1.

This is the process designed and effected by those charged with governance, management and other personnel to
provide reasonable assurance about the achievement of the entity’s objectives on financial reporting, operations and
compliance.
a. Strategies c. Internal controls
b. Operating plans d. Risk assessments

2. A reason to establish internal control is:

a. Have a basis for planning the audit
b. Provide reasonable assurance that the objectives of the organization are achieved
c. Encourage compliance with organizational objectives
d. Ensure the accuracy, reliability and timeliness of information

3. According to PSA 315, the auditor uses the understanding of internal control to:
a. Identify types of potential misstatements
b. Consider factors that affect the risk of material misstatements
c. Design the nature, timing and extent of further audit procedures (i.e. test of controls and substantive tests)
d. All of these

4. In an audit of financial statements, an auditor’s primary consideration regarding a control is whether it:
a. Enhances management’s decision-making processes
b. Reflects management’s philosophy and operating style
c. Affects management’s financial statement assertions
d. Provides adequate safeguards over access to assets

5. What is the relationship between an entity’s objectives and the controls it implements to provide reasonable assurance
about their achievement?
a. Direct c. Adverse
b. Inverse d. Cannot be determined

6. An auditor would most likely be concerned with internal control policies and procedures that provide reasonable
assurance about:
a. The efficiency of management’s decision-making process
b. Appropriate prices the entity should charge for its products
c. Methods of assigning production tasks to employees
d. The entity’s ability to process and summarize financial data

7. These controls may also be relevant to the audit if the external auditor intends to make use of company-produced
information in designing and performing further audit procedures (tests of controls and substantive tests):
a. Controls over completeness and consistency c. Controls over completeness and accuracy
b. Controls over existence and occurrence d. Controls over presentation and disclosure

8. The following are components of internal control:

a. Organizational structure, management philosophy and planning
b. Legal environment of the firm, management philosophy and organizational structure
c. Risk assessment process, backup facilities, responsibility accounting and natural laws
d. Control environment, risk assessment process, control activities, information system and communication, and
monitoring

9. Which of the following statements best describes “control environment”?

a. The entity’s process for identifying business risks relevant to financial reporting objectives and deciding about actions
to address those risks and the result thereof.
b. The system for transferring information from transaction processing systems to the general ledger or the financial
reporting system.
c. Policies and procedures that help ensure that management directives are carried out.
d. This includes the governance and management functions and the attitudes, awareness, and actions of those charged with
governance and management concerning the entity’s internal control and its importance to the entity.
10. Management’s attitude towards aggressive financial reporting and its emphasis on meeting projected profit goals most
likely would significantly influence an entity’s control environment when:
a. Management is dominated by one individual who is also a shareholder
b. External policies established by parties outside the entity affect its accounting practices
c. The audit committee is active in overseeing the entity’s financial reporting policies
d. Internal auditors have direct access to the board of directors and entity management

11. An entity’s risk assessment process includes how management:

a. Identifies business risks relevant to financial reporting objectives
b. Estimates the significance of the risks
c. Assesses the likelihood of the occurrence of risks
d. Decides on actions to address the risks
e. All of the choices

12. Risks can arise or change due to circumstances such as the following, except
a. There is a change in the regulatory or operating environment
b. No new employees have been hired by the company
c. The company switched from manual information systems to a computerized system
d. The accounting and financial reporting framework has experienced significant revisions

13. The information system consists of the following:

a. Infrastructure (physical and hardware components) and software
b. People
c. Procedures and data
d. All of these

14. The objective of the recording function of transactions (in the context of internally accounting control) is to
a. Limit access to assets and to permit preparation of financial statements in accordance with GAAP
b. Assure compliance with the rules of all regulatory bodies having jurisdiction over the reporting entity
c. Permit preparation of financial statements in accordance with GAAP and to maintain accountability of assets
d. Encourage operational efficiency and adherence to prescribed managerial policies

15. Which of the following statements describe the processing function of an accounting system?
a. Identifying and capturing the relevant information for transactions or events
b. Editing and validation, calculating, measuring, valuing, summarizing and reconciling functions
c. The preparation of financial reports as well as other information, in electronic or printed format, that the entity uses in
measuring and reviewing the entity’s financial performance
d. All of these statements describe the recording function

16. Which of the following descriptions pertain to physical controls?

a. Control activities that include reviews and analyses of actual performance versus budgets, forecasts, and prior period
performance
b. Controls performed to check accuracy, completeness and authorization of transactions
c. Physical security of assets, including adequate safeguards such as secured facilities over access to assets and records
d. The assignment of incompatible functions to different people
e. Control activities involving the specific or general authorization of a transaction

17. Which of the following would be preventive controls?

a. The use of batch totals
b. Reconciling the accounts receivable subsidiary file with the control account
c. Requirement that two person open mail
d. Preparation of bank reconciliation

18. An example of specific transaction authorization is the

a. Setting of automatic reorder points c. Establishment of a customer’s credit limits
b. Establishment of sales prices d. Approval of a construction budget for a new warehouse

19. A proper segregation of duties requires:

a. That an individual authorizing a transaction should record it also
b. That an individual authorizing a transaction maintain custody of the asset that resulted from the transaction
c. That an individual maintaining custody of an asset be entitled to access the accounting records for the asset
d. That different individuals should handle custody, authorization and record-keeping
20. A process implemented by management to assess the effectiveness of internal control performance over time
a. Monitoring of controls c. Tests of control
b. Quality control system d. Risk assessment procedures

