Aud Theo

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 7

AUDITING THEORY – QUIZ 2

INTERNAL CONTROL & CIS


October 10, 2019

MULTIPLE CHOICE QUESTIONS

1. According to PSA 400, which of the following is correct regarding internal control system?
a. Internal control system refers to all the policies and procedures adopted by the auditor to
assist in achieving management’s objective.
b. A strong environment, by itself, ensure the effectiveness of the internal control system.
c. In the audit of financial statements, the auditor is only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the financial
statements.
d. The internal control system is confined to those matters which relate directly to the functions
of the accounting system.

2. Which of the following is correct about internal control?


a. Accounting and internal control systems provide management with conclusive evidence that
objectives are reached.
b. One of the inherent limitations of accounting and internal control systems is the possibility
that the procedures may become inadequate due to changes in conditions, and compliance with
procedures may deteriorate.
c. Most internal controls tend to be directed at non-routine transactions.
d. Management does not consider costs of the accounting and internal control systems.

3. Corporate directors, management, external auditors, and internal auditors all play important
roles in creating a proper control environment. Top management is primarily responsible for
a. Establishing a proper environment and specifying overall internal control.
b. Reviewing the reliability and integrity of financial information and the means used to collect
and report such information.
c. Ensuring that external and internal auditors adequately monitor the control environment.
d. Implementing and monitoring controls designed by the board of directors.

4. Which of the following best describe the interrelated components of internal control?
a. Organizational structure, management philosophy, and planning.
b. Control environment, risk assessment, control activities, information and communication
systems, and monitoring.
c. Risk assessment, backup facilities, responsibility accounting and natural laws.
d. Legal environment of the firm, management philosophy, and organizational structure.

5. In an audit of financial statements, an auditor’s primary consideration regarding a control is


whether it
a. Reflects management’s philosophy and operating style.
b. Affects management’s financial statement assertions.
c. Provides adequate safeguards over access to assets.
d. Enhances management’s decision-making processes.

6. Effective internal control


a. Eliminates risk and potential loss to the organization.
b. Cannot be circumvented by management.
c. Is unaffected by changing circumstances and conditions encountered by the organization.
d. Reduces the need for management to review exception reports on a day-to-day basis.

7. Which of the following statements about internal control is correct?


a. Properly maintained internal controls reasonably assure that collusion among employees
cannot occur.
b. Establishing and maintaining internal control is the internal auditor’s responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests.
d. The cost-benefit relationship should be considered in designing internal control.

8. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of
the risk
that
a. Tests of controls may fail to identify controls relevant to assertions.
b. Material misstatements may exist in the financial statements.
c. Specified controls requiring segregation of duties may be circumvented by collusion.
d. Entity policies may be overridden by senior management.

9. A proper understanding of the client’s internal control is an integral part of the audit planning
process. The results of the understanding
a. Must be reported to the shareholders and the SEC.
b. Bear no relationship to the extent of substantive testing to be performed.
c. Are not reported to client management.
d. May be used as the basis for withdrawing from an audit engagement.

10. An entity should consider the cost of a control in relationship to the risk. Which of the
following
controls best reflects this philosophy for a large peso investment in heavy machine tools?
a. Conducting a weekly physical inventory.
b. Placing security guards at every entrance 24 hours a day.
c. Imprinting a controlled identification number on each tool.
d. Having all dispositions approved by the vice president of sales.

11. Audit evidence concerning segregation of duties ordinarily is best obtained by


a. Performing tests of transactions that corroborate management’s financial statement
assertions
b. Observing the employees as they apply specific controls.
c. Obtaining a flowchart of activities performed by available personnel.
d. Developing audit objectives that reduce control risk.

12.Which of the following statements about preliminary assessment of control risks is


correct?
a. After obtaining an understanding of the accounting and internal control systems, the auditor
should make a preliminary assessment of control risks, at the assertion level, for all accounts
or transaction classes.
b. The preliminary assessment of control risk can be done only after completing tests of
controls.
c. The preliminary assessment of control risk for a financial assertion is normally low, unless the
auditor is able to identify weaknesses that may indicate ineffectiveness of accounting and
internal control system.
d. The auditor ordinarily assesses control risk at high level for some or all assertions when it is
not cost efficient to do tests of controls.

13. Which of the following statements concerning control risk is correct?


a. When control risk is at the maximum level, an auditor is required to document the basis for
that assessment.
b. Control risk may be assessed sufficiently low to eliminate substantive testing for significant
transaction classes.
c. When assessing control risk, an auditor should not consider evidence obtained in prior audits
about the operation of controls.
d. Assessing control risk and obtaining an understanding of an entity’s internal control may be
performed concurrently.

14. Based on a consideration of internal control completed at an interim date, the auditor
assessed control risk at a low level and performed interim substantive tests. The records and
procedures would most likely be tested again at year-end if
a. Tests of controls were not performed by the internal auditor during the remaining period.
b. Internal control provides a basis for limiting the extent of substantive testing.
c. The auditor used nonstatistical sampling during the interim period testing of controls.
d. Inquiries and observations lead the auditor to believe that conditions have changed.

