Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A. Policies and procedures for activities are set out in manuals for use by properly trained
personnel.
B. Are communicated to employees in writing and are updated by operating personnel as conditions
change.
C. Internal reviews as to the propriety and effectiveness of the objectives are undertaken on a
periodic basis by the internal audit activity.
D. Standards are adopted, results are compared with the standards, and corrective actions are
undertaken.
2- Manual controls would most likely be more suitable than automated controls for which of the
following?
3- Internal control cannot be designed to provide reasonable assurance regarding the achievement of
objectives concerning
B. Mitigation of risk.
C. Availability of reliable data for decision-making purposes and protection of important documents and
records.
4- Internal control can provide only reasonable assurance that the organization’s objectives will be met
efficiently and effectively. One factor limiting the likelihood of achieving those objectives is that
5- Which of the following statements best describes the relationship between planning and controlling?
6- Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
A. Faulty judgment.
C. Incompatible duties.
D. Management override.
7- An auditor is concerned about management override as a limitation of internal control. Which of the
following tests would best assess the validity of the auditor’s concern?
8- Which of the following control procedures does an internal auditor expect to find during an
engagement to evaluate risk management and insurance?
C. Periodic internal review of the in-force list to evaluate the adequacy of insurance coverage.
9- An internal auditor fails to discover an employee fraud during an assurance engagement. The
nondiscovery is most likely to suggest a violation of the International Professional Practices
Framework if it was the result of a
B. Determination that any possible fraud in the area would not involve a material amount.
C. Determination that the cost of extending procedures in the area would exceed the potential
benefits.
D. Presumption that the internal controls in the area were adequate and effective.
12- Internal auditors need to determine the extent to which management has established adequate
control criteria. For this purpose, which of the following actions may be appropriate?
A. 2 only.
B. 1, 2, and 3.
C. 1 only.
D. 1 and 2 only.
13- An entity should consider the cost of a control in relationship to the risk. Which of the following
controls best reflects this philosophy for a large dollar investment in heavy machine tools?
14- According to The IIA Glossary appended to the Standards, which of the following are most
directly designed to ensure that risks are contained?
C. Governance processes.
D. Control processes.
Answer (A) is incorrect.
Risk management is a process to identify, assess, manage, and control potential events or situations to
provide reasonable assurance regarding the achievement of the organization’s objectives.
C. Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees
in the course of performing their assigned duties.
D. The internal auditing department’s guidance and oversight of management’s performance is accomplished
economically and efficiently.
16- The primary responsibility for establishing and maintaining internal control rests with
C. Management.
A. Judgmental sampling.
B. Employee evaluation.
C. Collusion.
D. Segregation of duties.
A. Control procedures should be designed from the “bottom up” to ensure attention to detail.
B. Management takes action to enhance the likelihood that established goals and objectives will be
achieved.
D. Control represents specific procedures that accountants and internal auditors design to ensure
the correctness of processing.
20- Which of the following items is an example of an inherent limitation in an internal control system?
B. Provide reasonable assurance that the objectives of the organization are achieved.
B. Control accomplishes objectives and goals in an accurate, timely, and economical fashion.
D. Control is provided when cost-effective measures are taken to restrict deviations to a tolerable
level.
B. Simple error.
24- The actions taken to manage risk and increase the likelihood that established objectives and
goals will be achieved are best described as
A. Compliance.
B. Quality assurance.
C. Control.
D. Supervision.
25- Specific airline ticket information, including fare, class, purchase date, and lowest available fare
options, as prescribed in the organization’s travel policy, is obtained and reported to department
management when employees purchase airline tickets from the organization’s authorized travel
agency. Such a report provides information for
26- An internal auditor is examining inventory control in a merchandising division with annual sales of
US $3,000,000 and a 40% gross profit rate. Tests show that 2% of the monetary amount of
purchases do not reach inventory because of breakage and employee theft. Adding certain controls
costing US $35,000 annually could reduce these losses to .5% of purchases. Should the controls be
recommended?
A. No, because the cost of the added controls exceeds the projected savings.
B. Yes, regardless of cost-benefit considerations, because the situation involves employee theft.
C. Yes, because the ideal system of internal control is the most extensive one.
D. Yes, because the projected saving exceeds the cost of the added controls.
Answer (A) is correct.
Controls must be subject to the cost-benefit criterion. The annual cost of these inventory controls is
US $35,000, but the cost savings is only US $27,000 {(2.0% – 0.5%) × [$3,000,000 sales × (1.0 – 0.4
gross profit rate)]}. Hence, the cost exceeds the benefit, and the controls should not be recommended.
28- Use of standard operating procedures as controls is most likely to be effective in an organization
that has which of the following characteristics?
