AUDITING THEORY Post Quiz:

Consideration of Internal Control

INSTRUCTION: Read carefully the questions below and choose the best statement
among the choices. Write only the letter of your answer in CAPITAL letters on the
answer sheet provided with this questionnaire. Erasures and alterations of any
kind will not be given points. Please do not use friction pens. God bless. 

1. Which of the following most likely would not be considered an inherent

limitation of the potential effectiveness of an entity’s internal control?
a. Incompatible duties.
b. Management override.
c. Mistakes in judgment.
d. Collusion among employees.

2. When considering internal control, an auditor should be aware of the concept

of reasonable assurance, which recognizes that
a. Internal control may be ineffective due to mistakes in judgment and personal
carelessness.
b. Adequate safeguards over access to assets and records should permit an entity
to maintain proper accountability.
c. Establishing and maintaining internal control is an important responsibility
of management.
d. The cost of an entity’s internal control should not exceed the benefits
expected to be derived.

3. Proper segregation of functional responsibilities calls for separation of the

functions of
a. Authorization, execution, and payment.
b. Authorization, recording, and custody.
c. Custody, execution, and reporting.
d. Authorization, payment, and recording.

4. An entity’s ongoing monitoring activities often include

a. Periodic audits by the audit committee.
b. Reviewing the purchasing function.
c. The audit of the annual financial statements.
d. Control risk assessment in conjunction with quarterly reviews.

5. The overall attitude and awareness of an entity’s board of directors

concerning the importance of internal control usually is reflected in its
a. Computer-based controls.
b. System of segregation of duties.
c. Control environment.
d. Safeguards over access to assets.

6. Management philosophy and operating style most likely would have a significant
influence on an entity’s control environment when
a. The internal auditor reports directly to management.
b. Management is dominated by one individual.
c. Accurate management job descriptions delineate specific duties.
d. The audit committee actively oversees the financial reporting process.

7. In general, material fraud perpetrated by which of the following are most

difficult to detect?
a. Cashier.
b. Keypunch operator.
c. Internal auditor.
d. Controller.

8. Which of the following is not a component of an entity’s internal control?

a. Control risk.
b. Control activities.
c. Monitoring.
d. Control environment.

9. Which of the following is not an accurate statement about communication of

internal control related matters to management on a nonissuer (nonpublic)
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00
company?

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 a. The auditor must communicate both material weaknesses and significant
deficiencies.
b. The auditor must communicate in writing.
c. Previously communicated weaknesses that have not been corrected need not be
recommunicated.
d. A communication indicating that no significant deficiencies were identified
should not be issued.

10. When tests of controls reveal that controls are operating as anticipated, it
is most likely that the assessed level of control risk will:
A. Be less than the preliminary assessed level of control risk.
B. Equal the preliminary assessed level of control risk.
C. Equal the actual control risk.
D. Be less than the actual control risk.

11. Which of the following procedures most likely would provide an auditor with
evidence about whether an entity’s internal control activities are suitably
designed to prevent or detect material misstatements?
a. Reperforming the activities for a sample of transactions.
b. Performing analytical procedures using data aggregated at a high level.
c. Vouching a sample of transactions directly related to the activities.
d. Observing the entity’s personnel applying the activities.

12. Which statement is correct concerning the relevance of various types of

controls to a financial audit?
a. An auditor may ordinarily ignore a consideration of controls when a
substantive audit approach is taken.
b. Controls over the reliability of financial reporting are ordinarily most
directly relevant to an audit, but other controls may also be relevant.
c. Controls over safeguarding of assets and liabilities are of primary
importance, while controls over the reliability of financial reporting may also
be relevant.
d. All controls are ordinarily relevant to an audit.

13. In an audit of financial statements in accordance with generally accepted

auditing standards, an auditor is required to
a. Document the auditor’s understanding of the entity’s internal control.
b. Search for significant deficiencies in the operation of internal control.
c. Perform tests of controls to evaluate the effectiveness of the entity’s
internal control.
d. Determine whether controls are suitably designed to prevent or detect material
misstatements.

14. In obtaining an understanding of an entity’s internal control relevant to

audit planning, an auditor is required to obtain knowledge about the
a. Design of the controls pertaining to internal control components.
b. Effectiveness of controls that have been implemented.
c. Consistency with which controls are currently being applied.
d. Controls related to each principal transaction class and account balance.

15. An auditor should obtain sufficient knowledge of an entity’s information

system to understand the
a. Safeguards used to limit access to computer facilities.
b. Process used to prepare significant accounting estimates.
c. Controls used to assure proper authorization of transactions.
d. Controls used to detect the concealment of fraud.

