Internal Control
CPA MULTIPLE CHOICE QUESTIONS -- INTERNAL CONTROL

1. The independent auditor should acquire an understanding of a client's internal audit function to determine whether the work of internal auditors will be a factor in determining the nature, timing and extent of the independent auditor's procedures. The work performed by internal auditors might be such a factor when the work includes
a) Verification of the mathematical accuracy of invoices.
b) Review of administrative practices to improve efficiency and achieve management objectives.
c) Consideration of the internal control structure.
d) Preparation of internal financial reports for management purposes.

2. Effective I/C in a small company that has insufficient employees to permit proper division of responsibilities can be best enhanced by
a) Employment of temporary personnel to aid in the separation of duties.
b) Direct participation by the owner of the business in the recordkeeping activities of the business.
c) Engaging a CPA to perform monthly "write-up" work.
d) Delegation of full, clear-cut responsibility to each employee for the functions assigned to each.

3. An auditor is considering the internal control system for purchasing and disbursement procedures. The auditor will be least influenced by
a) The availability of a company manual describing purchasing and disbursement procedures.
b) The scope and results of audit work by the company's internal auditor.
c) The existence within the purchasing and disbursement area of internal control strengths that offset weaknesses.
d) The strength or weakness of internal control in other areas, e.g., sales and accounts receivable.

4. In general, material irregularities perpetrated by which of the following are most difficult to detect?
a) Cashier
b) Key-punch operator
c) Internal auditor
d) Controller

5. If, during the course of an annual audit of a publicly held manufacturing company, an independent auditor becomes aware of a reportable condition in the company's internal control, the auditor is required to communicate the reportable condition to
a) The senior management and the board of directors of the company.
b) The senior management of the company.
c) The board of directors of the company.
d) The audit committee of the board of directors.

6. Which of the following best describes the primary reason for the auditor's use of flowcharts during an audit engagement?
a) To comply with the requirements of GAAS.
b) To interpret the operational effectiveness of the client's existing organizational structure.
c) To classify the client's documents and transactions by major operating functions e.g., cash receipts, cash disbursements, etc.
d) To record the auditor's understanding of the client's I/C.

7. The independent auditor should acquire an understanding of the internal audit function as it relates to the independent auditor's consideration of the I/C because
a) The audit program, working papers and reports of internal auditors can often be used as a substitute for the work of the independent auditor's staff.
b) The procedures performed by the internal audit staff may eliminate the independent auditor's need for an extensive consideration of the I/C.
c) The work performed by internal auditors may be a factor in determining the nature, timing and extent of the independent auditor's procedures.
d) The understanding of the internal audit function is an important substantive test to be performed by the independent auditor.

8. The auditor's understanding of the client's I/C is documented in order to substantiate
a) Conformity of the accounting records with generally accepted accounting principles.
b) Compliance with generally accepted auditing standards.
c) Adherence to requirements of management.
d) The fairness of the financial statement presentation.

9. The ICS normally would include procedures that are designed to provide reasonable assurance that
a) Employees act with integrity when performing their assigned tasks.
b) Transactions are executed in accordance with management's general or specific authorization.
c) Decision processes leading to management's authorization of transactions are sound.
d) Collusion activities would be detected by segregation of employee duties.

10. In general, a reportable condition may be defined as a condition in which material errors or irregularities ordinarily would not be detected within a timely period by
a) An auditor during the normal consideration of the internal controls.
b) A controller when reconciling accounts in the general ledger.
c) Employees in the normal course of performing their assigned duties.
d) The chief financial officer when reviewing interim F/S.

11. Proper segregation of functional responsibilities calls for separation of the
a) Authorization, approval and execution functions.
b) Authorization, execution and payment functions.
c) Receiving, shipping and custodial functions.
d) Authorization, recording and custodial functions.

12. The ultimate risk against which the auditor requires reasonable protection is a combination of two separate risks. The first of these is that material errors will occur in the accounting process by which the F/S are developed, and the second is that
a) A company's internal control system is not adequate to detect errors and irregularities.
b) Those errors that occur will not be detected by the auditor's examination.
c) Management may possess an attitude that lacks integrity.
d) Evidential matter is not competent enough for the auditor to form an opinion based on reasonable assurance.

