BALIUAG UNIVERSITY

College of Business Administration and Accountancy

Baliwag, Bulacan

COSO, COBIT, and Manual Internal Control Questions

In Partial Fulfillment of the Requirements in Auditing EDP

For the Degree of Bachelor of Science in Accountancy

By:

Castro, Theanna Giomarie

Esquivel, Glorielle Maris
Garcia, Jairah
Gomez, Mariah Koleen Dexzl
Gregorio, Gef Aeron
Ingalla, Rolaine Ann
Lu, Marinesa
Mananghaya, Maribelle
Manese, John Erick
Salonga, Marela Kym
Sanchez, Edwin
Santos, Mary Anne
 APRIL 2019

Questions for COSO, COBIT, and Manual Internal Control

• COSOç

1. What is the meaning of COSO?

A. Committee of Sponsoring Organizations of the Tradeway Commission
B. Commission of Sponsoring Organizations of the Treadway Committee
C. Committee of Sponsoring Organizations of the Treadway Commission
D. Committee of Sponsoring Organization of the Treadway Corporation

2. A new ERM framework was developed by COSO in 2017 entitled;

A. Enterprise Risk Management: Integrity with Strategy and Performance
B. Enterprise Response Management: Integrating with Strategy and Performance
C. Enterprise Risk Management: Integrating with Society and Performance
D. Enterprise Risk Management: Integrating with Strategy and Performance

3. Which of the following is a principle under Information, Communication, and Reporting?

A. Reports on risk, culture, and performance.
B. Implements risks responses.
C. Reviews risks and performance.
D. Defines risk appetite.

4. What component of internal control involves a dynamic and iterative process for identifying
and assessing risks to the achievement of objectives?
A. Control Activities
B. Risk Avoidance
C. Risk Assessment
D. Risk Technique

5. The following activities are under the Control Activities, except:

A. Selecting and developing general controls over technology
B. Deploying through policies and procedures
C. Identifying and analyzing significant change
D. Developing actions to ensure that management's directives to mitigate risks

6. This internal control objective pertains to the adherence to laws and regulations to which the
entity is subject.
A. Compliance Objective
B. Operations Objective
C. Strategic Objective
D. Reporting Objective

7. The following are some of the fundamental concepts of internal control, except:
A. Able to provide reasonable assurance
B. Adaptable to entity structure
C. Not effected by people
D. Geared to the achievement of objectives not only in one category but can also be in more
categories

8. Which of the following best describes control environment?

A. Evaluates and communicates deficiencies.
B. Exercise oversight responsibility.
C. Identifies and analyzes significant change.
D. None of the foregoing.
9. Which of the following is correct?
A. Risk is defined as the possibility that an event will occur and positively affect the
achievement of objectives, supporting value creation or presentation.
B. Communication is necessary for the entity to carry out internal control responsibilities to
support the achievement of its objectives.
C. Risk assessment forms the basis for determining how risks will be managed.
D. Risk to the achievement of these objectives from across the entity are considered not relative
to established risk tolerances.

10. These pertains to the effectiveness and efficiency of the entity’s operations including
operational and financial goals and safeguarding asses against loss;
A. Strategic Objective
B. Operations Objective
C. Compliance Objective
D. Reporting Objectives

11. Which of the following is not a limitation of Internal Control?

A. External events beyond the organization’s control.
B. Breakdowns that can occur because of human failures suck as simple errors.
C. Ability of management to underride internal control.
D. Sustainability of objectives established as a precondition to internal control.

12. The following are the limitations of internal control except:

A. Ability of management to override internal control

B. Human judgment can be faulty and bias
C. Non availability of laws and regulations
D. Suitability of objectives established as a precondition to internal control

13. Which of the following is a principle under Risk assessment?

A. Analyze business context
B. Evaluate and communicate deficiencies
C. Identifies and analyzes significant change
D. implements risk responses

