INTERNAL CONTROL REVIEW QUIZZER

True/False
Indicate whether the statement is true or false.

1. Internal control is a process designed to guarantee the achievement of the objectives of reliable financial reporting,
compliance with laws and regulations and ineffective and inefficient operations.

2. If internal controls are not enforced they are useless and can lead to waste and fraud.

3. Weakness in the tone at the top have been associated with most financial frauds during the past decade.

4. Internal control is a process designed to provide reasonable assurance regarding the achievement of the objectives
of reliable financial reporting, compliance with laws and regulations and effective and efficient operations, and
safeguarding of the assets.

5. Control activities are the policies and procedures that are established to assist in accomplishing objectives and to
mitigate risks.

6. Control is considered to be part of corporate governance.

7. Investors do not place much value on the internal control of the companies in which they invest.

8. Internal control is applied across all activities of the organization.

9. The five major components of an organization's internal control are: the control environment, risk assessment,
control activities, information and communication, and materiality.

10. An organization's control environment is established and maintained by the internal auditing department.

11. Physical controls are necessary to protect and safeguard assets from accidental or intentional destruction and theft.

12. An auditor is not required to obtain evidence about the design and operation of the internal controls to reduce the
assessment of control risk below maximum.

13. In addition to controls being specific, they may be broad, such as policies regarding a code of ethics.

14. Self-checking digit algorithms have been developed to test for transposition errors associated with identification
numbers.

15. When control risk is assessed at a minimum level, the auditor assumes that the internal controls are reliable in
preventing or detecting material misstatements.

16. The payroll department should be responsible for signing payroll checks.

17. The auditor's preliminary assessment of control risk is based on an understanding of the control system as it has
operated in the past and is designed to operate.

1
 18. The auditor is obligated to report significant deficiencies in the control structure discovered during an audit to the
audit committee or its equivalent.

19. Transaction-oriented controls should be tested using the guidelines developed for attribute testing utilizing
statistical sampling techniques.

20. Testing internal control for effectiveness is done in every audit.

21. The auditor should obtain an understanding of whether the client’s controls sufficiently address the risk of material
misstatement due to fraud.

22. When the auditor believes the design of controls of a non-public company is effective but does not test the
controls, the auditor can assess control risk as moderate in some circumstances but otherwise it should be assessed
as high.

23. An external auditor provides a separate opinion on the effectiveness of internal control for large publicly traded
companies.

24. One of the components of internal control, the control environment, is considered pervasive and the auditor should
start the evaluation of controls at this level.

Multiple Choice
Identify the choice that best completes the statement or answers the question.

25. Proper segregation of functional responsibilities calls for separation of the functions of

a. Authorization, execution, and payment.

b. Authorization, recording, and custody.
c. Custody, execution, and reporting.
d. Authorization, payment, and recording.
26. The overall attitude and awareness of an entity’s board of directors concerning the importance of internal control
usually is reflected in its

a. Computer-based controls.
b. System of segregation of duties.
c. Control environment.
d. Safeguards over access to assets.
27. Which of the following factors are included in an entity’s control environment?

Audit committee Integrity and ethical values Organizational

a. Yes Yes No
b. Yes No Yes
c. No Yes Yes
d. Yes Yes Yes
28. Which of the following is a provision of the Foreign Corrupt Practices Act?

a. It is a criminal offense for an auditor to fail to detect and report a bribe paid by an
2
 American business entity to a foreign official for the purpose of obtaining business.
b. The auditor’s detection of illegal acts committed by officials of the auditor’s publicly held
client in conjunction with foreign officials should be reported to the Enforcement Division
of the Securities and Exchange Commission.
c. If the auditor of a publicly held company concludes that the effects on the financial
statements of a bribe given to a foreign official are not susceptible of reasonable
estimation, the auditor’s report should be modified.
d. Every publicly held company must devise, document, and maintain internal control
sufficient to provide reasonable assurances that internal control objectives are met.
29. Which of the following procedures most likely would provide an auditor with evidence about whether an entity’s
internal control activities are suitably designed to prevent or detect material misstatements?

a. Reperforming the activities for a sample of transactions.

b. Performing analytical procedures using data aggregated at a high level.
c. Vouching a sample of transactions directly related to the activities.
d. Observing the entity’s personnel applying the activities.
30. In an audit of financial statements in accordance with generally accepted auditing standards, an auditor is required
to

a. Document the auditor’s understanding of the entity’s internal control.

