Y
D
U
ST
D
,IT Auditing 4th Ed—Test Bank, Chapter 1
Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their organization’s
internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal
control adequacy.
ANS: F PTS: 1
M
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal
control adequacy.
ED
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system
necessitates a qualified opinion on the financial statements?
ST
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
U
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
D
ANS: F PTS: 1
Y
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
9. A key modifying assumption in internal control is that the internal control system is the responsibility of
management.
ANS: T PTS: 1
, IT Auditing 4th Ed—Test Bank, Chapter 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
M
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s internal
ED
controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ST
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
U
processed within the computer environment.
ANS: F PTS: 1
D
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.
Y
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to examine and
evaluate its activities as a service to the organization.
ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that are
organizationally independent and that report to the Audit Committee of the Board of Directors.
, IT Auditing 4th Ed—Test Bank, Chapter 1
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that
are materially misstated.
ANS: T PTS: 1
M
21. A strong internal control system will reduce the amount of substantive testing that must be performed.
ED
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ST
ANS: F PTS: 1
MULTIPLE CHOICE
U
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
D
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
Y
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C PTS: 1
3. The most cost-effective type of internal control is
a. preventive control
b. accounting control
D
U
ST
D
,IT Auditing 4th Ed—Test Bank, Chapter 1
Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their organization’s
internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal
control adequacy.
ANS: F PTS: 1
M
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal
control adequacy.
ED
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system
necessitates a qualified opinion on the financial statements?
ST
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
U
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
D
ANS: F PTS: 1
Y
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
9. A key modifying assumption in internal control is that the internal control system is the responsibility of
management.
ANS: T PTS: 1
, IT Auditing 4th Ed—Test Bank, Chapter 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
M
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s internal
ED
controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ST
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
U
processed within the computer environment.
ANS: F PTS: 1
D
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.
Y
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to examine and
evaluate its activities as a service to the organization.
ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that are
organizationally independent and that report to the Audit Committee of the Board of Directors.
, IT Auditing 4th Ed—Test Bank, Chapter 1
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that
are materially misstated.
ANS: T PTS: 1
M
21. A strong internal control system will reduce the amount of substantive testing that must be performed.
ED
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ST
ANS: F PTS: 1
MULTIPLE CHOICE
U
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
D
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
Y
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C PTS: 1
3. The most cost-effective type of internal control is
a. preventive control
b. accounting control
