MODULE 6: INTERNAL CONTROL Flashcards by Cass Kyu

The primary responsibility for establishing and maintaining an internal control rests with
a. The external auditors
b. The internal auditors
c. Management and those charged with governance
d. The controller or the treasurer

C. Management and those charged with governance

How well did you know this?

Not at all

Perfectly

The fundamental purpose of an internal control is to
a. Safeguard the resources of the organization
b. Provide reasonable assurance that the objectives of the organization are achieved
c. Encourage compliance with organization objectives
d. Ensure the accuracy, reliability, and timeliness of information

B. Provide reasonable assurance that the objectives of the organization are achieved

How well did you know this?

Not at all

Perfectly

Which of the following internal control objectives would be most relevant to the audit?
a. Operational objective
b. Compliance objective
c. Financial reporting objective
d. Administrative control objective

c. Financial reporting objective

How well did you know this?

Not at all

Perfectly

An auditor would most likely be concerned with internal control policies and procedures that provide reasonable assurance about the
a. Efficiency of management’s decision-making process
b. Appropriate prices the entity should charge for its products
c. Methods of assigning production tasks to employees
d. Entity’s ability to process and summarize financial data

d. Entity’s ability to process and summarize financial data

How well did you know this?

Not at all

Perfectly

In an audit of financial statements, an auditor’s primary consideration regarding an internal control activity is whether the control
a. Reflects management’s philosophy and operating style
b. Affects management’s financial statements assertions
c. Provides adequate safeguards over access to assets
d. Enhances management’s decision-making processes

b. Affects management’s financial statements assertions

How well did you know this?

Not at all

Perfectly

Internal control can provide only reasonable assurance of achieving entity’s control objectives. One factor limiting the likelihood of achieving those objectives is that
a. The auditor’s primary responsibility is the detection of fraud
b. The board of directors is active and independent
c. The cost of internal control should not exceed its benefits
d. Management monitors internal control

c. The cost of internal control should not exceed its benefits

How well did you know this?

Not at all

Perfectly

Inherent limitations in an internal control must be considered in evaluating its effectiveness in preventing and detecting errors and fraud. Inherent limitations do not include
a. Misunderstanding of instructions, mistakes of judgment, personal carelessness, distraction,
or fatigue
b. Incompatible functions performed by the same person
c. Collusion among employees
d. Management override of certain policies or procedures

b. Incompatible functions performed by the same person

How well did you know this?

Not at all

Perfectly

Which of the following best describes an inherent limitation that should be recognized by an auditor when considering the potential effectiveness of an internal control structure?
a. Procedures whose effectiveness depends on segregation of duties can be circumvented by
collusion
b. The competence and integrity of client personnel provide an environment conducive to control and provides assurance that effective control will be achieved
c. Procedures designed to assure the execution and recording of transactions in accordance
with proper authorizations are effective against fraud perpetrated by management
d. The benefits expected to be derived from effective internal control usually do not exceed the cost of such control

a. Procedures whose effectiveness depends on segregation of duties can be circumvented by
collusion

How well did you know this?

Not at all

Perfectly

When considering the effectiveness of a system of internal accounting control, the auditor should recognize that inherent limitations do exist. Which of the following is an example of an inherent limitation in a system of internal accounting control?
a. The effectiveness of procedures depends on the segregation of employee duties
b. Procedures are designed to assure the execution and recording of transactions in accordance with management’s authorization
c. In the performance of most control procedures, there are possibilities of errors arising from mistakes in judgment
d. Procedures for handling large numbers of transactions are processed by electronic data
processing equipment

c. In the performance of most control procedures, there are possibilities of errors arising from mistakes in judgment

How well did you know this?

Not at all

Perfectly

An effective system of internal control
a. Cannot be circumvented by management
b. Can reduce the cost of an external audit
c. Can prevent collision among employees
d. Eliminates risks and potential loss to the organization

b. Can reduce the cost of an external audit

How well did you know this?