14. Which is not an internal control objective?

A. reporting objective
B. operations objective
C. Financial objective
D. compliance objective

15. Which of the following is not a component of Internal control?

A. Monitoring
B. Risk Response
C. Risk Assessment
D. Control Environment

• COBIT
1. It is a framework for the governance and management of enterprise information and
technology, aimed at the whole enterprise.
a. Control Objectives for Information Systems and Technologies Framework
b. Control Objectives for Information and Related Technologies Framework
c. Control Objectives for Information and Related Terminologies Framework
d. None of the above
2. COBIT 5 Framework was issued in __
a. 2010
b. 2011
c. 2012
d. 2013
3. COBIT 2019 Framework was developed by __
 a. Information Systems Audit and Control Association
b. Information Technologies Audit and Control Association
c. Committee of Sponsoring Organizations
d. Committee of Sponsoring Operations
4. It ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions
and options; setting direction through prioritization and decision making; and monitoring
performance, compliance and progress against agreed-on direction and objectives.
a. Management
b. Board of Directors
c. Executives
d. Governance
5. This is a set of best practices for Information Technology management
a. Enterprise Risk Management
b. IT environment
c. Control Objectives for Information and Related Technology
d. Information Systems Audit and Control Association
6. The following are the benefits of Information and Technology to enterprises, except:
a. Bring order to complex standards and frameworks
b. Address all stakeholders’ needs and maximize value of corporate information
c. Protect and drive enterprise value
d. Minimize value from information chaos
7. All of the following are COBIT 5 principles, except:
a. Enabling a holistic approach
b. Covering the enterprise end-to-end
c. Control Environment and activities
d. Meeting Stakeholder needs
8. Required for keeping the organization running and well governed, but at the operational level.
It is very often the key product of the enterprise itself.
a. Processes
b. Information
c. Organizational structures
d. Principles, policies and frameworks
9. COBIT stands for:
a. Commission on Objectives of Information Technology
b. Control Objectives for Information Technology
c. Commission on Objectives of Information and Related Technology
d. Control Objectives for Information and Related Technology
10. Stakeholder needs include the following, except
a. benefits realisation
b. resource optimisation
c. shareholder value
d. risk optimization
11. What is the common function between governance and management?
a. direct
b. monitor
c. plan
d. evaluate
12. Under COBIT 2019, what component of governance system relates to information
technology?
a. Services, Infrastructure and Application
b. Information
c. Processes
d. Organizational Structure
13. Governance monitors _______, while management monitors _______.
a. management; personnel
b. shareholders; management
c. shareholders; personnel
d. management; shareholders
14. The following are COBIT 2019 components of governance system, except:
a. People, Skills and Competencies
b. Stakeholder Drivers and Needs
c. Culture, Ethics and Behavior
d. Organization Structures
15. The COBIT 5 goals cascade translates ___________ into specific, actionable and customized
goals within the context of the enterprise, IT-related goals and enabler goals.
a. Governance and Management Objectives
b. Enterprise Goals
c. Alignment Goals
d. Stakeholder Needs

• Manual Internal Control

1. An internal control that is dependent on the intervention of humans for their proper
operations.
 a. Manual internal control
b. Computerized internal control
c. General control
d. Application control

2. Which of the following is not an example of manual internal control?

a. supervisor reviewing and signing-off of a document
b. manual application (or matching) of cash received in an organization’s lockbox
bank account against a client’s open accounts receivable balance
c. employee signing a privacy policy acknowledgement
d. system-generated reporting lists users that have not accessed a particular
system within the past 90 days

3. The following are an example of a manual internal control, except:

a. Independent reconciliation of external data like using bank statement to reconcile
to the company’s bank account or using external supplier statement of account to
reconcile with our individual creditor account
b. Using control or Total account
c. Review of trial balance to ensure debit = credit
d. Automated calculation of variances

4. Using checklist for receiving deliveries and conducting physical count of inventories is an
example of...
a. Computerized internal control
b. Manual internal control
c. Application control
d. General control

5. Which of the following characteristics distinguishes computer processing from manual

processing?
a. Computer processing virtually eliminates the occurrence of computational
error normally associated with manual processing.
b. Errors or irregularities in computer processing will be detected soon after their
occurrences.
c. The potential for systematic error is ordinarily greater in manual processing than in
computerized processing.
d. Most computer systems are designed so that transaction trails useful for audit do
not exist.

6. Audit automation least likely include

a. Expert systems.
b. Tools to evaluate a client’s risk management procedures.
 c. Manual working papers.
d. Corporate and financial modeling programs for use as predictive audit tests.

7. Internal control is geared towards the achievement of the entity’s objectives in the
following categories, except
a. Strategic planning and control
b. Effectiveness and efficiency of operations
c. Reliability of financial reporting
d. Compliance with laws and regulations

8. Components of internal control includes the following, except

a. Control environment and Control activities
b. Information and communication and Monitoring
c. Event identification
d. Risk assessment

9. Which of the following techniques is not useful for obtaining an understanding of internal
controls?
a. Make inquiries of the client’s personnel
b. Examine documents and records
c. Read industry magazine
d. Observe client activities and operations

10. To obtain evidential matter about control risk, an auditor selects test form a variety of
techniques including
a. Inquiry
b. Analytical procedure
c. Calculation
d. Confirmation