CHAPTER 6
MULTIPLE CHOICE
b

1. In general, a material weakness in internal control may be defined as a condition in which
material errors or irregularities may occur and not be detected within a timely period by
a. An independent auditor during tests of controls.
b. Employees in the normal course of performing their assigned functions.
c. Management when reviewing interim financial statements and reconciling account balances.
d. Outside consultants who issue a special-purpose report on internal control structure.
(AICPA ADAPTED)

b

2.
a.
b.
c.
d.

Internal control procedures are not designed to provide reasonable assurance that
Transactions are executed in accordance with management's authorization.
Irregularities will be eliminated.
Access to assets is permitted only in accordance with management's authorization.
The recorded accountability for assets is compared with the existing assets at reasonable intervals.
(AICPA
ADAPTED)

c

3. Which of the following is the correct order for performing the auditing procedures A through C

below?
A = Tests of controls
B = Preparation of a flowchart depicting the client's internal control structure
C = Substantive tests
ABC.
ACB.
BAC.
BCA.
(AICPA ADAPTED)
a

4.
a.
b.
c.

A secondary purpose of the auditor's consideration of internal control is to provide
A basis for constructive suggestions about improvements in internal control structure.
A basis for assessing control risk.
An assurance that the records and documents have been maintained in accordance with existing
company policies and procedures.
d. A basis for the determination of the resultant extent of the tests to which auditing procedures are
to be restricted.
(AICPA ADAPTED)

c

5. When considering internal control, an auditor must be aware of the concept of reasonable
assurance, which recognizes that
Employment of competent personnel provides assurance that the objectives of internal control will be

achieved.
Establishment and maintenance of internal control is an important responsibility of the management and
not of the auditor.
Cost of internal control procedures should not exceed the benefits expected to be derived from the
control.
Segregation of incompatible functions is necessary to ascertain that the control procedures are effective.
(AICPA ADAPTED)

37


b

6. After considering a client's internal control, an auditor has concluded that the system is well
designed and is functioning as anticipated. Under these circumstances, the auditor would most
likely
a. Cease to perform further substantive tests.
b. Not increase the extent of planned substantive tests.
c. Increase the extent of anticipated analytical procedures.
d. Perform all tests of controls to the extent outlined in the preplanned audit program.
(AICPA ADAPTED)

c

7. The primary purpose of the auditor's consideration of internal control is to provide a basis for
Determining whether procedures and records that are concerned with the safeguarding of assets are
reliable.
Constructive suggestions to clients concerning deficiencies in internal control.
Determining the nature, timing, and extent of audit tests to be applied.
The expression of an opinion.

(AICPA ADAPTED)
b 8. The purpose of tests of controls is to provide reasonable assurance that the
Accounting treatment of transactions and balances is valid and proper.
Control procedures are functioning as intended.
Entity has complied with disclosure requirements of GAAP.
Entity has complied with requirements of quality control.
(AICPA ADAPTED)
b

9.
a.
b.
c.
d.

The auditor's review of the client's internal control is documented in order to substantiate
Conformity of the accounting records with GAAP.
Compliance with generally accepted auditing standards.
Adherence to requirements of management.
The fairness of the financial statement presentation.
(AICPA ADAPTED)

d

10.
a.
b.
c.

a


11.
a.
b.
c.
d.

a

12. The auditor is examining copies of sales invoices only for the initials of the person responsible for
checking the extensions. This is an example of a
a. Test of controls.
b. Substantive test.
c. Dual-purpose test.
d. Test of balances.
(AICPA ADAPTED)

After consideration of a client's internal control, an auditor might decide to
Increase the extent of substantive testing in areas where the control structure is strong.
Reduce the extent of tests of controls in areas where the controls are strong.
Reduce the extent of both substantive tests and tests of controls in areas where the controls are
strong.
d. Increase the extent of substantive testing in areas where the controls are weak.
(AICPA
ADAPTED)
After documenting internal control in an audit engagement, the auditor may perform tests on
Those controls that the auditor plans to rely on.
Those controls in which deficiencies were identified.
Those controls that have a material effect on the financial statement balances.
A random sample of the controls that were reviewed.