Not at all

Perfectly

The internal control cannot be designed to provide reasonable assurance that
a. Transactions are executed in accordance with management’s authorization
b. Fraud will be eliminated
c. Access to assets is permitted only in accordance with management’s authorization
d. The recorded accountability for assets is compared with the existing assets at reasonable intervals

b. Fraud will be eliminated

How well did you know this?

Not at all

Perfectly

Which of the following statements about internal control is correct?
a. Properly maintained internal control reasonably ensures that collusion among employees cannot occur
b. The establishment and maintenance of internal control are important responsibilities of the internal auditor
c. Exceptionally strong internal control is enough for the auditor to eliminate substantive tests on a significant account balance
d. The cost-benefit relationship is a primary criterion that should be considered in designing
internal control

d. The cost-benefit relationship is a primary criterion that should be considered in designing
internal control

How well did you know this?

Not at all

Perfectly

Internal control, no matter how well designed and operated, can only provide an entity with reasonable assurance about achieving the entity’s objectives. The likelihood of achievement is affected by limitations inherent to internal control. These limitations do not include
a. Collusion among employees
b. Inappropriate management override of internal control
c. Human failures
d. Incompatible functions performed by the same person

d. Incompatible functions performed by the same person

How well did you know this?

Not at all

Perfectly

Which of the following best describes the interrelated components of internal control?
a. Organizational structure, management, philosophy, and planning
b. Control environment, risk assessment, control activities, information and communication systems, and monitoring
c. Risk assessment, backup facilities, responsibility accounting, and natural laws
d. Internal audit and management’s philosophy and operating style

b. Control environment, risk assessment, control activities, information and communication systems, and monitoring

How well did you know this?

Not at all

Perfectly

Which of the following is not one of the components of an entity’s internal control?
a. Control risk
b. Control activities
c. Information and communication
d. The control environment

a. Control risk

How well did you know this?

Not at all

Perfectly

The overall attitude and awareness of an entity’s board of directors concerning the importance of the internal control usually is reflected in its
a. Computer-based controls
b. Systems of segregation of duties
c. Control environment
d. Safeguards over access to assets

c. Control environment

How well did you know this?

Not at all

Perfectly

When obtaining an understanding of an entity’s control environment, an auditor should
concentrate on the substance of management’s policies and procedures rather than form
because
a. The auditor may believe that the policies and procedures are inappropriate for that
particular entity
b. The board of directors may not be aware of management’s attitude toward the control
environment
c. Management may establish appropriate policies and procedures but not act on them
d. The policies and procedures may be so ineffective that the auditor may assess control risks at a high level

c. Management may establish appropriate policies and procedures but not act on them

How well did you know this?

Not at all

Perfectly

Basic to a proper control environment are the quality and integrity of personnel who must
perform the prescribed procedures. Which is not a factor in providing for competent personnel?
a. Segregation of duties
b. Hiring practices
c. Training programs
d. Performance evaluations

a. Segregation of duties

How well did you know this?

Not at all

Perfectly

In evaluating the design of the entity’s internal control environment, the auditor considers the following elements and how they have been incorporated into the entity’s processes. Such elements would include all of the following except
a. Integrity and ethical values
b. Commitment to competence
c. Organizational structure
d. Information and communication systems

d. Information and communication systems

How well did you know this?

Not at all

Perfectly

It is important for the auditor to consider the competence of the audit client’s employees,
because their competence bears directly and importantly upon the
a. Cost-benefit relationship of internal control
b. Achievement of the objectives of internal control
c. Comparison of recorded accountability with assets
d. Timing of the tests to be performed

b. Achievement of the objectives of internal control

How well did you know this?

Not at all

Perfectly

Which of the following components of an entity’s internal control structure includes the
development of employee promotion and training policies?
a. Control activities
b. Control environment
c. Information and communication
d. Quality control system

b. Control environment

How well did you know this?

Not at all

Perfectly

A proper segregation of duties requires
a. An individual authorizing a transaction records it
b. An individual authorizing a transaction maintain a custody of the asset that resulted from the transaction
c. An individual maintaining custody of an asset be entitled to access the accounting records
for the assets
d. An individual recording a transaction not compare the accounting record of the asset with the asset itself

d. An individual recording a transaction not compare the accounting record of the asset with the asset itself

How well did you know this?

