Page 10 of 13

AT-5910
d. Reduce the extent of both substantive tests and tests of controls in areas where internalcontrol is strong17. To
obtain an understanding of the relevant policies and procedures of internal control, the auditorperforms all of the
following except:a. Make inquiries c. Make observationsb. Design substantive
tests d. Inspect documents and records18. In an auditors consideration of internal control, the completion of a
questionnaire is most closelyassociated with which of the following?
a. Separation of duties c. Flowchart accuracyb. Understanding the system d. Tests of controls19. Before relying on
the system of internal control, the auditor obtains a reasonable degree ofassurance that the internal control
procedures are in use and operating as planned. The auditorobtains this assurance by performing
planneda. Substantive tests c. Transaction testsb.Tests of controls d. Tests of trends and ratios20. After obtaining an
understanding of a clients controls, an auditor may decide to omit tests of thecontrols. Which of the following in not
appropriate reason to omit tests of controls?
a. The controls duplicate other controls.b. The controls appear adequate.c. Reportable conditions preclude assessing
control risk below the maximum.d. The effort to test controls exceeds the effort saved by not performing substantive
tests.21. In general, a material weakness in internal control may be defined as a condition in which materialerrors or
irregularities may occur and not be detected within a timely period bya. An independent auditor during
tests of controls.b. Management when reviewing interim financial statements and reconciling account
balances.c. Employees in the normal course of performing their assigned functions.d. Outside consultants who
issue a special-purpose report on internal control structure.22. Internal control procedures are not designed to
provide reasonable assurance thata. Transactions are executed in accordance with
management's authorization.b. Access to assets is permitted only in accordance with
management's authorization.c. Irregularities will be eliminated.d. The recorded accountability for assets is compared
with the existing assets at reasonableintervals.23. A secondary purpose of the auditor's consideration of
internal control is to providea. A basis for assessing control risk.b. An assurance that the records and documents
have been maintained in accordance withexisting company policies and procedures.c. A basis for constructive
suggestions about improvements in internal control structure.d. A basis for the determination of the resultant extent of
the tests to which auditing proceduresare to be restricted.24. The auditor's review of the client's internal control
is documented in order to substantiatea. Conformity of the accounting records with
GAAP.b. Adherence to requirements of management.c. Compliance with generally accepted auditing standards.d. Th
e fairness of the financial statement presentation.25. A consideration of internal control made during an audit is
usually not sufficient to express anopinion on an entity's controls becausea. Weaknesses in the system may go
unnoticed during the audit engagement.b. A consideration of internal control is not necessarily made during an audit
engagement.c. Only those controls on which an auditor intends to rely are reviewed, tested,
and evaluated.d. Controls can change each year.
Page 11 of 13
AT-5910
26. The accountant's report expressing an opinion on an entity's internal controls should state that thea. Objectives of
the client's internal controls are being met.b. Consideration of the internal controls was conducted in accordance
with generally acceptedauditing standards.c. Establishment and maintenance of internal control is the responsibility
of management.d. Inherent limitations of the client's internal controls were examined.27. The primary objective of
procedures performed to obtain an understanding of internal control is toprovide an auditor witha. Evidential matter to
use in reducing detection risk.b. A basis from which to modify tests
of controls.c. Knowledge necessary to plan the audit.d. Information necessary to prepare flowcharts.PSA 400 Risk
Assessments and Internal Control28. Which of the following is not part of the control environment?
a. Management philosophy and operating style.b. Organizational structure and methods of assigning authority and
responsibility.c. Information and communication systems.d. The function of the board of directors and its
committees.29. When obtaining an understanding of the accounting and internal control system the auditor maytrace
a few transactions through the accounting system. This technique is:a. Reperformance testc. Walk-through
test b. Test of transactions d. Validity test30. Which of the following least likely affects the nature, timing, and extent of
the proceduresperformed by the auditor to obtain an understanding of the accounting and internal controlsystems of
an audit client?a. Materiality considerationsb. The auditors assessment of inherent
riskc. The level of acceptable detection riskd. The size and complexity of the entity and of its computer system31. The
evaluation of deviations that were observed upon completing tests of controlsa. May require the need for doing more
extensive understanding of control.b. May require more extensive tests of controls.c. Always requires documentation
of the basis of assessment of control risk.d. May require modification of the nature, timing, and extent of planned
substantive procedures.32. The following statements are true about observation when used as tests of control