15. Although substantive tests may support the accuracy of underlying records, these tests
frequently
provide no affirmative evidence of segregation of duties because
a. Substantive tests rarely guarantee the accuracy of the records if only a person who performs
incompatible functions.
b. The records may be accurate even though they are maintained by a person who performs
incompatible functions.
c. Substantive tests relate to the entire period under audit, but tests of controls ordinarily are
confined to the period during which the auditor is on the client’s premises.
d. Many computerized procedures leave no audit trail of who performed them, so substantive
tests may necessarily be limited to inquiries and observation of office personnel.

16. After obtaining an understanding of internal control and assessing control risk, an auditor
decided
not to perform additional tests of controls. The auditor most likely concluded that the
a. Additional evidence to support a further reduction in control risk was not cost-beneficial to
obtain.
b. Assessed level of inherent risk exceeded the assessed level of control risk.
c. Internal control was properly designed and justifiably may be relied on.
d. Evidence obtainable through tests of controls would not support an increased assessment of
control risk.

17. The objective of tests of details of transactions performed as tests of controls is to


a. Monitor the design and use of entity documents such as prenumbered shipping form
b. Determine whether controls have been placed in operation.
c. Detect material misstatements in the account balances of the financial statements.
d. Evaluate whether controls operated effectively.

18. An auditor wishes to perform tests of controls on a client’s cash disbursements procedures.
If the controls leave no audit trail of documentary evidence, the auditor most likely will test the
procedures by
a. Confirmation and observation. c. Analytical procedures and confirmation.
b. Observation and inquiry. d. Inquiry and analytical procedures

19. Which of the following would not be a method used to conduct tests of controls?
a. Inquiry b. Walkthrough c. Confirmation d. Observation

20. The auditor is examining copies of sales invoices only for the initials of the person
responsible for checking the extensions. This is an example of a
a. Test of controls c. Dual purpose test
b. Substantive test d. Test of balances

21. Which of the following types of evidence would an auditor most likely examine to determine
whether controls are operating as designed?
a. Confirmations of receivables verifying account balances.
b. Letters of representations corroborating inventory pricing.
c. Attorneys’ responses to the auditor’s inquiries.
d. Client records documenting the use of computer programs.

22. Which of the following procedures concerning accounts receivable is an auditor most likely
to perform to obtain evidential matter in support of an assessed level of control risk below the
maximum level?
a. Sending confirmation requests to an entity’s principal customers to verify the existence of
accounts receivable.
b. Inspecting an entity’s analysis of accounts receivable for unusual balances.
c. Comparing an entity’s uncollectible accounts expense to actual uncollectible accounts
receivable.
d. Observing an entity’s employee prepare the schedule of past due accounts receivable.

23. An auditor is least likely to test controls that provide for


a. Classification of revenue and expense transactions by product line
b. Approval of the purchase and sale of trading securities
c. Segregation of the functions of recording disbursements and reconciling the bank account
d. Comparison of receiving reports and vendors’ invoices with purchase orders

24. In a small company that doesn't employ an adequate number of employees to permit proper
division of responsibilities, effective internal control can be strengthened by
a. Direct participation by the owner of the business in the record keeping activities of the
business.
b. Employment of temporary personnel to aid in the separation of duties.
c. Delegation of full, clear-cut responsibility to each employee for the functions assigned to
each.
d. Engaging a CPA to perform monthly "write up" work.

25. Which of the following is true of the communication to management of material weaknesses
in accounting and internal control?
a. Communication must be in writing.
b. Oral communication of material weaknesses, when appropriate, would be documented in the
audit working papers.
c. The communication should indicate that the auditor had extensively examined the accounting
and internal control system of the client.
d. The auditors should indicate in the communication that the examination is primarily designed
to determine whether the accounting and internal control is adequate.

1. Which statement is incorrect when auditing in a CIS environment?


a. A CIS environment exists when a computer of any type or size is involved in the processing
by the entity of financial information of significance to the audit, whether that computer is
operated by the entity or by a third party.
b. The auditor should consider how a CIS environment affects the audit.
c. The use of a computer changes the processing, storage and communication of financial
information and may affect the accounting and internal control systems employed by the
entity.
d. A CIS environment changes the overall objective and scope of an audit.

2. Which of the following standards or group of standards is mostly affected by a computerized


information system environment?
a. General standards c. Reporting standards
b. Second standard of field work d. Standards of fieldwork

3. Which of the following is least considered if the auditor has to determine whether specialized
CIS skills are needed in an audit?
a. The auditor needs to obtain a sufficient understanding of the accounting and internal control
system affected by the CIS environment.
b. The auditor needs to determine the effect of the CIS environment on the assessment of
overall risk and of risk at the account balance and class of transactions level.
c. Design and perform appropriate tests of controls and substantive procedures.
d. The need of the auditor to make analytical procedures during the completion stage of audit.