16. When obtaining an understanding of an entity’s internal control, an auditor

should concentrate on the substance of controls rather than their form because
a. The controls may be operating effectively but may not be documented.
b. Management may establish appropriate controls but not enforce compliance with
them.
c. The controls may be so inappropriate that no reliance is contemplated by the
auditor.
d. Management may implement controls whose costs exceed their benefits.

17. Decision tables differ from program flowcharts in that decision tables
emphasize
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00
a. Ease of manageability for complex programs.

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 b. Logical relationships among conditions and actions.
c. Cost benefit factors justifying the program.
d. The sequence in which operations are performed.

18. During the consideration of internal control in a financial statement audit,

an auditor is not obligated to
a. Search for significant deficiencies in the operation of the internal control.
b. Understand the internal control and the information system.
c. Determine whether the control activities relevant to audit planning have been
implemented.
d. Perform procedures to understand the design of internal control.

19. A primary objective of procedures performed to obtain an understanding of

internal control is to provide an auditor with
a. Knowledge necessary to assess the risks of material misstatements.
b. Evidence to use in assessing inherent risk.
c. A basis for modifying tests of controls.
d. An evaluation of the consistency of application of management’s policies.

20. Which of the following statements regarding auditor documentation of the

client’s internal control is correct?
a. Documentation must include flowcharts.
b. Documentation must include procedural write-ups.
c. No documentation is necessary although it is desirable.
d. No one particular form of documentation is necessary and the extent of
documentation may vary.

21. Under which circumstance is it likely that the extent of substantive

procedures will be expanded beyond that anticipated in the audit plan?
A. The auditors have determined that controls have been implemented (placed in
operation) but, in accordance with the audit plan, have performed no tests of
controls.
B. Certain controls do not leave a trail of documentary evidence.
C. Deviation rates were greater than zero and approached anticipated levels.
D. The operating effectiveness of certain controls was found to be less than
expected, although no material misstatements were identified.

22. Which of the following may not be required on a particular audit of a

nonissuer (nonpublic) company?
a. Risk assessment procedures.
b. Tests of controls.
c. Substantive procedures.
d. Analytical procedures.

23. Control risk should be assessed in terms of

a. Specific controls.
b. Types of potential fraud.
c. Financial statement assertions.
d. Control environment factors.

24. After assessing control risk, an auditor desires to seek a further reduction
in the assessed level of control risk. At this time, the auditor would consider
whether
a. It would be efficient to obtain an understanding of the entity’s information
system.
b. The entity’s controls have been implemented.
c. The entity’s controls pertain to any financial statement assertions.
d. Additional audit evidence sufficient to support a further reduction is likely
to be available.

25. Assessing control risk at a low level most likely would involve
a. Performing more extensive substantive tests with larger sample sizes than
originally planned.
b. Reducing inherent risk for most of the assertions relevant to significant
account balances.
c. Changing the timing of substantive tests by omitting interim-date testing and
performing the tests at year-end.
d. Identifying specific controls relevant to specific assertions.
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 26. An auditor assesses control risk because it
a. Is relevant to the auditor’s understanding of the control environment.
b. Provides assurance that the auditor’s materiality levels are appropriate.
c. Indicates to the auditor where inherent risk may be the greatest.
d. Affects the level of detection risk that the auditor may accept.

27. When an auditor increases the assessed level of control risk because certain
control activities were determined to be ineffective, the auditor would most
likely increase the
a. Extent of tests of controls.
b. Level of detection risk.
c. Extent of tests of details.
d. Level of inherent risk.

28. An auditor uses the knowledge provided by the understanding of internal

control and the assessed level of the risk of material misstatement primarily to
a. Determine whether procedures and records concerning the safeguarding of assets
are reliable.
b. Ascertain whether the opportunities to allow any person to both perpetrate and
conceal fraud are minimized.
c. Modify the initial assessments of inherent risk and preliminary judgments
about materiality levels.
d. Determine the nature, timing, and extent of substantive tests for financial
statement assertions.

29. An auditor may compensate for a weakness in internal control by increasing

the
a. Level of detection risk.
b. Extent of tests of controls.
c. Preliminary judgment about audit risk.
d. Extent of analytical procedures.

