Accountancy Department
AT06 – Understanding and Evaluation of Internal Control
Name of student: ______________________________________ Score: ___________
Checker: ___________________ Section Code: _______ Date: ___________
INSTRUCTIONS: Read each item carefully. Choose the correct answer. Write the capital letter of your
choice on the space provided below.
1. _____ 11. _____ 21. _____ 31. _____
2. _____ 12. _____ 22. _____ 32. _____
3. _____ 13. _____ 23. _____ 33. _____
4. _____ 14. _____ 24. _____ 34. _____
5. _____ 15. _____ 25. _____ 35. _____
6. _____ 16. _____ 26. _____ 36. _____
7. _____ 17. _____ 27. _____ 37. _____
8. _____ 18. _____ 28. _____ 38. _____
9. _____ 19. _____ 29. _____ 39. _____
10. _____ 20. _____ 30. _____ 40. _____
1. In an audit of financial statements, an auditor’s primary consideration regarding a control is whether it
A. Reflects management’s philosophy and operating style.
B. Affects management’s financial statement assertions.
C. Provides adequate safeguards over access to assets.
D. Enhances management’s decision-making processes.
2. Which of the following is correct regarding internal control system?
A. Internal control system refers to all the policies and procedures adopted by the auditor to assist in
achieving management’s objective.
B. A strong environment, by itself, ensure the effectiveness of the internal control system.
C. In the audit of financial statements, the auditor is only concerned with those policies and procedures
within the accounting and internal control systems that are relevant to the financial statements.
D. The internal control system is confined to those matters which relate directly to the functions of the
accounting system.
3. Which of the following statements about internal control is correct?
A. Properly maintained internal controls reasonably assure that collusion among employees cannot
occur.
B. Establishing and maintaining internal control is the internal auditor’s responsibility.
C. Exceptionally strong control allows the auditor to eliminate substantive tests.
D. The cost-benefit relationship should be considered in designing internal control.
4. Internal control is often referred to as a(n) __________, because it permeates an organization's
operating activities and is an integral part of basic management activities.
A. event C. activity
B. process D. system
Page 1 of 5
�5. Which of the following is correct about internal control?
A. Accounting and internal control systems provide management with conclusive evidence that
objectives are reached.
B. One of the inherent limitations of accounting and internal control systems is the possibility that the
procedures may become inadequate due to changes in conditions, and compliance with procedures
may deteriorate.
C. Most internal controls tend to be directed at non-routine transactions.
D. Management does not consider costs of the accounting and internal control systems.
6. Corporate directors, management, external auditors, and internal auditors all play important roles in
creating a proper control environment. Top management is primarily responsible for
A. Establishing a proper environment and specifying overall internal control.
B. Reviewing the reliability and integrity of financial information and the means used to collect and
report such information.
C. Ensuring that external and internal auditors adequately monitor the control environment.
D. Implementing and monitoring controls designed by the board of directors.
7. Effective internal control
A. Eliminates risk and potential loss to the organization.
B. Cannot be circumvented by management.
C. Is unaffected by changing circumstances and conditions encountered by the organization.
D. Reduces the need for management to review exception reports on a day-to-day basis.
8. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
A. Tests of controls may fail to identify controls relevant to assertions.
B. Material misstatements may exist in the financial statements.
C. Specified controls requiring segregation of duties may be circumvented by collusion.
D. Entity policies may be overridden by senior management.
9. Which of the following would not be a method used to conduct tests of controls?
A. Inquiry C. Inspection
B. Confirmation D. Observation
10. Audit evidence concerning segregation of duties ordinarily is best obtained by
A. Performing tests of transactions that corroborate management’s financial statement assertions
B. Observing the employees as they apply specific controls.
C. Obtaining a flowchart of activities performed by available personnel.
D. Developing audit objectives that reduce control risk.
11. Which of the following statements concerning control risk is correct?
A. When control risk is at the maximum level, an auditor is required to document the basis for that
assessment.
B. Control risk may be assessed sufficiently low to eliminate substantive testing for significant
transaction classes.
C. When assessing control risk, an auditor should not consider evidence obtained in prior audits about
the operation of controls.
D. Assessing control risk and obtaining an understanding of an entity’s internal control may be
performed concurrently.
