audit evidence for that account
beyond testing the controls.
A. True
B. False

82. The chart of accounts is a control and is closely related to the controls related to
adequate documents and records.
A. True
B. False

83. For proper internal control, the custodianship of cash, including receipts and
disbursements, should be the responsibility of the accounting department.
A. True
B. False

84. Auditing standards prohibit reliance on the work of internal auditors due to the lack of
independence of the internal auditors.
A. True
B. False

85. Procedures used to obtain an understanding of internal control are normally performed
on fewer transactions than procedures used to test controls.
A. True
B. False

86. For most uses, flowcharts are superior to narratives as a method of communicating the
characteristics of internal control.
A. True
B. False

87. When documenting their understanding of a client’s internal controls, auditors are
required to use narratives.
A. True
B. False

88. The two primary determinants of an entity’s auditability are the integrity of management
and the competency of personnel.
A. True
B. False

89 B
90 c