(AICPA ADAPTED)

38


39


b

13. In an auditor's consideration of internal control, the completion of a questionnaire is most closely
associated with which of the following?
a. Separation of duties.
b. Understanding the system.
c. Flowchart accuracy.
d. Tests of controls.
(AICPA ADAPTED)

b

14. The reliance placed on substantive tests in relation to control risk varies in a relationship that is
ordinarily
Parallel.
Inverse.
Direct.
Equal.
(AICPA ADAPTED)
c

15.

a.
b.
c.
d.

The auditor observes client employees in order to
Prepare a flowchart.
Update information contained in the organization and procedure manuals.
Corroborate the information obtained during the initial review of the system.
Determine the extent of compliance with quality control standards.
(AICPA ADAPTED)

c

16. A consideration of internal control made during an audit is usually not sufficient to express an
opinion on an entity's controls because
Weaknesses in the system may go unnoticed during the audit engagement.
A consideration of internal control is not necessarily made during an audit engagement.
Only those controls on which an auditor intends to rely are reviewed, tested, and evaluated.
Controls can change each year.
(AICPA ADAPTED)
a

17. An auditor's report on internal control of a publicly held company would ordinarily be of least
use to
a. Shareholders.
b. Officers.
c. Directors.
d. Regulatory agencies.
(AICPA ADAPTED)


a

18.
a.
b.
c.

d

19.
a.
b.
c.
d.

a

The accountant's report expressing an opinion on an entity's internal controls should state that the
Establishment and maintenance of internal control is the responsibility of management.
Objectives of the client's internal controls are being met.
Consideration of the internal controls was conducted in accordance with generally accepted
auditing standards.
d. Inherent limitations of the client's internal controls were examined.
(AICPA ADAPTED)
The accountant's report expressing an opinion on an entity's internal controls would not include a
Description of the scope of the engagement.
Specific date that the report covers rather than a period of time.
Brief explanation of the broad objectives and inherent limitations of internal control.
Statement that the entity's internal controls are consistent with that of the prior year after giving

effect to subsequent changes.
(AICPA ADAPTED)
20. A CPA's consideration of internal control in an audit
a. Is generally more limited than that made in connection with an engagement to express an opinion
on internal control.


b. Is generally more extensive than that made in connection with an engagement to express an
opinion on internal control.
c. Will generally be identical to that made in connection with an engagement to express an opinion
on internal control.
d. Will generally result in the CPA expressing an opinion on the internal control.
(AICPA ADAPTED)
c

21.
a.
b.
c.
d.

The auditor who becomes aware of reportable conditions is required to communicate this to the
Audit committee and client's legal counsel.
Board of directors and internal auditors.
Senior management and board of directors.
Internal auditors and senior management.
(AICPA ADAPTED)

d


22. Which of the following is not a purpose of an auditor's attempt to understand internal control
when a client processes accounting information by computer?
Determine the extent to which the computer is used in significant accounting applications.
Understand the flow of transactions in the system.
Comprehend the basic structure of accounting control.
Identify the controls that can be relied on when designing substantive tests of details.
(AICPA ADAPTED)
d

23. Which of the following is likely to be of least importance to an auditor when assessing control
risk in a company that processes data by computer?
The segregation of duties within the computer department.
The control over source documents.
The documentation maintained for accounting applications.
The cost-benefit ratio of data processing operations.
(AICPA ADAPTED)
b

24. In considering a client's internal control structure in a computer environment, the auditor will
encounter general controls and application controls. Which of the following is an application
control?
Organization charts.
Hash total.
Systems flowcharts.
Control over program changes.
(AICPA ADAPTED)
a

