Internal Control Review Quizzer
Internal Control Review Quizzer
Internal Control Review Quizzer
True/False
Indicate whether the statement is true or false.
1. Internal control is a process designed to guarantee the achievement of the objectives of reliable financial reporting,
compliance with laws and regulations and ineffective and inefficient operations.
2. If internal controls are not enforced they are useless and can lead to waste and fraud.
3. Weakness in the tone at the top have been associated with most financial frauds during the past decade.
4. Internal control is a process designed to provide reasonable assurance regarding the achievement of the objectives
of reliable financial reporting, compliance with laws and regulations and effective and efficient operations, and
safeguarding of the assets.
5. Control activities are the policies and procedures that are established to assist in accomplishing objectives and to
mitigate risks.
7. Investors do not place much value on the internal control of the companies in which they invest.
9. The five major components of an organization's internal control are: the control environment, risk assessment,
control activities, information and communication, and materiality.
10. An organization's control environment is established and maintained by the internal auditing department.
11. Physical controls are necessary to protect and safeguard assets from accidental or intentional destruction and theft.
12. An auditor is not required to obtain evidence about the design and operation of the internal controls to reduce the
assessment of control risk below maximum.
13. In addition to controls being specific, they may be broad, such as policies regarding a code of ethics.
14. Self-checking digit algorithms have been developed to test for transposition errors associated with identification
numbers.
15. When control risk is assessed at a minimum level, the auditor assumes that the internal controls are reliable in
preventing or detecting material misstatements.
16. The payroll department should be responsible for signing payroll checks.
17. The auditor's preliminary assessment of control risk is based on an understanding of the control system as it has
operated in the past and is designed to operate.
1
18. The auditor is obligated to report significant deficiencies in the control structure discovered during an audit to the
audit committee or its equivalent.
19. Transaction-oriented controls should be tested using the guidelines developed for attribute testing utilizing
statistical sampling techniques.
21. The auditor should obtain an understanding of whether the client’s controls sufficiently address the risk of material
misstatement due to fraud.
22. When the auditor believes the design of controls of a non-public company is effective but does not test the
controls, the auditor can assess control risk as moderate in some circumstances but otherwise it should be assessed
as high.
23. An external auditor provides a separate opinion on the effectiveness of internal control for large publicly traded
companies.
24. One of the components of internal control, the control environment, is considered pervasive and the auditor should
start the evaluation of controls at this level.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
25. Proper segregation of functional responsibilities calls for separation of the functions of
a. Computer-based controls.
b. System of segregation of duties.
c. Control environment.
d. Safeguards over access to assets.
27. Which of the following factors are included in an entity’s control environment?
a. It is a criminal offense for an auditor to fail to detect and report a bribe paid by an
2
American business entity to a foreign official for the purpose of obtaining business.
b. The auditor’s detection of illegal acts committed by officials of the auditor’s publicly held
client in conjunction with foreign officials should be reported to the Enforcement Division
of the Securities and Exchange Commission.
c. If the auditor of a publicly held company concludes that the effects on the financial
statements of a bribe given to a foreign official are not susceptible of reasonable
estimation, the auditor’s report should be modified.
d. Every publicly held company must devise, document, and maintain internal control
sufficient to provide reasonable assurances that internal control objectives are met.
29. Which of the following procedures most likely would provide an auditor with evidence about whether an entity’s
internal control activities are suitably designed to prevent or detect material misstatements?
a. Specific controls.
b. Types of potential fraud.
c. Financial statement assertions.
d. Control environment factors.
36. Assessing control risk at a low level most likely would involve
a. Performing more extensive substantive tests with larger sample sizes than originally
planned.
b. Reducing inherent risk for most of the assertions relevant to significant account balances.
c. Changing the timing of substantive tests by omitting interim-date testing and performing
the tests at year-end.
d. Identifying specific controls relevant to specific assertions.
37. When an auditor increases the assessed level of control risk because certain control activities were determined to
be ineffective, the auditor would most likely increase the
6
generally accepted accounting principles.
d. Fraud or illegal acts committed by management that have a material impact on the
financial statements.
