Specialized Industries

Final Exam

1) Which of the following refers to the proper definition of audit risk?

A. The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially
misstated.
B. The risk that the auditor expresses an inappropriate audit opinion when the financial statements are fairly stated.
C. Either A or B.
D. Neither A nor B.

2) In accordance with PSA, audit risk is a function of the

A. Risks of material misstatements consisting of combined assessed level of inherent risk and control risk
B. Detection risk
C. Both A and B
D. Neither A nor B

3) What are the components of audit risk?

A. Inherent risk B. Control risk C. Detection risk D. All of the choices

4) It refers to the susceptibility of an account balance or class of transactions to a material misstatement assuming there

were no related controls. This type of risk may only be assessed by the auditor but cannot be controlled. It is a function
of the nature of the account.
A. Inherent risk B. Control risk C. Detection risk D. Audit risk

5) The following are factors which affect inherent risk, except

A. The complexity underlying transactions and other events and complexity of calculations related to account
B. Susceptibility of the account to theft or misappropriation.
C. Aggressive management attitude toward financial reporting and inadequate profitability of the entity related to its
industry.
D. The computation of an account involves accounting estimate and judgment
E. Internal control over billing, shipping and recording of sales and purchases is weak and inadequate.

6) It refers to the risk that a material misstatement that could occur in an account balance or class of transactions will not
be prevented or detected and corrected on a timely basis by the accounting and internal control systems. This type of
risk is a function of the client’s internal control and may only be assessed by the auditor but cannot be controlled.
A. Inherent risk B. Control risk C. Detection risk D. Audit risk
7) It refers to the process designed, implemented and maintained by those charged with governance, management and
other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to
reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and
regulations.
A. Internal control B. System of control C. Safeguards D. Guidance

8) The following statements concerning the concept of internal control are correct, except

A. Internal control is accomplished by people at every level of organization, including the management, those charged
with governance and entity’s staff personnel.

B. Internal control can only provide reasonable assurance that the entity’s objectives will be achieved as there are
inherent limitations that may affect the internal control’s effectiveness.
C. In the audit of financial statements, the auditor is only concerned with those policies and procedures within the
accounting and internal control systems that are relevant to the financial statement assertions as the financial
reporting objective.
D. It is the responsibility of the external auditors to establish and maintain an entity’s accounting and internal control
systems.

9) What is the objective of a financial statement auditor in understanding and considering the company’s internal control?
A. To design audit procedures that are appropriate in the circumstances.
B. For the purpose of expressing an opinion on the effectiveness of internal control.
C. To eliminate the risk of issuing inappropriate opinion when in fact the financial statements are materially misstated.
D. To properly plan the audit in order to eliminate substantive test.

10) In the consideration of the client’s internal control during risk assessment procedures, the auditor should obtain
sufficient understanding of the components of the entity’s internal control relevant to the audit. Although most controls
relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are
relevant to the audit. It is a matter of the auditor’s professional judgment whether a control, individually or in
combination with others, is relevant to the audit. Such understanding of internal control involves the following, except
A. Evaluating the design of the control by considering whether the control, individually or in combination with other
controls, is capable of effectively preventing, or detecting and correcting, material misstatements.
B. Determining whether or not the internal control really exists.
C. Obtaining information or knowledge about the operating effectiveness and efficiency of the internal control.
D. Determining whether or not the internal control has been actually applied and implemented.

11) Although internal control policies and procedures vary significantly from one entity to another, there are five essential
components of internal control that must be established to provide reasonable assurance that the entity’s objectives will
be achieved. These five interrelated components of the entity’s internal control are the following, (CRIME) except
A. Control activities
B. Entity’s Risk assessment process
C. The Information system, including the related business processes, relevant to financial reporting, and
communication
D. Monitoring of Controls
E. Control Environment
 F. Human resources

12) This element of internal control is the most important because it involves the setting of culture of honesty and ethical
behavior by management and those charged with governance.

