Chapter 10

Multiple-Choice Questions

1. Which of the following is responsible for establishing a private companys internal control?
easy a. Management.
a b. Auditors.
c. Management and auditors.
d. Committee of Sponsoring Organizations.

2. Which of the following is not one of the three primary objectives of effective internal control?
easy a. Reliability of financial reporting
d b. Efficiency and effectiveness of operations
c. Compliance with laws and regulations
d. Assurance of elimination of business risk.

3. (Public) The Public Company Accounting Oversight Board states that reasonable assurance allows a:
easy a. small likelihood of ineffective internal controls.
b b. remote likelihood that material misstatements will not be prevented or detected by
internal control.
c. likelihood that material misstatements will not be prevented or detected by internal
control.
d. high likelihood that material misstatements will not be prevented or detected by
internal control.

4. Two key concepts that underlie managements design and implementation of internal control are:
easy
c a. costs and materiality.
b. absolute assurance and costs.
c. inherent limitations and reasonable assurance.
d. collusion and materiality.

5. Internal controls can never be considered as absolutely effective because:

easy a. their effectiveness is limited by the competency and dependability of employees.
a b. not all organizations have internal audit departments.
c. controls are designed to prevent and detect only material misstatements.
d. internal controls prevent separation of duties.

6. A major control available in a small company, which might not be feasible in a big company, is:
easy a. a wider segregation of duties.
d b. a voucher system.
c. fewer transactions to process.
d. the owner-managers personal interest and close relationship with personnel.

7. (Public) Which of the following is responsible for establishing internal controls for a public company?
easy a. Management.
a b. The PCAOB.
c. Management and auditors.
d. Committee of Sponsoring Organizations.
9. An act of two or more employees to steal assets or misstate records is frequently referred to as:
easy a. collusion.
a b. a material weakness.
c. a control deficiency.
d. a significant deficiency.
10. When the auditor attempts to understand the operation of the accounting system by tracing a few
easy transactions through the accounting system, the auditor is said to be:
c a. tracing.
b. vouching.
c. performing a walk-through.
d. testing controls.

11. (SOX) Which section of the Sarbanes-Oxley Act requires management to issue an internal control report?
easy
c a. 202
b. 203
c. 404
d. 408

12. (SOX) Sarbanes-Oxley requires management to issue an internal control report that includes two specific
easy items. Which of the following is one of these two requirements?
a a. A statement that management is responsible for establishing and maintaining an adequate
internal control structure and procedures for financial reporting.
b. A statement that management and the board of directors are jointly responsible for
establishing and maintaining an adequate internal control structure and procedures for
financial reporting.
c. A statement that management, the board of directors, and the external auditors are jointly
responsible for establishing and maintaining an adequate internal control structure and
procedures for financial reporting.
d. A statement that the external auditors are solely responsible.

13. (SOX) When management is evaluating the design of internal control, management evaluates whether
easy the control can do which of the following?
c
Detect material misstatements Correct material misstatements
a. Yes Yes
b. No No
c. Yes No
d. No Yes

14. (SOX) Internal control reports issued by public companies must identify the framework used to evaluate
easy the effectiveness of internal control. Which of the following is the most common framework in
b the U.S.?
a. Effective Internal Control Framework - AICPA
b. Internal Control - Integrated Framework - COSO
c. Enterprise Internal Control - COSO
d. Enterprise Internal Control - AICPA

15. (Public) When one material weakness is present at the end of the year, management of a public company
easy must conclude that internal control over financial reporting is:
c a. insufficient.
b. inadequate.
c. ineffective.
d. inefficient.

16. (Public) The auditors tests to understand the clients internal controls might include which of the following
easy types of procedures?
a
Observation of employees Inquiries of personnel
a. Yes Yes
 b. No No
c. Yes No
d. No Yes

17. Which of managements concerns with respect to implementing internal controls is the auditor
easy primarily concerned?
b a. Efficiency of operations.
b. Reliability of financial reporting.
c. Effectiveness of operations.
d. Compliance with applicable laws and regulations.

18. Which of the following activities would be least likely to strengthen a companys internal control?
easy
b a. Separating accounting from other financial operations.
b. Maintaining insurance for fire and theft.
c. Fixing responsibility for the performance of employee duties.
d. Carefully selecting and training employees.

