MODULE 7 INTERNAL CONTROL SYSTEM EVALUATION

CPA REVIEW SCHOOL OF THE PHILIPPINES

Manila
AUDITING THEORY
INTERNAL CONTROL
Related PSAs/PAPSs: PSA 400, 402 and 315

The auditor should obtain an understanding of the accounting and internal control
systems sufficient to plan the audit and develop an effective audit approach.
Accounting system means the series of tasks and records of an entity by which transactions are processed as a means of maintaining
financial records. Such systems identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other
events.

Internal Control System means all the policies and procedures (internal
controls) adopted by the management of an entity to assist in achieving
management’s objective of ensuring, as far as practicable,:
 orderly and efficient conduct of its business, including adherence to management
policies;
 safeguarding of assets;
 prevention and detection of fraud and error;
 accuracy and completeness of the accounting records; and
 timely preparation of reliable financial information.

The internal control system extends beyond those matters which relate directly to the
functions of the accounting system.

Internal Control Components (PSA 315)

(a) The control environment;
(b) The entity’s risk assessment process;
(c) The information system, including the related business processes, relevant to
financial reporting, and communication;
(d) Control activities; and
(e) Monitoring of controls.

Control environment
The control environment includes the attitudes, awareness, and actions of management
and those charged with governance concerning the entity’s internal control and its
importance in the entity. The control environment also includes the governance and
management functions and sets the tone of an organization, influencing the control
consciousness of its people. It is the foundation for effective internal control, providing
discipline and structure.

The control environment encompasses the following elements:

 Communication and enforcement of integrity and ethical values.
 Commitment to competence.
MODULE 7 - “Internal Control System Evaluation” Page 2

 Participation by those charged with governance.

 Management’s philosophy and operating style.
 Organizational structure.
 Assignment of authority and responsibility.
 Human resource policies and practices.

Entity’s risk assessment process

An entity’s risk assessment process is its process for identifying and responding to
business risks and the results thereof. For financial reporting purposes, the entity’s risk
assessment process includes how management identifies risks relevant to the preparation
of financial statements that are presented fairly, in all material respects in accordance with
the entity’s applicable financial reporting framework, estimates their significance,
assesses the likelihood of their occurrence, and decides upon actions to manage them.

Risks can arise or change due to circumstances such as the following:

 Changes in operating environment. Changes in the regulatory or operating
environment can result in changes in competitive pressures and significantly different
risks.
 New personnel. New personnel may have a different focus on or understanding of
internal control.
 New or revamped information systems. Significant and rapid changes in information
systems can change the risk relating to internal control.
 Rapid growth. Significant and rapid expansion of operations can strain controls and
increase the risk of a breakdown in controls.
 New technology. Incorporating new technologies into production processes or
information systems may change the risk associated with internal control.
 New business models, products, or activities. Entering into business areas or
transactions with which an entity has little experience may introduce new risks
associated with internal control.
 Corporate restructurings. Restructurings may be accompanied by staff reductions
and changes in supervision and segregation of duties that may change the risk
associated with internal control.
 Expanded foreign operations. The expansion or acquisition of foreign operations
carries new and often unique risks that may affect internal control, for example,
additional or changed risks from foreign currency transactions.
 New accounting pronouncements. Adoption of new accounting principles or changing
accounting principles may affect risks in preparing financial statements.

Information system, including the related business processes, relevant to financial

reporting, and communication

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 3
An information system consists of infrastructure (physical and hardware components),
software, people, procedures, and data. Infrastructure and software will be absent, or
have less significance, in systems that are exclusively or primarily manual.

The information system relevant to financial reporting objectives, which includes the
financial reporting system, consists of the procedures and records established to initiate,
record, process, and report entity transactions (as well as events and conditions) and to
maintain accountability for the related assets, liabilities, and equity.

Accordingly, an information system encompasses methods and records that:

 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit recording of
transactions in the proper accounting period.
 Present properly the transactions and related disclosures in the financial statements.

Communication involves providing an understanding of individual roles and

responsibilities pertaining to internal control over financial reporting. It includes the extent
to which personnel understand how their activities in the financial reporting information
system relate to the work of others and the means of reporting exceptions to an
appropriate higher level within the entity. Open communication channels help ensure that
exceptions are reported and acted on.

Control activities
Control activities are the policies and procedures that help ensure that management
directives are carried out, for example, that necessary actions are taken to address risks
that threaten the achievement of the entity’s objectives.

Generally, control activities that may be relevant to an audit may be categorized as

policies and procedures that pertain to the following:
 Performance reviews.
 Information processing.
 Physical controls.
 Segregation of duties.

Monitoring of controls
Management’s monitoring of controls includes considering whether they are operating as
intended and that they are modified as appropriate for changes in conditions. Monitoring
of controls may include activities such as management’s review of whether bank
reconciliations are being prepared on a timely basis, internal auditors’ evaluation of sales
personnel’s compliance with the entity’s policies on terms of sales contracts, and a legal
department’s oversight of compliance with the entity’s ethical or business practice policies.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 4

Inherent Limitations of Internal Controls

1. Management’s usual requirement that the cost of an internal control does not exceed
the expected benefits to be derived.
2. Most internal controls tend to be directed at routine transactions rather than non-
routine transactions.
3. The potential for human error due to carelessness, distraction, mistakes of judgment
and the misunderstanding of instructions.
4. The possibility of circumvention of internal controls through the collusion of a member
of management or an employee with parties outside or inside the entity.
5. The possibility that a person responsible for exercising an internal control could abuse
that responsibility, for example, a member of management overriding an internal
control.
6. The possibility that procedures may become inadequate due to changes in conditions,
and compliance with procedures may deteriorate.

Accounting and Internal Control Assessment

1st Understanding of accounting and internal control system
2nd Plan the assessed level of control risk
3rd Performance of tests of controls (if appropriate)
4th Reassessment of control risk
5th Final assessment of control risk

(1st) Understanding of Accounting and Internal Control Systems

In the audit of financial statements, the auditor is only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the
financial statement assertions. The understanding of relevant aspects of the accounting
and internal control systems, together with the inherent and control risk assessments and
other considerations, will enable the auditor to:
(a) identify the types of potential material misstatements that could occur in the
financial statements;
(b) consider factors that affect the risk of material misstatements; and
(c) design appropriate audit procedures.