12. Based on a consideration of internal control completed at an interim date, the auditor assessed control
risk at a low level and performed interim substantive tests. The records and procedures would most
likely be tested again at year-end if
A. Tests of controls were not performed by the internal auditor during the remaining period.
B. Internal control provides a basis for limiting the extent of substantive testing.
C. The auditor used nonstatistical sampling during the interim period testing of controls.
D. Inquiries and observations lead the auditor to believe that conditions have changed.
13. The amount of risk a company is willing to accept in order to achieve its goals and objectives is
A. Inherent risk C. Residual risk
B. Risk appetite D. Risk assessment
Page 2 of 5
�14. Although substantive tests may support the accuracy of underlying records, these tests frequently
provide no affirmative evidence of segregation of duties because
A. Substantive tests rarely guarantee the accuracy of the records if only a person who performs
incompatible functions.
B. The records may be accurate even though they are maintained by a person who performs
incompatible functions.
C. Substantive tests relate to the entire period under audit, but tests of controls ordinarily are confined
to the period during which the auditor is on the client’s premises.
D. Many computerized procedures leave no audit trail of who performed them, so substantive tests
may necessarily be limited to inquiries and observation of office personnel.
15. The audit committee is responsible for
A. overseeing the internal control structure.
B. overseeing the financial reporting process.
C. working with the internal and external auditors.
D. All of the above are responsibilities.
16. After obtaining an understanding of internal control and assessing control risk, an auditor decided not
to perform additional tests of controls. The auditor most likely concluded that the
A. Additional evidence to support a further reduction in control risk was not cost-beneficial to obtain.
B. Assessed level of inherent risk exceeded the assessed level of control risk.
C. Internal control was properly designed and justifiably may be relied on.
D. Evidence obtainable through tests of controls would not support an increased assessment of control
risk.
17. The objective of tests of details of transactions performed as tests of controls is to
A. Monitor the design and use of entity documents such as prenumbered shipping form
B. Determine whether controls have been placed in operation.
C. Detect material misstatements in the account balances of the financial statements.
D. Evaluate whether controls operated effectively.
18. An auditor wishes to perform tests of controls on a client’s cash disbursements procedures. If the
controls leave no audit trail of documentary evidence, the auditor most likely will test the procedures
by
A. Confirmation and observation.
B. Analytical procedures and confirmation.
C. Observation and inquiry.
D. Inquiry and analytical procedures
19. The auditor is examining copies of sales invoices only for the initials of the person responsible for
checking the extensions. This is an example of a
A. Test of controls C. Dual purpose test
B. Substantive test D. Test of balances
20. Which of the following types of evidence would an auditor most likely examine to determine whether
controls are operating as designed?
A. Confirmations of receivables verifying account balances.
B. Letters of representations corroborating inventory pricing.
C. Attorneys’ responses to the auditor’s inquiries.
D. Client records documenting the use of computer programs.
21. Which of the following procedures concerning accounts receivable is an auditor most likely to perform
to obtain evidential matter in support of an assessed level of control risk below the maximum level?
A. Sending confirmation requests to an entity’s principal customers to verify the existence of accounts
receivable.
B. Inspecting an entity’s analysis of accounts receivable for unusual balances.
C. Comparing an entity’s uncollectible accounts expense to actual uncollectible accounts receivable.
D. Observing an entity’s employee prepare the schedule of past due accounts receivable.
22. When obtaining an understanding of the accounting and internal control system the auditor may trace
a few transactions through the accounting system. This technique is:
A. Reperformance test C. Walk-through test
B. Test of transactions D. Validity test
Page 3 of 5
�23. An auditor is least likely to test controls that provide for
A. Classification of revenue and expense transactions by product line
B. Approval of the purchase and sale of trading securities
C. Segregation of the functions of recording disbursements and reconciling the bank account
D. Comparison of receiving reports and vendors’ invoices with purchase orders
24. In a small company that doesn't employ an adequate number of employees to permit proper division of
responsibilities, effective internal control can be strengthened by
A. Direct participation by the owner of the business in the record keeping activities of the business.
B. Employment of temporary personnel to aid in the separation of duties.
C. Delegation of full, clear-cut responsibility to each employee for the functions assigned to each.
D. Engaging a CPA to perform monthly "write up" work.
25. Transaction authorization within an organization may be either specific or general. An example of
specific transaction authorization is the
A. Approval of a construction budget for a new warehouse
B. Setting of automatic reorder points
C. Establishment of a customer’s credit limits
D. Establishment of sales prices
26. Internal control should provide reasonable (but not necessarily absolute) assurance which means that:
A. The cost of control activities should not exceed the benefits.
B. Internal control is management’s, not auditor’s, responsibility.
C. An attestation engagement about management’s internal control assertions may not necessarily
detect all reportable conditions.