30. Which of the following statements is correct concerning an auditor’s

assessment of control risk?
a. Assessing control risk may be performed concurrently during an audit with
obtaining an understanding of the entity’s internal control.
b. Evidence about the operation of internal control in prior audits may not be
considered during the current year’s assessment of control risk.
c. The basis for an auditor’s conclusions about the assessed level of control
risk need not be documented unless control risk is assessed at the maximum level.
d. The lower the assessed level of control risk, the less assurance the evidence
must provide that the control procedures are operating effectively.

31. Regardless of the assessed level of control risk, an auditor would perform
some
a. Tests of controls to determine the effectiveness of internal control policies.
b. Analytical procedures to verify the design of internal control.
c. Substantive tests to restrict detection risk for significant transaction
classes.
d. Dual-purpose tests to evaluate both the risk of monetary misstatement and
preliminary control risk.

32. How frequently must an auditor test operating effectiveness of controls that
appear to function as they have in past years and on which the auditor wishes to
rely in the current year?
a. Monthly.
b. Each audit.
c. At least every second audit.
d. At least every third audit.

33. Before assessing control risk at a level lower than the maximum, the auditor
obtains reasonable assurance that controls are in use and operating effectively.
This assurance is most likely obtained in part by
a. Preparing flowcharts.
b. Performing substantive tests.
c. Analyzing tests of trends and ratios.
d. Inspection of documents.
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00
34. An auditor generally tests the segregation of duties related to inventory by

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 a. Personal inquiry and observation.
b. Test counts and cutoff procedures.
c. Analytical procedures and invoice recomputation.
d. Document inspection and reconciliation.

35. The objective of tests of details of transactions performed as tests of

controls is to
a. Monitor the design and use of entity documents such as prenumbered shipping
forms.
b. Determine whether controls have been implemented.
c. Detect material misstatements in the account balances of the financial
statements.
d. Evaluate whether controls operated effectively.

36. After obtaining an understanding of internal control and assessing the risk
of material misstatement, an auditor decided to perform tests of controls. The
auditor most likely decided that
a. It would be efficient to perform tests of controls that would result in a
reduction in planned substantive tests.
b. Additional evidence to support a further reduction in the risk of material
misstatement is not available.
c. An increase in the assessed level of the risk of material misstatement is
justified for certain financial statement assertions.
d. There were many internal control weaknesses that could allow misstatements to
enter the accounting system.

37. In assessing control risk, an auditor ordinarily selects from a variety of

techniques, including
a. Inquiry and analytical procedures.
b. Reperformance and observation.
c. Comparison and confirmation.
d. Inspection and verification.

38. Which of the following types of evidence would an auditor most likely examine
to determine whether controls are operating as designed?
a. Confirmations of receivables verifying account balances.
b. Letters of representations corroborating inventory pricing.
c. Attorneys’ responses to the auditor’s inquiries.
d. Client records documenting the use of computer programs.

39. Which of the following is not a step in an auditor’s assessment of control

risk?
a. Evaluate the effectiveness of internal control with tests of controls.
b. Obtain an understanding of the entity’s information system and control
environment.
c. Perform tests of details of transactions to detect material misstatements in
the financial statements.
d. Consider whether controls can have a pervasive effect on financial statement
assertions.

40. To obtain audit evidence about control risk, an auditor selects tests from a
variety of techniques including
a. Inquiry.
b. Analytical procedures.
c. Calculation.
d. Confirmation.

41. Which of the following is least likely to be evidence the auditor examines to
determine whether controls are operating effectively?
a. Records documenting usage of computer programs.
b. Canceled supporting documents.
c. Confirmations of accounts receivable.
d. Signatures on authorization forms.

42. If the auditors do notperform tests of controls for certain assertions:

A. They have performed a substandard audit.
B. They are not required to communicate significant deficiencies relating to
those accounts to management and the board of directors.
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00
C. They must issue a qualified opinion.

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 D. They must assess control risk at the maximum level for those assertions.

43. During financial statement audits, the auditors' consideration of their

clients' internal control is integral to both assess the risk of material
misstatement and to:
A. Assess inherent risk.
B. Design further audit procedures.
C. Assess compliance with the Foreign Corrupt Practices Act.
D. Provide a reasonable basis for an opinion on compliance with applicable laws.

44. Which of the following comes closest to outlining the auditors'

responsibility for considering internal control in all financial statement
audits?
A. An understanding of the control environment, information and communication,
risk assessment and monitoring is necessary; an understanding of control
activities is only necessary for areas in which the auditor is performing tests
of controls.
B. The auditor must obtain an understanding of each of the five internal control
components sufficient to assess the risks of material misstatement for the audit.
C. When tests of controls have been performed, control risk must be assessed at a
level less than the maximum.
D. An understanding of the control environment is necessary, but no understanding
of the other components is necessary unless control risk is to be assessed at a
level less than the maximum.