The nature, timing and extent of the procedures performed by the auditor to obtain an
understanding of the accounting and internal control systems will vary with, among other
things:
 The size and complexity of the entity and of its computer system.
 Materiality considerations.
 The type of internal controls involved.
 The nature of the entity’s documentation of specific internal controls.
 The auditor’s assessment of inherent risk.
 Experience gained from prior audits.

Procedures in Obtaining Understanding

1. Make inquiries of appropriate company personnel
2. Inspect documents and records
3. Observe the company’s activities and operations

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 5
4. Walk-through

Documentation of Understanding
The auditor should document his understanding of internal control. The extent of
documentation is a matter of the CPA’s judgment and the form of documentation depends
upon his preference and skills.
1. Narrative descriptions 3. Flowcharts
2. Internal control questionnaires (ICQ) 4. Checklists

(2nd) Preliminary Assessment of Control Risk

The preliminary assessment of control risk is the process of evaluating the
effectiveness of an entity’s accounting and internal control systems in preventing
or detecting and correcting material misstatements. There will always be some
control risk because of the inherent limitations of any accounting and internal
control system.

After obtaining an understanding of the accounting and internal control systems,

the auditor should make a preliminary assessment of control risk, at the assertion
level, for each material account balance or class of transactions.

The auditor ordinarily assesses control risk at a high level for some or all
assertions when:
(a) the entity’s accounting and internal control systems are not effective; or
(b) evaluating the effectiveness of the entity’s accounting and internal control
systems would not be efficient.

The preliminary assessment of control risk for a financial statement assertion

should be high unless the auditor:
(a) is able to identify internal controls relevant to the assertion which are likely to
prevent or detect and correct a material misstatement; and
(b) plans to perform tests of control to support the assessment.

(3rd) Test of Controls

If appropriate, tests of control are performed to obtain audit evidence about the
effectiveness of the:
(a) design of the accounting and internal control systems, that is, whether they are
suitably designed to prevent or detect and correct material misstatements; and
(b) operation of the internal controls throughout the period.

Procedures for Performing Tests of Controls

1. Inspection 3. Observation 5. Walk-through
2. Inquiry 4. Reperformance

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 6

Required Documentation

Assessed Control Risk

High Less than high (Below

(Maximum) Maximum)
Understanding of ICS Required Required
Tests of Controls Required Required
Assessment of Control Risk Required Not required
Reason for assessment Not required Required

(4th) Reassessment of control risk

Based on the results of the tests of control, the auditor should evaluate whether
the internal controls are designed and operating as contemplated in the
preliminary assessment of control risk. The evaluation of deviations may result in
the auditor concluding that the assessed level of control risk needs to be revised.
In such cases, the auditor would modify the nature, timing and extent of planned
substantive procedures.

(5th) Final Assessment of Control Risk

Before the conclusion of the audit, based on the results of the substantive procedures and
other audit evidence obtained by the auditor, the auditor should consider whether the
assessment of control risk is confirmed.

Communication of Weaknesses
As a result of obtaining an understanding of the accounting and internal control systems
and tests of control, the auditor may become aware of weaknesses in the systems. The
auditor should make management aware, as soon as practical and at an appropriate level
of responsibility, of material weaknesses in the design or operation of the accounting and
internal control systems, which have come to the auditor’s attention. The communication
to management of material weaknesses would ordinarily be in writing. However, if the
auditor judges that oral communication is appropriate, such communication would be
documented in the audit working papers. It is important to indicate in the communication
that only weaknesses which have come to the auditor’s attention as a result of the audit
have been reported and that the examination has not been designed to determine the
adequacy of internal control for management purposes.

MULTIPLE CHOICE QUESTIONS

1. According to PSA 400, which of the following is correct regarding internal control
system?
a. Internal control system refers to all the policies and procedures adopted by the
auditor to assist in achieving management’s objective.
b. A strong environment, by itself, ensure the effectiveness of the internal control
system.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 7
c. In the audit of financial statements, the auditor is only concerned with those
policies and procedures within the accounting and internal control systems that are
relevant to the financial statements.
d. The internal control system is confined to those matters which relate directly to the
functions of the accounting system.

2. Which of the following is correct about internal control?

a. Accounting and internal control systems provide management with conclusive
evidence that objectives are reached.
b. One of the inherent limitations of accounting and internal control systems is the
possibility that the procedures may become inadequate due to changes in
conditions, and compliance with procedures may deteriorate.
c. Most internal controls tend to be directed at non-routine transactions.
d. Management does not consider costs of the accounting and internal control
systems.

3. Corporate directors, management, external auditors, and internal auditors all play
important roles in creating a proper control environment. Top management is
primarily responsible for
a. Establishing a proper environment and specifying overall internal control.
b. Reviewing the reliability and integrity of financial information and the means used
to collect and report such information.
c. Ensuring that external and internal auditors adequately monitor the control
environment.
d. Implementing and monitoring controls designed by the board of directors.

4. Which of the following best describe the interrelated components of internal control?
a. Organizational structure, management philosophy, and planning.
b. Control environment, risk assessment, control activities, information and
communication systems, and monitoring.
c. Risk assessment, backup facilities, responsibility accounting and natural laws.
d. Legal environment of the firm, management philosophy, and organizational
structure.

5. In an audit of financial statements, an auditor’s primary consideration regarding a

control is whether it
a. Reflects management’s philosophy and operating style.
b. Affects management’s financial statement assertions.
c. Provides adequate safeguards over access to assets.
d. Enhances management’s decision-making processes.

6. Effective internal control

a. Eliminates risk and potential loss to the organization.
b. Cannot be circumvented by management.
c. Is unaffected by changing circumstances and conditions encountered by the
organization.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 8
d. Reduces the need for management to review exception reports on a day-to-day
basis.

7. Which of the following statements about internal control is correct?

a. Properly maintained internal controls reasonably assure that collusion among
employees cannot occur.
b. Establishing and maintaining internal control is the internal auditor’s responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests.
d. The cost-benefit relationship should be considered in designing internal control.

8. The ultimate purpose of assessing control risk is to contribute to the auditor’s

evaluation of the risk that
a. Tests of controls may fail to identify controls relevant to assertions.
b. Material misstatements may exist in the financial statements.
c. Specified controls requiring segregation of duties may be circumvented by
collusion.
d. Entity policies may be overridden by senior management.

9. A proper understanding of the client’s internal control is an integral part of the audit
planning process. The results of the understanding
a. Must be reported to the shareholders and the SEC.
b. Bear no relationship to the extent of substantive testing to be performed.
c. Are not reported to client management.
d. May be used as the basis for withdrawing from an audit engagement.

