Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their
organization’s internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing
internal control adequacy.
ANS: F PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing
internal control adequacy.
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting
system necessitates a qualified opinion on the financial statements?
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F PTS: 1
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
9. A key modifying assumption in internal control is that the internal control system is the
responsibility of management.
, ANS: T PTS: 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their
audit clients, they are not prohibited from performing such services for non-audit clients or
privately held companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s
internal controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
processed within the computer environment.
ANS: F PTS: 1
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation
function.
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to
examine and evaluate its activities as a service to the organization.
, ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that
are organizationally independent and that report to the Audit Committee of the Board of
Directors.
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's
transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial
statements that are materially misstated.
ANS: T PTS: 1
21. A strong internal control system will reduce the amount of substantive testing that must be
performed.
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ANS: F PTS: 1
MULTIPLE CHOICE
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
, a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C PTS: 1
3. The most cost-effective type of internal control is
a. preventive control
b. accounting control
c. detective control
d. corrective control
ANS: A PTS: 1
4. Which of the following is a preventive control?
a. credit check before approving a sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts receivable subsidiary ledger to the control account
ANS: A PTS: 1
5. A well-designed purchase order is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: A PTS: 1
6. A physical inventory count is an example of a
a. preventive control
b. detective control
c. corrective control
d. Feed-forward control
ANS: B PTS: 1
7. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their
organization’s internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing
internal control adequacy.
ANS: F PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing
internal control adequacy.
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting
system necessitates a qualified opinion on the financial statements?
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F PTS: 1
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
9. A key modifying assumption in internal control is that the internal control system is the
responsibility of management.
, ANS: T PTS: 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their
audit clients, they are not prohibited from performing such services for non-audit clients or
privately held companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s
internal controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
processed within the computer environment.
ANS: F PTS: 1
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation
function.
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to
examine and evaluate its activities as a service to the organization.
, ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that
are organizationally independent and that report to the Audit Committee of the Board of
Directors.
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's
transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial
statements that are materially misstated.
ANS: T PTS: 1
21. A strong internal control system will reduce the amount of substantive testing that must be
performed.
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ANS: F PTS: 1
MULTIPLE CHOICE
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
, a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C PTS: 1
3. The most cost-effective type of internal control is
a. preventive control
b. accounting control
c. detective control
d. corrective control
ANS: A PTS: 1
4. Which of the following is a preventive control?
a. credit check before approving a sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts receivable subsidiary ledger to the control account
ANS: A PTS: 1
5. A well-designed purchase order is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: A PTS: 1
6. A physical inventory count is an example of a
a. preventive control
b. detective control
c. corrective control
d. Feed-forward control
ANS: B PTS: 1
7. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
