QUIZ NO.

Name (Surname, Given Name M.I.): Date:

Section: Score: /40

Multiple choice. Shade the letter that corresponds to the best answer.

Use the following choices for numbers 1 – 10.

a. – Only statement 1 is correct c. – Both statements are correct
b. – Only statement 2 is correct d. – Both statements are incorrect

1. S1: The auditor should obtain an understanding of all aspects of the client’s internal control. False
S2: The auditor uses the understanding of internal control to identify types of potential misstatements, consider factors that affect the
risks of material misstatement, and design the nature, timing, and extent of further audit procedures. True

2. S1: The way in which internal control is designed and implemented varies with an entity’s size and complexity. True
S2: Internal control can only be expected to provide reasonable assurance, not absolute assurance, that the entity’s business risks are
addressed and its objectives are achieved. True

3. S1: Control environment refers to the governance and management functions and the attitudes, awareness, and actions of those charged
with governance and management concerning the entity’s internal control and its importance in the entity. True
S2: The control environment has little influence on the way business activities are structured, the way objectives are established, and
the way risks are assessed. False

4. S1: Communication and enforcement of integrity and ethical values are essential elements which influence the effectiveness of the
design, administration, and monitoring of internal controls. True
S2: An entity’s control environment’s effectiveness is enhanced if its culture values competence because internal control greatly depends
on its people. True

5. S1: The guidance and oversight responsibilities of an active and involved board of directors who possess an appropriate degree of
management, technical, and other expertise is not that critical to effective internal control because they are normally detached from the
day-to-day operations of the entity. False
S2: For an entity to have a sound risk assessment process, an entity should always adopt a formally-structured risk department with own
office, people and process specifically tasked to identify, evaluate, assess and address risks as they occur. False

6. S1: Segregation of duties is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal
errors or fraud in the normal course of the person’s duties. True
S2: Separate evaluations are designed to identify control failures, by identifying activities and outcomes that are out of the norm,
unexpected, or inconsistent with management’s objectives. They are often built into the normal recurring activities of an entity and
include regular management and supervisory activities. False

7. S1: Ongoing monitoring activities are often performed by internal and external auditors or company employees and provide feedback
on the effectiveness of other internal control processes. False
S2: The auditor shall document the key elements of each of the internal control components, including the sources of information from
which the understanding was obtained. True

8. S1: The auditor may document its understanding through any or combination of the following techniques: narratives, flowcharts and
questionnaires. True
S2: Most questionnaires require a “yes” or a “no” response, with “yes” responses indicating potential internal control deficiencies. False

9. S1: Transaction walkthrough involves tracing a set of interrelated transactions through the financial reporting system. True
S2: Material weakness in internal control is deficiency, or a combination of deficiencies, in internal control over financial reporting, such
that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be
prevented or detected on a timely basis. True

10. S1: The auditor’s responses to assessed risks include overall response to risks assessed on assertion levels and further audit procedures
for the risks on financial statements level. False
S2: Test of controls are always done in an audit. False

11. PSA 315 requires

a. The auditor to obtain an understanding of the entity and its environment, including its internal control.
b. Discussion among the engagement team about the susceptibility of the entity’s financial statements to material misstatement.
c. The auditor to identify and assess the risks of material misstatement at the financial statement and assertion levels.
d. All of the above.

12. Which statement is incorrect regarding obtaining an understanding of the entity and its environment?
a. Obtaining an understanding of the entity and its environment is an essential aspect of performing an audit in accordance with PSAs.
b. That understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment
about assessing risks of material misstatement of the financial statements and responding to those risks throughout the audit.

Page 1 of 4
 c. The auditor’s primary consideration is whether the understanding that has been obtained is sufficient to assess the risks of material
misstatement of the financial statements and to design and perform further audit procedures.
d. The depth of the overall understanding that is required by the auditor in performing the audit is equal to that possessed by
management in managing the entity.