10. An entity should consider the cost of a control in relationship to the risk. Which of the
following controls best reflects this philosophy for a large peso investment in heavy
machine tools?
a. Conducting a weekly physical inventory.
b. Placing security guards at every entrance 24 hours a day.
c. Imprinting a controlled identification number on each tool.
d. Having all dispositions approved by the vice president of sales.

11. Audit evidence concerning segregation of duties ordinarily is best obtained by

a. Performing tests of transactions that corroborate management’s financial
statement assertions
b. Observing the employees as they apply specific controls.
c. Obtaining a flowchart of activities performed by available personnel.
d. Developing audit objectives that reduce control risk.

12. Which of the following statements about preliminary assessment of control risks is correct?
a. After obtaining an understanding of the accounting and internal control systems,
the auditor should make a preliminary assessment of control risks, at the assertion
level, for all accounts or transaction classes.
b. The preliminary assessment of control risk can be done only after completing tests
of controls.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 9
c. The preliminary assessment of control risk for a financial assertion is normally low,
unless the auditor is able to identify weaknesses that may indicate ineffectiveness
of accounting and internal control system.
d. The auditor ordinarily assesses control risk at high level for some or all assertions
when it is not cost efficient to do tests of controls.

13. Which of the following statements concerning control risk is correct?

a. When control risk is at the maximum level, an auditor is required to document the
basis for that assessment.
b. Control risk may be assessed sufficiently low to eliminate substantive testing for
significant transaction classes.
c. When assessing control risk, an auditor should not consider evidence obtained in
prior audits about the operation of controls.
d. Assessing control risk and obtaining an understanding of an entity’s internal
control may be performed concurrently.

14. Based on a consideration of internal control completed at an interim date, the auditor
assessed control risk at a low level and performed interim substantive tests. The
records and procedures would most likely be tested again at year-end if
a. Tests of controls were not performed by the internal auditor during the remaining
period.
b. Internal control provides a basis for limiting the extent of substantive testing.
c. The auditor used nonstatistical sampling during the interim period testing of
controls.
d. Inquiries and observations lead the auditor to believe that conditions have
changed.

15. Although substantive tests may support the accuracy of underlying records, these
tests frequently provide no affirmative evidence of segregation of duties because
a. Substantive tests rarely guarantee the accuracy of the records if only a person
who performs incompatible functions.
b. The records may be accurate even though they are maintained by a person who
performs incompatible functions.
c. Substantive tests relate to the entire period under audit, but tests of controls
ordinarily are confined to the period during which the auditor is on the client’s
premises.
d. Many computerized procedures leave no audit trail of who performed them, so
substantive tests may necessarily be limited to inquiries and observation of office
personnel.

16. After obtaining an understanding of internal control and assessing control risk, an
auditor decided not to perform additional tests of controls. The auditor most likely
concluded that the
a. Additional evidence to support a further reduction in control risk was not cost-
beneficial to obtain.
b. Assessed level of inherent risk exceeded the assessed level of control risk.
c. Internal control was properly designed and justifiably may be relied on.
d. Evidence obtainable through tests of controls would not support an increased
assessment of control risk.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 10
17. The objective of tests of details of transactions performed as tests of controls is to
a. Monitor the design and use of entity documents such as prenumbered shipping
form
b. Determine whether controls have been placed in operation.
c. Detect material misstatements in the account balances of the financial statements.
d. Evaluate whether controls operated effectively.

18. An auditor wishes to perform tests of controls on a client’s cash disbursements

procedures. If the controls leave no audit trail of documentary evidence, the auditor
most likely will test the procedures by
a. Confirmation and observation. c. Analytical procedures and
confirmation.
b. Observation and inquiry. d. Inquiry and analytical procedures

19. Which of the following would not be a method used to conduct tests of controls?
a. Inquiry b. Walkthrough c. Confirmation d.
Observation

20. The auditor is examining copies of sales invoices only for the initials of the person
responsible for checking the extensions. This is an example of a
a. Test of controls c. Dual purpose test
b. Substantive test d. Test of balances

21. Which of the following types of evidence would an auditor most likely examine to
determine whether controls are operating as designed?
a. Confirmations of receivables verifying account balances.
b. Letters of representations corroborating inventory pricing.
c. Attorneys’ responses to the auditor’s inquiries.
d. Client records documenting the use of computer programs.

22. Which of the following procedures concerning accounts receivable is an auditor most
likely to perform to obtain evidential matter in support of an assessed level of control
risk below the maximum level?
a. Sending confirmation requests to an entity’s principal customers to verify the
existence of accounts receivable.
b. Inspecting an entity’s analysis of accounts receivable for unusual balances.
c. Comparing an entity’s uncollectible accounts expense to actual uncollectible
accounts receivable.
d. Observing an entity’s employee prepare the schedule of past due accounts
receivable.

23. An auditor is least likely to test controls that provide for

a. Classification of revenue and expense transactions by product line
b. Approval of the purchase and sale of trading securities
c. Segregation of the functions of recording disbursements and reconciling the bank
account
d. Comparison of receiving reports and vendors’ invoices with purchase orders

24. In a small company that doesn't employ an adequate number of employees to permit
proper division of responsibilities, effective internal control can be strengthened by

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 11
a. Direct participation by the owner of the business in the record keeping activities of
the business.
b. Employment of temporary personnel to aid in the separation of duties.
c. Delegation of full, clear-cut responsibility to each employee for the functions
assigned to each.
d. Engaging a CPA to perform monthly "write up" work.

25. Which of the following is true of the communication to management of material

weaknesses in accounting and internal control?
a. Communication must be in writing.
b. Oral communication of material weaknesses, when appropriate, would be
documented in the audit working papers.
c. The communication should indicate that the auditor had extensively examined the
accounting and internal control system of the client.
d. The auditors should indicate in the communication that the examination is primarily
designed to determine whether the accounting and internal control is adequate.

QUIZZERS
1. Transaction authorization within an organization may be either specific or general. An
example of specific transaction authorization is the
a. Approval of a construction budget for a new warehouse
b. Setting of automatic reorder points
c. Establishment of a customer’s credit limits
d. Establishment of sales prices

2. Internal control should provide reasonable (but not necessarily absolute) assurance
which means that:
a. The cost of control activities should not exceed the benefits.
b. Internal control is management’s, not auditor’s, responsibility.
c. An attestation engagement about management’s internal control assertions may
not necessarily detect all reportable conditions.
d. There is always a risk that reportable conditions may result in material
misstatements.

