Multiple Choice

1. An auditor’s primary consideration regarding an entity’s internal controls is whether they
a. Prevent management override.
b. Relate to the control environment.
c. Reflect management’s philosophy and operating style.
d. Affect the financial statement assertions.

2. Which of the following statements about internal control is correct?
a. A properly maintained internal control system reasonably ensures that collusion among employees cannot occur.
b. The establishment and maintenance of internal control is an important responsibility of the internal auditor.
c. An exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance.
d. The cost- benefit relationship is a primary criterion that should be considered in designing an internal control system.

3. Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective?
a. Effectiveness and efficiency of operations.
b. Reliability of financial reporting.
c. Compliance with applicable laws and regulations.
d. All of the above are correct.

4. Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component?
a. Monitoring can be an ongoing process.
b. Monitoring can be conducted as a separate evaluation.
c. Monitoring and other audit work conducted by internal audit staff can reduce external audit costs.
d. The independent auditor can serve as part of the entity’s control environment and continuous monitoring.

5. After obtaining an understanding of an entity’s internal control system, an auditor may set control risk at high for some assertions because he or she
a. Believes the internal controls are unlikely to be effective.
b. Determines that the pertinent internal control components are not well documented.
c. Performs tests of controls to restrict detection risk to an acceptable level.
d. Identifies internal controls that are likely to prevent material misstatements.

6. Regardless of the assessed level of control risk, an auditor would perform some
a. Tests of controls to determine the effectiveness of internal controls.
b. Analytical procedures to verify the design of internal controls.
c. Substantive procedures to restrict detection risk for significant transaction classes.
d. Dual- purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
7. Assessing control risk below high involves all of the following except
a. Identifying specific controls to rely on.
b. Concluding that controls are ineffective.
c. Performing tests of controls.
d. Analyzing the achieved level of control risk after performing tests of controls.

8. Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control?
a. Inquiry of entity personnel.
b. Re-performance of the control by the auditor.
c. Observation of entity personnel.
d. Walkthrough.

9. The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by
a. Inspection of documents prepared by a third party but which contain the initials of those applying entity controls.
b. Observation by the auditor of the employees performing control activities.
c. Inspection of a flowchart of duties performed and available personnel.
d. Inquiries of employees who apply control activities.

10. SOC 1, Type 2 reports by the service organization’s auditor typically
a. Provide reasonable assurance that their financial statements are free of material misstatements.
b. Ensure that the entity will not have any misstatements in areas related to the service organization’s activities.
c. Ensure that the entity is billed correctly.
d. Assess whether the service organization’s controls are suitably designed and operating effectively.

11. Significant deficiencies are matters that come to an auditor’s attention that should be communicated to an entity’s audit committee because they represent
a. Disclosures of information that significantly contradict the auditor’s going concern assumption.
b. Material fraud or illegal acts perpetrated by high- level management.
c. Significant deficiencies in the design or operation of the internal control.
d. Manipulation or falsification of accounting records or documents from which financial statements are prepared.

12. An auditor’s flowchart of an entity’s accounting system is a diagrammatic representation that depicts the auditor’s
a. Program for tests of controls.
b. Understanding of the system.
c. Understanding of the types of fraud that are probable, given the present system.
d. Documentation of the study and evaluation of the system.

13. An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus?
a. Data capture controls.
b. Application controls.
c. Output controls.
d. General controls.