A. Control environment
B. Entity’s Risk assessment process
C. Monitoring of Controls
D. Control activities
E. The information system, including the related business processes, relevant to financial reporting, and
communication

13) It refers to the element of internal control which involves the process set by the client’s management for (a) Identifying
business risks relevant to financial reporting objectives; (b) Estimating the significance of the risks; (c) Assessing the

likelihood of their occurrence; and (d) Deciding about actions to address those risks.
A. Control environment
B. Entity’s Risk assessment process
C. Monitoring of Controls
D. Control activities
E. The information system, including the related business processes, relevant to financial reporting, and
communication

14) In understanding the internal control component of the information system, including the related business processes,
relevant to financial reporting, and communication, the auditor shall obtain understanding of the following, except
A. Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual
transactions or adjustments.

B. How the information system captures events and conditions, other than transactions, that are significant to the
financial statements.
C. The procedures, within both information technology (IT) and manual systems, by which those transactions are
initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the
financial statements.
D. Sources of the information used in the entity’s monitoring activities, and the basis upon which management
considers the information to be sufficiently reliable for the purpose.

15) Which of the following statements concerning understanding the internal control component of control activities is
correct?
A. In understanding the entity’s control activities, the auditor shall obtain an understanding of how the entity has
responded to risks arising from information technology.
B. An audit of financial statements requires an understanding of all the control activities related to each significant
class of transactions, account balance, and disclosure in the financial statements or to every assertion relevant to
them.
C. Both A and B.
D. Neither A nor B.
16) Which of the following statements concerning the responsibility of the auditor for the consideration of the company’s
internal control pertains to the internal control element of control environment?
A. The auditor shall understand the strengths in the control environment elements collectively provide an appropriate
foundation for the other components of internal control, and whether those other components are not undermined
by control environment weaknesses.
B. The auditor shall obtain an understanding of why the company’s risk assessment process fails to identify risk of
material misstatement, and evaluate whether the process is appropriate to its circumstances or if there is a material
weakness in the entity’s risk assessment process.
C. The auditor shall obtain an understanding of the information system, including the related business processes,
relevant to financial reporting, including the classes of transactions in the entity’s operations that are significant to
the financial statements and the financial reporting process used to prepare the entity’s financial statements,
including significant accounting estimates and disclosures.
D. The auditor shall obtain an understanding of control activities relevant to the audit, being those the auditor judges
it necessary to understand in order to assess the risks of material misstatement at the assertion level and design
further audit procedures responsive to assessed risks.
E. The auditor shall obtain an understanding of the major activities that the entity uses to monitor internal control over
financial reporting, including those related to those control activities relevant to the audit, and how the entity
initiates corrective actions to its controls.

17) Internal control can only provide reasonable assurance that the entity’s objectives will be achieved as there are inherent

limitations that may affect the internal control’s effectiveness. The following are the inherent limitations of an internal
control, except

A. The potential human errors due to carelessness, distraction, mistakes of judgments and the misunderstanding of
instructions.
B. The possibility of circumvention of internal controls through collusion among employees.
C. The possibility of circumvention of internal controls through management override of internal control.
D. The possibility that procedures may become inadequate due to changes in conditions, and compliance with
procedures may deteriorate.
E. Management’s usual requirement that cost of an internal control should exceed the expected benefits to be derived.

18) PSAs require the auditor to obtain understanding of the entity’s internal control structure
A. For first time audit clients C. Whenever the auditor wises or sees necessary
B. For every audit D. Sufficient to find any frauds that may exists

19) In all audits, the auditor should obtain an understanding of _______ components of internal control sufficient to assess the risk
of material misstatement and to design further audit procedures
A. Depends on the management’s permission C. Al least four
B. Majority D. All the five

20) With respect to the client’s system of internal control, the auditor is concerned that the existing policies and procedures provide
reasonable assurance that
A. Operational efficiency has been achieved in accordance with management plans
B. Errors and fraud have been prevented or detected
C. Controls have not been circumvented by collusion
D. Management cannot override the internal control
21) Identifying relevant controls is least likely facilitated by
A. Previous experience
B. The understanding of the entity and its environment
C. Information gather during the audit
D. Rate of responses to bank confirmation letters

22) The auditor must evaluate the design of relevant controls and determine whether they have been implemented. Evaluating the
design of the entity’s internal control would involve
A. Considering whether the control, individually or in combination with other controls, is capable of effectively preventing or
detecting and correcting, material misstatements.
B. Determining whether control exists and the entity is using it.
C. Determining the how, by who, and consistency of application of internal control.
D. Determining whether the control is operating effectively.