21. An entity’s ongoing monitoring activities often include:

a. Periodic audits by the audit committee
b. Reviewing the purchasing function
c. The audit of the annual financial statements
d. Control risk assessment in conjunction with quarterly reviews

22. An effective internal control structure

a. Reduces the need for management to review exception reports on a day-to-day basis
b. Eliminates risk and potential loss to the organization
c. Cannot be circumvented by management
d. Is unaffected by changing circumstances and conditions encountered by the organization

23. Internal control can only provide reasonable, not absolute, assurance of achieving entity control objectives. One of the
factors limiting the likelihood of achieving those objectives is that:
a. The auditor’s primary responsibility is the detection of fraud
b. The board of directors is active and independent
c. The cost of internal control should not exceed its benefits
d. Management monitors internal control

24. When an organization has a strong internal control structure, management can expect various benefits. The benefit
least likely to occur is
a. Reduces cost of an external audit
b. Elimination of employee fraud
c. Availability of reliable data for decision-making purposes and protection of important documents and records
d. Some assurance of compliance with SEC regulations

25. Which of the following is an example of an inherent limitation in a client’s internal control system?
a. The effectiveness of procedures depends on the segregation of employee duties
b. Procedures are designed to assure the execution and recording of transactions in accordance with management’s
authorization
c. In the performance of most control procedures, there are possibilities of errors arising from mistakes in judgment
d. Procedures for handling large numbers of transactions are processed by information technology (IT) equipment

26. Which of the following conditions supports strong internal control?

a. Strict monitoring by the Bureau of Internal Revenue
b. The existence of related parties and related party transactions
c. Pressure by the financial community to improve earnings performance
d. An economic downturn

27. Which of the following statements is not a reason for utilizing analytical review procedures?
a. To assess the entity’s ability to continue as a going concern
b. To identify areas with no unusual fluctuations so that fewer detailed tests may be performed on those accounts
c. To highlight changes from the prior year to the current year so that trends can be identified which will influence audit
planning
d. To determine the magnitude of errors in the financial statements

28. When the continuing auditor intends to use information about the entity and its environment obtained in prior periods,
the auditor should:
a. Seek permission with the client in using the prior period information obtained by the auditor
b. Determine whether to equitably reduce the audit fee due to lower audit effort expended during the engagement
c. Determine whether changes have occurred that may affect the relevance of such information in the current audit
d. Assess control risk as “high” for the assertions affected by the prior period information

29. Relevant industry conditions include the following, except

a. The market and competition, including demand, capacity and price competition
b. Cyclical or seasonal activity
c. Product technology relating to the entity’s products
d. Regulatory framework for a regulated industry
30. Which of the following matters is not included under “regulatory environment”?
a. Accounting principles and industry specific practices
b. Legislation and regulation that significantly affect the entity’s operations
c. Government policies currently affecting the conduct of the entity’s business
d. General level of economic activity (for example, recession, growth)

31. The nature of the entity refers to the following, except

a. The entity’s operations, its ownership and governance
b. The types of investments that it is making and plans to make
c. The way that the entity is structured and how it is financed
d. Other external factors, such as general economic conditions

32. These are the operational approaches by which management intends to achieve its objectives.
a. Strategies c. Business risk approaches
b. Planning methods d. Operational plans

33. These result from significant conditions, events, circumstances, actions or inactions that could adversely affect the
entity’s ability to achieve its objectives and execute its strategies.
a. Business failure c. Business obstacles
b. Information risk d. Business risk

34. In obtaining an understanding of a client’s objectives, strategies and related business risks, the auditor would most
likely consider the following as business risks, except
a. The entity does not have the personnel or expertise to deal with the changes in the industry
b. There is increased product liability
c. Demand has not been accurately estimated
d. The entity relies more on debt financing rather than equity financing
e. All of the above are considered

35. S1: Business risk is broader in scope than the risk of material misstatement.
S2: Most business risks have financial consequences and they may have an effect on the financial statements of an entity.
a. True, False c. True, True
b. False, True d. False, False

36. The auditor’s understanding of the entity’s selection and application of accounting policies encompasses the
following:
I. The methods the entity uses to account for significant and unusual transactions
II. The effect of significant accounting policies in controversial or emerging areas for which there is a lack of authoritative
guidance or consensus
III. The changes in the entity’s accounting policies
a. I - Yes II - No III - Yes
b. I - Yes II - Yes III - No
c. I - Yes II - Yes III - Yes
d. I - Yes II - No III - No

37. S1: Performance measures and their review indicate to the auditor aspects of the entity’s performance that
management and others consider to be not of importance.
S2: The sources of information used in measuring and reviewing financial performance consist of externally and
internally-generated information.
a. True, False c. True, True
b. False, True d. False, False

38. Examples of matters an auditor may consider under measurement and review of the entity’s financial performance
include the following (select the exception)
a. Key ratios and operating statistics
b. Use of information technology
c. Competitor analysis
d. Employee performance measures and incentive compensation policies
39. According to PSA 315, the auditor should document:
a. The discussion among the engagement team
b. Key elements of the understanding obtained regarding each of the aspects of the entity and its environment, including
each of the internal control components
c. The identified and assessed risks of material misstatement at the financial statement level and at the assertion level, the
risks identified and related controls evaluated
d. All of the choices

40. The form and extent of documentation is influenced by the following:

a. Nature, size and complexity of the entity and its internal control
b. Availability of information from the entity
c. Specific audit methodology and technology used in the course of the audit
d. All of these factors affect the form and extent of documentation