45. Which of the following best describes a CPA’s engagement to report on an

entity’s internal control over financial reporting?
a. An attestation engagement to form an opinion on the effectiveness of its
internal control.
b. An audit engagement to provide negative assurance on the entity’s internal
control.
c. A prospective engagement to project, for a period of time not to exceed one
year, and report on the expected benefits of the entity’s internal control.
d. A consulting engagement to provide constructive advice to the entity on its
internal control.

46. An engagement to examine internal control will generally

a. Require procedures that duplicate those already applied in assessing control
risk during a financial statement audit.
b. Increase the reliability of the financial statements that have already been
audited.
c. Be more extensive in scope than the assessment of control risk made during a
financial statement audit.
d. Be more limited in scope than the assessment of control risk made during a
financial statement audit.

47. Which of the following is correct concerning the level of assistance auditors
may provide in assisting management with its assessment of internal control?
a. No assistance of any type may be provided.
b. No limitations on assistance exist.
c. Only very limited assistance may be provided.
d. As less risk is assumed by the auditors, a higher level of assistance is
appropriate.

48. Which of the following is not a primary procedure auditors use to obtain
sufficient knowledge about the design of the relevant controls and to determine
whether they have been implemented (placed in operation)?
A. Previous experience with the entity.
B. Inquiries of appropriate management personnel.
C. Performance of substantive procedures.
D. Inspection of document and records.

49. Which of the following is an accurate statement about internal control

weaknesses?
a. Material weaknesses are also control deficiencies.
b. Significant deficiencies are also material weaknesses.
c. Control deficiencies are also material weaknesses.
d. All control deficiencies must be communicated to the audit committee.
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 50. In an integrated audit, which of the following is defined as a weakness in
internal control that is less severe than a material weakness but important
enough to warrant attention by those responsible for oversight of the financial
reporting function?
a. Control deficiency.
b. Unusual weakness.
c. Unusual deficiency.
d. Significant deficiency.

51. A material weakness is a significant deficiency (or combination of

significant deficiencies) that results in a reasonable possibility that a
misstatement of at least what amount will not be prevented or detected?
a. An amount greater than zero.
b. An amount greater than zero, but at least inconsequential.
c. An amount greater than inconsequential.
d. A material amount.

52. The minimum likelihood of loss involved in the consideration of a control

deficiency is
a. Remote.
b. More than remote.
c. Probable.
d. Not explicitly considered.

53. Assume that a company has a control deficiency regarding the processing of
cash receipts. Reconciliation of cash accounts by a competent individual
otherwise independent of the cash function might make the likelihood of a
significant misstatement due to the control deficiency remote. In this situation,
reconciliation may be referred to as what type of control?
a. Compensating.
b. Preventive.
c. Adjustive.
d. Nonroutine.

54. Which of the following is true about the auditors' consideration of internal
control in a financial statement audit?
A. The auditors must assess control risk at a level lower than the maximum.
B. The auditors must prepare a flowchart description of internal control for
their working papers.
C. The auditors must obtain an understanding of the steps in processing major
types of transactions.
D. The auditors must perform tests of controls.

55. Which of the following is an advantage of describing internal control through

the use of a standardized questionnaire?
A. Questionnaires highlight weaknesses in the system.
B. Questionnaires are more flexible than other methods of describing internal
control.
C. Questionnaires usually identify situations in which internal control
weaknesses are compensated for by other strengths in the system.
D. Questionnaires provide a clearer and more specific portrayal of a client's
system than other methods of describing internal control.
56. A procedure that involves tracing a transaction from its origination through
the company’s information systems until it is reflected in the company’s
financial report is referred to as a(n)
a. Analytical analysis.
b. Substantive procedure.
c. Test of a control.
d. Walk-through.

57. Which of the following is least likely to be considered a risk assessment

procedure relating to internal control?
A. Counting marketable securities at year-end.
B. Inquiries of client personnel.
C. Inspecting documents and reports.
D. Observing the application of specific controls.

58. Which of the following is least likely to be considered a risk assessment

This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00
procedure?

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 A. Analytical procedures.
B. Inspection of documents.
C. Observation of the counting of inventory.
D. Observation of the performance of certain accounting procedures.

59. Which of the following is not a factor that is considered a part of the
client's overall control environment?
A. The organizational structure.
B. The information system.
C. Management philosophy and operating style.
D. Board of directors.