23) Obtaining an understanding of internal control through risk assessment procedures involves evaluating the

I. Design of internal control

II. Implementation of internal control
III. Operating effectiveness of internal control

A. I, II and III C. I only

B. I and III only D. I and II only

24) When is the case that obtaining an understanding of internal control is sufficient to test operating effectiveness of control?
A. Controls are highly automated and the IT general controls are effective
B. Controls are non-complex in nature
C. Controls are periodically evaluated by internal auditors
D. Controls are sophisticated and critical

25) When obtaining an understanding of an entity’s internal controls, an auditor should concentrate on their substance rather than
their form because
A. The controls may be operating effectively but may not be documented
B. Management may establish appropriate controls but not enforce compliance with them
C. The controls may be so inappropriate that the auditor assesses control risk at the maximum.
D. Management may implement controls whose costs exceed their benefit

26) Which of the following is not a medium that can normally be used by an auditor to record information concerning a client’s
internal control policies and procedures?
A. Narrative memorandum C. Flowchart
B. Procedures manual D. Questionnaire

27) Which of the following is not a medium that can normally by used by an auditor to record information concerning a client’s
internal control policies and procedures
A. Decision table C. Check list
B. Policy manual D. Questionnaire

28) A decision table

A. Consists of a series of procedures to be performed
B. Logic diagrams presented in matrix form
C. A written description of the process and flow of documents and of the control points
D. Diagrams of client’s system that track the flow of documents and processing

29) Questionnaires consists of a series of interrelated questions about internal control policies and procedures. The questions are
typically phrased so that a “Yes” indicates a control strength and no “No” indicate a potential weakness. An advantage(s) of
questionnaire is(are)
A. Provide a visual representation of the system and flexible in construction
B. Help identify control concerns and prevents the auditor from overlooking important control considerations
C. Flexible to prepare, although difficult for a complex system
D. Identify the contingencies considered in the description of a problem and the appropriate actions to be taken in each case.
30) Assessing control risk at a low level most likely would involve
A. Performing more extensive substantive tests with larger sample sizes than originally planned.
B. Reducing inherent risk for most of the assertions relevant to significant account balances.
C. Changing the timing of substantive tests by omitting interim date testing and performing the tests at year end.
D. Identifying specific controls relevant to specific assertions.

31) An auditor assesses control risk because it

A. Is relevant to the auditor’s understanding of the control environment
B. Provides assurance that the auditor’s materiality levels are appropriate
C. Indicates to the auditor where inherent risk may be the greatest
D. Affects the level of detection risk that the auditor may accept

32) Which of the following is not a step in an auditor’s assessment of control risk?
A. Evaluate the effectiveness of internal control with tests of controls.
B. Obtain an understanding of the entity’s information system and control environment.

C. Perform test of details of transactions to detect material misstatements in the financial statements.
D. Consider whether controls can have a pervasive effect on financial statement assertions.

33) It is the process designed and effected by those charged with governance, management, the other personnel to
provide reasonable assurance about the achievement of the entity’s objectives.

A. Internal auditing C. Business strategy

B. Internal control D. Accounting process

34) Which of the following is not one of the three primary objective of effective internal control?
A. Reliability of financial reporting C. Compliance with laws and regulation
B. Efficiency and effectiveness of operations D. Assurance of elimination of business risk

35) The overall attitude and awareness of an entity’s board of directors concerning the importance of internal control
usually is reflected in its
A. Computer based controls C. Control environment
B. System of segregation of duties D. Safeguards over access to assets

36) Which of the following are considered control environment element?