procedures,except.a. The auditor may supplement his observations with other tests of control capable
of providingaudit evidence.b. Audit evidence obtained by doing observation pertains only to the point in time at which
theprocedure was applied.c. Observation of who applies a control procedure is useful as a test of control procedures
whenevaluating control effectiveness of both computerized and manual systemd. Ordinarily, making inquiries
provides more reliable audit evidence than doing observationwhen testing segregation of functional
responsibilities.33. Tests of controls may include the following,
except:a. Reperformance of internal control proceduresb. Inquiries about, and observation of, internal controls
which leave no audit trail.c. Inspection of documentary support for transactions evidencing authorizationd. Analytical
procedures involving comparison of operating expenses with budgeted amount.34. Tests of controls are performed to
obtain audit evidence about the effectiveness of thea. Operation of the internal controls at the time the tests are being
applied.b. Operations of the internal controls in eliminating fraud and errors.c. Design of the internal controls
in eliminating fraud and errors.d. Design of the accounting and internal controls systems.

Page 12 of 13
AT-5910
35. The auditor should consider whether the assessment of control risk is
confirmeda. Upon completion of understanding of internal control.b. Upon completion of tests of controlsc. Before the
final audit program is completed.d. Upon the conclusion of the audit, based on the results of substantive procedures
and otheraudit evidence obtained.PSA 402 Audit Considerations Relating to Entities Using Service
Organizations36. Which of the following is least likely considered by the auditor in determining the significance
ofservice organization activities to the client and the relevance to the audit?a. Terms of contract and relationship
between the client and the service organization.b. The material financial statement assertions that are affected by the
use of the serviceorganization.c. Client's internal controls that are applied to the transactions processed by the
serviceorganization.d. The control policies and procedures of the client of requiring that all payments for
goods andservices be supported by receiving reports.37. When the auditor considers that the service organization
activities are significant to the client andrelevant to the audit and he concludes that it would be efficient to obtain audit
evidence from testsof control to support an assessment of control risk at a lower level. Such evidence
may beobtained by, excepta. Performing tests of the client's controls over activities of the service
organization.b. Obtaining a service organization auditor's report that expresses an opinion as to the
operatingeffectiveness of the service organization's accounting and internal control systems for theprocessing
applications relevant to the audit.c. Visiting the service organization and performing tests of control.d. Review
the service contract between the client and the service organization.38. Which statement is incorrect regarding the
client auditors use of service organization auditorsreport?a. When using a service organization auditors report, the
client auditor should consider thenature of and content of that report.b. The client auditor should consider the scope
of work performed by the service organizationauditor and should assess the usefulness and appropriateness of
reports issued by the serviceorganization auditor.c. When a Type B report is to be used as evidence to support a
lower control risk assessment, aclient auditor would consider whether the controls tested by the service organization
auditorare relevant to the client's transactions (significant assertions in the client's financialstatements) and whether
the service organization auditor's tests of control and the results areadequate.d. Since Type A reports may be useful
to a client auditor in gaining the required understanding ofthe accounting and internal control systems, an auditor may
use such reports as a basis forreducing the assessment of control risk.39. Which of the following is the least concern
of the client auditor in reviewing the report of serviceorganization auditor on suitability of internal control design of the
service organization?a. The accuracy of description of the service organization's accounting and internal
controlsystems, ordinarily prepared by the management of the service organization.b. The systems' controls have
been placed in operation.c. The accounting and internal control systems are suitably designed to achieve their
statedobjectives.d. The type of documentation of the understanding of the service organizations control system.40.
Which of the following is least likely entitled to the report of the service organization auditor on thesuitability of the
design and operating effectiveness of the service organization?
a. Service organizations management c. Clients auditorsb. Service organizations customersd. Service organization
s stockholders