13. When an independent auditor decides that the work performed by internal auditors may have a bearing on the nature, extent and timing of the independent auditor's procedures, the independent auditor should evaluate the competence and objectivity of the internal auditors. Relative to objectivity, the independent auditor should
a) Consider the organizational level to which internal auditors report the results of their work.
b) Review the training program in effect for the internal auditors.
c) Examine the quality of the internal audit reports.
d) Consider the qualifications of the internal audit staff.

14. To provide the greatest degree of independence in performing internal auditing functions, an internal auditor should probably report to the
a) Financial vice-president.
b) Corporate controller.
c) Board of directors.
d) Corporate stockholders.

15. When considering the client's ICS to determine whether the necessary procedures are prescribed and are followed satisfactorily, an auditor must
a) Develop questionnaires and checklists.
b) Review the ICS and perform tests of controls.
c) Perform tests of controls and analytical procedures.
d) Evaluate administrative policies.

16. After the auditor has prepared a flowchart of the I/C surrounding sales and evaluated the design of the ICS, the auditor would perform tests of controls on all internal control procedures
a) Documented in the flowchart.
b) Considered to be weaknesses that might allow errors to enter the accounting system.
c) Considered to be strengths that the auditor plans to rely on.
d) That would aid in preventing irregularities.

17. A consideration of the ICS made in connection with an annual audit is usually not sufficient to express an opinion on an entity's internal control because
a) Weaknesses in the ICS may go unnoticed during the audit period.
b) A consideration of the ICS is not necessarily made during an audit engagement.
c) Only those controls on which an auditor intends to rely are reviewed, tested and evaluated.
d) Internal controls can change each year.

18. Which of the following would be least likely to suggest to an auditor that the client's management may have overridden the ICS?
a) There are numerous delays in preparing timely internal financial reports.
b) Management does not correct I/C weaknesses that it knows about.
c) Differences are always disclosed on a computer exception report.
d) There have been two new controllers this year.

19. Which of the following is intended to detect deviation from prescribed Accounting Department procedures?
a) Substantive test specified by a standardized audit program.
b) Tests of controls designed specifically for the client.
c) Analytical procedures as designed in the industry audit guide.
d) Computerized analytical tests tailored for the configuration of EDP equipment in use.

20. The independent auditor selects several transactions in each functional area and traces them through the entire system, paying special attention to evidence about whether or not the control features are in operation. This is an example of a
a) Control test.
b) Tests of controls
c) Substantive test
d) Functional test.

21. In the consideration of the ICS, the auditor is basically concerned that the system provides reasonable assurance that
a) Management can not override the system.
b) Operational efficiency has been achieved i/a/w management plans.
c) Errors have been prevented or detected.
d) Controls have not been circumvented by collusion.

22. During the audit, the independent auditor identified the existence of a reportable condition in the client's system of internal controls and orally communicated this finding to the client's senior management and audit committee. The auditor should
a) Consider the reportable condition a scope limitation and therefore disclaim an opinion.
b) Document the matter in the working papers and consider the effects of the condition on the audit.
c) Suspend all audit activities pending directions from the client's audit committee.
d) Withdraw from the engagement.

23. Which of the following statements concerning the independent auditor's required communication of reportable conditions is correct?
a) Conditions reported at interim dates must be repeated in the final communication.
b) If the auditor does not become aware of any reportable conditions during the examination, that fact must be communicated.
c) Conditions that had been reported in prior year's communications and have not been corrected need not be repeated in the current year's communication.
d) Although written communication is preferable, the auditor may communicate the findings orally.

24. Which of the following is least likely to be evidence the auditor examines to determine whether operations are in compliance with the internal control system?
a) Records documenting usage of EDP programs.
b) Canceled supporting documents.
c) Confirmations of accounts receivable.
d) Signatures on authorization forms.

25. The auditor's communication of reportable conditions in internal control is
a) Required to enable the auditor to state that the examination has been made in accordance with GAAS.
b) The principal reason for considering the ICS.
c) Incident to the auditor's objective of forming an opinion as to the fair presentation of the financial statements.
d) Required to be documented in a written report to the board of directors or the board's audit committee.