13. The main purpose of risk assessment procedures is to

a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement
at the financial statement and assertion levels.
b. Test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatement at the assertion level.
c. Detect material misstatements at the assertion level.
d. All of the above

14. An auditor considers internal control in order to:

a. Determine whether assets are safeguarded.
b. Suggest improvements in internal control.
c. Plan the audit procedures.
d. Express an opinion.

15. A reason to establish internal control is to

a. have a basis of planning the audit.
b. provide reasonable assurance that the objectives of the organization are achieved.
c. encourage compliance with organizational objectives.
d. ensure the accuracy, reliability, and timeliness of information.

16. Which of the following is not an element of an entity's internal control?

a. Control risk
b. Control activities
c. The information system
d. The control environment

17. Which of the following is not typically one of management’s concerns in designing an effective internal control structure?
a. Reliability of financial reporting.
b. Obtaining the best internal control system possible.
c. Compliance with applicable laws and regulations.
d. Efficiency and effectiveness of operations.

18. Inquiries directed towards those charged with governance may most likely
a. Relate to their activities concerning the design and effectiveness of the entity’s internal control and whether management has
satisfactorily responded to any findings from those activities
b. Help the auditor in understanding the environment in which the financial statements are prepared
c. Relate to changes in the entity’s marketing strategies, sales trends or contractual arrangements with its customers
d. Help the auditor in evaluating the appropriateness of the selection and application of certain accounting policies

19. The auditors’ understanding of the entity and the environment consists of the following aspects
I. Industry, regulatory, and other external factors, including the applicable financial reporting framework
II. Nature of the entity, including the entity’s selection and application of accounting policies
III. Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements
IV. Measurement and review of the entity’s financial performance
V. Internal control
a. All of the above
b. I, II and III only
c. I, II, III and IV only
d. I and III only

20. Nature of the entity refers to

a. The entity’s operations, its ownership and governance, the types of investments that it is making and plans to make, the way that
the entity is structured and how it is financed
b. The overall plans for the entity
c. The operational approaches by which management intends to achieve its objectives
d. The result of significant conditions, actions or inactions that could adversely affects the entity’s ability to achieve its objectives and
execute the strategies or the setting of inappropriate objectives and strategies.

21. Which statement is correct regarding business risk?

a. The risk of material misstatement of the financial statements is broader than business risk, though it includes the latter
b. The auditor should identify or assess all business risks
c. All business risks give rise to risks of material misstatements
d. A business risk may have an immediate consequence for the risk of misstatement for classes of transactions, account balances, and
disclosures in the assertion level or the financial statements as a whole

22. A potential business risk created by industry developments may most likely include
a. Increased product liability
b. Increased legal exposure
c. The entity does not have the personnel or expertise to deal with the changes in the industry
Page 2 of 4
 d. Loss of financing due to the entity’s inability to meet financing requirements

23. Which of the following is least likely to be an evidence of operating effectiveness of controls?
a. Cancellation of supporting documents.
b. The policy of documenting the usage of computer programs.
c. Confirmation of bank balances.
d. Signatures on authorization forms.

24. Which of the following is an inherent limitation of any client's internal control?
a. The benefits expected to be derived from effective internal control should not exceed the costs of such control.
b. The competence and integrity of client personnel provide an environment conducive to control and provide assurance that effective
control will be achieved.
c. The procedures that are designed to assure the execution and recording of transactions in accordance with proper authorizations
are effective against frauds perpetrated by management.
d. The procedures whose effectiveness depends on segregation of duties can be circumvented by collusion.

25. The primary responsibility for establishing and maintaining internal controls rests with the
a. internal auditors.
b. management.
c. Securities and Exchange Commission.
d. external auditors.

