Your Results:The correct answer for each question is indicated by a .

1 INCORRECT Auditors obtain an understanding of a non-public client's internal

control structure for the primary purpose of:

A)Gathering sufficient evidence to provide a reasonable basis for an opinion on the financial statements.

B)Determining the nature, extent, and timing of subsequent audit procedures to be performed.

C) Determining whether interim audit testing is appropriate.

D)Providing documentary evidence to present to the audit committee.

2 INCORRECT Internal controls are designed to achieve company objectives in all of

the following areas except:

A) Safeguarding of assets

B) Reliability of financial reporting

C) Reduction of debt financing costs

D) Compliance with laws and regulations

3 INCORRECT Which of the following is not one of the five major components of

internal control?

A) Risk assessment

B) Control activities

C) Information and communication system

D) Human resource background checks

4 INCORRECT Which of the following is a proper reason for not conducting tests of

controls for non-public companies?

A) The internal control structure appears very strong.

B)The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.

C)The company does not have any flowcharts of their system available for review.

D) The auditor prefers the control risk to be the minimum

5 INCORRECT For non-public companies with preliminary control risk assessments

set at the maximum level, auditors are likely to

A) Use a reliance strategy.

B) Complete little or no tests of controls.

C) Complete interim testing of account balances.

D) Test controls extensively.

6 INCORRECT According to the COSO Framework, which of the following

represents the correct sequence of audit steps which come after first obtaining an understanding and documenting the client's internal control structure:

A)Test of Controls, Assess Control Risk, Determine Extent of Substantive Tests, Reassess Control Risk (CR)

B)Assess Control Risk, Test of Controls, Determine Extent of Substantive Testing, Reassess CR

C)Assess Control Risk, Determine Extent of Substantive Testing, Test of Controls, Reassess CR

D)Assess Control Risk, Test of Controls, Reassess CR, Determine Extent of Substantive Testing

7 INCORRECT Which of the following statements regarding auditor documentation

of the client's internal control structure is correct?

A) Documentation must include narrative memorandums.

B)No documentation is necessary to satisfy GAAS, however, oral inquiry is required at minimum

C)Internal control questionnaires are specifically tailored to meet the needs of each individual client

D)No one particular form of documentation is necessary, and the extent of documentation may vary.

8 CORRECT

An auditor may need to obtain a service auditor's report when a client receives accounting services such as payroll from a service organization. Which of the following statements is true regarding this service audit report?

A) It should include an opinion.

B)It provides the client auditor with assurance regarding whether the client's control procedures have been placed in operation.

C)The client auditor need not inquire about the service auditor's professional reputation.

D)The client auditor should perform the procedures at the service organization if the report proves to be inappropriate or unreliable.

9 CORRECT

Under the 2002 Sarbanes-Oxley Act, reportable conditions must be:

A)Reported to the audit committee orally or in writing and also documented in the audit workpapers.

B) Reported to the audit committee orally and in writing.

C)Reported to senior management and documented in the audit workpapers

D) Reported to senior management orally and in writing.

10 INCORRECT Which of the following is not considered a general control:

A) Back up and disaster recovery controls.

B) Password protection on the central server.

C)Reconciliation of payroll record count with the number of active employees.

D)Requiring change authorization forms on all program software.

Your Results:The correct answer for each question is indicated by a .

1 INCORRECT Auditors obtain an understanding of a non-public client's internal

control for the primary purpose of:

A)Gathering sufficient evidence to provide a reasonable basis for an opinion on the financial statements.

B)Determining the nature, extent, and timing of subsequent audit procedures to be performed.

C)Determining whether interim audit testing is appropriate.

D)Providing documentary evidence to present to the audit committee.

2 INCORRECT Internal controls are designed to achieve company objectives in all of

the following areas except:

A)Safeguarding of assets.

B)Reliability of financial reporting.

C)Reduction of debt financing costs.

D) Compliance with laws and regulations.

3 INCORRECT Which of the following is not one of the five major components of

internal control?

A) Risk assessment.

B) Control activities.

C) Information and communication system.

D) Human resource background checks.

4 INCORRECT Which of the following is a proper reason for not conducting tests of

controls for non-public companies?

A) The internal control structure appears very strong.

B)The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.

C)The company does not have any flowcharts of their system available for review.

D) The auditor prefers the control risk to be the minimum.

5 INCORRECT For non-public companies with preliminary control risk assessments

set at the maximum, auditors are likely to

A) Use a reliance strategy.

B) Complete little or no tests of controls.

C) Complete interim testing of account balances.

D) Test controls extensively.

6 INCORRECT Which of the following represents the correct sequence of audit steps

which come after first obtaining an understanding and documenting the client's internal control?

A)Test of Controls, Assess Control Risk, Determine Extent of Substantive Tests, Reassess Control Risk.

B)Assess Control Risk, Test of Controls, Determine Extent of Substantive Testing, Reassess Control Risk.

C)Assess Control Risk, Determine Extent of Substantive Testing, Test of Controls, Reassess Control Risk.