25. Auditing by testing the input and output of a computer system--i.e., auditing "around" the
computer--instead of the computer software itself will

a. Not detect program errors that do not appear in the output sampled.
b. Detect all program errors, regardless of the nature of the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results of the auditing procedures.
(AICPA ADAPTED)


b

26. Smith Corporation has numerous customers. A customer file is kept on disk. Each customer file
contains the name, address, credit limit, and account balance. The auditor wishes to test this file
to determine whether credit limits are being exceeded. The best procedure for the auditor to
follow would be to
Develop test data that would cause some account balances to exceed the credit limit and determine if the
system properly detects such situations.
Develop a program to compare credit limits with account balances and print out the details of any account
with a balance exceeding its credit limit.
Request a printout of all account balances so they can be manually checked against the credit limits.
Request a printout of a sample of account balances so they can be individually checked against the credit
limits.
(AICPA ADAPTED)
a

27. Which of the following methods of testing application controls utilizes software prepared by the
auditors and applied to the client's data?
a. Parallel simulation.
b. Integrated test facility.
c. Test data.
d. Exception report tests.
(AICPA ADAPTED)


c 28. The test–data method is used by auditors to test the
Accuracy of input data.
Validity of the output.
Procedures contained within the program.
Normalcy of distribution of test data.

(AICPA ADAPTED)

c 29. Which of the following is true of generalized audit software?
They can be used only in auditing on-line computer systems.
They can be used on any computer without modification.
They each have their own characteristics, which the auditor must carefully consider before using in a
given audit situation.
They enable the auditor to perform all manual compliance test procedures less expensively.
(AICPA ADAPTED)
d

30. Assume that an auditor estimated that 10,000 checks were issued during the accounting period. If
an application control that performs a limit check for each check request is to be subjected to the
auditor's test–data approach, the sample should include:
a. Approximately 1,000 test items.
b. A number of test items determined by the auditor to be sufficient under the circumstances.
c. A number of test items determined by the auditor's reference to the appropriate sampling tables.
d. One transaction.
(AICPA ADAPTED)

d

31.

a.
b.
c.
d.

PC DOS, MS DOS, and AppleDOS are examples of
Application software.
Generalized audit software.
Database management systems.
Operating software.


c

32.
a.
b.
c.
d.

Which of the following is not an example of a computer-assisted audit technique?
Integrated test data.
Audit modules.
Disk operating systems.
Audit hooks.

c

33. Which of the following statements most likely represents a disadvantage for an entity that
maintains computer data files rather than manual files?

a. It's usually more difficult to detect transposition errors.
b. Transactions are usually authorized before they are executed and recorded.
c. It's usually easier for unauthorized persons to access and alter the files.
d. Random error is more common when similar transactions are processed in different ways.

b

34. Transaction authorization within an organization may be either specific or general. An example of
specific transaction authorization is the
a. Setting of automatic reorder points.
b. Approval of a construction budget for a new warehouse.
c. Establishment of a customer's credit limits.
d. Establishment of sales prices.
(AICPA ADAPTED)

a

35.
a.
b.
c.
d.

b

36. An auditor should consider the competence of a client's employees because their competence
bears directly and importantly on the
a. Cost-benefit relationship of internal control.
b. Achievement of the objectives of internal control.
c. Comparison of recorded accountability with assets on hand.

d. Timing of the tests to be performed.
(AICPA ADAPTED)

a

37.
a.
b.
c.
d.

d

38. Which of the following statements about internal control is correct?
a. Properly maintained internal controls reasonably assure that collusion among employees cannot
occur.
b. Establishing and maintaining internal control is the internal auditor's responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests of details.
d. The cost-benefit relationship should be considered in designing internal controls.
(AICPA ADAPTED)

Proper segregation of functional responsibilities calls for separation of the functions of
Authorization, execution, and recording.
Authorization, execution, and payment.
Custody, execution, and reporting.
Authorization, payment, and recording.
(AICPA ADAPTED)

Which of the following elements is not a part of an entity's internal controls?
Control risk.

Control activities.
The accounting system.
The control environment.
(AICPA ADAPTED)


b

39. Which of the following is not done by an auditor when obtaining an understanding of an entity's
internal controls?
a. Identify the types of potential misstatements that can occur.
b. Consider the operating effectiveness of the internal controls.
c. Design substantive tests.
d. Consider factors that affect the risk of material misstatements.
(AICPA ADAPTED)

c

40.
a.
b.
c.
d.