20. When auditing a private company, the auditor should obtain an understanding of internal control
easy sufficient to:
b a. provide reasonable protection against client fraud and defalcations by client employees.
b. assess control risk.
c. provide a basis for suggestions to the client for improving the accounting system.
d. provide a method for safeguarding assets, checking the accuracy and reliability of
accounting data, promoting operational efficiency, and encouraging adherence to
prescribed managerial policies.

Chapter 11
Multiple-Choice Questions
1. Which of the following best defines fraud in a financial statement auditing context?
easy a. Fraud is an unintentional misstatement of the financial statements.
b b. Fraud is an intentional misstatement of the financial statements.
c. Fraud is either an intentional or unintentional misstatement of the financial statements,
depending on materiality.
d. Fraud is either an intentional or unintentional misstatement of the financial statements,
depending on consistency.

2. One of the earliest frauds occurred at McKesson-Robbins. This company committed fraud by
easy doing which of the following?
b a. Reporting fictitious contributed capital.
b. Reporting fictitious sales and nonexistent inventory.
c. Reporting fictitious fixed assets and underreporting expenses.
d. Reporting expenses as capitalized items.

3. Which of the following is a category of fraud?

easy
a Fraudulent financial reporting Misappropriation of assets
a. Yes Yes
b. No No
c. Yes No
d. No Yes

4. With respect to fraudulent financial reporting, most frauds involve:

easy
d Inventory or liquid asset theft Intentional misstatements of amounts
a. Yes Yes
b. No No
c. Yes No
d. No Yes

5. ________ is fraud that involves theft of an entitys assets.

easy a. Fraudulent financial reporting
c b. A cookie jar reserve
c. Misappropriation of assets
d. Income smoothing

6. ________ involves deliberate actions taken by management to meet earnings objectives.

easy a. Expenditure management
b b. Earnings management
c. Top-line management
d. Management-by-objective

7. ________ is a form of earnings management in which revenues and expenses are shifted between
easy periods to reduce fluctuations in earnings.
c a. Fraudulent financial reporting
b. Expense smoothing
c. Income smoothing
d. Each of the above is correct

8. Which of the following is one of the conditions for fraud described in SAS No. 99?
easy
a Attitudes/rationalization Risk Factors Opportunities
a. Yes No Yes
b. No Yes Yes
c. Yes No No
d. No Yes No

9. Fraudulent financial reporting may be accomplished through the manipulation of:

easy a. assets.
d b. revenues.
c. liabilities.
d. all of the above

10. Who is most likely to perpetrate fraudulent financial reporting?

easy a. Members of the board of directors
c b. Production employees
c. Management of the company
d. The internal auditors

11. Misappropriation of assets is normally perpetrated by:

easy a. members of the board of directors.
b b. employees at lower levels of the organization.
c. management of the company.
d. the internal auditors.
Chapter 12
Multiple-Choice Questions

1. IT has several significant effects on an organization. Which of the following would not be
easy important from an auditing perspective?
d a. Organizational changes.
b. The visibility of information.
c. The potential for material misstatement.
d. None of the above; i.e., they are all important.

2. The audit procedure which is least useful in gathering evidence on significant computer processes
easy is:
b a. documentation.
b. observation.
c. test decks.
d. generalized audit software.

3. Which of the following is not a benefit of using IT-based controls?

easy a. Ability to process large volumes of transactions.
d b. Ability to replace manual controls with computer-based controls.
c. Reduction in misstatements due to consistent processing of transactions.
d. Over-reliance on computer-generated reports.

4. One significant risk related to an automated environment is that auditors may ____ information
easy provided by an information system.
b a. not place enough reliance on
b. place too much reliance on
c. reveal
d. not understand

5. Which of the following is not a risk specific to IT environments?

easy a. Reliance on the functioning capabilities of hardware and software.
b b. Increased human involvement.
c. Loss of data due to insufficient backup.
d. Reduced segregation of duties.

6. Which of the following is not an enhancement to internal control that will occur as a consequence
easy of increased reliance on IT?
d a. Computer controls replace manual controls.
b. Higher quality information is available.
c. Computer-based controls provide opportunities to enhance separation of duties.
d. Manual controls replace automated controls.

7. Which of the following is not a risk to IT systems?

easy a. Need for IT experienced staff
c b. Separation of IT duties from accounting functions
c. Improved audit trail
d. Hardware and data vulnerability

8. Which of the following is not a category of an application control?

easy a. Processing controls.
c b. Output controls.
c. Hardware controls.
 d. Input controls.