58. Which of the following is not true concerning control activities?
a. Control procedures is another term for control activities.
b. Transaction authorization is a control activity.
c. Control activities generally fall into the two categories of preventive controls and detective
controls.
d. Information and communication is an important component of control activities.
59. Limiting access to assets and records might be accomplished by
a. Audit trails documenting who had authorization to access assets and records.
b. A control environment which discourages access to assets and records.
c. Access codes for those parties with authorization to access assets and records.
d. Risk assessment of the parties with authorization to access assets and records.
60. Which of the following is not one of the four transaction cycles?
a. Expenditure/disbursement.
b. Risk assessment.
c. Revenue/receipt.
d. Conversion.
61. Which of the following is not true concerning Auditing Standard No. 2 on internal control?
a. Management is required to assess internal control.
b. The audit committee must sign the report regarding internal control.
c. Management must acknowledge responsibility for internal control.
d. The auditor of the financial statements must also audit internal control.
62. An effective audit committee
a. Is comprised of management with financial expertise.
b. Meets no more than once a year.
c. May challenge the financial reporting of the CEO and CFO.
d. Establishes and distributes policies for access to assets and records.
63. In making its assessment of internal control under Section 404, management
a. Allow internal auditors to perform the assessment and take responsibility for it.
b. Must support the evaluation with documentation.
c. Must perform its evaluations on a biennial basis.
d. May choose to contract with third parties to make the assessment and issue the report.
64. In a financial statement audit performed following AICPA Professional Standards, how frequently must
an auditor test operating effectiveness of controls that appear to function as they have in past years and on
which the auditor wishes to rely upon in the current year?
a. Monthly
b. Each audit
c. At least every second audit
d. At least every third audit
65. Which of the following is least likely to be evidence of operating effectiveness of controls?
7
a. Cancelled supporting documents
b. Confirmations of accounts receivable
c. Records documenting usage of computer programs
d. Signatures on authorization forms
66. Tests of controls do not ordinarily address:
69. Which of the following statements is correct concerning the understanding of internal control needed by
auditors?
a. The auditors must understand the information system, not the accounting system
b. The auditors must understand monitoring and all preliminary accounting controls
c. The auditors must have a sufficient understanding to assess the risks of material
misstatement
d. The auditors must understand the control environment, risk assessment, and all
control activities
70. On financial statement audits, it is required that the auditors obtain an understanding of internal control,
including:
8
71. This organization developed a set of criteria that provide management with a basis to evaluate controls
not only over financial reporting, but also over the effectiveness and efficiency of operations and
compliance with laws and regulations:
74. Which of the following is not ordinarily considered a factor indicative of increased financial reporting
risk when an auditor is considering a client's risk assessment policies?
9
a. All U.S. corporations
b. All U.S. corporations that engage in foreign operations
c. All corporations that must file under the Securities Exchange Act of 1934
d. All U.S. partnerships and corporations
77. During financial statement audits, the auditors' consideration of their clients' internal control is integral to
both assess the risk of material misstatement and to:
a. The auditors must assess control risk at a level lower than the maximum
b. The auditors must prepare a flowchart description of internal control for their
working papers
c. The auditors must obtain an understanding of the steps in processing major types
of transactions
d. The auditors must perform tests of controls
81. Which of the following is least likely to be considered a risk assessment procedure relating to internal
control?
10
d. Observing the application of specific controls
82. Which of the following is not a factor that is considered a part of the client's overall control
environment?
85. The use of fidelity bonds protects a company from embezzlement loses and also:
a. Flowcharts verification
b. Tests of controls
c. Substantive procedures
d. Decision tables
87. A material weakness involves an amount that is
88. Well-designed internal control that is functioning effectively is most likely to detect an fraud arising
from:
12
a. The complexity of the information processing system
b. Human judgment in the decision making process
c. The ineffectiveness of the board of directors
d. The lack of management incentives to improve the control environment
94. Which of the following is intended to detect deviations from prescribed controls?
a. No one person should be responsible for the custodial responsibility and the
recording responsibility for an asset
b. Transactions must be properly authorized before such transactions are processed
c. Because of the cost/benefit relationship, a client may apply control procedures on a
test basis
d. Control activities reasonably insure that collusion among employees can not occur
