Question 1.

Internal controls are grouped into the following categories:

Production and operations, financial reporting, and management reporting.

Efficient operations, financial analysis, and management reporting.

Efficient operations, financial analysis, and compliance.

Effective operations, financial reporting, and compliance.

End of Question 1

Question 2.

Which of the following makes for an effective control environment with regards to commitment to
competence?

Increase interaction between senior management and operating management.

Assure independence from management.

Its culture is one in which quality and competence are openly valued.

Reduce pressure to meet unrealistic performance targets.

End of Question 2
Question 3.

To determine a positive control environment, the auditor should consider which of the following control
environment actions for integrity and ethical values?

Review the nature of business risk accepted.

Remove incentives and temptations that prompt personnel to engage in fraudulent or unethical
behaviour.

Encourage independence from management.

Create formal or informal job descriptions or other means of defining tasks that comprise
particular jobs.

End of Question 3

Question 4.

That companies must comply with many laws and regulations including company law, tax law and
environmental protection regulations requires what category of internal control objectives?

Financial reporting.

Government reporting.

Effective operations.

Compliance.

End of Question 4
Question 5.

The most emphasis by auditors is placed on understanding which of the following types of controls?

Controls on account balances.

Controls over efficiency of operations.

Controls over disclosures.

Controls over classes of transactions.

End of Question 5

Question 6.

All of the following are sub-systems (contents) of an entity’s information system except:

Personnel information.

Computer systems software.

Production system.

Customer and vendor records.

End of Question 6
Question 7.

Which of the following is not one of the components of internal control according to COSO?

Control procedures.

Risk assessment process.

Monitoring of controls.

Communication processes related to stakeholders.

End of Question 7

Question 8.

US Securities Exchange Commission rules require that management must base its evaluation of the
effectiveness of the company's internal control over financial reporting on a suitable, recognised control
framework:

Established by an internationally supported group.

Based on SEC ethics and conduct.

Established by a body or group that followed due-process procedures.

That can be easily applied to all business types.

End of Question 8
Question 9.

The auditor's primary consideration is whether, and how, a specific control prevents, or detects and
corrects, material misstatements:

In account balances.

In classes of transactions, account balances or disclosures.

In classes of transactions.

In disclosures.

End of Question 9

Question 10.

Implementation of a control means that the control exists and that:

The entity is using it.

The control was properly designed.

The control is documented.

All necessary personnel are trained to operate the control.

End of Question 10
Question 11.

Obtaining audit evidence about the design and implementation of relevant controls may involve all of
the following except:

Tracing transactions through the information system relevant to financial reporting.

Observing and reperforming the application of a specific control.

Performing analytical procedures.

Inspecting documents and reports.

End of Question 11

Question 12.

All the following describe internal control, according to COSO, except:

It is designed to provide reasonable assurance regarding the achievement of objectives of

compliance with capital structure strategy.

It is designed to provide reasonable assurance regarding the achievement of objectives of

efficient operations.

It is a process effected by people.

It is designed to provide reasonable assurance regarding the achievement of objectives in

reliability of financial reporting.
 End of Question 12

Question 13.

The auditor’s primary consideration is whether, and how, a specific control prevents, or detects and
corrects:

Financial statement fraud.

Illegal acts.

Defalcation by employees.

Material misstatements in classes of transactions, account balances or disclosures.

End of Question 13

Question 14.

All of the following are components of internal control except:

Management reports.

Monitoring.

The information system.

Risk assessment process.

 End of Question 14

Question 15.

There are a number of specific elements that usually contribute to a successful control environment and
which may be used as indicators of the quality of the control environment of a particular organisation.
Which of the following is not one of these elements?

Human resource policies and practices.

Assignment of authority and responsibility.

Organisational structure.

Segregation of duties in management.

End of Question 15

Question 16.

Which of the following are not general IT controls?

Back-up and recovery.

System software acquisition.

Controls over data centre and network operations.

 Edit checks of input data.

End of Question 16

Question 17.

Which of the following are not application controls?

Access security.

Manual follow-up of exception reports.

Numerical sequence checks.

Chart of accounts.

End of Question 17

Question 18.

Which of the following is not true about the risk assessment component of the COSO internal control
framework?

Auditors assess risks to decide the evidence needed in the audit.

How responsibility is distributed is usually spelled out in formal company policy manuals.
 If management effectively assesses and responds to risks, the auditor will typically need to
accumulate less audit evidence than when management fails to, because control risk is lower.

Management assesses risks as part of designing and operating the internal control system to
minimise errors and irregularities.

End of Question 18

Question 19.

Which of the following is an example of adequate documents?

Systems manuals for computer accounting software should provide sufficient information to
make the accounting functions clear.

Use of serial numbers on documents and input transactions.

Preformatted input screens in a CIS.

Passwords that allow only authorised people admittance to the computer software online.

End of Question 19

Question 20.

Segregation of duties means what fundamental functions which must be separated and adequately
supervised?
 Transparency of behaviour, authorisation, and custody.

Achievability of goals, recording, and custody.

Recording, authorisation, and custody.

Commitment of employees, reporting, and authorisation.

End of Question 20

Question 21.

Soft controls are the intangible factors in an organisation that influence the behaviour of managers and
employees. Which of the following is not a factor that influences the way people examine their control
activities?

Clarity for directors, managers and employees as to what constitutes desirable and undesirable
behaviour.

Role-modelling among administrators, management or immediate supervisors.

Openness to discussion of viewpoints, emotions, dilemmas and transgressions.

The objective of profit maximisation.

End of Question 21

Question 22.

The preliminary assessment of control risk includes all the following procedures except:
 Discuss the possibility of audit risk with audit firm personnel.

Consider the results of previous audits that involved evaluating the operating effectiveness of
internal control.

Interview entity personnel to find evidence of management’s commitment to the design,

implementation and maintenance of sound internal control.

Identify possible liabilities which may arise.