b. Search for significant deficiencies in the operation of internal control.
c. Perform tests of controls to evaluate the effectiveness of the entity’s internal control.
d. Determine whether controls are suitably designed to prevent or detect material
misstatements.
31. An auditor should obtain sufficient knowledge of an entity’s information system to understand the

a. Safeguards used to limit access to computer facilities.

b. Process used to prepare significant accounting estimates.
c. Controls used to assure proper authorization of transactions.
d. Controls used to detect the concealment of fraud.
32. Decision tables differ from program flowcharts in that decision tables emphasize

a. Ease of manageability for complex programs.

b. Logical relationships among conditions and actions.
c. Cost benefit factors justifying the program.
d. The sequence in which operations are performed.
33. A primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor
with

a. Knowledge necessary to assess the risks of material misstatements.

b. Evidence to use in assessing inherent risk.
c. A basis for modifying tests of controls.
d. An evaluation of the consistency of application of management’s policies.
34. In obtaining an understanding of an entity’s internal control, an auditor is required to obtain knowledge about the

Operating effectiveness of controls Design of controls

3
 a. Yes Yes
b. No Yes
c. Yes No
d. No No
35. Control risk should be assessed in terms of

a. Specific controls.
b. Types of potential fraud.
c. Financial statement assertions.
d. Control environment factors.
36. Assessing control risk at a low level most likely would involve

a. Performing more extensive substantive tests with larger sample sizes than originally
planned.
b. Reducing inherent risk for most of the assertions relevant to significant account balances.
c. Changing the timing of substantive tests by omitting interim-date testing and performing
the tests at year-end.
d. Identifying specific controls relevant to specific assertions.
37. When an auditor increases the assessed level of control risk because certain control activities were determined to
be ineffective, the auditor would most likely increase the

a. Extent of tests of controls.

b. Level of detection risk.
c. Extent of tests of details.
d. Level of inherent risk.
38. An auditor may compensate for a weakness in internal control by increasing the

a. Level of detection risk.