Not at all

Perfectly

The single most effective control procedure established to avoid allowing any person to be in a position to perpetrate and the conceal errors or fraud is
a. The separation of the functional responsibilities custodianship, record keeping, operations, and authorization
b. Require each employee to take a vacation each year
c. Established an internal auditing department
d. Require the bonding of personnel in positions that necessities handling of cash and other universally desirable valuables.

a. The separation of the functional responsibilities custodianship, record keeping, operations, and authorization

How well did you know this?

Not at all

Perfectly

Which of the following would contribute most to the safeguarding of assets?
a. Access to computer facilities and records is limited to authorization personnel
b. Training programs are conducted to develop competence of newly hire personnel
c. Control and subsidiary accounts are reconciled on a regularly scheduled basis
d. Blank stock of all purchase orders and sales invoices are prenumbered

a. Access to computer facilities and records is limited to authorization personnel

How well did you know this?

Not at all

Perfectly

25. Which if the following statements best describes the entity’s rish assessment process? a. Entity’s process of identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks. b. Entity’s assessment of audit risks affecting the financial statements c. Entity’s process of evaluating the risks of misstatements due to fraud d. Entity’s assessment of risks that internal control may fail to detect misstatements affecting the financial statements

a. Entity’s process of identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks.

26. The policies and procedures that help ensure that management directives are carried out are referred to as the: a. Control environment b. Control activities c. Monitoring of controls d. Information system

b. Control activities

27. Which of the following is not one of the specific control procedures that are relevant to financial statement audit? a. Performance reviews b. Physical controls c. Segregation of duties d. Monitoring

d. Monitoring

28. Proper segregation of functional responsibilities in an effective structure of internal control calls for separation of the functions of a. Authorization, execution, and payment b. Authorization, recording, and custody c. Custody, execution, and reporting d. Authorization, payment, and recording

b. Authorization, recording, and custody

29. A small entity may use less formal means to ensure that internal control objectives are achieved. For example, extensive accounting procedures, sophisticated accounting records, or formal controls are least likely to be needed if a. Management is closely involved in operations b. The entity is involved in complex transactions c. The entity is subject to legal or regulatory requirements also found in large entities d. Financial reporting objectives have been established

a. Management is closely involved in operations

30. Auditing standards require the auditor to obtain an understanding of the client’s internal control structure a. For every audit b. For first time audits c. Sufficient to find any frauds which may exist d. Whenever it would be appropriate

a. For every audit

31. Evaluating the design of the entity’s internal control would involve a. Considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements b. Determining whether control exists and the entity is using it c. Determining whether the control is operating effectively d. Determining the consistency of application of internal control procedures

a. Considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements

32. Obtaining knowledge about whether the control is implemented can best be obtained by a. Inquiry of client’s personnel b. Reading procedures manual c. Tracing transactions through the information system relevant to financial reporting d. Performing tests of control

c. Tracing transactions through the information system relevant to financial reporting

33. The auditor uses his understanding of accounting and internal control systems together with the inherent and control risks assessments to perform all of the following except a. Identify the types of misstatements that could occur b. Consider factors that affect the risk of material misstatements c. Design appropriate audit procedures d. Evaluate the effectiveness of the accounting and control systems

d. Evaluate the effectiveness of the accounting and control systems

34. When obtaining an understanding of the accounting and internal control systems to plan the audit, the auditor obtains knowledge of the I. Design of the accounting and internal control systems II. Operation of Accounting and internal control systems a. YES YES b. YES NO c. NO NO d. NO YES

I. Design of the accounting and internal control systems II. Operation of Accounting and internal control systems a. YES YES