A. An aversion to risk.
B. An entrepreneurial focus.
D. Effective leadership.
A. The establishment and maintenance of internal control are important responsibilities of the
internal auditor.
B. Exceptionally effective internal control is enough for the organization to achieve objectives.
C. Properly maintained internal control reasonably ensures that collusion among employees cannot
occur.
D. A limitation of internal control is that management makes judgments about the extent of controls
it implements.
30- The PCAOB’s AS 2201 states that internal controls may be preventive or detective.
Which of the following controls is preventive?
D. Reconciling the accounts receivable subsidiary file with the control account.
A. Feedforward.
B. Strategic.
C. Concurrent.
D. Feedback.
Answer (A) is correct.
Feedforward controls provide for the active anticipation of problems so that they can be avoided or
resolved in a timely manner. Another example is the quality control inspection of raw materials and work-
in-process to avoid defective finished goods.
2- When assessing application controls, which one of the following input controls or edit checks is most
likely to be used to detect a data input error in the customer account number field?
A. Validity check.
B. Control total.
C. Hash total.
D. Limit check.
3- Of the following, the controls that are often difficult for internal auditors to evaluate because of the
lack of criteria or standards are
A. Operating controls.
B. Financial controls.
C. Preventive controls.
D. Corrective controls.
Answer (A) is correct.
Operating controls are those used in the management processes of directing and controlling and are
based on comparison of results with standards. As an activity becomes less mechanical, however,
standards become more difficult to determine. Control standards for security, for example, are less easily
developed than for the output per hour of a machine because the degree of security achieved is not
readily measurable.
A. Maintaining a record to track the process of data from input to storage and to the eventual output.
5- A customer intended to order 100 units of product Z96014, but incorrectly ordered nonexistent
product Z96015. Which of the following controls most likely would detect this error?
C. Hash total.
D. Record count.
6- Which one of the following input controls or edit checks would catch certain types of errors within the
payment amount field of a transaction?
A. Limit check.
B. Record count.
C. Check digit.
D. Echo check.
7- An adequate and effective system of internal control provides reasonable assurance that objectives
will be achieved. Controls may be preventive, detective, or directive. Which of the following is a
detective control for the procurement function?
A. Goods received are counted and compared with quantities on purchase order and receiving
reports.
B. Prenumbered standard purchase order forms include all relevant terms required to be used in all
applicable instances.
D. Review and approval of each procurement action is required prior to the final issuance of a
purchase order.
8- The internal audit activity of an organization is an integral part of the organization’s risk management,
control, and governance processes because it evaluates and contributes to the improvement of those
processes. Select the type of control provided when the internal audit activity conducts a systems
development analysis.
A. Feedforward control.
C. Feedback control.
D. Strategic plans.
9- Which of the following is an operating control for a research and development department?
B. All research and development costs are charged to expense in accordance with the applicable
accounting principles.
D. The research and development budget is properly allocated between new products, product
maintenance, and cost reduction programs.
Answer (A) is incorrect.
Only the human resources department should be responsible for hiring. A department responsible for
recordkeeping (e.g., payroll) should not authorize transactions.
B. The data entered into an input field is compared to a table of valid values for that field.
C. More than one control may be needed to adequately address a single risk.
C. Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet
prepared in the mail room.
D. Scanning the general ledger for accounts with unusually high or low balances.
A. Preventive.
B. Reactive.
C. Directive.
D. Detective.
13- The use of financial statement analysis, quality control procedures, and employee performance
evaluations are all examples of
A. Preliminary controls.
B. Feedforward controls.
C. Concurrent controls.
D. Feedback controls.
14- The requirement that purchases be made from suppliers on an approved vendor list is an
example of a
A. Detective control.
B. Preventive control.
C. Monitoring control.
D. Corrective control.
15- Controls that are designed to provide management with assurance of the realization of
specified minimum gross margins on sales are
A. Detective controls.
B. Directive controls.
C. Preventive controls.
D. Output controls.
16- As part of a total quality control program, a firm not only inspects finished goods but also monitors
product returns and customer complaints. Which type of control best describes these efforts?
A. Feedforward control.
B. Feedback control.
C. Production control.
D. Inventory control.
17- An organization’s policies and procedures are part of its overall system of internal controls. The
control function performed by policies and procedures is
A. Application control.
B. Feedforward control.
C. Feedback control.
D. Implementation control.
A. Yes Yes
B. No No
C. No Yes
D. Yes No
B. Ensure the integrity of program and data files and of computer operations.
C. Ensure that processing results are complete, accurate, and properly distributed.
D. Design controls based on the management functions of planning, organizing, directing, and
controlling.
20- An auditor is planning an audit of a company’s recently implemented electronic data interchange
(EDI) system for purchasing and billing. Which of the following controls over the accuracy of raw-
material purchases would be least important in this environment?