4. It relates to materiality of the financial statement assertions affected by the computer


processing.
a. Threshold b. Relevance c. Complexity d. Significance

5. Which of the following least likely indicates a complexity of computer processing?


a. Transactions are exchanged electronically with other organizations without manual review
of their propriety.
b. The volume of the transactions is such that users would find it difficult to identify and correct
errors in processing.
c. The computer automatically generates material transactions or entries directly to another
applications.
d. The system generates a daily exception report.

6. The nature of the risks and the internal characteristics in CIS environment that the auditors
are mostly concerned include the following except:
a. Lack of segregation of functions. c. Lack of transaction trails.
b. Dependence of other control over computer processing. d. Cost-benefit ratio.

7. Which of the following is least likely a risk characteristic associated with CIS environment?
a. Errors embedded in an application’s program logic maybe difficult to manually detect on a
timely basis.
b. Many control procedures that would ordinarily be performed by separate individuals in
manual system maybe concentrated in CIS.
c. The potential unauthorized access to data or to alter them without visible evidence maybe
greater.
d. Initiation of changes in the master file is exclusively handled by respective users.
8. Which of the following significance and complexity of the CIS activities should an auditor least
understand?
a. The organizational structure of the client’s CIS activities.
b. Lack of transaction trails.
c. The significance and complexity of computer processing in each significant accounting
application.
d. The use of software packages instead of customized software.

9. Which statement is correct regarding personal computer systems?


a. Personal computers or PCs are economical yet powerful self-contained general purpose
computers consisting typically of a central processing unit (CPU), memory, monitor, disk
drives, printer cables and modems.
b. Programs and data are stored only on non-removable storage media.
c. Personal computers cannot be used to process accounting transactions and produce
reports that are essential to the preparation of financial statements.
d. Generally, CIS environments in which personal computers are used are the same with
other CIS environments.

10. A personal computer can be used in various configurations, including


a. A stand-alone workstation operated by a single user or a number of users at different times.
b. A workstation which is part of a local area network of personal computers.
c. A workstation connected to a server.
d. All of the above.

11. Which statement is incorrect regarding personal computer configurations?


a. The stand-alone workstation can be operated by a single user or a number of users at
different times accessing the same or different programs.
b. A stand-alone workstation may be referred to as a distributed system.
c. A local area network is an arrangement where two or more personal computers are linked
together through the use of special software and communication lines.
d. Personal computers can be linked to servers and used as part of such systems, for
example, as an intelligent on-line workstation or as part of a distributed accounting system.

12. Which of the following is the least likely characteristic of personal computers?
a. They are small enough to be transportable.
b. They are relatively expensive.
c. They can be placed in operation quickly.
d. The operating system software is less comprehensive than that found in larger computer
environments.

13. Which of the following is an inherent characteristic of software package?


a. They are typically used without modifications of the programs.
b. The programs are tailored-made according to the specific needs of the user.
c. They are developed by software manufacturer according to a particular user’s
specifications.
d. It takes a longer time of implementation.

14. Which of the following is not normally a removable storage media?


a. Compact disk c. Tapes
b. Diskettes d. Hard disk
15. It is a computer program (a block of executable code) that attaches itself to a legitimate
program or data file and uses its as a transport mechanism to reproduce itself without the
knowledge of the user.
a. Virus c. System management program
b. Utility program d. Encryption

16. Which statement is incorrect regarding internal control in personal computer environment?
a. Generally, the CIS environment in which personal computers are used is less structured
than a centrally-controlled CIS environment.
b. Controls over the system development process and operations may not be viewed by the
developer, the user or management as being as important or cost-effective.
c. In almost all commercially available operating systems, the built-in security provided has
gradually increased over the years.
d. In a typical personal computer environment, the distinction between general CIS controls
and CIS application controls is easily ascertained.

17. Personal computers are susceptible to theft, physical damage, unauthorized access or
misuse
of equipment. Which of the following is least likely a physical security to restrict access to
personal computers when not in use?
a. Using door locks or other security protection during non-business hours.
b. Fastening the personal computer to a table using security cables.
c. Locking the personal computer in a protective cabinet or shell.
d. Using anti-virus software programs.

18. Which of the following is not likely a control over removable storage media to prevent
misplacement, alteration without authorization or destruction?
a. Using cryptography, which is the process of transforming programs and information into an
unintelligible form.
b. Placing responsibility for such media under personnel whose responsibilities include duties
of software custodians or librarians.
c. Using a program and data file check-in and check-out system and locking the designated
storage locations.
d. Keeping current copies of diskettes, compact disks or back-up tapes and hard disks in a
fireproof container, either on-site, off-site or both.

19. Which of the following least likely protects critical and sensitive information from
unauthorized
access in a personal computer environment?
a. Using secret file names and hiding the files.
b. Keeping of back up copies offsite.
c. Employing passwords.
d. Segregating data into files organized under separate file directories.

20. It refers to plans made by the entity to obtain access to comparable hardware, software and
data in the event of their failure, loss or destruction.
a. Back-up b. Encryption c. Anti-virus d. Wide Area Network

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy