1.

Which of the following is least likely entitled to the report of the service organization auditor on the
suitability of the design and operating effectiveness of the service organization?
a. Service organization’s management c. Client’s auditors
b. Service organization’s customers d. Service organization’s stockholders

2. Which of the following is the least concern of the client auditor in reviewing the report of service
organization auditor on suitability of internal control design of the service organization?
a. The accuracy of description of the service organization's accounting and internal control
systems, ordinarily prepared by the management of the service organization.
b. The systems' controls have been placed in operation.
c. The accounting and internal control systems are suitably designed to achieve their stated
objectives.
d. The type of documentation of the understanding of the service organization’s control system.
3. Transaction authorization within an organization may be either specific or general. An example of
specific transaction authorization is the
a. Approval of a construction budget for a new warehouse
b. Setting of automatic reorder points
c. Establishment of a customer’s credit limits
d. Establishment of sales prices
4. Internal control should provide reasonable (but not necessarily absolute) assurance which means
that:
a. The cost of control activities should not exceed the benefits.
b. Internal control is management’s, not auditor’s, responsibility.
c. An attestation engagement about management’s internal control assertions may not
necessarily detect all reportable conditions.
d. There is always a risk that reportable conditions may result in material misstatements.
5. Which statement is incorrect regarding the client auditor’s use of service organization auditor’s
report?
a. When using a service organization auditor’s report, the client auditor should consider the
nature of and content of that report.
b. The client auditor should consider the scope of work performed by the service organization
auditor and should assess the usefulness and appropriateness of reports issued by the
service organization auditor.
c. When a Type B report is to be used as evidence to support a lower control risk assessment, a
client auditor would consider whether the controls tested by the service organization auditor
are relevant to the client's transactions (significant assertions in the client's financial
statements) and whether the service organization auditor's tests of control and the results are
adequate.
d. Since Type A reports may be useful to a client auditor in gaining the required understanding of
the accounting and internal control systems, an auditor may use such reports as a basis for
reducing the assessment of control risk.
6. When the auditor considers that the service organization activities are significant to the client and
relevant to the audit and he concludes that it would be efficient to obtain audit evidence from tests
of control to support an assessment of control risk at a lower level. Such evidence may be
obtained by, except
a. Performing tests of the client's controls over activities of the service organization.
b. Obtaining a service organization auditor's report that expresses an opinion as to the operating
effectiveness of the service organization's accounting and internal control systems for the
processing applications relevant to the audit.
c. Visiting the service organization and performing tests of control.
d. Review the service contract between the client and the service organization.

7. Which of the following statements is an example of an inherent limitation of internal control.

a. Errors may arise from mistakes in judgments.
b. The effectiveness of control procedures depends on segregation of duties.
c. Procedures are designed to assure that transactions are executed as management authorities.
d. Computers process large numbers of transactions.
8. Proper segregation of functional responsibilities calls for separation of the functions of
a. Authorization, execution, and recording. c. Custody, execution, and reporting.
b. Authorization, execution, and payment. d. Authorization, payment, and recording.
9. When the auditor considers that the service organization activities are significant to the client and
relevant to the audit and he concludes that it would be efficient to obtain audit evidence from tests
of control to support an assessment of control risk at a lower level. Such evidence may be
obtained by, except
a. Performing tests of the client's controls over activities of the service organization.
b. Obtaining a service organization auditor's report that expresses an opinion as to the operating
effectiveness of the service organization's accounting and internal control systems for the
processing applications relevant to the audit.
c. Visiting the service organization and performing tests of control.
d. Review the service contract between the client and the service organization.
10. Which of the following is least likely considered by the auditor in determining the significance of
service organization activities to the client and the relevance to the audit?
a. Terms of contract and relationship between the client and the service organization.
b. The material financial statement assertions that are affected by the use of the service
organization.
c. Client's internal controls that are applied to the transactions processed by the service
organization.
d. The control policies and procedures of the client of requiring that all payments for goods and
services be supported by receiving reports.
11. Which of the following is a responsibility that should not be assigned to only one employee?
a. Access to securities in the company’s safe deposit box.
b. Custodianship of the cash working fund.
c. Reconciliation of bank statement.
d. Custodianship of tools and small equipment.
12. Which of the following activities would be least likely to strengthen a company’s internal control?
a. Maintaining insurance for fire and theft.
b. Separating accounting from other financial operations.
c. Fixing responsibility for the performance of employee duties.
d. Carefully selecting and training employees.
13. The auditor should consider whether the assessment of control risk is confirmed
a. Upon completion of understanding of internal control.
b. Upon completion of tests of controls
c. Before the final audit program is completed.
d. Upon the conclusion of the audit, based on the results of substantive procedures and other
audit evidence obtained.
14. Which of the following activities would be least likely to strengthen a company’s internal control?
a. Maintaining insurance for fire and theft.
b. Separating accounting from other financial operations.
c. Fixing responsibility for the performance of employee duties.
d. Carefully selecting and training employees.
15. As generally conceived, the “audit committee” of a publicly held company should be made up of
a. Members of the board of directors who are not officers or employees.
b. Representatives of the major equity interests (bonds, preferred stock, common stock).
c. The audit partner, the chief financial officer, the legal counsel, and at least one outsider.
d. Representatives from the client’s management, investors, suppliers, and customers.
16. Tests of controls are performed to obtain audit evidence about the effectiveness of the
a. Operation of the internal controls at the time the tests are being applied.
b. Operations of the internal controls in eliminating fraud and errors.
c. Design of the internal controls in eliminating fraud and errors.
d. Design of the accounting and internal controls systems.
17. As generally conceived, the “audit committee” of a publicly held company should be made up of
a. Members of the board of directors who are not officers or employees.
b. Representatives of the major equity interests (bonds, preferred stock, common stock).
c. The audit partner, the chief financial officer, the legal counsel, and at least one outsider.
d. Representatives from the client’s management, investors, suppliers, and customers.
18. Tests of controls may include the following, except:
a. Reperformance of internal control procedures
b. Inquiries about, and observation of, internal controls which leave no audit trail.
c. Inspection of documentary support for transactions evidencing authorization
d. Analytical procedures involving comparison of operating expenses with budgeted amount.
19. When considering internal control, the auditor’s primary concern is to determine
a. The reliability of the accounting information system.
b. The possibility of fraud occurring.
c. Compliance with policies, plans, and procedures.
d. The type of an opinion he will issue
20. The following statements are true about observation when used as tests of control procedures,
except.
a. The auditor may supplement his observations with other tests of control capable of providing
audit evidence.
b. Audit evidence obtained by doing observation pertains only to the point in time at which the
procedure was applied.
c. Observation of who applies a control procedure is useful as a test of control procedures when
evaluating control effectiveness of both computerized and manual system
d. Ordinarily, making inquiries provides more reliable audit evidence than doing observation
when testing segregation of functional responsibilities
21. The evaluation of deviations that were observed upon completing tests of controls
a. May require the need for doing more extensive understanding of control.
b. May require more extensive tests of controls.
c. Always requires documentation of the basis of assessment of control risk.
d. May require modification of the nature, timing, and extent of planned substantive procedures.
22. Which of the following least likely affects the nature, timing, and extent of the procedures
performed by the auditor to obtain an understanding of the accounting and internal control
systems of an audit client?
a. Materiality considerations
b. The auditor’s assessment of inherent risk
c. The level of acceptable detection risk
d. The size and complexity of the entity and of its computer system
23. When obtaining an understanding of the accounting and internal control system the auditor may
trace a few transactions through the accounting system. This technique is:
a. Reperformance test c. Walk-through test
b. Test of transactions d. Validity test
24. Which of the following is not part of the control environment?
a. Management philosophy and operating style.
b. Organizational structure and methods of assigning authority and responsibility.
c. Information and communication systems.
d. The function of the board of directors and its committees.
25. Of the following, the best statement of the CPA’s primary objective in considering internal control
is that the review is intended to provide
a. A basis for reliance on the system and determining the scope of other auditing procedures.
b. Reasonable protection against client fraud and defalcations by client employees.
c. A basis for constructive suggestions to the client for improving his internal control system.
d. A method for ensuring that there is reasonable assurance that the financial statements are
reliable.
26. When an auditor assesses control risk below the maximum level, the auditor is required to
document the auditor’s
Basis for concluding that Understanding of the entity’s
control internal
Risk is below the maximum
level control structure elements
a. Yes Yes
b. No No
c. Yes No
d. No Yes
27. The sequence of steps in gathering evidence as the basis of the auditor’s opinion is
a. Substantive tests, documentation of control structure, and tests of controls
b. Documentation of control structure, tests of controls, and substantive tests
c. Documentation of control structure, substantive tests, and tests of controls
d. Tests of controls, documentation of control structure, and substantive tests
28. In obtaining an understanding of an entity’s internal control structure, an auditor is required to
obtain knowledge about the
Operating effectiveness of Design of policies
Policies and procedures and procedures
a. Yes Yes
b. No Yes
c. Yes No
d. No No
29. The primary objective of procedures performed to obtain an understanding of internal control is to
provide an auditor with
 a. Evidential matter to use in reducing detection risk.
b. A basis from which to modify tests of controls.
c. Knowledge necessary to plan the audit.
d. Information necessary to prepare flowcharts
30. A consideration of internal control made during an audit is usually not sufficient to express an
opinion on an entity's controls because
a. Weaknesses in the system may go unnoticed during the audit engagement.
b. A consideration of internal control is not necessarily made during an audit engagement.
c. Only those controls on which an auditor intends to rely are reviewed, tested, and evaluated.
d. Controls can change each year.
31. The auditor's review of the client's internal control is documented in order to substantiate
a. Conformity of the accounting records with GAAP.
b. Adherence to requirements of management.
c. Compliance with generally accepted auditing standards.
d. The fairness of the financial statement presentation.