Which of the following audit tests would be a test of controls?
Tests of the specific items making up the balance in a financial statement account.
Comparing inventory prices to vendors' invoices.
Comparing signatures on canceled checks to board of directors' authorizations.
Tests of the additions to property, plant, and equipment by physical inspections.
(AICPA ADAPTED)


c

41.
a.
b.
c.
d.

The sequence of steps in gathering evidence as the basis of the auditor's opinion is:
Substantive tests, documentation of control structure, and tests of controls.
Documentation of control structure, substantive tests, and tests of controls.
Documentation of control structure, tests of controls, and substantive tests.
Tests of controls, documentation of control structure, and substantive tests.
(AICPA ADAPTED)

c

42. Which of the following procedures is essential to determining whether necessary control activities
were prescribed and are being followed?
a. Developing questionnaires and checklists.
b. Evaluating the entity's procedures for risk assessment.
c. Documenting and testing controls.
d. Observing employees and making inquiries.
(AICPA ADAPTED)

b

43.
a.

b.
c.
d.

Evidence about segregation of duties is best obtained by
Inspecting documents that contain the initials of who performed control activities.
Direct personal observation of employees who perform control activities.
Preparing a flowchart of who performs the duties.
Making inquiries of coworkers about the employee who performs the duties.
(AICPA ADAPTED)

a

44.
a.
b.
c.
d.

An auditor's flowchart of a client's internal controls is a diagram depicting the auditor's
Understanding of the internal controls.
Program for tests of controls.
Documentation of having considered the internal controls.
Understanding of the types of irregularities that are probable.
(AICPA ADAPTED)

a

45.
a.

b.
c.
d.

An auditor is required to communicate significant deficiencies in internal control to
Audit committee of the board of directors.
Creditors and board of directors.
Board of directors and internal auditors.
Internal auditors and senior management.
(AICPA ADAPTED)


b

46. An auditor has concluded that a client's internal controls are well designed and functioning as
expected. Under these circumstances the auditor would most likely
a. Cease to perform further substantive tests.
b. Not increase the extent of planned substantive tests.
c. Increase the extent of planned analytical procedures.
d. Perform all tests of controls to the extent outlined in the audit program. (AICPA ADAPTED)

b

47. Reportable conditions are matters that come to an auditor's attention and that should be
communicated to an entity's audit committee because they represent
a. Material irregularities or illegal acts perpetrated by management.
b. Significant deficiencies in the design or operation of internal control.
c. Flagrant violations of the entity's documented conflict-of-interest policies.
d. Intentional attempts by client personnel to limit the scope of the auditor's work.
(AICPA ADAPTED)


d

48. Which of the following statements best describes a weakness often associated with computers?
a. Computer equipment is more subject to systems error than manual processing is subject to human
error.
b. Computer equipment processes and records similar transactions in a similar manner.
c. Control activities for detecting invalid and unusual transactions are less effective than manual
control activities.
d. Functions that would normally be separated in a manual system are combined in a computer
system.
(AICPA ADAPTED)

b

49. Accounting functions that are normally considered incompatible in a manual system are often
combined by computer software. This necessitates an application control that prevents
unapproved
a. Access to the computer library.
b. Revisions to existing software.
c. Usage of software.
d. Testing of modified software.
(AICPA ADAPTED)

b

50.
a.
b.
c.

d.

b

51. An auditor's consideration of a company's computer control activities has disclosed the following
four circumstances. Indicate which circumstance constitutes a significant deficiency in internal
control.
a. Computer operators do not have access to the complete software support documentation.
b. Computer operators are closely supervised by programmers.
c. Programmers are not authorized to operate computers.
d. Only one generation of backup files is stored in an off-premises location. (AICPA ADAPTED)

When software or files can be accessed from on-line servers, users should be required to enter
A parity check.
A personal identification code.
A self-diagnosis test.
An echo check.


a

52. A control feature requires the computer to send signals to the printer to activate the print
mechanism for each character. The print mechanism, just prior to printing, sends a signal back to
the computer verifying that the proper print position has been activated. This type of hardware
control is referred to as a/an
a. Echo check.
b. Validity check.
c. Signal check.
d. Check digit.
(AICPA ADAPTED)


d

53.
a.
b.
c.
d.

b

In a computer system, hardware controls are designed to
Arrange data in a logical sequence for processing.
Correct errors in software.
Monitor and detect errors in source documents.
Detect and control errors arising from use of equipment.