26. Which of the following is not a part of the control environment?

a. Management philosophy and operating style
b. Organizational structure
c. Information and communication systems
d. Assignment of authority and responsibility

27. According to PSA 400, which of the following is correct regarding internal control system?
a. Internal control system refers to all the policies and procedures adopted by the auditor to assist in achieving management’s
objective.
b. A strong environment, by itself, ensure the effectiveness of the internal control system.
c. In the audit of financial statements, the auditor is only concerned with those policies and procedures within the accounting and
internal control systems that are relevant to the financial statements.
d. The internal control system is confined to those matters which relate directly to the functions of the accounting system.

28. Which of the following is correct about internal control?

a. Accounting and internal control systems provide management with conclusive evidence that objectives are reached.
b. One of the inherent limitations of accounting and internal control systems is the possibility that the procedures may become
inadequate due to changes in conditions, and compliance with procedures may deteriorate.
c. Most internal controls tend to be directed at non-routine transactions.
d. Management does not consider costs of the accounting and internal control systems.

29. The following are the components of the internal control, except
a. Risk assessment process
b. Control environment
c. Control activities
d. Control risk

30. Control environment

a. Consists of the policies and procedures that help ensure that management directives are carried out
b. Includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance
and management concerning the entity’s internal control and its importance in the entity
c. Is the entity’s process for identifying business risks relevant to financial reporting objectives and deciding about actions to address
those risks, and the results thereof.
d. Consists of the procedures and records established to initiate, record, process, and report entity transactions (as well as events and
conditions) and to maintain accountability for the related assets, liabilities, and equity.

31. Corporate directors, management, external auditors, and internal auditors all play important roles in creating a proper control
environment. Top management is primarily responsible for
a. Establishing a proper environment and specifying overall internal control.
b. Reviewing the reliability and integrity of financial information and the means used to collect and report such information.
c. Ensuring that external and internal auditors adequately monitor the control environment.
d. Implementing and monitoring controls designed by the board of directors.

32. Which of the following factors are included in an entity’s control environment?
a. b. c. d.
Commitment to competence Yes Yes No Yes
Integrity and ethical values Yes No Yes Yes
Organizational structure No Yes Yes Yes

33. The control environment includes which of the following?

Page 3 of 4
 a. Control activities
b. Management philosophy and operating style
c. Assessing activity level risks
d. Application level controls

34. Tests of controls are used to test whether controls are

a. operating effectively.
b. placed in operation (implemented).
c. properly accumulated into balance sheet totals.
d. properly documented by the client.

35. Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the
operation of an internal control procedure?
a. Inquiry of client personnel
b. Recomputation of an account balance
c. Observation of client personnel
d. Confirmation of balances or transactions with outside parties

36. After the study and evaluation of a client's internal control policies and procedures has been completed, an auditor might decide to
a. increase the extent of substantive testing in areas where the internal control policies and procedures are strong.
b. reduce the extent of control testing in areas where the internal control policies and procedures are strong.
c. reduce the extent of both substantive and control testing in areas where the internal control policies and procedures are strong.
d. increase the extent of substantive testing in areas where the internal controls are weak.

37. Control testing is performed in order to determine whether or not

a. the assessed level of control risk can be reduced.
b. necessary controls are absent.
c. incompatible functions exist.
d. material peso errors exist.

38. Control activities constitute one of the five components of internal control. Control activities do not encompass
a. Performance reviews
b. Information processing
c. Physical controls
d. An internal audit function

39. The following are the inherent limitations of internal control, except
a. Collusion among employees
b. Management override
c. Errors by personnel
d. Incompatible duties

40. Determine the most logical order of assessing the risks of material misstatements as indicated in PSA 315?
I. Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential
misstatement is of a magnitude that could result in a material misstatement.
II. Assess the identified risks (if it is a significant risk), and evaluate whether they relate more pervasively to the financial statements
as a whole and potentially affect many assertions;
III. Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls
that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements
IV. Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends
to test;
a. I, II, III and IV
b. III, II, IV, and I
c. III, II, I and IV
d. IV, III, I, and II

Page 4 of 4