D)Assess Control Risk, Test of Controls, Reassess Control Risk, Determine Extent of Substantive Testing.

7 INCORRECT Which of the following statements regarding auditor documentation

of the client's internal control is correct?

A) Documentation must include narrative memorandums.

B)No documentation is necessary to satisfy GAAS, however, oral inquiry is required at minimum.

C)Internal control questionnaires are specifically tailored to meet the needs of each individual client.

D)No one particular form of documentation is necessary, and the extent of documentation may vary.

8 CORRECT

An auditor may need to obtain a service auditor's report when a client receives accounting services such as payroll from a service organization. Which of the following statements is true regarding this service audit report?

A) It should include an opinion.

B)It provides the client auditor with a guarantee regarding whether the client's control procedures have been placed in operation.

C)The client auditor need not inquire about the service auditor's professional reputation.

D)The client auditor should perform the procedures at the service organization to verify the information in the report.

9 INCORRECT The auditor must report the following to the audit committee or others

charged with governance:

A) Only material weaknesses.

B) Only significant deficiencies.

C) Significant deficiencies and material weaknesses.

D) All control deficiencies identified during the audit.

10 INCORRECT Which of the following is not considered a general control?

A) Back up and disaster recovery controls

B) Password protection on the central server

C)Reconciliation of payroll record count with the number of active employees

D)Requiring change authorization forms on all program software

11 INCORRECT A reliance strategy is chosen when the auditor:

A) Plans on conducting tests of controls.

B) Has set the control risk at the maximum level.

C) Has set the control risk below the maximum level.

D) Both a and c.

12 INCORRECT Understanding each of the components of internal control provides

knowledge about:

A) The design of tests of controls.

B) The assessment of inherent risks.

C) Factors that affect the risk of material misstatement.

D) Both a and c.

13 INCORRECT The effectiveness of internal control is reduced by:

A) New personnel.

B) Flowcharts.

C) Human errors or mistakes.

D) Both a and c.

14 CORRECT In order to be able to set control risk below the maximum, the auditor

must do all of the following except:

A) Identify general IT controls.

B) Identify specific controls that will be relied upon.

C) Perform tests of controls.

D) Conclude on the achieved level of control risk.

15 INCORRECT The auditor may document the achieved level of control risk using all

of the following except:

A) Structured working papers.

B) Flowcharts.

C) Internal control questionnaire.

D) A memorandum.

Your Results:The correct answer for each question is indicated by a .

1 INCORRECT Internal control is primarily established within a company to do

which of the following?

A)Prevent fraud

B)Provide reasonable assurance that the company's objectives will be achieved

C)Catch all errors that may occur in the company.

D)Aid in the effective auditing of the company.

2 INCORRECT Providing reasonable assurance with respect to which of the following

is not required under the internal control provisions of the Foreign Corrupt Practices Act?

A)Management is responsibility for knowledge and authorization of transactions.

B)Transactions are recorded to maintain accountability for assets.

C)Access to assets is limited to members of management.

D)Transactions are recorded to permit the preparation of

reliable financial statements.

3 INCORRECT Which of the following is considered a control environment factor by

the COSO definition of internal control?

A)Control objectives.

B) Integrity and ethical values.

C)Reasonable assurance.

D)Risk assessment.

4 INCORRECT Billy Jo is responsible for custody of the finished goods in the

warehouse. If his company wishes to maintain strong internal control, which of the following responsibilities are incompatible with his primary job?

A)He is also responsible for the company's fixed asset control ledger.

B) He is responsible for receiving of goods into the warehouse.

C)He is responsible for the accounting records for all receipts and shipments of goods from the warehouse.

D) He is responsible for issuing goods for shipment.

5 INCORRECT Which of the following is least likely when an auditor performs an

integrated audit of a public company's financial statements?

A)Issuing an audit report on internal control over financial reporting.

B) Issuing an audit report on the financial statements.

C) Omitting tests of controls for several major accounts.

D) Performing tests of internal control design effectiveness.

6 CORRECT

Which of the following describes the function of a fidelity bond?

A) An insurance policy that covers theft by a bonded employee.

B) A short term investment that is secured by a bank.

C) It is a procedure to separate the duties of employees.

D)A contract between parents and their children to remain

celibate.

7 CORRECT

Tests of controls are used to test whether controls are

A) Operating effectively.

B) Implemented (placed in operation).

C) Properly accumulated into balance sheet totals.

D) Properly documented by the client.

8 CORRECT

Tests of controls are least likely to include:

A) Inquiries of appropriate client vendors.

B) Reperformance of a control.

C) Observation of the application of an accounting procedure.

D) Inspection of documents.

9 INCORRECT Which of the following is most likely to be considered an inherent

limitation of a client's internal control?

A) Complexity of the information system.

B) Human errors.

C) Management's interest in a profitable enterprise.

D) An ineffective audit committee.

10 INCORRECT Which of the following is one of the most fundamental and effective

controls?

A)Increased use of computers for recording accounting transactions.