3. Which of the following statements is an example of an inherent limitation of internal

control.
a. Errors may arise from mistakes in judgments.
b. The effectiveness of control procedures depends on segregation of duties.
c. Procedures are designed to assure that transactions are executed as
management authorities.
d. Computers process large numbers of transactions.

4. Proper segregation of functional responsibilities calls for separation of the functions of

a. Authorization, execution, and recording. c. Custody, execution, and
reporting.
b. Authorization, execution, and payment. d. Authorization, payment,
and recording.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 12
5. Which of the following is a responsibility that should not be assigned to only one
employee?
a. Access to securities in the company’s safe deposit box.
b. Custodianship of the cash working fund.
c. Reconciliation of bank statement.
d. Custodianship of tools and small equipment.

6. Which of the following activities would be least likely to strengthen a company’s

internal control?
a. Maintaining insurance for fire and theft.
b. Separating accounting from other financial operations.
c. Fixing responsibility for the performance of employee duties.
d. Carefully selecting and training employees.

7. As generally conceived, the “audit committee” of a publicly held company should be

made up of
a. Members of the board of directors who are not officers or employees.
b. Representatives of the major equity interests (bonds, preferred stock, common
stock).
c. The audit partner, the chief financial officer, the legal counsel, and at least one
outsider.
d. Representatives from the client’s management, investors, suppliers, and
customers.

8. When considering internal control, the auditor’s primary concern is to determine

a. The reliability of the accounting information system.
b. The possibility of fraud occurring.
c. Compliance with policies, plans, and procedures.
d. The type of an opinion he will issue.

9. Of the following, the best statement of the CPA’s primary objective in considering
internal control is that the review is intended to provide
a. A basis for reliance on the system and determining the scope of other
auditing procedures.
b. Reasonable protection against client fraud and defalcations by client
employees.
c. A basis for constructive suggestions to the client for improving his internal
control system.
d. A method for ensuring that there is reasonable assurance that the financial
statements are reliable.

10. When an auditor assesses control risk below the maximum level, the auditor is
required to document the auditor’s
Basis for concluding that control Understanding of the entity’s internal
Risk is below the maximum level control structure elements
a. Yes Yes
b. No No
c. Yes No

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 13

d. No Yes

11. The sequence of steps in gathering evidence as the basis of the auditor’s opinion is
a. Substantive tests, documentation of control structure, and tests of controls
b. Documentation of control structure, tests of controls, and substantive tests
c. Documentation of control structure, substantive tests, and tests of controls
d. Tests of controls, documentation of control structure, and substantive tests

12. In obtaining an understanding of an entity’s internal control structure, an auditor is

required to obtain knowledge about the
Operating effectiveness of Design of policies
Policies and procedures and procedures
a. Yes Yes
b. No Yes
c. Yes No
d. No No

13. Which of the following audit techniques most likely would provide an auditor with the
most assurance about the effectiveness of the operation on an internal control
procedure?
a. Confirmation with outside parties c. Recomputation of account balance
b. Observation of client personnel d. Inquiry of client personnel

14. Which of the following is the correct order for performing the auditing procedures A
through C below
A = Tests of Controls
B = Preparation of a flowchart depicting the client’s internal control structure
C = Substantive tests
a. ABC b. BAC c. ACB d. BCA

15. After considering a client’s internal control, an auditor has concluded that the system
is well designed and is functioning as anticipated. Under these circumstances, the
auditor would most likely
a. Cease to perform further substantive tests
b. Not increase the extent of planned substantive tests
c. Increase the extent of anticipated analytical procedures
d. Perform all tests of controls to the extent outlined in the preplanned audit program

16. After considering internal control, an auditor might decide to

a. Increase the extent of tests of controls and substantive tests in areas where
internal control is strong
b. Increase the extent of substantive tests in areas where internal control is weak
c. Reduce the extent of tests of controls in areas where internal control is strong
d. Reduce the extent of both substantive tests and tests of controls in areas where
internal control is strong

17. To obtain an understanding of the relevant policies and procedures of internal control,
the auditor performs all of the following except:
a. Make inquiries c. Make observations
b. Design substantive tests d. Inspect documents and records

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 14

18. In an auditor’s consideration of internal control, the completion of a questionnaire is

most closely associated with which of the following?
a. Separation of duties c. Flowchart accuracy
b. Understanding the system d. Tests of controls

19. Before relying on the system of internal control, the auditor obtains a reasonable
degree of assurance that the internal control procedures are in use and operating as
planned. The auditor obtains this assurance by performing planned
a. Substantive tests c. Transaction tests
b. Tests of controls d. Tests of trends and ratios

20. After obtaining an understanding of a client’s controls, an auditor may decide to omit
tests of the controls. Which of the following in not appropriate reason to omit tests of
controls?
a. The controls duplicate other controls.
b. The controls appear adequate.
c. Reportable conditions preclude assessing control risk below the maximum.
d. The effort to test controls exceeds the effort saved by not performing substantive
tests.

21. In general, a material weakness in internal control may be defined as a condition in

which material errors or irregularities may occur and not be detected within a timely
period by
a. An independent auditor during tests of controls.
b. Management when reviewing interim financial statements and reconciling account
balances.
c. Employees in the normal course of performing their assigned functions.
d. Outside consultants who issue a special-purpose report on internal control
structure.

22. Internal control procedures are not designed to provide reasonable assurance that
a. Transactions are executed in accordance with management's authorization.
b. Access to assets is permitted only in accordance with management's
authorization.
c. Irregularities will be eliminated.
d. The recorded accountability for assets is compared with the existing assets at
reasonable intervals.

23. A secondary purpose of the auditor's consideration of internal control is to provide

a. A basis for assessing control risk.
b. An assurance that the records and documents have been maintained in
accordance with existing company policies and procedures.
c. A basis for constructive suggestions about improvements in internal control
structure.
d. A basis for the determination of the resultant extent of the tests to which auditing
procedures are to be restricted.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 15
24. The auditor's review of the client's internal control is documented in order to
substantiate
a. Conformity of the accounting records with GAAP.
b. Adherence to requirements of management.
c. Compliance with generally accepted auditing standards.
d. The fairness of the financial statement presentation.

25. A consideration of internal control made during an audit is usually not sufficient to
express an opinion on an entity's controls because
a. Weaknesses in the system may go unnoticed during the audit engagement.
b. A consideration of internal control is not necessarily made during an audit
engagement.
c. Only those controls on which an auditor intends to rely are reviewed, tested, and
evaluated.
d. Controls can change each year.