(AICPA ADAPTED)

54. The primary objective of procedures performed to obtain an understanding of internal control is
to provide an auditor with
a. Evidential matter to use in reducing detection risk.
b. Knowledge necessary to plan the audit.
c. A basis from which to modify tests of controls.
d. Information necessary to prepare flowcharts.
(AICPA ADAPTED)
SHORT ANSWER
1.

Describe what is meant by reportable conditions.

Answer:
Reportable conditions are significant deficiencies in internal control discovered during an audit
that could adversely affect the entity’s ability to record, process, summarize, and report financial
data.

2. Explain the purpose of the COSO report and what objectives it achieves.
Answer:
The COSO Report defines internal control as “a process effected by an entity’s board of directors,
management, and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
 Effectiveness and efficiency of operations.
 Reliability of financial reporting.
 Compliance with applicable laws and regulations.”
3. What are the three phases of an entity’s internal controls that must be considered by an auditor?
Answer:
i.
ii.
iii.

Obtain an understanding of how management has designed policies and procedures
for the control environment, risk assessment, the control activities, information and
communication, and monitoring.
Assess control risk for the policies and procedures that have been placed in operation.
Determine the nature, timing, and extent of substantive tests.


4. Explain how restricted use reports differ from general use reports.
Answer:
Restricted use reports are intended for specified parties in contrast to general use reports that
are not intended for use by specified parties.

5. Explain the importance of segregation of duties in the control environment. Also describe how to
achieve this important control function.
Answer:
Segregation of duties or responsibilities aid in preventing any one employee, acting alone, from
committing and concealing frauds. Optimum segregation of duties exists when collusion is
necessary to circumvent controls.
To achieve optimum segregation of responsibilities or duties, an entity’s management, custodial
accounting, and monitoring functions should be performed by different employees. Transaction
authorization, transaction execution, transaction recording, and independent checks on
performance must be performed by different employees.
PROBLEMS
1. In a well-designed and executed audit, the auditor’s objective in considering an entity’s control
environment is to obtain an understanding of management’s and the board of directors’ attitude,
awareness, and actions concerning the following items:
a. Integrity and ethical values
b. Human resource policies and practices
c. Commitment and competence
d. Assignment of authority and responsibility
e. Board of directors or audit committee
f. Organizational structure
g. Management’s philosophy and operating style.
For each of the items above please provide one example of what knowledge the auditor is
attempting to obtain.
Answer:
a. Do codes of conduct describe acceptable business practice, conflicts of interest, and
standards of ethical behavior?
b. Are there policies for hiring, training, promoting, and compensating employees?
c. Are employees committed to quality?
d. Are the responsibilities of key managers defined?
e. Is the board independent of management?

f. Does information flow to the appropriate levels of management?
g. What is management’s attitude toward manipulated or falsified records?
2. Name and describe the four steps in obtaining an understanding of internal control.


Answer:
1. Performing a preliminary review – Before expending time and effort to document an
entity’s internal controls, an auditor first reviews prior-year audit working papers and client
procedures manuals, makes inquiries of management, and observes client personnel to obtain
a general understanding of the control environment, management’s assessments of the risk
they face, the control activities, the flow of information and communication throughout the
accounting system, and how management monitors internal controls.
2. Documenting the system’s internal controls and identifying transaction cycles – An
auditor uses one or more of three means to document an entity’s internal control: narrative
memoranda, flowcharts, and questionnaires.
3. Performing a transaction walk-through – A single transaction for each major segment of
the internal controls is selected and followed through the accounting system.
4. Identifying controls that reduce to a relatively low level the risk of material
misstatements – An auditor evaluates whether the entity’s control activities can be relied on
in assessing control risk below the maximum.