b. Extent of tests of controls.
c. Preliminary judgment about audit risk.
d. Extent of analytical procedures.
39. The purpose of tests of controls in the examination of the financial statements of an SEC client is to provide
reasonable assurance that the
a. Controls can be relied upon.
b. Client has complied with GAAP.
c. CPA firm has complied with the quality control standards.
d. Accounting for transactions is accurate.
40. The audit report expressing an opinion on an entity's internal controls should state that the
a. Compliance objectives of the client's internal controls are being met.
b. Inherent limitations of the client's internal controls were examined.
c. Tests of internal control revealed no deficiencies in the operation of the system.
d. Establishment and maintenance of internal control is the responsibility of management.
41. Which of the following audit tests is a test of controls?
a. Tests of the specific items making up the balance in a financial statement account.
b. Comparing inventory prices to vendors' invoices.
4
 c. Comparing signatures on canceled checks to those of authorized check signers.
d. Tests of the additions to property, plant, and equipment by physical inspections.
42. Which of the following is part of the control environment?
a. Segregation of duties.
b. Codes of conduct.
c. Procedures for initiating transactions.
d. Monthly bank reconciliations.
43. After gaining an understanding and documenting internal control, the auditor may elect to perform tests on
a. Those controls that the auditor plans to rely on.
b. Those controls for which significant deficiencies have been identified.
c. Those controls that have a material effect on the financial statement balances.
d. A random sample of the controls that were reviewed.
44. Control activities include
a. The control environment.
b. Risks faced by the entity from new technology.
c. Authorization of purchases of new equipment.
d. Market share data.
45. The report expressing an opinion on an entity's internal controls does not include a
a. Description of the scope of the engagement.
b. Specific date that the report covers rather than a period of time.
c. Brief explanation of the broad objectives and inherent limitations of internal control.
d. Statement that the entity's internal controls are consistent with that of the prior year.
46. In an auditor's consideration of internal control, the completion of a questionnaire is most closely associated with
which of the following?
a. Separation of duties.
b. Understanding the system.
c. Flowchart accuracy.
d. Tests of controls.
47. Which of the following is part of risk assessment?
a. A foreign subsidiary does not adapt to changes in company procedures.
b. The client lacks written procedures for initiating sales transactions.
c. Lack of proper approval of payroll checks.
d. The client does not reconcile its bank accounts on a regular basis.
48. Section 404 of the Sarbanes-Oxley Act requires management to certify that
a. The financial statements are fairly presented.
b. Internal control over compliance activities is effective.
c. The auditor's opinion on internal control is fairly stated.
d. That internal control over financial reporting is effective.
49. The auditor is examining copies of sales invoices for the initials of the person checking the extensions. This is an
example of a
a. Test of controls.
b. Substantive test.
c. Dual-purpose test.
d. Test of balances.
5
50. After consideration of a client's internal control, an auditor might decide to
a. Increase the extent of substantive testing in areas where controls are strong.
b. Reduce the extent of tests of controls in areas where the controls are strong.
c. Reduce the extent of both substantive tests and tests of controls in areas where the controls
are strong.
d. Increase the extent of substantive testing in areas where the controls are weak.
51. In the annual report of a public company submitted to the SEC,
a. Two reports on the financial statements will be present.
b. The auditor provides an opinion on the effectiveness of management in achieving the
entity's objectives.
c. Two reports on internal control over financial reporting will be present.
d. The report of internal auditors on the effectiveness of internal control is presented.
52. A flowchart of a client's internal controls
a. Provides documentation of the system of internal control.
b. Is typically obtained from the client's internal auditors.
c. Serves as the audit program for testing of controls.
d. Illustrates the type of fraud which may have occurred in the system.
53. Significant deficiencies in internal control are required to be reported
a. Creditors which the client has debt to.
b. The audit committee of the board of directors.
c. Management of the unit in which they occurred.
d. Internal auditors of the entity.
54. In an audit of a nonpublic company, the primary objective of obtaining an understanding of internal control is for
the auditor to
a. Comply with PCAOB standards.
b. Be able to assess inherent risk.
c. Obtain information necessary to plan the audit.
d. Make the acceptance or continuance decision of the client.
55. The auditor has evaluated the system of internal control and has reached the conclusion that the system is well
designed and is functioning as designed. The next step for the auditor is to
a. Issue the opinion on the financial statements.
b. Increase analytical procedures that are planned in the audit program.
c. Remove substantive tests from the audit program.
d. Leave substantive testing as planned for in the audit program.
56. Evidence about segregation of duties is best obtained by
a. Studying a flowchart detailing who performs which duties.
b. Making inquiries of coworkers about which employees performs which duties.
c. Inspecting conflict of interest policies for segregation of duties procedures.
d. Observation of employees who perform control activities.
57. A significant deficiency is best defined as
a. A violation of the entity's conflict-of-interest policies and code of ethics.
b. An attempt by the client to limit the scope of the auditor's work in conducting the financial
statement engagement.
c. A deficiency that adversely affects the ability to process transactions in accordance with

6
 generally accepted accounting principles.
d. Fraud or illegal acts committed by management that have a material impact on the
financial statements.
58. Which of the following is not true concerning control activities?
a. Control procedures is another term for control activities.
b. Transaction authorization is a control activity.
c. Control activities generally fall into the two categories of preventive controls and detective
controls.
d. Information and communication is an important component of control activities.
59. Limiting access to assets and records might be accomplished by
a. Audit trails documenting who had authorization to access assets and records.
b. A control environment which discourages access to assets and records.
c. Access codes for those parties with authorization to access assets and records.
d. Risk assessment of the parties with authorization to access assets and records.
60. Which of the following is not one of the four transaction cycles?
a. Expenditure/disbursement.
b. Risk assessment.
c. Revenue/receipt.
d. Conversion.
61. Which of the following is not true concerning Auditing Standard No. 2 on internal control?
a. Management is required to assess internal control.
b. The audit committee must sign the report regarding internal control.
c. Management must acknowledge responsibility for internal control.
d. The auditor of the financial statements must also audit internal control.
62. An effective audit committee
a. Is comprised of management with financial expertise.
b. Meets no more than once a year.
c. May challenge the financial reporting of the CEO and CFO.
d. Establishes and distributes policies for access to assets and records.
63. In making its assessment of internal control under Section 404, management
a. Allow internal auditors to perform the assessment and take responsibility for it.
b. Must support the evaluation with documentation.
c. Must perform its evaluations on a biennial basis.
d. May choose to contract with third parties to make the assessment and issue the report.