32. A secondary purpose of the auditor's consideration of internal control is to provide

a. A basis for assessing control risk.
b. An assurance that the records and documents have been maintained in accordance
with existing company policies and procedures.
c. A basis for constructive suggestions about improvements in internal control structure.
d. A basis for the determination of the resultant extent of the tests to which auditing
procedures are to be restricted.
33. Which of the following audit techniques most likely would provide an auditor with the
most assurance about the effectiveness of the operation on an internal control procedure?
a. Confirmation with outside parties c. Recomputation of account balance
b. Observation of client personnel d. Inquiry of client personnel
34. The accountant's report expressing an opinion on an entity's internal controls should state that the
a. Objectives of the client's internal controls are being met.
b. Consideration of the internal controls was conducted in accordance with generally
accepted auditing standards.
c. Establishment and maintenance of internal control is the responsibility of management.
d. Inherent limitations of the client's internal controls were examined.
35. Internal control procedures are not designed to provide reasonable assurance that
a. Transactions are executed in accordance with management's authorization.
b. Access to assets is permitted only in accordance with management's authorization.
c. Irregularities will be eliminated.
d. The recorded accountability for assets is compared with the existing assets at reasonable
intervals.
36. In general, a material weakness in internal control may be defined as a condition in which material
errors or irregularities may occur and not be detected within a timely period by
a. An independent auditor during tests of controls.
b. Management when reviewing interim financial statements and reconciling account balances.
c. Employees in the normal course of performing their assigned functions.
d. Outside consultants who issue a special-purpose report on internal control structure.
37. After obtaining an understanding of a client’s controls, an auditor may decide to omit tests of the
controls. Which of the following in not appropriate reason to omit tests of controls?
a. The controls duplicate other controls.
b. The controls appear adequate.
c. Reportable conditions preclude assessing control risk below the maximum.
d. The effort to test controls exceeds the effort saved by not performing substantive tests.
38. Before relying on the system of internal control, the auditor obtains a reasonable degree of
assurance that the internal control procedures are in use and operating as planned. The auditor
obtains this assurance by performing planned
a. Substantive tests c. Transaction tests
b. Tests of controls d. Tests of trends and ratios
39. In an auditor’s consideration of internal control, the completion of a questionnaire is most closely
associated with which of the following?
a. Separation of duties c. Flowchart accuracy
b. Understanding the system d. Tests of controls
40. To obtain an understanding of the relevant policies and procedures of internal control, the auditor
performs all of the following except:
a. Make inquiries c. Make observations
b. Design substantive tests d. Inspect documents and records