Commitment Detection Organizational
to competence risk structure
A. No Yes No
B. Yes Yes No
C. Yes No Yes
D. No No Yes
37) Which of the following statements concerning the relevance of various types of controls to a financial statement audit is
correct?
A. All controls are ordinarily relevant to a financial statement audit.
B. Controls over safeguarding of assets and liabilities are of primary importance, while controls over the reliability of
financial reporting may also be relevant.
C. Controls over the reliability of financial reporting are ordinarily most directly relevant to a financial statement audit,
but other controls may also be relevant.
D. An auditor may ordinarily ignore a consideration of controls when a substantive audit approach is taken.

38) An auditor should consider two key issues when obtaining an understanding of a client’s internal controls. These issue
are
A. The effectiveness and efficiency of controls

B. The frequency and effectiveness of the controls

C. The design and implementation of the controls
D. The implementation and efficiency of the controls

39) The audit plan includes:

A. A description of the nature, timing and extent of planned risk assessment procedures sufficient to assess the risk of material
misstatement
B. A description of the nature, timing and extent of planned further audit procedures at the assertion level for each material
class of transactions, account balances and disclosures.
C. Other planned audit procedures that are required to be carried out so that the engagement complies with out audit approach
D. All of the above

40) The audit program usually cannot be finalized until the

A. Consideration of the entity’s internal control structure has been completed
B. Engagement letter has been signed by the auditor
C. Reportable conditions have been communicated to the audit committee of the board of director
D. Search for unrecorded liabilities has been performed and documented

41) In designing written audit programs, an auditor should establish specific audit objectives that relate primarily to the
A. Timing of audit procedures C. Selected audit techniques
B. Cost benefit of gathering evidence D. Financial statement assertions

42) An auditor should design the written audit program so that

A. All material transactions will be selected for substantive testing
B. Substantive tests prior to the balance sheet date will be minimized
C. The audit procedures selected will achieve specific objectives
D. Each account balance will be tested under either tests of controls or test of transactions

43) Assertions are representations by the management, explicit or otherwise, that are embodied in the financial statements.
Management’s assertions in the financial statements are of relevance to the audit process because:
A. They are the procedures that will be performed by the audit team
B. They are direct evidence that management has prepared financial statements in accordance with generally accepted audit
standards.
C. They relate more to the audit while the financial statements belong to the auditor
D. They are utilized by the auditors in developing proper tests and procedures

44) Which of the following concepts is most useful in assessing the scope of an auditor’s program relating to various accounts?
A. Attribute sampling C. The reliability of information
B. Materiality D. Management fraud
45) Auditors are most likely to use the most rigorous audit procedures to examine
A. Routine transactions
B. Management assertions that are deemed to be of low risk
C. Only the rights and obligations assertions
D. Management assertions that are deemed to be of high risk

46) This involves establishing the overall audit strategy for the engagement and developing an audit plan, in order to reduce audit
risk to an acceptably low level.
A. Audit procedures C. Audit program
B. Audit planning D. Audit working papers

47) Statement 1 – The audit plan sets the scope, timing and direction of the audit, and guides the development of the more detailed
audit strategy, which are discrete and sequential activities.

Statement 2 – The audit strategy is more detailed than the audit plan and includes the nature, timing and extent of audit
procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to reduce
audit risk to an acceptably low level.

A. True, true C. False, false

B. True, false D. False, true

48) The nature and extent of planning will vary according the following, except
A. Size of the auditing firm C. Auditors experience with the entity of the business
B. Nature and complexity of the entity D. Changes in circumstances that occur during audit

49) Statement 1 – The overall audit strategy should be updated and changed as necessary during the course of the audit.

Statement 2 – The audit plans should not be updated and changed during the course of the audit, as these are detailed plans and
revising them would be impractical in most cases.

A. True, true C. False, false

B. False, true D. True, false

50) Which of the following procedures is not performed as a part of planning an audit engagement?
A. Reviewing the working papers of the prior year C. Confirmation of all major accounts
B. Performing analytical procedures D. Designing an audit program