Aud Theo
Aud Theo
Aud Theo
1. According to PSA 400, which of the following is correct regarding internal control system?
a. Internal control system refers to all the policies and procedures adopted by the auditor to
assist in achieving management’s objective.
b. A strong environment, by itself, ensure the effectiveness of the internal control system.
c. In the audit of financial statements, the auditor is only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the financial
statements.
d. The internal control system is confined to those matters which relate directly to the functions
of the accounting system.
3. Corporate directors, management, external auditors, and internal auditors all play important
roles in creating a proper control environment. Top management is primarily responsible for
a. Establishing a proper environment and specifying overall internal control.
b. Reviewing the reliability and integrity of financial information and the means used to collect
and report such information.
c. Ensuring that external and internal auditors adequately monitor the control environment.
d. Implementing and monitoring controls designed by the board of directors.
4. Which of the following best describe the interrelated components of internal control?
a. Organizational structure, management philosophy, and planning.
b. Control environment, risk assessment, control activities, information and communication
systems, and monitoring.
c. Risk assessment, backup facilities, responsibility accounting and natural laws.
d. Legal environment of the firm, management philosophy, and organizational structure.
8. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of
the risk
that
a. Tests of controls may fail to identify controls relevant to assertions.
b. Material misstatements may exist in the financial statements.
c. Specified controls requiring segregation of duties may be circumvented by collusion.
d. Entity policies may be overridden by senior management.
9. A proper understanding of the client’s internal control is an integral part of the audit planning
process. The results of the understanding
a. Must be reported to the shareholders and the SEC.
b. Bear no relationship to the extent of substantive testing to be performed.
c. Are not reported to client management.
d. May be used as the basis for withdrawing from an audit engagement.
10. An entity should consider the cost of a control in relationship to the risk. Which of the
following
controls best reflects this philosophy for a large peso investment in heavy machine tools?
a. Conducting a weekly physical inventory.
b. Placing security guards at every entrance 24 hours a day.
c. Imprinting a controlled identification number on each tool.
d. Having all dispositions approved by the vice president of sales.
14. Based on a consideration of internal control completed at an interim date, the auditor
assessed control risk at a low level and performed interim substantive tests. The records and
procedures would most likely be tested again at year-end if
a. Tests of controls were not performed by the internal auditor during the remaining period.
b. Internal control provides a basis for limiting the extent of substantive testing.
c. The auditor used nonstatistical sampling during the interim period testing of controls.
d. Inquiries and observations lead the auditor to believe that conditions have changed.
15. Although substantive tests may support the accuracy of underlying records, these tests
frequently
provide no affirmative evidence of segregation of duties because
a. Substantive tests rarely guarantee the accuracy of the records if only a person who performs
incompatible functions.
b. The records may be accurate even though they are maintained by a person who performs
incompatible functions.
c. Substantive tests relate to the entire period under audit, but tests of controls ordinarily are
confined to the period during which the auditor is on the client’s premises.
d. Many computerized procedures leave no audit trail of who performed them, so substantive
tests may necessarily be limited to inquiries and observation of office personnel.
16. After obtaining an understanding of internal control and assessing control risk, an auditor
decided
not to perform additional tests of controls. The auditor most likely concluded that the
a. Additional evidence to support a further reduction in control risk was not cost-beneficial to
obtain.
b. Assessed level of inherent risk exceeded the assessed level of control risk.
c. Internal control was properly designed and justifiably may be relied on.
d. Evidence obtainable through tests of controls would not support an increased assessment of
control risk.
18. An auditor wishes to perform tests of controls on a client’s cash disbursements procedures.
If the controls leave no audit trail of documentary evidence, the auditor most likely will test the
procedures by
a. Confirmation and observation. c. Analytical procedures and confirmation.
b. Observation and inquiry. d. Inquiry and analytical procedures
19. Which of the following would not be a method used to conduct tests of controls?
a. Inquiry b. Walkthrough c. Confirmation d. Observation
20. The auditor is examining copies of sales invoices only for the initials of the person
responsible for checking the extensions. This is an example of a
a. Test of controls c. Dual purpose test
b. Substantive test d. Test of balances
21. Which of the following types of evidence would an auditor most likely examine to determine
whether controls are operating as designed?
a. Confirmations of receivables verifying account balances.
b. Letters of representations corroborating inventory pricing.
c. Attorneys’ responses to the auditor’s inquiries.
d. Client records documenting the use of computer programs.