35. The procedure of tracing a few transactions through the accounting system to determine whether internal controls have been placed in operations is called a. Test of control b. Substantive test c. Control documentation d. Walk-through test

d. Walk-through test

36. Which of the following statements is incorrect about walk-through tests? a. It involves tracing a few transactions through the accounting systems b. This procedure may be treated as part of test of control c. The nature and extent of walk-through test performed by the auditor are such that they alone would provide sufficient appropriate audit evidence to support a control risk assessment which is less than high d. The procedure is performed to determine whether the controls are implemented by the client

c. The nature and extent of walk-through test performed by the auditor are such that they alone would provide sufficient appropriate audit evidence to support a control risk assessment which is less than high

37. The auditor’s understanding of the accounting and internal control systems significant to the audit is ordinarily obtained through previous experience with the entity. In addition, the auditor may perform the following procedures, except a. Inquires of appropriate management, supervisory and other personnel at various organizational levels within the entity, together with reference to documentation, job descriptions and flow charts b. Inspection of documents and records produced by the accounting and internal control system c. Observation of the entity’s activities and operations, including observation of the organization of computer operations, management personnel and the nature of transaction processing d. Reperformance of internal control procedures

d. Reperformance of internal control procedures

38. When obtaining understanding of the entity’s internal control, the auditor should obtain knowledge about the system’s I. Design II. Implementation III. Operating effectiveness a. YES YES YES b. YES YES NO c. YES NO NO d. NO NO YES

I. Design II. Implementation III. Operating effectiveness b. YES YES NO

39. Which of the following would an auditor least likely perform when obtaing understanding of the entity’s accounting and internal control systems? a. Inquires of appropriate personnel b. Inspection of documents and record c. Observation of the entity’s activities and operations d. Reperformance of internal control

d. Reperformance of internal control

40. After obtaining sufficient understanding of the entity’s accounting and internal control systems, the auditor should make a preliminary assessment of a. Audit risk b. Control risk c. Inherent risk d. Detection risk

b. Control risk

41. Which of the following is not a medium that can normally be used by an auditor to record information concerning a client’s internal control policies and procedures? a. Narrative memorandum b. Flowchart c. Procedures manual d. Questionnaire

42. The auditor observes client employees while gaining an understanding of the internal control structure to a. Prepare a flowchart b. Update information contained in the organization and procedure manuals c. Gain knowledge of the design and application of relevant policies, procedures, and records relating to the control structure d. Determine the extent of compliance with quality control standards

43. Which of the following statements regarding auditor documentation of the client’s internal control structure is correct? a. Documentation must include flow charts b. Documentation must include procedural write-ups c. No Documentation is necessary although it is desirable d. No one particular form of documentation is necessary, and the extent of documentation may vary

44. In gaining an understanding of the internal control structure, the auditor may trace several transactions through the control process. The primary purpose of this task is to a. Replace substantive tests b. Detect fraud c. Determine the effectiveness of the control procedures d. Determine whether the controls have been placed in operation

45. The conclusion reached as a result of assessing control risk is referred to as the: a. Assurance provided by internal control structure b. Determined level of acceptable detection risk c. Product of the understanding of internal control d. Assessed level of control risk

46. An auditor assess control risk because it a. Is relevant to the auditor’s understanding of the control environment b. Provides assurance that the auditor’s materiality levels are appropriate c. Indicates to the auditor where inherent risk may be the greatest d. Affects the level of detection risk that the auditor may accept

47. Which of the following statements concerning control risk is correct? a. Assessing control risk and obtaining an understanding of an entity’s internal control structure may be performed concurrently b. When control risk is at a high level, an auditor is required to document the basis for that assessment c. Control risk may be assessed sufficiently low to eliminate substantive testing for significant transaction classes d. When assessing control risk an auditor should not consider evidence obtained in prior audits about the operation of control procedures

48. Which of the following is a step in an auditor’s decision to assess control rosk at less than high level? a. Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls b. Perform tests of details of transactions and accounts balances to identify potential errors and fraud c. Identify specific internal control policies and procedures that are likely to detect or prevent material misstatements d. Document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive testing

49. If, after obtaining an initial understanding of a client’s internal control, the auditor wishes to further reduce the assessed level of control risk relating to plant asset transactions, the auditor should next a. Make extensive substantive tests of plant asset balances b. Establish the physical existence of current year additions c. Complete the plant asset section of the internal accounting control questionnaire d. Further test those internal control procedures relating to processing and recording plant asset transactions