26. The accountant's report expressing an opinion on an entity's internal controls should
state that the
a. Objectives of the client's internal controls are being met.
b. Consideration of the internal controls was conducted in accordance with generally
accepted auditing standards.
c. Establishment and maintenance of internal control is the responsibility of
management.
d. Inherent limitations of the client's internal controls were examined.

27. The primary objective of procedures performed to obtain an understanding of internal

control is to provide an auditor with
a. Evidential matter to use in reducing detection risk.
b. A basis from which to modify tests of controls.
c. Knowledge necessary to plan the audit.
d. Information necessary to prepare flowcharts.

PSA 400 – Risk Assessments and Internal Control

28. Which of the following is not part of the control environment?
a. Management philosophy and operating style.
b. Organizational structure and methods of assigning authority and responsibility.
c. Information and communication systems.
d. The function of the board of directors and its committees.

29. When obtaining an understanding of the accounting and internal control system the
auditor may trace a few transactions through the accounting system. This technique
is:
a. Reperformance test c. Walk-through test
b. Test of transactions d. Validity test

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 16
30. Which of the following least likely affects the nature, timing, and extent of the
procedures performed by the auditor to obtain an understanding of the accounting and
internal control systems of an audit client?
a. Materiality considerations
b. The auditor’s assessment of inherent risk
c. The level of acceptable detection risk
d. The size and complexity of the entity and of its computer system

31. The evaluation of deviations that were observed upon completing tests of controls
a. May require the need for doing more extensive understanding of control.
b. May require more extensive tests of controls.
c. Always requires documentation of the basis of assessment of control risk.
d. May require modification of the nature, timing, and extent of planned substantive
procedures.

32. The following statements are true about observation when used as tests of control
procedures, except.
a. The auditor may supplement his observations with other tests of control capable of
providing audit evidence.
b. Audit evidence obtained by doing observation pertains only to the point in time at
which the procedure was applied.
c. Observation of who applies a control procedure is useful as a test of control
procedures when evaluating control effectiveness of both computerized and
manual system
d. Ordinarily, making inquiries provides more reliable audit evidence than doing
observation when testing segregation of functional responsibilities.

33. Tests of controls may include the following, except:

a. Reperformance of internal control procedures
b. Inquiries about, and observation of, internal controls which leave no audit trail.
c. Inspection of documentary support for transactions evidencing authorization
d. Analytical procedures involving comparison of operating expenses with budgeted
amount.

34. Tests of controls are performed to obtain audit evidence about the effectiveness of the
a. Operation of the internal controls at the time the tests are being applied.
b. Operations of the internal controls in eliminating fraud and errors.
c. Design of the internal controls in eliminating fraud and errors.
d. Design of the accounting and internal controls systems.

35. The auditor should consider whether the assessment of control risk is confirmed
a. Upon completion of understanding of internal control.
b. Upon completion of tests of controls
c. Before the final audit program is completed.
d. Upon the conclusion of the audit, based on the results of substantive procedures
and other audit evidence obtained.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 17

PSA 402 – Audit Considerations Relating to Entities Using Service

Organizations
36. Which of the following is least likely considered by the auditor in determining the
significance of service organization activities to the client and the relevance to the
audit?
a. Terms of contract and relationship between the client and the service organization.
b. The material financial statement assertions that are affected by the use of the
service organization.
c. Client's internal controls that are applied to the transactions processed by the
service organization.
d. The control policies and procedures of the client of requiring that all payments for
goods and services be supported by receiving reports.

37. When the auditor considers that the service organization activities are significant to
the client and relevant to the audit and he concludes that it would be efficient to obtain
audit evidence from tests of control to support an assessment of control risk at a lower
level. Such evidence may be obtained by, except
a. Performing tests of the client's controls over activities of the service organization.
b. Obtaining a service organization auditor's report that expresses an opinion as to
the operating effectiveness of the service organization's accounting and internal
control systems for the processing applications relevant to the audit.
c. Visiting the service organization and performing tests of control.
d. Review the service contract between the client and the service organization.

38. Which statement is incorrect regarding the client auditor’s use of service organization
auditor’s report?
a. When using a service organization auditor’s report, the client auditor should
consider the nature of and content of that report.
b. The client auditor should consider the scope of work performed by the service
organization auditor and should assess the usefulness and appropriateness of
reports issued by the service organization auditor.
c. When a Type B report is to be used as evidence to support a lower control risk
assessment, a client auditor would consider whether the controls tested by the
service organization auditor are relevant to the client's transactions (significant
assertions in the client's financial statements) and whether the service
organization auditor's tests of control and the results are adequate.
d. Since Type A reports may be useful to a client auditor in gaining the required
understanding of the accounting and internal control systems, an auditor may use
such reports as a basis for reducing the assessment of control risk.

39. Which of the following is the least concern of the client auditor in reviewing the report
of service organization auditor on suitability of internal control design of the service
organization?
a. The accuracy of description of the service organization's accounting and internal
control systems, ordinarily prepared by the management of the service
organization.
b. The systems' controls have been placed in operation.
c. The accounting and internal control systems are suitably designed to achieve their
stated objectives.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 18
d. The type of documentation of the understanding of the service organization’s
control system.

40. Which of the following is least likely entitled to the report of the service organization
auditor on the suitability of the design and operating effectiveness of the service
organization?
a. Service organization’s management c. Client’s auditors
b. Service organization’s customers d. Service organization’s
stockholders

True or False
1. As part of understanding internal, an auditor is not required obtain knowledge about
the operating effectiveness of internal control.
2. A CPA’s consideration of internal control in a financial statement audit is usually more
limited than that made in connection with an engagement to report on management’s
written assertion as to the effectiveness of internal control.
3. Proper segregation of duties reduces the opportunities for persons to be in positions to
perpetrate and conceal errors or fraud.
4. Management’s aggressive attitude toward financial reporting and its emphasis on
meeting projected profit goals most likely would significantly influence an entity’s
control environment when management is dominated by one individual who is also a
shareholder.
5. It is important for the auditor to consider the competence of the audit client’s
employees, because their competence bears directly and importantly upon the
achievement of the objectives of internal control.
6. When obtaining an understanding of an entity’s internal control, an auditor should
concentrate on the substance of controls rather than their form because management
may establish appropriate controls but not act on them.
7. In obtaining an understanding of an entity’s internal control in a financial statement
audit, an auditor is not obligated to search for significant deficiencies in the operation
of internal control.
8. An independent auditor might consider the procedures performed by the internal
auditors because they are employees whose work may affect the nature, timing, and
extent of audit procedures.
9. Internal control procedures are not designed to provide reasonable assurance that
irregularities will be eliminated.
10. When considering internal control, an auditor must be aware of the concept of
reasonable assurance, which recognizes that cost of internal control procedures
should not exceed the benefits expected to be derived from the control.
11. The auditor’s review of the client’s internal control is documented in order to
substantiate compliance with generally accepted auditing standards.
12. After obtaining an understanding of an entity’s internal controls, an auditor may assess
control risk at the maximum for some assertions because the auditor believes internal
control activities are unlikely to be effective.
13. The primary purpose of the auditor’s consideration of internal control is to provide a
basis for determining the nature, timing, and extent of audit tests to be applied.