96. Which of the following would be least likely to be included in an auditor's tests of controls?
a. Inspection
b. Observation
c. Inquiry
d. Analytical procedures
97. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses financial
statements and:
a. Choice A
b. Choice B
c. Choice C
13
d. Choice D
99. When performing an internal control audit under PCAOB standards, one or more material weaknesses in
internal control that exist at year-end may result in what type of report(s):
Qualified Disclaimer
A) Yes Yes
B) Yes No
C) No Yes
D) No No
a. Choice A
b. Choice B
c. Choice C
d. Choice D
100. Internal control objectives are designed to assist the organization in assuring which of the following:
a. the organization has effective and efficient operations related to its overall strategy
b. the activities of the organization are in compliance with applicable laws and regulations
c. the assets of the organization are safeguarded from theft and fraud
d. all of the above.
101. The quality of an organization's internal controls affects
a. the reliability of financial data.
b. the ability of management to make good decisions.
c. the ability to sustain an effective business.
d. all of the above.
102. Which of the following is not a reason that the auditor must gain an understanding of the client’s internal control
system?
a. to better understand the client, its risks, and how it manages those risks.
b. to assess control risk and identify the types of financial statement misstatements that are
most likely to occur.
c. to plan direct tests of account balances to determine if misstatements have occurred.
d. all are reasons why auditors must gain an understanding of the client’s internal control
system.
103. The tone of internal control typically originates internally with:
a. auditors.
b. employees.
c. management.
d. stockholders.
104. What is management’s primary purpose of effective internal control in an organization?
a. Obtaining high-quality data for making good business decisions.
b. Completion of a successful audit for the entity.
c. Shareholder involvement in the company’s success.
d. Obtaining profitability and financial strength.
105. The control environment includes all of the following except
14
a. management philosophy and operating style.
b. methods of assigning authority and responsibility.
c. personnel policies and practices.
d. control activities.
106. One of the major components of an organization's internal control structure includes:
a. major new financing.
b. the financial environment.
c. risk assessment.
d. telecommunication equipment.
107. The PCAOB requires auditors of public companies to perform
a. a financial statement audit and an attest audit.
b. a financial statement audit and an assurance audit.
c. a financial statement audit and agreed upon procedures.
d. a financial statement audit and an audit of internal control.
108. Personnel policies and procedures are designed to ensure that the organization
a. hires the right people.
b. complies with federal and state laws in its hiring and retention decisions.
c. has employees that are properly trained and supervised.
d. performs all of the above.
109. Which one of the following represents a classification of control deficiency by the PCAOB?
a. A missing control that is required for achievement of objectives.
b. A control that operates as designed.
c. A control that ensures the reliability of financial reporting.
d. An immaterial individual misstatement in internal control.
110. All of the following are pervasive computer controls except:
a. Planning and controlling the data processing function.
b. Controlling access to equipment, data, and programs.
c. Ensuring data is accessible to management on a timely basis.
d. Controlling applications development and changes to programs.
111. If the auditor of financial statements understands internal control and assesses control risk as low, it is assumed
that internal control:
a. will be tested to support the assessment.
b. is not required to be tested as it is considered strong.
c. is considered relatively weak and will not be tested.
d. has been assessed erroneously by the auditor.
112. Which of the following is an example of a type of control that may be tested?
a. Interest accrued on notes payable.
b. Cash surrender value of life insurance classified as long-term asset.
c. A spreadsheet used to create a pivot table for the summarization of accounts receivable.
d. Reconciliations performed monthly on accounts.
113. Which of the following best represents a walk-through?
a. The controller reviews the bank reconciliation prepared by the accountant and its resulting
journal entries.
b. The auditor walks the production line to find inefficiencies in the inventory process and
15
reports them to management.
c. The controller takes a sample of write-offs to ensure they have been adequately
documented and recorded.
d. The auditor traces three purchasing transactions from the purchase order to the financial
statement for observation and understanding.