60. Which is most likely to be a question asked of employee personnel during a

walk-through in an audit of the internal control of an issuer (public) company?
a. Have you ever been asked to override the process?
b. Do you believe that you are underpaid?
c. What do you do when you find a fraudulent transaction?
d. Who trained you for this job?

61. Which of the following would be least likely to be considered a benefit of

effective internal control?
A. Eliminating all employee fraud.
B. Restricting access to assets.
C. Detecting ineffectiveness.
D. Ensuring authorization of transactions.

62. After documenting the client's prescribed internal control, the auditors will
often perform a walk-through of each transaction cycle. An objective of a walk-
through is to:
A. Verify that the controls have been implemented (placed in operation).
B. Replace tests of controls.
C. Evaluate the major strengths and weaknesses in the client's internal control.
D. Identify weaknesses to be communicated to management in the management letter.

63. A control deficiency that is more than a significant deficiency is most

likely to result in what form of audit opinion relating to internal control?
a. Adverse.
b. Qualified.
c. Unqualified.
d. Unqualified with explanatory language.

64. Which of the following is most likely to be considered a material weakness in

internal control for purposes of an internal control audit of an issuer (public)
company?
a. An ineffective oversight of financial reporting by the audit committee.
b. Restatement of previously issued financial statements due to a change in
accounting principles.
c. Inadequate segregation of recordkeeping from accounting.
d. Weaknesses in control activities.

65. Which of the following is most likely to indicate a significant deficiency

relating to a client’s antifraud programs?
a. A broad scope of internal audit activities.
b. A “whistle-blower” program that encourages anonymous submissions.
c. Audit committee passivity when conducting oversight functions.
d. Lack of performance of criminal background investigations for likely
customers.

66. Which is correct concerning the external auditors’ use of the work of others
in an audit of internal control performed for a public company?
a. It is not allowed.
b. The work of internal auditors may be used, but only when those internal
auditors report directly to the audit committee.
c. Ordinarily the work of internal auditors and others is used primarily in low-
risk areas.
d. There is no limitation and is likely to reduce auditor liability since the
auditors will then share legal responsibility with those who have performed the
service.
This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/
 67. In an integrated audit, which must the auditor communicate in writing to
management?
a. Only material weaknesses.
b. Material weaknesses and significant deficiencies.
c. Material weaknesses, significant deficiencies and other control deficiencies.
d. Material weaknesses, significant deficiencies, other control deficiencies, and
all suspected and possible employee law violations.

68. Which of the following is correct when applying a top-down approach to

identify controls to test in an integrated audit?
a. For certain assertions, strong entity-level controls may allow the auditor to
omit additional testing beyond those controls.
b. Starting at the top—controls over specific assertions—the auditor should link
to major accounts and reporting items.
c. The goal is to focus on details of accounting controls, while avoiding
consideration of overall entity-level controls.
d. The goal is to focus on all controls related to assertions, omitting
consideration of controls related to the financial statements.

69. In reporting on an entity’s internal control over financial reporting, a

practitioner should include a paragraph that describes the
a. Documentary evidence regarding the control environment factors.
b. Changes in internal control since the prior report.
c. Potential benefits from the practitioner’s suggested improvements.
d. Inherent limitations of any internal control.

70. When an independent auditor reports on internal control based on criteria

established by governmental agencies, the report should
a. Not include the agency’s name in the report.
b. Indicate matters covered by the study and whether the auditor’s study included
tests of controls with the procedures covered by the study.
c. Not express a conclusion based on the agency’s criteria.
d. Assume responsibility for the comprehensiveness of the criteria established by
the agency and include recommendations for corrective action.

AUDIT THEORY Post-Quiz : Consideration of Internal Control

A N S W E R S H E E T
Name: Score:

Erasures or alterations of any kind will not be given points.

1. 11. 21. 31. 41. 51. 61.

2. 12. 22. 32. 42. 52. 62.

3. 13. 23. 33. 43. 53. 63.

4. 14. 24. 34. 44. 54. 64.

5. 15. 25. 35. 45. 55. 65.

6. 16. 26. 36. 46. 56. 66.

7. 17. 27. 37. 47. 57. 67.

8. 18. 28. 38. 48. 58. 68.

9. 19. 29. 39. 49. 59. 69.

10. 20. 30. 40. 50. 60. 70.

This study source was downloaded by 100000854781725 from CourseHero.com on 01-10-2023 08:07:35 GMT -06:00

https://www.coursehero.com/file/81885863/6-Internal-Control-AKdocx/

Powered by TCPDF (www.tcpdf.org)