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 19
14. After consideration of a client’s internal control, an auditor might decide to increase the
extent of substantive testing in areas where the controls are weak.
15. A consideration of internal control made during an audit is usually not sufficient to
express an opinion on an entity’s controls because only those controls on which an
auditor intends to rely are reviewed, tested, and evaluated.
16. Evidence about segregation of duties is best obtained by direct personal observation
of employees who perform control activities.
17. An auditor’s flowchart of a client’s accounting system is a diagrammatic representation
that depicts the auditor’s understanding of the internal control system.
18. The purpose of tests of controls is to provide reasonable assurance that the control
procedures are functioning as intended.
19. After documenting internal control in an audit engagement, the auditor may perform
tests on those controls that the auditor plans to rely on.
20. The auditor observes client employees in order to corroborate the information
obtained during the initial review of the system.

- end of AT-5910 -

MODULE 7: Internal Control System Evaluation Quizzer

1. The primary objective of procedures performed to obtain an understanding of internal control is to

provide an auditor with
a. Knowledge necessary for audit planning
b. Evidential matter to use in assessing inherent risk
c. A basis for modifying tests of controls
d. An evaluation of the consistency of application

2. An auditor uses the knowledge provided by the understanding of internal control and the assessed
level of control risk primarily to
a. Determine whether procedures and records concerning the safeguarding of assets are reliable
b. Ascertain whether the opportunities to allow any person to both perpetrate and conceal fraud are
minimized
c. Modify the initial assessments of inherent risk and preliminary judgments about materiality levels
d. Determine the nature, timing and extent of substantive tests for financial statement assertions

3. In an audit of financial statements, an auditor’s primary consideration regarding an internal control is

whether the control
a. Reflects management’s philosophy and operating style
b. Affects management’s financial statement assertions
c. Provide adequate safeguards over access to assets
d. Enhances management’s decision-making processes

4. An auditor would most likely be concerned with controls that provide reasonable assurance about the
a. Efficiency of management’s decision-making process
b. Appropriate prices the entity should charge for its products
c. Decision to make expenditures for certain advertising activities
d. Entity’s ability to initiate, record, process and report financial data

5. PSA 315 (Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and its Environment) requires the auditor to perform risk assessment
procedures at

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 20
a. The financial statement level only
b. The assertion level only
c. The financial statement level and the assertion level for classes of transactions, account balances
and disclosures
d. Either the financial statement or assertion level

6. The auditor’s risk assessment procedures should always include the following, except
a. Inquiries of management and of others within the entity
b. Analytical procedures
c. Observation and inspection
d. Substantive test procedures and tests of controls

7. The auditor’s risk assessment procedures

a. By themselves, do not provide sufficient appropriate audit evidence on which to base the audit
opinion
b. Should not consider information obtained from the auditor’s previous experience with the entity
c. Are designed to detect material misstatements at the assertion level for classes of transactions,
account balances and disclosures
d. Are designed to test the effectiveness of the entity’s controls

8. The auditor should obtain an understanding of the entity’s objectives and strategies, and those
business risks that may result in risks of material misstatement. Which of the following statements
concerning the entity’s business risk is incorrect?
a. Business risk is broader than the risk of material misstatement of the financial statements, though
it includes the latter
b. An understanding of the business risks facing the entity increases the likelihood of identifying risks
of material misstatement
c. The auditor has a responsibility to identify or assess all business risks
d. Business risk may arise from the development of new products or services that may fail

9. When obtaining an understanding of controls that are relevant to the audit, the auditor is required to
a. Evaluate the design of those controls
b. Determine whether those controls have been implemented
c. Evaluate the design of those controls and determine whether they have been implemented
d. Evaluate the design of those controls and determine whether they have been implemented by
performing tests of controls

10. This internal control component is the foundation for all other components. It sets the tone of the
organization, provides discipline and structure, and influences the control consciousness of employees
a. Control activities
b. Monitoring of controls
c. Control environment
d. The entity’s risk assessment process

11. An entity’s business processes are the activities designed to

a. Develop, purchase, produce , sell and distribute an entity’s products and services
b. Ensure compliance with laws and regulations
c. Record information, including accounting and financial reporting information
d. Assess the effectiveness of internal control performance over time

12. The auditor uses the understanding of internal control to

I. Identify types of potential misstatements
II. Consider factors that affect the risks of material misstatement
III. Design the nature, timing and extent of further audit procedures
a. I and II only

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 21
b. I and III only
c. II and III only
d. I, II and III

13. Which of the following is a management control method that most likely could improve management’s
ability to supervise company’s activities effectively?
a. Monitoring compliance with internal control requirements imposed by regulatory bodies
b. Limiting direct access to assets by physical segregation and protective devices
c. Establishing budgets and forecasts to identify variances from expectations
d. Supporting employees with the resources necessary to discharge their responsibilities

14. Which of the following are considered control environment factors?

Detection Risk Commitment to Competence
a. Yes Yes
b. Yes No
c. No Yes
d. No No

15. Which of the following is not a component of internal control?

a. Control risk
b. Monitoring
c. Information and communication
d. The control environment

16. Which of the following factors are included in an entity’s control environment?
Audit Committee Participation Integrity and ethical values Organizational Structure
a. Yes Yes No
b. Yes No Yes
c. No Yes Yes
d. Yes Yes Yes

17. Which of the following components of internal control includes development and use of training
policies that communicate prospective roles and responsibilities to employees?
a. Monitoring
b. Control environment
c. Risk assessment
d. Control activities