D. There is always a risk that reportable conditions may result in material misstatements.
27. When considering internal control, the auditor’s primary concern is to determine
A. The reliability of the accounting information system.
B. The possibility of fraud occurring.
C. Compliance with policies, plans, and procedures.
D. The type of an opinion he will issue.
28. Which of the following statements is an example of an inherent limitation of internal control?
A. Errors may arise from mistakes in judgments.
B. The effectiveness of control procedures depends on segregation of duties.
C. Procedures are designed to assure that transactions are executed as management authorities.
D. Computers process large numbers of transactions.
29. Which of the following is a responsibility that should not be assigned to only one employee?
A. Access to securities in the company’s safe deposit box.
B. Custodianship of the cash working fund.
C. Reconciliation of bank statement.
D. Custodianship of tools and small equipment.
30. Which of the following activities would be least likely to strengthen a company’s internal control?
A. Maintaining insurance for fire and theft.
B. Separating accounting from other financial operations.
C. Fixing responsibility for the performance of employee duties.
D. Carefully selecting and training employees.
31. Of the following, the best statement of the CPA’s primary objective in considering internal control is
that the review is intended to provide
A. A basis for reliance on the system and determining the scope of other auditing procedures.
B. Reasonable protection against client fraud and defalcations by client employees.
C. A basis for constructive suggestions to the client for improving his internal control system.
D. A method for ensuring that there is reasonable assurance that the financial statements are reliable.
32. Which of the following is accomplished by corrective controls?
A. identify the cause of the problem
B. correct the resulting errors
C. modify the system to prevent future occurrences of the problem
D. All of the above are accomplished by corrective controls.
Page 4 of 5
�33. The sequence of steps in gathering evidence as the basis of the auditor’s opinion is
A. Substantive tests, documentation of control structure, and tests of controls
B. Documentation of control structure, tests of controls, and substantive tests
C. Documentation of control structure, substantive tests, and tests of controls
D. Tests of controls, documentation of control structure, and substantive tests
34. Internal control procedures are not designed to provide reasonable assurance that
A. Transactions are executed in accordance with management's authorization.
B. Access to assets is permitted only in accordance with management's authorization.
C. Irregularities will be eliminated.
D. The recorded accountability for assets is compared with the existing assets at reasonable intervals.
35. A secondary purpose of the auditor's consideration of internal control is to provide
A. A basis for assessing control risk.
B. An assurance that the records and documents have been maintained in accordance with existing
company policies and procedures.
C. A basis for constructive suggestions about improvements in internal control structure.
D. A basis for the determination of the resultant extent of the tests to which auditing procedures are to
be restricted.
36. The accountant's report expressing an opinion on an entity's internal controls should state that the
A. Objectives of the client's internal controls are being met.
B. Consideration of the internal controls was conducted in accordance with generally accepted
auditing standards.
C. Establishment and maintenance of internal control is the responsibility of management.
D. Inherent limitations of the client's internal controls were examined.
37. The evaluation of deviations that were observed upon completing tests of controls
A. May require the need for doing more extensive understanding of control.
B. May require more extensive tests of controls.
C. Always requires documentation of the basis of assessment of control risk.
D. May require modification of the nature, timing, and extent of planned substantive procedures.
38. The following statements are true about observation when used as tests of control procedures, except.
A. The auditor may supplement his observations with other tests of control capable of providing audit
evidence.
B. Audit evidence obtained by doing observation pertains only to the point in time at which the
procedure was applied.
C. Observation of who applies a control procedure is useful as a test of control procedures when
evaluating control effectiveness of both computerized and manual system
D. Ordinarily, making inquiries provides more reliable audit evidence than doing observation when
testing segregation of functional responsibilities.
39. Tests of controls are performed to obtain audit evidence about the effectiveness of the
A. Operation of the internal controls at the time the tests are being applied.
B. Operations of the internal controls in eliminating fraud and errors.
C. Design of the internal controls in eliminating fraud and errors.
D. Design of the accounting and internal controls systems.
40. While obtaining an understanding of a client's risk assessment policies, an auditor does not ordinarily
include how management
A. Identifies risk.
B. Eliminates significant risks
C. Assesses the likelihood of occurrence of events due to significant risks.
D. Relates risk assessment to financial reporting.
Page 5 of 5