51. Control testing is performed in order to determine whether or not a. The assessed level of control risk can be reduced b. Necessary controls are absent c. Incompatible functions exist d. Material peso errors exist

50. An auditor uses the knowledge provided by the understanding of internal control and the final assessed level of control risk primarily to determine the nature, timing, and extent of the a. Attribute tests b. Tests of controls c. Compliance tests d. Substantive tests

52. To obtain evidential matter about control risk, an auditor selects test from a variety of techniques including a. Inquiry b. Analytical procedures c. Calculation d. Confirmation

53. For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by a. Reperformance and corroboration b. Observing and inquiry c. Inspection and vouching d. Confirmation and recomputation

54. Based on a study and evaluation completed at an interim date, the auditor concludes that no significant internal accounting control weaknesses exist. The records and procedures would most likely be tested again at year-end if a. Compliance tests were not performed by the internal auditor during the remaining period b. The internal accounting control system provides a basis for reliance in reducing the extent of substantive testing c. The auditor used non-statistical sampling during the interim period compliance testing d. Inquiries and observation lead the auditor to believe that conditions have changed

55. After obtaining an understanding of the internal control structure and assessing control risk, an auditor decided to perform tests of controls. The auditor most likely decided that a. It would be efficient to perform tests of controls that would results in a reduction in planned substantive tests b. Additional evidence to support further reduction on control risk is not available c. An increase in the assessed level of control risk is justified for certain financial statement assertions d. There were may internal control weakness that could allow errors to enter the accounting system

56. After studying and evaluating a client’s existing internal control, an auditor has concluded that the policies and procedures are well designed and functioning as intended. Under these circumstances, the auditor would most likely a. Perform further control tests to the extent outlined in the audit program b. Determine the control policies and procedures that should prevent or detect errors and fraud c. Set detection risk at a higher level than would be set under conditions of weak internal control d. Set detection risk at a lower level than would be set under conditions of weak internal control

57. The auditor would most likely assess control risk at a high level when a. It would be efficient to perform test of control b. The entity’s accounting and internal control c. The auditor wishes to rely on the entity’s accounting and internal control systems d. The auditor wants to restrict substantive tests

59. When control risk is assessed at a high level, the auditor should document his Understanding of Conclusion that Basis for concluding that Internal control control risk is at a control risk is at a high level Components high level a. YES YES YES b. YES YES NO c. YES NO NO d. NO YES NO

58. When obtaining audit evidence about the effective operation of internal controls, the auditor considers all of the following except a. How they were applied b. The consistency with which they were applied during the period c. By whom they were applied d. Why they were applied

60. When control risk is assessed at less than high level, the auditor should document his Understanding of Assessment of control Basis for assessing control risk Internal control risk at less than high level Components a. YES YES YES b. YES YES NO c. YES NO NO d. NO YES NO

61. The auditor may decide to perform some tests of control during an interim visit in advance of the period end. However, the auditor cannot rely on the results of such test without considering the need to obtain further audit evidence relating to the remainder of the period. Factors to be considered in deciding whether to perform tests of controls for the remaining period would not include a. The results of the interim tests b. The length of remaining period c. Whether any changes have occurred in the accounting and internal control systems during the remaining period d. The results of substantive tests

62. Which of the following is correct when the auditor assess control risk at a high level? a. The auditor should document the basis for his assessment b. The auditor should perform test of controls c. The auditor should document his conclusion that control risks is at a high level d. The auditor need not document his understanding of internal control

63. The auditor ordinarily assess control risk at a high level for some or all assertions when The entity’s internal control is Evaluating the effectiveness of the control Effective would not be efficient a. YES YES b. YES NO c. NO NO d. NO YES

64. Tests of controls are designed to obtain evidence to support the auditor’s assessment of control risk a. At a high level b. At less than high level c. At zero level d. At the maximum level

MODULE 6: INTERNAL CONTROL Flashcards

(64 cards)