18. Proper segregation of duties reduces the opportunities to allow persons to be in positions both to
a. Journalize entries and prepare financial statements
b. Record cash receipts and cash disbursements
c. Establish internal control and authorize transactions
d. Perpetrate and conceal errors and fraudulent acts

19. Proper segregation of functional responsibilities to achieve effective internal control calls for
separation of the functions of
a. Authorization, execution and payment
b. Authorization, recording and custody
c. Custody, execution and reporting
d. Authorization, payment and recording

20. Internal control can provide only reasonable assurance of achieving an entity’s control objectives.
The likelihood of achieving those objectives is affected by which limitation inherent to internal
control?
a. The auditor’s primary responsibility is the detection of fraud

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 22
b. The board of directors is active and independent
c. The cost of internal control should not exceed its benefits
d. Management monitors internal control

21. Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
a. Incompatible duties
b. Management override
c. Faulty judgment
d. Collusion among employees

22. An independent auditor is concerned with controls designed to safeguard assets that are relevant to
the reliability of financial reporting. Adequate safeguards over access to and use of assets means
protecting from
a. Any management decision that would unprofitably use company resources
b. Only those losses arising from fraud
c. Losses such as those arising from setting a product price too low and subsequently realizing
operating losses from the product’s sale
d. Losses arising from access by unauthorized persons

23. An entity has many employees that access a database. The database contains sensitive information
concerning the customers of the entity and has numerous access points. Access controls prevent
employees from entry to those areas of the database for which they have no authorization. All
salespersons have certain access permission to customer information. Which of the following is a
true statement regarding the nature of the controls and risks?
a. Because there is no segregation of duties among the salespersons, risk of collusion is increased
b. Only one salesperson should be allowed access permission
c. Sales department personnel should not have access to any part of the database
d. A salesperson’s access to customer information should extend only to what is necessary to
perform his/her duties

24. In obtaining an understanding of controls that are relevant to audit planning, an auditor is required to
obtain knowledge about the
a. Design of the controls included in the internal control components
b. Effectiveness of the controls that have been placed in operation
c. Consistency with which the controls are currently being applied
d. Controls related to each principal transaction class and account balance

25. In obtaining an understanding of internal control in a financial statement audit, an auditor is not
obligated to
a. Determine whether the controls have been placed in operation
b. Perform procedures to understand the design of internal control
c. Document the understanding of the entity’s internal control components
d. Search for significant deficiencies in the operation of internal control

26. As part of understanding internal control, an auditor is not required to

a. Consider factors that affect the risk of material misstatement
b. Ascertain whether internal controls have been placed in operation
c. Identify the types of potential misstatements that can occur
d. Obtain knowledge about the operating effectiveness of internal control

27. In planning an audit of certain accounts, an auditor may conclude that specific procedures used to
obtain an understanding of an entity’s internal control need not be included because of the auditor’s
judgments about materiality and assessments of
a. Control risk

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 23
b. Detection risk
c. Sampling risk
d. Inherent risk

28. When obtaining an understanding of an entity’s internal controls, an auditor should concentrate on
their substance rather than their form because
a. The controls may be operating effectively but may not be documented
b. Management may establish appropriate controls but not enforce compliance with them
c. The controls may be so inappropriate that the auditor assesses control risk at the maximum
d. Management may implement controls whose costs exceed their benefits

29. In obtaining an understanding of a manufacturing entity’s internal control concerning inventory

balances, an auditor most likely would
a. Review the entity’s descriptions of inventory policies and procedures
b. Perform test counts of inventory during the entity’s physical count
c. Analyze inventory turnover statistics to identify slow-moving and obsolete items
d. Analyze monthly production reports to identify variances and unusual transactions

30. An auditor should obtain sufficient knowledge of an entity’s information system relevant to financial
reporting to understand the
a. Safeguards used to limit access to computer facilities
b. Process used to prepare significant accounting estimates
c. Procedures used to assure proper authorization of transactions
d. Policies used to detect the concealment of fraud

31. In an audit of financial statements in accordance with PSAs, an auditor is required to

a. Identify specific controls relevant to management’s financial statement assertions
b. Perform tests of controls to evaluate the effectiveness of the entity’s accounting system
c. Determine whether procedures are suitably designed to prevent or detect material misstatement
d. Document the auditor’s understanding of the entity’s internal control

32. An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts
the auditor’s
a. Assessment of control risk
b. Identification of weaknesses in the system
c. Assessment of the control environment’s effectiveness
d. Understanding of the system

33. An advantage of using systems flowcharts to document information about internal control instead of
using internal control questionnaires is that systems flowcharts
a. Identify internal control weaknesses more prominently
b. Provide a visual depiction of clients’ activities
c. Indicate whether controls are operating effectively
d. Reduce the need to observe clients’ employees performing routine tasks

34. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk
that
a. Tests of controls may fail to identify procedures relevant to assertions
b. Material misstatements may exist in the financial statements
c. Specified controls requiring segregation of duties may be circumvented by collusion
d. Entity policies may be inappropriately overridden by senior management

35. Control risk should be assessed in terms of

a. Specific controls

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 24
b. Types of potential fraud
c. Financial statement assertions
d. Control environment factors

36. After assessing control risk below the maximum level, an auditor desires to further reduce the
assessed level of control risk. At this time, the auditor considers whether
a. It would be efficient to obtain an understanding of the entity’s accounting system
b. The entity’s internal controls have been placed in operation
c. The entity’s internal controls pertain to any financial statement assertions
d. Additional evidential matter sufficient to support a further reduction is likely to be available

37. An auditor may decide to assess control risk at the maximum level for certain assertions because the
auditor believes
a. Controls are unlikely to pertain to the assertions
b. The entity’s control components are interrelated
c. Sufficient evidential matter to support the assertions is likely to be available
d. More emphasis on tests of controls than substantive tests is warranted

38. Which of the following is a step in an auditor’s decision to assess control risk below the maximum?
a. Apply analytical procedures to both financial data and nonfinancial information to detect
conditions that may indicate weak controls
b. Perform tests of details of transactions and account balances to identify potential errors and fraud
c. Identify the controls that are likely to detect or prevent material misstatements
d. Document that the additional audit effort to perform tests of controls exceeds the potential
reduction in substantive testing

39. Which of the following is not a step in an auditor’s decision to assess control risk below the
maximum?
a. Evaluate the effectiveness of the control activity with tests of controls
b. Obtain an understanding of the entity’s control environment
c. Perform tests of details of transactions to detect material misstatements in the financial
statements
d. Consider whether controls can have a pervasive effect on financial statement assertions

