MODULE 3: INTERNAL CONTROL CONSIDERATIONS

1. PSA 315 requires the auditor to obtain an understanding of the client’s internal controls
For every audit

2. Control activities constitute one of the five components of internal control . Which of the
following is not included in this internal control component?
An internal audit function

3. After documenting internal control in an audit engagement, the auditor may perform tests on
Those controls that the auditor plans to rely on

4. Management’s attitude toward aggressive financial reporting and its emphasis on meeting
projected profit goals most likely would significantly influence an entity’s control environment
when
Management is dominated by one individual who is also a shareholder.

5. A control that reduces the risk that an existing or potential control weakness will result in a
failure to meet a control objective is referred to as
Compensating control

6. To obtain an understanding of the relevant policies and procedures of internal control, the auditor
performs all of the following except
Design substantive tests

7. Which of the following statements concerning audit risk and its components is incorrect?
The assessed level of inherent risk need not be considered in determining the nature,
timing and extent of substantive procedures required to reduce audit risk to an acceptably
low level

8. The primary purpose of the auditor’s consideration of internal control is to provide a basis for
Determining the nature, timing and extent of audit tests to be applied
9. Control activities are the policies and procedures that help ensure that management directives are
carried out. These include activities relating authorization,performance reviews, information
processing, physical controls and segregation of duties. There is proper segregation of duties
when an individual who
Records a transaction does not have custody of the asset itself

10. Obtaining an understanding of internal control involves:

(1) Evaluating the DESIGN of a control (YES)
(2) Determining whether the control has been IMPLEMENTED (YES)
(3)Testing the EFFECTIVENESS of a control (NO)

11. After obtaining a sufficient understanding of internal control, the auditor

Determines the preliminary assessment of control risk.

12. When control risk is assessed at HIGH for all financial statements assertions, an auditor should
document the auditor’s
(1) Understanding of the entity’s internal control structure (YES)
(2) Conclusion that control risk is HIGH (YES)
(3) Basis for concluding that control risk is HIGH (NO)

13. It is the process designed and effected by those charged with governance, management, and other
personnel to provide reasonable assurance about the achievement of the entity's objectives
Internal control

14. When obtaining an understanding of an entity’s internal control, an auditor should concentrate on
the substance of controls rather than their form because
Management may establish appropriate controls but not act on them.

15. Under PAS 315, monitoring of controls is an internal control component that involves a process
of assessing the quality of internal control performance over time. It involves assessing the design
and operation of controls on a timely basis and taking necessary corrective actions. Monitoring of
 controls is accomplished through ongoing monitoring activities, separate evaluations, or a
combination of the two. An entity's ongoing monitoring activities often include
Reviewing the purchasing account

16. Information about segregation of duties ordinarily is best obtained by

Observing employees as they apply specific controls

17. The primary objective of procedures performed to obtain an understanding of internal control is
to provide an auditor with
Knowledge necessary to plan the audit

18. As a result of obtaining an understanding of an entity's internal control system, the auditor may
become aware of material weaknesses in the design or implementation of internal control.The
auditor is required to communicate this matter to
Those charged with governance or management

19. In a financial statement audit, the auditor is required to perform test of controls when
(i) The auditor’s risk assessment includes expectation of the operating effectiveness of controls
(YES)
(ii) When substantive procedures alone do not provide sufficient appropriate audit evidence at the
assertion level (YES)

20. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the
risk that
Materials misstatements may exist in the financial statements.

21. An auditor should obtain sufficient knowledge of an entity's information system, including the
related business processes relevant to financial reporting, to understand the
Process used to prepare significant accounting estimates

22. In an audit of financial statements, an auditor’s primary consideration regarding a control is

whether it
Affects management’s financial statement assertions
23. Which of the following statements concerning material weakness and reportable conditions is
correct?
All material weaknesses are reportable conditions

24. After obtaining an understanding of an entity’s internal control, an auditor may assess control risk
at the maximum level for some assertions because the auditor
Believes the internal control policies and procedures are unlikely to be effective

25. Which of the following statements regarding auditor documentation of the client’s internal
control structure is correct?
No one particular form of documentation is necessary, and the extent of documentation
may vary.

26. An auditor intends to perform test of controls on a client’s control procedures that leaves no audit
trail of documentary evidence. The auditor most likely will test the procedure by
Inquiry and observation

27. An auditor may compensate for a weakness in the internal control structure by increasing the
Extent of test of details
28. This is a basic concept of internal control which recognizes that the cost of internal control should
not exceed the benefits expected to be derived from it
Reasonable assurance

29. Evidence of the performance of control risk assessment procedures includes all of the following
except
Lead schedule

30. Which of the following is the auditor’s purpose of further testing internal control procedures?
Provide a basis for reducing the assessed level of control risk below that which resulted
from the auditor’s initial understanding of internal control.

31. Which of the following parts of the audit is described by this statement? “The auditor examines
and evaluates processes that produce the numbers and disclosures in the financial statements.”
 Studying and testing internal control

32. Which of the following statements best describes the phrase, “evaluating the design of a control”?
Considering whether the control, individually or in combination with other controls, is
capable of effectively preventing, or detecting and correcting, material misstatements

33. The following are components of internal control

Control environment, risk assessment process, control activities, information system and
communication, and monitoring of controls

34. When considering an entity's system of internal control, one of the auditor's major concerns is to
ascertain whether internal control is designed to provide reasonable assurance that
Financial statements are fairly presented

35. Which of the following is an example of an inherent limitation in a client’s internal control
system?
In the performance of most control procedures, there are possibilities of errors arising
from mistakes in judgment

36. In conducting an audit in accordance with PSAs, the auditor is required to identify and assess the
risks of material misstatement at the financial statements level, and at the assertion level for
classes of transactions, account balances, and disclosure. Some of these risks, in the auditor's
judgment, require special audit consideration, such as those that involve fraud or complex
transactions. Such risks are called
Significant risks

37. A reason to establish internal control is to

Provide reasonable assurance that the objectives of the organization are achieved

38. When obtaining an understanding of the accounting and internal control system the auditor may
trace a few transactions through the accounting system. This technique is
Walk-through
39. This internal control component is the foundation for all other components. It set the tone of the
organization, provides discipline and structure, and influences the control consciousness of
employees
Control environment

40. Which of the following statements is true?

The auditor can simultaneously obtain an understanding of internal control and perform
tests of controls.

41. Dutch Company uses its sales invoices for posting perpetual inventory records. Inadequate
internal control over the invoicing allows goods to be shipped but not invoiced.The inadequate
controls could cause what type of misstatement in each of the following accounts? (1) Revenues
(2) Receivables (3) Inventories
Understatement, understatement, overstatement

42. Tests of controls are used to test whether controls are

Operating effectively

43. As part of a periodic planning exercise, AAA Company discovers that a political dispute may
interfere with the company’s supply sources. This is an example of
Risk assessment

44. Risks can arise or change due to circumstances such as the following, except
The accounting and financial reporting framework has remained stable for the past five
years, and no new pronouncements have been made

45. An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that

depicts the auditor’s
Understanding of the system