64. In a financial statement audit performed following AICPA Professional Standards, how frequently must
an auditor test operating effectiveness of controls that appear to function as they have in past years and on
which the auditor wishes to rely upon in the current year?

a. Monthly
b. Each audit
c. At least every second audit
d. At least every third audit
65. Which of the following is least likely to be evidence of operating effectiveness of controls?

7
 a. Cancelled supporting documents
b. Confirmations of accounts receivable
c. Records documenting usage of computer programs
d. Signatures on authorization forms
66. Tests of controls do not ordinarily address:

a. By whom a control was applied

b. How a control was applied
c. The consistency with which a control was applied
d. The cost effectiveness of the way a control was applied
67. Which of the following must the auditor communicate to the audit committee?

a. Significant deficiencies and material weaknesses

b. Only significant deficiencies
c. Only material weaknesses
d. Neither significant deficiencies nor material weaknesses
68. Which of the following would be least likely to be regarded as a test of a control?

a. Tests of the additions to property by physical inspection

b. Comparisons of the signatures on cancelled checks to the authorized check signer
list
c. Tests of signatures on purchase orders
d. Recalculation of payroll deductions

69. Which of the following statements is correct concerning the understanding of internal control needed by
auditors?

a. The auditors must understand the information system, not the accounting system
b. The auditors must understand monitoring and all preliminary accounting controls
c. The auditors must have a sufficient understanding to assess the risks of material
misstatement
d. The auditors must understand the control environment, risk assessment, and all
control activities
70. On financial statement audits, it is required that the auditors obtain an understanding of internal control,
including:

a. Its operating effectiveness

b. Whether it has been implemented (placed in operation)
c. Performing tests of controls for all material controls
d. Its ability to provide reasonable assurance

8
71. This organization developed a set of criteria that provide management with a basis to evaluate controls
not only over financial reporting, but also over the effectiveness and efficiency of operations and
compliance with laws and regulations:

a. Foreign Corrupt Practices Corporation

b. Committee of Sponsoring Organizations
c. Cohen Commission
d. Financial Accounting Standards Board
72. Which statement is correct concerning the definition of internal control developed by the Committee of
Sponsoring Organizations (COSO)?

a. Its applicability is largely limited to internal auditing applications

b. It is recognized in the Statements on Auditing Standards
c. It emphasizes the effectiveness and efficiency of operations over the reliability of
financial reporting
d. It suggests that it is important to view internal control as an end product as
contrasted to a process or means to obtain an end
73. Which statement is correct concerning the relevance of various types of controls to a financial statement
audit?

a. An auditor may ordinarily ignore the consideration of controls when a substantive

audit approach is used
b. Controls over the reliability of financial reporting are ordinarily most directly
relevant to an audit, but other controls may also be relevant
c. Controls over safeguarding assets and liabilities are of primary importance, while
controls over the reliability of financial reporting may also be relevant
d. All controls are ordinarily relevant to an audit

74. Which of the following is not ordinarily considered a factor indicative of increased financial reporting
risk when an auditor is considering a client's risk assessment policies?

a. Salaried sales personnel

b. Implementation of a new information system
c. Rapid growth of the organization
d. Corporate restructuring
75. When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed
level of control risk will:

a. Be less than the preliminary assessed level of control risk

b. Equal the preliminary assessed level of control risk
c. Equal the actual control risk
d. Be less than the actual control risk
76. The provisions of the Foreign Corrupt Practices Act apply to:

9
 a. All U.S. corporations
b. All U.S. corporations that engage in foreign operations
c. All corporations that must file under the Securities Exchange Act of 1934
d. All U.S. partnerships and corporations
77. During financial statement audits, the auditors' consideration of their clients' internal control is integral to
both assess the risk of material misstatement and to:

a. Assess inherent risk

b. Design further audit procedures
c. Assess compliance with the Foreign Corrupt Practices Act
d. Provide a reasonable basis for an opinion on compliance with applicable laws
78. Which of the following is not a primary procedure auditors use to obtain sufficient knowledge about the
design of the relevant controls and to determine whether they have been implemented (placed in
operation)?

a. Previous experience with the entity

b. Inquiries of appropriate management personnel
c. Performance of substantive procedures
d. Inspection of document and records
79. For effective internal control, which of the following functions should not be assigned to the company's
accounting department?