22. Which of the following procedures concerning accounts receivable is an auditor most likely
to perform to obtain evidential matter in support of an assessed level of control risk below the
maximum level?
a. Sending confirmation requests to an entity’s principal customers to verify the existence of
accounts receivable.
b. Inspecting an entity’s analysis of accounts receivable for unusual balances.
c. Comparing an entity’s uncollectible accounts expense to actual uncollectible accounts
receivable.
d. Observing an entity’s employee prepare the schedule of past due accounts receivable.
24. In a small company that doesn't employ an adequate number of employees to permit proper
division of responsibilities, effective internal control can be strengthened by
a. Direct participation by the owner of the business in the record keeping activities of the
business.
b. Employment of temporary personnel to aid in the separation of duties.
c. Delegation of full, clear-cut responsibility to each employee for the functions assigned to
each.
d. Engaging a CPA to perform monthly "write up" work.
25. Which of the following is true of the communication to management of material weaknesses
in accounting and internal control?
a. Communication must be in writing.
b. Oral communication of material weaknesses, when appropriate, would be documented in the
audit working papers.
c. The communication should indicate that the auditor had extensively examined the accounting
and internal control system of the client.
d. The auditors should indicate in the communication that the examination is primarily designed
to determine whether the accounting and internal control is adequate.
3. Which of the following is least considered if the auditor has to determine whether specialized
CIS skills are needed in an audit?
a. The auditor needs to obtain a sufficient understanding of the accounting and internal control
system affected by the CIS environment.
b. The auditor needs to determine the effect of the CIS environment on the assessment of
overall risk and of risk at the account balance and class of transactions level.
c. Design and perform appropriate tests of controls and substantive procedures.
d. The need of the auditor to make analytical procedures during the completion stage of audit.
6. The nature of the risks and the internal characteristics in CIS environment that the auditors
are mostly concerned include the following except:
a. Lack of segregation of functions. c. Lack of transaction trails.
b. Dependence of other control over computer processing. d. Cost-benefit ratio.
7. Which of the following is least likely a risk characteristic associated with CIS environment?
a. Errors embedded in an application’s program logic maybe difficult to manually detect on a
timely basis.
b. Many control procedures that would ordinarily be performed by separate individuals in
manual system maybe concentrated in CIS.
c. The potential unauthorized access to data or to alter them without visible evidence maybe
greater.
d. Initiation of changes in the master file is exclusively handled by respective users.
8. Which of the following significance and complexity of the CIS activities should an auditor least
understand?
a. The organizational structure of the client’s CIS activities.
b. Lack of transaction trails.
c. The significance and complexity of computer processing in each significant accounting
application.
d. The use of software packages instead of customized software.
12. Which of the following is the least likely characteristic of personal computers?
a. They are small enough to be transportable.
b. They are relatively expensive.
c. They can be placed in operation quickly.
d. The operating system software is less comprehensive than that found in larger computer
environments.
16. Which statement is incorrect regarding internal control in personal computer environment?
a. Generally, the CIS environment in which personal computers are used is less structured
than a centrally-controlled CIS environment.
b. Controls over the system development process and operations may not be viewed by the
developer, the user or management as being as important or cost-effective.
c. In almost all commercially available operating systems, the built-in security provided has
gradually increased over the years.
d. In a typical personal computer environment, the distinction between general CIS controls
and CIS application controls is easily ascertained.
17. Personal computers are susceptible to theft, physical damage, unauthorized access or
misuse
of equipment. Which of the following is least likely a physical security to restrict access to
personal computers when not in use?
a. Using door locks or other security protection during non-business hours.
b. Fastening the personal computer to a table using security cables.
c. Locking the personal computer in a protective cabinet or shell.
d. Using anti-virus software programs.
18. Which of the following is not likely a control over removable storage media to prevent
misplacement, alteration without authorization or destruction?
a. Using cryptography, which is the process of transforming programs and information into an
unintelligible form.
b. Placing responsibility for such media under personnel whose responsibilities include duties
of software custodians or librarians.
c. Using a program and data file check-in and check-out system and locking the designated
storage locations.
d. Keeping current copies of diskettes, compact disks or back-up tapes and hard disks in a
fireproof container, either on-site, off-site or both.
19. Which of the following least likely protects critical and sensitive information from
unauthorized
access in a personal computer environment?
a. Using secret file names and hiding the files.
b. Keeping of back up copies offsite.
c. Employing passwords.
d. Segregating data into files organized under separate file directories.
20. It refers to plans made by the entity to obtain access to comparable hardware, software and
data in the event of their failure, loss or destruction.
a. Back-up b. Encryption c. Anti-virus d. Wide Area Network