B)Increased reliance on internal auditors to monitor accounting systems.

C) Segregation of incompatible duties across several people.

D)Having internal auditors report only to the Board of Directors.

11

INCORRECT Control risk is most likely to be assessed at a level below the maximum when?

A) No tests of controls have been performed.

B) Tests of controls have been performed.

C)Externally generated evidence supports management's contentions relating to internal control.

D)The results of the consideration of internal control suggest that controls are not operating effectively.

12 INCORRECT The results of the consideration of internal control are least likely to

affect the auditors' decisions pertaining to:

A) The use of analytical procedures.

B) The assessment of control risk.

C) The assessment of inherent risk.

D) Detailed tests of ending balance.

Your Results:The correct answer for each question is indicated by a .

1 INCORRECT An entity's internal control consists of the policies and procedures

established to provide reasonable assurance that specific entity objectives will be achieved. Only some of these objectives, policies, and procedures are relevant to a financial statement audit. Which one of the following would most likely be considered in such an audit?

A)Timely reporting and review of quality control results.

B) Maintenance of control over unused checks.

C)Marketing analysis of sales generated by advertising projects.

D) Maintenance of statistical production analyses.

Feedback: Quality control results, although important to the business, do not directly affect the fairness of the financial statements.

2 INCORRECT An internal control questionnaire (ICQ) contains the following

question: "Does a single individual receive and list cash receipts and perform posting to sales and general ledgers?" What action should an auditor take if the manager of accounting responds "yes" to the question?

A)No action is required because "yes" responses on an ICQ indicate the presence of good control.

B)Statistically sample the response along with all other "yes" responses to verify their accuracy.

C)Treat it as a potential control weakness and perform appropriate testing.

D)Include it with other reportable findings in the next audit report.

Feedback: The situation described isa lack of separation of duties as one individual has both custody and recording responsibilities. This situation does not indicate the presence of good control.

3 INCORRECT The primary responsibility for establishing and maintaining internal

controls rests with

A)The internal auditors.

B) Management.

C) The Public Company Accounting Oversight Board.

D) The external auditors.

Feedback: Management has primary responsibility for maintaining internal control.

4 CORRECT

Which method provides the auditor with the best visual grasp of a system and a means for analyzing complex operations?

A) A flowcharting approach.

B) A questionnaire approach.

C) A matrix approach.

D) A detailed narrative approach.

Feedback: Flowcharts provide a diagrammatic representation of a client's system, facilitating analysis of complex operations.

5 INCORRECT Which of the following factors are included in an entity's control

environment?

A) Audit CommitteeInternal Audit

FunctionManagement

Style

Yes Yes No

B) Yes No Yes

C) No Yes Yes

D) Yes Yes Yes

Feedback: All three factors are part of the entity's control environment.

6 INCORRECT An auditor would most likely be concerned with internal control

policies and procedures that provide reasonable assurance about

A) The efficiency of management's decision making process.

B) Appropriate prices the entity should charge for its products.

C) Methods of assigning production tasks to employees.

D) The entity's ability to process and summarize financial data.

Feedback: Auditors are most concerned with policies and procedures affecting the entity's ability to process and summarize financial data.

7 INCORRECT In addition to gaining an understanding of the internal controls for a

private company, an external auditor, at minimum, would be expected to

A)Evaluate the internal auditors' work as an important part of the accounting system element of the internal controls.

B)Observe client employees to determine the extent of their compliance with quality control standards.

C)Trace a few transactions through the control process to obtain evidence that the controls have been placed in operation.

D)Study organization charts to obtain an understanding of the informal lines of communication.

Feedback: Although internal auditors are considered to be part of the client's internal control, auditors need not rely on internal auditors' work

8 INCORRECT An advantage of an internal control questionnaire is

A) Flexibility in design and application.

B) Its strict adherence to a yes/no format.

C)That it provides sufficient data for the assessment of control risk.

D) Ease of completion.

Feedback: Internal control questionnaires tend to be generic and not tailored to the client.

9 INCORRECT Which of the following is an inherent limitation of any client's

internal control?

A)The benefits expected to be derived from effective internal controls usually do not exceed the costs of such control.

B)The competence and integrity of client personnel provide an environment conducive to control and provides assurance that effective control will be achieved.

C)Procedures designed to assure the execution and recording of transactions in accordance with proper authorizations are effective against frauds perpetrated by management.

D)Procedures whose effectiveness depends on separation of duties can be circumvented by collusion.

Feedback: While the cost-benefit ratio of controls should be considered, the fact that controls are in place means that the benefits often outweigh the costs.

10 INCORRECT Internal controls are designed to provide reasonable assurance that

A)Management's plans have not been circumvented by worker collusion.

B)The internal auditing department's guidance and oversight of management's performance is accomplished economically and efficiently.

C)Management's planning, organizing, and directing processes are properly evaluated.

D)Material errors or fraud would be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties.

Feedback: Collusion is an inherent weakness in internal control that can not be eliminated.