40. Samples to test controls are intended to provide a basis for an auditor to conclude whether
a. The controls are operating effectively
b. The financial statements are materially misstated
c. The risk of incorrect acceptance is too high
d. Materiality for planning purposes is at a sufficiently low level

41. Which of the following tests of controls most likely will help assure an auditor that goods shipped are
properly billed?
a. Scan the sales journal for sequential and unusual entries
b. Examine shipping documents for matching sales invoices
c. Compare the accounts receivables ledger to daily sales summaries
d. Inspect unused sales invoices for consecutive prenumbering

42. An auditor is least likely to test controls that provide for

a. Approval of the purchase and sale of trading securities
b. Classification of revenue and expense transactions by product line
c. Segregation of the functions of recording disbursements and reconciling the bank
d. Comparison of receiving reports and vendors’ invoices with purchase orders

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 25
43. After obtaining an understanding of a client’s internal control, an auditor may decide not to test the
effectiveness of the computer control procedures. Which of the following is not a valid reason for
choosing to omit tests of controls?
a. The controls duplicate operative controls existing elsewhere in the system
b. There appear to be major weaknesses that would preclude assessing control risk below the
maximum level
c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if
the tests of controls show the controls to be operative
d. The operating effectiveness of controls appears to support a reduced assessment of control risk

44. When assessing control risk below the maximum level, an auditor is required to document the
auditor’s
Understanding of the Entity’s Basis for Concluding That
Control Environment Control Risk is Below the Maximum Level
a. Yes No
b. No Yes
c. Yes Yes
d. No No

45. When control risk is assessed at the maximum level for all financial statement assertions, an auditor
should document the auditor’s
Understanding of the Conclusion that Basis for Concluding
Entity’s Internal Control Risk is at the that Control Risk is at the
Control Components Maximum Level Maximum Level
a. Yes No No
b. Yes Yes No
c. No Yes Yes
d. Yes Yes Yes

46. Which of the following procedures is an auditor most likely to include in the planning phase of a
financial statement audit?
a. Obtain an understanding of the entity’s risk assessment process
b. Identify specific controls designed to prevent fraud
c. Evaluate the reasonableness of the entity’s accounting estimates
d. Perform cutoff tests of the entity’s sales and purchases

47. After obtaining an understanding of an entity’s internal control and assessing control risk, an auditor
may next
a. Perform tests of controls to verify management’s assertions that are embodied in the financial
statements
b. Consider whether evidential matter is available to support a further reduction in the assessed
level of control risk
c. Apply analytical procedures as substantive tests to validate the assessed level of control risk
d. Evaluate whether the internal controls detected material misstatements in the financial
statements

48. Which of the following procedures most likely will provide an auditor with evidence about whether an
entity’s controls are suitably designed to prevent or detect material misstatements?
a. Reperforming the controls for a sample of transactions
b. Performing analytical procedures using data aggregated at a high level
c. Vouching a sample of transactions directly related to the controls
d. Observing the entity’s personnel applying the controls

49. In assessing control risk, an auditor ordinarily selects from a variety of techniques, including
a. Inquiry and analytical procedures

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 26
b. Reperformance and observation
c. Comparison and confirmation
d. Inspection and verification

50. An auditor generally tests the segregation of duties related to inventory by

a. Personal inquiry and observation
b. Test counts and cutoff procedures
c. Analytical procedures and invoice recomputation
d. Document inspection and reconciliation

51. Which of the following procedures concerning accounts receivable is an auditor most likely to perform
to obtain evidential matter in support of an assessed level of control risk below the maximum level?
a. Observing an entity’s employee prepare the schedule of past due accounts receivable
b. Sending confirmation requests to an entity’s principal customers to verify the existence of
accounts receivable
c. Inspecting an entity’s analysis of accounts receivable for unusual balances
d. Comparing an entity’s uncollectible accounts expense with actual uncollectible accounts
receivable

52. An auditor assesses control risk because it

a. is relevant to the auditor’s understanding of the control environment
b. provides assurance that the auditor’s materiality levels are appropriate
c. indicates to the auditor where inherent risk may be the greatest
d. affects the level of detection risk that the auditor may accept

53. On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed
level of control risk from that originally planned. To achieve an overall audit risk level that is
substantially the same as the planned audit risk level, the auditor would
a. Increase inherent risk c. Decrease inherent risk
b. Decrease detection risk d. Increase materiality levels
54. An auditor uses the knowledge provided by the understanding of internal control and the final
assessed level of control risk primarily to determine the nature, timing and extent of the
a. Attribute tests
b. Compliance tests
c. Tests of controls
d. Substantive tests

55. The objective of tests of details of transactions performed as tests of controls is to

a. Monitor the design and use of entity documents such as prenumbered shipping forms
b. Determine whether internal controls have been placed in operation
c. Detect material misstatements in the account balances of the financial statements
d. Evaluate whether internal controls operated effectively

56. When an auditor increases the planned assessed level of control risk because certain controls were
determined to be ineffective, the auditor will most likely increase the
a. Extent of tests of details
b. Level of inherent risk
c. Extent of tests of controls
d. Level of detection risk

57. When numerous property and equipment transactions occur during the year, an auditor who plans to
assess control risk at a low level usually performs
a. Tests of controls and extensive tests of property and equipment balances at the end of the year
b. Analytical procedures for current year property and equipment transactions
c. Tests of controls and limited tests of current-year property and equipment

MODULE 7 QUIZZER
MODULE 7 - “Internal Control System Evaluation” Page 27
d. Analytical procedures for property and equipment balances at the end of the year

58. A client maintains perpetual inventory records in both quantities and pesos. If the assessed level of
control risk is too high, an auditor will probably
a. Apply gross profit tests to ascertain the reasonableness of the physical counts
b. Increase the extent of tests of controls relevant to the inventory cycle
c. Request the client to schedule the physical inventory count at the end of the year
d. Insist that the client perform physical counts of inventory items several times during the year

59. An auditor may compensate for a high assessed level of control risk by increasing the
a. Level of detection risk
b. Extent of tests of controls
c. Preliminary judgment about audit risk
d. Extent of analytical procedures

60. Regardless of the assessed level of control risk, an auditor should perform some
a. Tests of controls to determine the effectiveness of controls
b. Analytical procedures to verify the design of controls
c. Substantive tests to restrict detection risk for significant transaction classes
d. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control
risk

*******************************

MODULE 7 QUIZZER