21- An employee steals money from his company’s bank deposits, then makes up for the stolen cash
with cash from the next day’s deposits. If there is not enough cash the next day, the employee has to
wait another day to make up for the deposit. And the cycle continues. This can go undetected for
months. Which of the following controls could the organization implement as a preventive control to
address this situation?
A. Weekly, a manager at the main office checks deposit validation dates received from the bank
with the sales deposit records.
B. Daily, the accounting staff at the organization’s main office reconcile the amount deposited with
the cash register tape from the day’s sales.
C. Deposit slips and deposit bags have sequential numbers. The manager is required to write the
deposit bag number on the deposit slip. The reason for any voided deposit slips or bags is to be
documented.
D. The accounting supervisor is notified when the checking account amount drops below a certain
level.
22- Managerial control can be divided into feedforward, concurrent, and feedback controls. Which of
the following is an example of a feedback control?
C. Variance analysis.
D. Budgeting.
B. Preventive maintenance.
24- When a copy of the sale invoice is not received by an organization’s shipping department, an
employee requests the document from the proper authority. This process is a(n)
25- Controls may be classified according to the function they are intended to perform, for example, as
detective, preventive, or directive. Which of the following is a directive control?
26- The procedure requiring preparation of a prelisting of incoming cash receipts, with copies of the
prelist going to the cashier and to accounting, is an example of which type of control?
A. Detective.
B. Preventive.
C. Corrective.
D. Directive.
Answer (A) is incorrect.
A detective control uncovers an error or irregularity that has already occurred.
Answer (B) is correct.
A prelisting of cash receipts in the form of checks is a preventive control. It is intended to deter
undesirable events from occurring. Because irregularities involving cash most likely take place before
receipts are recorded, either remittance advices or a prelisting of checks should be prepared in the
mailroom so as to establish recorded accountability for cash as soon as possible. A cash register tape is
a form of prelisting for cash received over the counter. One copy of a prelisting will go to accounting for
posting to the cash receipts journal, and another is sent to the cashier for reconciliation with checks and
currency received.
27- Which of the following input controls are based on the logic that processing efficiency is greatly
increased when files are sorted on some designated field?
A. Sequence checks.
B. Format checks.
C. Range checks.
D. Validity checks.
A. The manager is given a check log reconciliation at the close of each business day.
C. The accounting department has a procedure for voiding and issuing replacement checks.
D. The staff accountant was warned about printing a check prior to receiving authorization.
Answer (A) is correct.
Providing the manager with a check log reconciliation at the close of each business day is a detective
control. A detective control uncovers an error or irregularity that has already occurred. It is designed to
detect undesirable events. Examples of detective controls include physical counts, reconciliations,
reviews and comparisons, exception reports, and security cameras.
A. Control baseline.
B. Change management.
C. Control revalidation/update.
D. Change identification.
2- An organization’s directors, management, external auditors, and internal auditors all play important
roles in creating a proper control environment. Senior management is primarily responsible for
A. Establishing a proper organizational culture and specifying a system of internal control.
C. Ensuring that external and internal auditors adequately monitor the control environment.
D. Designing and operating a control system that provides reasonable assurance that established
objectives and goals will be achieved.
3- A company’s new time clock process requires hourly employees to select an identification number
and then choose the clock-in or clock-out button. A video camera captures an image of the employee
using the system. Which of the following exposures can the new system be expected to change
the least?
4- The design or operation of a control may not allow management or employees, in the normal course
of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely
basis. According to AU-C 265, this circumstance is a
A. Critical deficiency.
B. Material weakness.
C. Control deficiency.
D. Significant deficiency.
5- Which of the following are included in the control environment described in the COSO internal control
framework?
D. Integrity and ethical values, assignment of authority, and human resource policies.
6- Which of the following is the common name for Internal Control: Guidance for Directors on the
Combined Code?
A. COBIT.
B. COSO.
C. CoCo.
8- An organization’s directors, management, and internal auditors all have important roles in creating a
proper control environment. Senior management is primarily responsible for
B. Designing and operating a control system that provides reasonable assurance that established
objectives and goals will be achieved.
C. Ensuring that external and internal auditors adequately monitor the control environment.
B. The codes of conduct must be in writing and displayed in public areas, such as a break room.
C. Employees understand what behavior is acceptable or unacceptable and know what to do if they
encounter improper behavior.
D. The codes of conduct are comprehensive, addressing conflicts of interest, illegal or other
improper payments, anticompetitive guidelines, and insider trading.