a. Reconciling accounting records with existing assets

b. Recording financial transactions
c. Signing payroll checks
d. Preparing financial reports
80. Which of the following is true about the auditors' consideration of internal control in a financial statement
audit?

a. The auditors must assess control risk at a level lower than the maximum
b. The auditors must prepare a flowchart description of internal control for their
working papers
c. The auditors must obtain an understanding of the steps in processing major types
of transactions
d. The auditors must perform tests of controls

81. Which of the following is least likely to be considered a risk assessment procedure relating to internal
control?

a. Counting marketable securities at year-end

b. Inquiries of client personnel
c. Inspecting documents and reports

10
 d. Observing the application of specific controls

82. Which of the following is not a factor that is considered a part of the client's overall control
environment?

a. The organizational structure

b. The information system
c. Management philosophy and operating style
d. Board of directors
83. After documenting the client's prescribed internal control, the auditors will often perform a walk-through
of each transaction cycle. An objective of a walk-through is to:

a. Verify that the controls have been implemented (placed in operation)

b. Replace tests of controls
c. Evaluate the major strengths and weaknesses in the client's internal control
d. Identify weaknesses to be communicated to management in the management letter
84. Which of the following is correct with respect to control deficiencies discovered during an audit?

a. Auditors must communicate and recommend corrections relating to all material

weaknesses in internal control
b. All material weaknesses in internal control are also significant deficiencies
c. All such matters must be communicated to the audit committee and regulatory
agencies
d. All control deficiencies are also significant deficiencies

85. The use of fidelity bonds protects a company from embezzlement loses and also:

a. Minimizes the possibility of employing persons with dubious records in positions

of trust
b. Reduces the company's need to obtain expensive business interruption insurance
c. Allows the company to substitute the fidelity bonds for various parts of internal
control
d. Protects employees who made unintentional errors from possible monetary
damages resulting from such errors
86. In the consideration of internal control, the operating effectiveness of controls is tested by:

a. Flowcharts verification
b. Tests of controls
c. Substantive procedures
d. Decision tables
87. A material weakness involves an amount that is

a. Smaller than inconsequential

b. Larger than inconsequential
11
 c. Tolerable
d. Material

88. Well-designed internal control that is functioning effectively is most likely to detect an fraud arising
from:

a. The fraudulent action of several employees

b. The fraudulent action of an individual employee
c. Informal deviations from the official organization chart
d. Management fraud
89. Controls are not designed to provide assurance that:

a. Transactions are executed in accordance with management's authorization

b. Fraud will be eliminated
c. Access to assets is permitted only in accordance with management's authorization
d. The recorded accountability for assets is compared with the existing assets at
reasonable intervals
90. Which of the following is least likely to be a factor that might indicate to an auditor that an identified risk
of misstatement requires special audit consideration?

a. Complex calculations are involved

b. The rate of technological change is moderate in the industry
c. The potential for fraud seems high
d. Various subjective methods of application of a key accounting policy exist
91. If the independent auditors decide that the work performed by the internal auditors may have a bearing on
their own procedures, they should consider the internal auditors':

a. Competence and objectivity

b. Efficiency and experience
c. Independence and review skills
d. Training and supervisory skills
92. Which of the following is least likely to be considered an appropriate response relating to risks the
auditors identify at the financial statement level?

a. Assign more experienced staff

b. Incorporate additional elements of unpredictability in the selection of audit
procedures
c. Increase the scope of auditor procedures
d. Emphasize the need to remain neutral, rather than to exercise professional
skepticism
93. Which of the following factors would most likely be considered an inherent limitation to an entity's
internal control?