9. Old and new systems operating simultaneously in all locations is a test approach known as:
easy a. pilot testing.
d b. horizontal testing.
c. integrative testing.
d. parallel testing.

10. When the client uses a computer but the auditor chooses to use only the non-IT segment of internal
easy control to assess control risk, it is referred to as auditing around the computer. Which one of the
a following conditions need not be present to audit around the computer?
a. Computer programs must be available in English.
b. The source documents must be available in a non-machine language.
c. The documents must be filed in a manner that makes it possible to locate them.
d. The output must be listed in sufficient detail to enable the auditor to trace individual
transactions.

11. Which of the following is a category of general controls?

easy a. Processing controls.
c b. Output controls.
c. Physical and online security.
d. Input controls.

12. Which of the following statements related to application controls is correct?

easy a. Application controls relate to various aspects of the IT function including software
d acquisition and the processing of transactions.
b. Application controls relate to various aspects of the IT function including physical security
and the processing of transactions in various cycles.
c. Application controls relate to all aspects of the IT function.
d. Application controls relate to the processing of individual transactions.

13. General controls include all of the following except:

easy a. systems development.
c b. online security.
c. processing controls.
d. hardware controls.

14. Predesigned formats, such as those used for audit documentation, can be created and saved using
easy electronic spreadsheets and word processors. These are called:
b a. desktop publishing.
b. templates.
c. macros.
d. work files.

15. ______ involves implementing a new system in one part of the organization, while other locations
easy continue to use the current system.
c a. Parallel testing
b. Online testing
c. Pilot testing
d. Control testing

16. To determine that user ID and password controls are functioning, an auditor would most likely:
easy a. attempt to sign on to the system using invalid user identifications and passwords.
a b. write a computer program that simulates the logic of the clients access control software.
c. extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
 d. examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.

17. When IT programs or files can be accessed from terminals, users should be required to enter a(n):
easy
d a. echo check.
b. parity check.
c. self-diagnosis test.
d. authorized password.

18. An auditors flowchart of a clients system is a graphical representation that depicts the auditors:
easy a. program for tests of controls.
b b. understanding of the system.
c. understanding of the types of errors that are probable given the present system.
d. documentation of the study and evaluation of the system.

Chapter 13
Multiple-Choice Questions

1. A listing of all the things which the auditor will do to gather sufficient, competent evidence is the:
easy
b a. audit strategy.
b. audit program.
c. audit procedure.
d. audit risk model.

2. Shown below (1 through 5) are the five types of tests which auditors use to determine whether
easy financial statements are fairly stated. Which three are substantive tests?
b 1. procedures to obtain an understanding of internal control
2. tests of controls
3. tests of transactions
4. analytical procedures
5. tests of details of balances
a. 1, 2, and 3.
b. 3, 4, and 5.
c. 2, 3, and 5.
d. 2, 3, and 4.

3. Collectively, procedures performed to obtain an understanding of the entity and its environment,
easy including internal controls, represent the auditors:
c a. audit strategy.
b. tests of controls.
c. risk assessment procedures.
d. tests of transactions.

4. For efficiency, tests of controls are frequently done at the same time as:
easy a. analytical procedures.
c b. compliance tests.
c. tests of transactions.
d. tests of details of balances.
5. Which of the following procedures are frequently performed in response to the auditors
easy assessment of the risk of material misstatement?
c a. Ratio analysis
b. Tests of controls
c. Tests of details of balances
d. Risk assessment procedures

6. In which stage(s) of an audit are analytical procedures not performed?

easy a. In the planning stage.
b b. In the test of controls stage.
c. In the completion stage.
d. In conjunction with tests of transactions and tests of details of balances.

7. Tests of controls may include which of the following types of evidence?

easy
a Reperformance Observation
a. Yes Yes
b. No No
c. Yes No
d. No Yes

8. The purpose of tests of controls is to provide reasonable assurance that the:

easy a. accounting treatment of transactions and balances is valid and proper.
b b. internal control procedures are functioning as intended.
c. entity has complied with GAAP disclosure requirements.
d. entity has complied with requirements of quality control.

9. In the context of an audit of financial statements, substantive tests are audit procedures that:
easy a. may be eliminated under certain conditions.
c b. are designed to discover significant subsequent events.
c. may be either tests of transactions, tests of balances, or analytical tests.
d. will increase proportionately with the auditors reliance on internal control.