26. An auditor may compensate for a condition in the ICS by increasing the
a) Level of detection risk.
b) Extent of tests of controls.
c) Preliminary judgment about audit risk.
d) Extent of analytical procedures

27. After considering the client's internal controls, an auditor has concluded that I/C is well designed and is functioning as intended. Under these circumstances, the auditor would most likely
a) Perform tests of controls to the extent outlined in the audit program.
b) Determine the control procedures that should prevent or detect errors and irregularities.
c) Not increase the extent of predetermined substantive tests.
d) Determine whether transactions are recorded to permit preparation of F/S in conformity with GAAP.

28. The use of fidelity bonds may indemnify a company from embezzlement losses. The use also
a) Reduces the company's need to obtain expensive business interruption insurance.
b) Protects employees who make unintentional errors from possible monetary damages resulting from such errors.
c) Allows the company to substitute the fidelity bonds for various parts of internal control.
d) Reduces the possibility of employing persons with dubious records in positions of trust.

29. Which of the following procedures most likely would be included as part of an auditor's tests of controls?
a) Inspection.
b) Reconciliation.
c) Confirmation.
d) Analytical procedures.

30. If the independent auditors decide that the work performed by the internal auditor may have bearing on their own procedures, they should consider the internal auditor's
a) Competence and objectivity.
b) Efficiency and experience.
c) Independence and review skills.
d) Training and supervisory skills.

31. Which statement is correct concerning the definition of internal control developed by the Committee of Sponsoring Organizations (COSO)?
a) Its applicability is largely limited to internal auditing applications.
b) It is recognized in the Statement on Auditing Standards.
c) It emphasizes the effectiveness and efficiency of operations rather than the reliability of financial reporting.
d) It suggests that it is important to view internal control as an end product as contrasted to a process or means to obtain an end.

32. Monitoring is considered
a) A component of internal control.
b) An element of the control environment.
c) The primary asset safeguarding technique.
d) A portion of information and communication.

33. Which of the following is not a factor included in the control environment?
a) Integrity and ethical values.
b) Risk assessment.
c) Commitment to competence.
d) Organizational structure.

34. An entity's ongoing monitoring activities often include
a) Periodic audits by the audit committee.
b) Reviewing the purchasing function.
c) The audit of the annual financial statements.
d) Control risk assessment in conjunction with quarterly reviews.

35. The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) and included in the professional standards includes the reliability of financial reporting, the effectiveness and efficiency of operations and
a) Compliance with applicable laws and regulations.
b) Effectiveness of prevention of fraudulent occurrences.
c) Safeguarding of entity assets.
d) Incorporation of ethical business practice standards.

36. Which statement is correct concerning the relevance of various types of controls to a financial audit?
a) An auditor may ordinarily ignore a consideration of controls when a substantive audit approach is taken.
b) Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit but other controls may also be relevant.
c) Controls over safeguarding of assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant.
d) All controls are ordinarily relevant to an audit.

37. Which of the following is not ordinarily considered a factor indicative of increased financial reporting risk when an auditor is considering a client's risk assessment policies?
a) Commissioned sales personnel.
b) Implementation of a new information system.
c) Rapid growth organization.
d) Corporate restructuring.

38. While obtaining an understanding of a client's risk assessment policies, an auditor does not ordinarily include how management
a) Identifies risk.
b) Eliminates significant risks.
c) Assesses the likelihood of occurrence of events due to significant risks.
d) Relates risk assessment to financial reporting.

39. When an auditor considers a client's internal control, which of the following is ordinarily a type of control activity that is considered?
a) Risk assessment over cash disbursements.
b) Segregation of duties over payroll.
c) Inclusion of the president as a member of the audit committee.
d) Management's monitoring policies over cash receipts.

40. When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level of control risk will
a) Be less than the planned assessed level of control risk.
b) Equal the planned assessed level of control risk.
c) Equal the actual control risk.
d) Be less than the actual control risk.

41. Which of the following is not a control that is designed to protect investment securities?
a) Custody over securities should be limited to individuals who have record keeping responsibility over the securities.
b) Securities should be properly controlled physically in order to prevent unauthorized usage.
c) Access to securities should be vested in more than one individual.
d) Securities should be registered in the name of the owner.



CPA Question Index Page
Back to Prof. Atkinson's home page