10- When obtaining an understanding of internal control in a financial statement audit, the independent
external auditor is primarily concerned with
11- The COSO framework treats internal control as a process designed to provide reasonable
assurance regarding the achievement of objectives related to
12- A company implements an enterprise resource planning application to help improve its financial
and operational reporting while gaining other efficiencies related to sales and inventory management.
For the implementation, the company hires an individual specializing in preparing the company for the
changes through documenting new policies and procedures and developing new training. This is an
example of
A. An economic event.
B. Change management.
C. A social event.
D. Segregation of duties.
C. Organizational structure.
14- Internal control is a function of management, and effective control is based upon the concept of
charge and discharge of responsibility and duty. Which of the following is one of the overriding
principles of internal control?
A. Responsibility for accounting activities and duties must be assigned only to employees who are
bonded.
B. Responsibility for the accounting duties must be borne by the audit committee of the company.
C. Responsibility for accounting and financial duties should be assigned to one responsible officer.
15- Which of the following is most likely to be performed in the control activities component of internal
control?
A. Ongoing evaluations.
B. Segregation of duties.
C. Information processing.
16- Which of the following is a true statement about the COSO report on internal control?
17- Control activities constitute one of the five components of internal control described in the COSO
model. Control activities do not encompass
A. Performance reviews.
B. Information processing.
C. Physical controls.
A. Commitment.
C. Capability.
D. Risk assessment.
19-Which of the following statements is correct regarding corporate compensation systems and related
bonuses?
A. 1 only.
B. 2 and 3 only.
C. 2 only.
D. 3 only.
20- The requirement of the Foreign Corrupt Practices Act of 1977 to devise and maintain adequate
internal control is assigned in the act to the
B. Board of directors.
21- Management’s aggressive attitude toward financial reporting and its emphasis on meeting
projected profit goals most likely would significantly influence an entity’s control environment when
B. Internal auditors have direct access to the board of directors and entity management.
C. The audit committee is active in overseeing the entity’s financial reporting policies.
D. External policies established by parties outside the entity affect its accounting practices.
22- Which of the following is the control component that reflects the attitude and actions of the board
and management regarding the significance of control within the organization?
A. Control activities.
B. Monitoring.
C. Risk assessment.
D. Control environment.
B. Report to outside parties regarding a client’s compliance with the internal control provisions of the
Foreign Corrupt Practices Act.
24- Management has a role in the maintenance of control. In fact, management sometimes is a
control. Which of the following most likely involves managerial functions as a control?
A. Monitoring performance.
25- The policies and procedures helping to ensure that management directives are executed and
actions are taken to address risks to achievement of objectives describes
A. Monitoring.
B. Control environments.
C. Risk assessments.
D. Control activities.
26- The COSO model for internal control lists five specific areas encompassed by the control
environment component. Which of the following are elements of the control environment?
D. Organizational structure.
27- A senior executive of an international organization who wishes to demonstrate the importance of
the security of company information to all team members should
A. Refer to the organization’s U.S. human resources policies on privacy in a company newsletter.
C. Review and accept the information security risk assessments in a staff meeting.
28- Which of the following statements is not accurate with regard to soft controls?
B. The communication of ethical values and the fostering of mutual trust are soft controls in the
CoCo model.
D. Soft controls have become more necessary as technology advances have empowered
employees.
29- Each of the following is a method to evaluate internal controls based on the framework set by the
Committee of Sponsoring Organizations (COSO), except
B. Evaluating internal control systems that focus first on risk identification of specific losses.
C. Testing to determine whether the controls are operating effectively and have prevented losses in
the past.
30- A restaurant chain has over 680 restaurants. All food orders for each restaurant are required to
be entered into an electronic device that records all food orders by food servers and transmits the
order to the kitchen for preparation. All food servers are responsible for collecting cash for all their
orders and must turn in cash at the end of their shift equal to the sales value of food ordered for their
I.D. number. The manager then reconciles the cash received for the day with the computerized record
of food orders generated. All differences are investigated immediately by the restaurant.
Organizational headquarters has established monitoring controls to determine when an individual
restaurant might not be recording all its revenue and transmitting the applicable cash to the corporate
headquarters. Which one of the following is the best example of a monitoring control?
A. All food orders must be entered on the computer, and segregation of duties is maintained
between the food servers and the cooks.
B. The restaurant manager reconciles the cash received with the food orders recorded on the
computer.
C. Management prepares a detailed analysis of gross margin per store and investigates any store
that shows a significantly lower gross margin.
B. Monitoring.
C. Risk assessment.
D. Control environment.
32- In regard to The IIA’s Electronic Systems Assurance and Control study, which of the following is
not a business assurance objective?
A. Capability.
B. Protectability.
C. Recordability.
D. Functionality.
A. Specifying the competence levels for every job in an organization and translating those levels to
requisite knowledge and skills.