114. Which of the following would result in an adverse report issued by an auditor on an audit of internal control?
a. The control risk is assessed at a lower level.
b. The tests of controls support the documented understanding of controls.
c. There is a material weakness in the design or operation of controls.
d. A confirmation is not returned by a customer in a timely manner.
115. A financial statement auditor concludes that internal controls over cash are not functioning as designed. She
believes that material misstatements to the cash accounts are possible because of the deficiencies. What is the
course of action that the auditor will most likely take?
a. Report the audit to the regulatory agencies of the IRS and SEC.
b. Develop specific tests for cash balances to determine the extent of misstatement.
c. Explain to the client that the audit firm will not be able to complete the audit.
d. Test the internal control over cash.
116. A material weakness in the design of the operation of controls discovered in an audit of internal controls results in:
a. A qualified management letter.
b. An adverse report on internal controls.
c. The firing of the auditors.
d. Adjusting audit journal entries.
117. Which of the following will an auditor perform to better understand a client's internal control over accounting
systems?
a. An auditor will re-test subsequent year working papers.
b. An auditor will review previous year working papers.
c. An auditor will copy previous year working papers.
d. An auditor will re-draft subsequent year working papers.
118. Which of the following will an auditor use to document an understanding of internal control?
a. Checklists, disclosures and procedures.
b. The audit report, internal control opinions and confirmations.
c. Workpapers, engagement letters and management representation letters.
d. Questionnaires, narratives and flowcharts.
119. An auditor's test of transaction processing whereby the auditor is evaluating both the operation and effectiveness of
controls and the correctness and completeness of processing and posting to an account balance is:
a. a test of controls.
b. a substantive test.
c. a dual-purpose test.
d. an analytical review procedure.
120. In order to further understand internal control, an auditor may use inquiry methods by:
a. interviewing key employees to gain further insight into the internal control environment.
b. observing the safeguarding of assets by checking locked doors and safes.
c. tracing a transaction from the boundary of the organization through to the final reporting.
d. documenting thoroughly the internal control through the use of narratives.
16
121. Which of the following is not true of internal control as defined by COSO?
a. it is narrower than internal control over financial reporting.
b. it is a process that includes all elements of internal control working together.
c. it includes all the people in the organization.
d. it starts at the top of the organization in setting a tone.
122. The major components of an organization’s internal controls consists of all of the following except
a. risk assessment.
b. control environment.
c. control activities.
d. control risk
123. When control risk is assessed as high the auditor needs to:
a. perform more tests of controls.
b. perform more direct testing of account balances.
c. perform significantly fewer tests of controls.
d. perform significantly less testing of account balances.
124. A component of COSO’s internal control system concerns the process that provides feedback on the effectiveness
of the other components of internal control. This component is called:
a. information and communication.
b. monitoring.
c. control activities.
d. risk assessment.
17
INTERNAL CONTROL REVIEWER
Answer Section
TRUE/FALSE
1. F
2. T
3. T
4. T
5. T
6. T
7. F
8. T
9. F
10. F
11. T
12. F
13. T
14. T
15. T
16. F
17. T
18. T
19. T
20. F
21. T
22. T
23. T
24. T
MULTIPLE CHOICE
25. B
26. C
27. D
28. D
29. D
30. A
31. B
32. B
33. A
34. B
35. C
36. D
37. C
18
38. D
39. A
40. D
41. C
42. B
43. A
44. C
45. D
46. B
47. A
48. D
49. A
50. D
51. C
52. A
53. B
54. C
55. D
56. D
57. C
58. D
59. C
60. B
61. B
62. C
63. B
64. D
65. B
66. D
67. A
68. A
69. C
70. B
71. B
72. B
73. B
74. A
75. B
76. C
77. B
78. C
79. C
80. C
81. A
82. B
83. A
19
84. B
85. A
86. B
87. D
88. B
89. B
90. B
91. A
92. D
93. B
94. B
95. D
96. D
97. C
98. A
99. D
100. D
101. D
102. D
103. C
104. A
105. D
106. C
107. D
108. D
109. A
110. C
111. A
112. D
113. D
114. C
115. B
116. B
117. B
118. D
119. C
120. A
121. A
122. D
123. B
124. B
20