12
 a. The complexity of the information processing system
b. Human judgment in the decision making process
c. The ineffectiveness of the board of directors
d. The lack of management incentives to improve the control environment
94. Which of the following is intended to detect deviations from prescribed controls?

a. Substantive procedures specified by a standardized audit program

b. Tests of controls designed specifically for the client
c. Analytical procedures as set forth in an industry audit guide
d. Computerized analytical procedures tailored for the configuration of the computer
equipment in use
95. Of the following statements about internal control, which one is not valid?

a. No one person should be responsible for the custodial responsibility and the
recording responsibility for an asset
b. Transactions must be properly authorized before such transactions are processed
c. Because of the cost/benefit relationship, a client may apply control procedures on a
test basis
d. Control activities reasonably insure that collusion among employees can not occur

96. Which of the following would be least likely to be included in an auditor's tests of controls?

a. Inspection
b. Observation
c. Inquiry
d. Analytical procedures
97. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses financial
statements and:

a. Compliance with laws

b. Internal control over asset safeguarding
c. Internal control
d. Suitable criteria
98. When performing an audit of internal control under PCAOB requirements, auditors evaluate control:

Design Effectiveness Operating Effectiveness

A) Yes Yes
B) Yes No
C) No Yes
D) No No

a. Choice A
b. Choice B
c. Choice C
13
 d. Choice D

99. When performing an internal control audit under PCAOB standards, one or more material weaknesses in
internal control that exist at year-end may result in what type of report(s):

Qualified Disclaimer
A) Yes Yes
B) Yes No
C) No Yes
D) No No

a. Choice A
b. Choice B
c. Choice C
d. Choice D
100. Internal control objectives are designed to assist the organization in assuring which of the following:
a. the organization has effective and efficient operations related to its overall strategy
b. the activities of the organization are in compliance with applicable laws and regulations
c. the assets of the organization are safeguarded from theft and fraud
d. all of the above.
101. The quality of an organization's internal controls affects
a. the reliability of financial data.
b. the ability of management to make good decisions.
c. the ability to sustain an effective business.
d. all of the above.
102. Which of the following is not a reason that the auditor must gain an understanding of the client’s internal control
system?
a. to better understand the client, its risks, and how it manages those risks.
b. to assess control risk and identify the types of financial statement misstatements that are
most likely to occur.
c. to plan direct tests of account balances to determine if misstatements have occurred.
d. all are reasons why auditors must gain an understanding of the client’s internal control
system.
103. The tone of internal control typically originates internally with:
a. auditors.
b. employees.
c. management.
d. stockholders.
104. What is management’s primary purpose of effective internal control in an organization?
a. Obtaining high-quality data for making good business decisions.
b. Completion of a successful audit for the entity.
c. Shareholder involvement in the company’s success.
d. Obtaining profitability and financial strength.
105. The control environment includes all of the following except
14
 a. management philosophy and operating style.
b. methods of assigning authority and responsibility.
c. personnel policies and practices.
d. control activities.
106. One of the major components of an organization's internal control structure includes:
a. major new financing.
b. the financial environment.
c. risk assessment.
d. telecommunication equipment.
107. The PCAOB requires auditors of public companies to perform
a. a financial statement audit and an attest audit.
b. a financial statement audit and an assurance audit.
c. a financial statement audit and agreed upon procedures.
d. a financial statement audit and an audit of internal control.
108. Personnel policies and procedures are designed to ensure that the organization
a. hires the right people.
b. complies with federal and state laws in its hiring and retention decisions.
c. has employees that are properly trained and supervised.
d. performs all of the above.
109. Which one of the following represents a classification of control deficiency by the PCAOB?
a. A missing control that is required for achievement of objectives.
b. A control that operates as designed.
c. A control that ensures the reliability of financial reporting.
d. An immaterial individual misstatement in internal control.
110. All of the following are pervasive computer controls except:
a. Planning and controlling the data processing function.
b. Controlling access to equipment, data, and programs.
c. Ensuring data is accessible to management on a timely basis.
d. Controlling applications development and changes to programs.
111. If the auditor of financial statements understands internal control and assesses control risk as low, it is assumed
that internal control:
a. will be tested to support the assessment.
b. is not required to be tested as it is considered strong.
c. is considered relatively weak and will not be tested.
d. has been assessed erroneously by the auditor.
112. Which of the following is an example of a type of control that may be tested?
a. Interest accrued on notes payable.
b. Cash surrender value of life insurance classified as long-term asset.
c. A spreadsheet used to create a pivot table for the summarization of accounts receivable.
d. Reconciliations performed monthly on accounts.
113. Which of the following best represents a walk-through?
a. The controller reviews the bank reconciliation prepared by the accountant and its resulting
journal entries.
b. The auditor walks the production line to find inefficiencies in the inventory process and
15
 reports them to management.
c. The controller takes a sample of write-offs to ensure they have been adequately
documented and recorded.
d. The auditor traces three purchasing transactions from the purchase order to the financial
statement for observation and understanding.
114. Which of the following would result in an adverse report issued by an auditor on an audit of internal control?
a. The control risk is assessed at a lower level.
b. The tests of controls support the documented understanding of controls.
c. There is a material weakness in the design or operation of controls.
d. A confirmation is not returned by a customer in a timely manner.
115. A financial statement auditor concludes that internal controls over cash are not functioning as designed. She
believes that material misstatements to the cash accounts are possible because of the deficiencies. What is the
course of action that the auditor will most likely take?
a. Report the audit to the regulatory agencies of the IRS and SEC.
b. Develop specific tests for cash balances to determine the extent of misstatement.
c. Explain to the client that the audit firm will not be able to complete the audit.
d. Test the internal control over cash.
116. A material weakness in the design of the operation of controls discovered in an audit of internal controls results in:
a. A qualified management letter.
b. An adverse report on internal controls.
c. The firing of the auditors.
d. Adjusting audit journal entries.
117. Which of the following will an auditor perform to better understand a client's internal control over accounting
systems?
a. An auditor will re-test subsequent year working papers.
b. An auditor will review previous year working papers.
c. An auditor will copy previous year working papers.
d. An auditor will re-draft subsequent year working papers.
118. Which of the following will an auditor use to document an understanding of internal control?
a. Checklists, disclosures and procedures.
b. The audit report, internal control opinions and confirmations.
c. Workpapers, engagement letters and management representation letters.
d. Questionnaires, narratives and flowcharts.
119. An auditor's test of transaction processing whereby the auditor is evaluating both the operation and effectiveness of
controls and the correctness and completeness of processing and posting to an account balance is:
a. a test of controls.
b. a substantive test.
c. a dual-purpose test.
d. an analytical review procedure.
120. In order to further understand internal control, an auditor may use inquiry methods by:
a. interviewing key employees to gain further insight into the internal control environment.
b. observing the safeguarding of assets by checking locked doors and safes.
c. tracing a transaction from the boundary of the organization through to the final reporting.
d. documenting thoroughly the internal control through the use of narratives.

16
121. Which of the following is not true of internal control as defined by COSO?
a. it is narrower than internal control over financial reporting.
b. it is a process that includes all elements of internal control working together.
c. it includes all the people in the organization.
d. it starts at the top of the organization in setting a tone.
122. The major components of an organization’s internal controls consists of all of the following except
a. risk assessment.
b. control environment.
c. control activities.
d. control risk
123. When control risk is assessed as high the auditor needs to:
a. perform more tests of controls.
b. perform more direct testing of account balances.
c. perform significantly fewer tests of controls.
d. perform significantly less testing of account balances.
124. A component of COSO’s internal control system concerns the process that provides feedback on the effectiveness
of the other components of internal control. This component is called:
a. information and communication.
b. monitoring.
c. control activities.
d. risk assessment.

17
INTERNAL CONTROL REVIEWER
Answer Section

TRUE/FALSE

1. F
2. T
3. T
4. T
5. T
6. T
7. F
8. T
9. F
10. F
11. T
12. F
13. T
14. T
15. T
16. F
17. T
18. T
19. T
20. F
21. T
22. T
23. T
24. T

MULTIPLE CHOICE

25. B
26. C
27. D
28. D
29. D
30. A
31. B
32. B
33. A
34. B
35. C
36. D
37. C
18
38. D
39. A
40. D
41. C
42. B
43. A
44. C
45. D
46. B
47. A
48. D
49. A
50. D
51. C
52. A
53. B
54. C
55. D
56. D
57. C
58. D
59. C
60. B
61. B
62. C
63. B
64. D
65. B
66. D
67. A
68. A
69. C
70. B
71. B
72. B
73. B
74. A
75. B
76. C
77. B
78. C
79. C
80. C
81. A
82. B
83. A
19
 84. B
85. A
86. B
87. D
88. B
89. B
90. B
91. A
92. D
93. B
94. B
95. D
96. D
97. C
98. A
99. D
100. D
101. D
102. D
103. C
104. A
105. D
106. C
107. D
108. D
109. A
110. C
111. A
112. D
113. D
114. C
115. B
116. B
117. B
118. D
119. C
120. A
121. A
122. D
123. B
124. B

20