, IT Auditing 4th Ed—Test Bank, Chapter 1
Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their organization’s
internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal
control adequacy.
ANS: F PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal
control adequacy.
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system
necessitates a qualified opinion on the financial statements?
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F PTS: 1
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
9. A key modifying assumption in internal control is that the internal control system is the responsibility of
management.
ANS: T PTS: 1
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s internal
controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
processed within the computer environment.
ANS: F PTS: 1
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to examine and
evaluate its activities as a service to the organization.
ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that are
organizationally independent and that report to the Audit Committee of the Board of Directors.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that
are materially misstated.
ANS: T PTS: 1
21. A strong internal control system will reduce the amount of substantive testing that must be performed.
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ANS: F PTS: 1
MULTIPLE CHOICE
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C PTS: 1
3. The most cost-effective type of internal control is
a. preventive control
b. accounting control
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
c. detective control
d. corrective control
ANS: A PTS: 1
4. Which of the following is a preventive control?
a. credit check before approving a sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts receivable subsidiary ledger to the control account
ANS: A PTS: 1
5. A well-designed purchase order is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: A PTS: 1
6. A physical inventory count is an example of a
a. preventive control
b. detective control
c. corrective control
d. Feed-forward control
ANS: B PTS: 1
7. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: B PTS: 1
8. Which of the following is not an element of the internal control environment?
a. management philosophy and operating style
b. organizational structure of the firm
c. well-designed documents and records
d. the functioning of the board of directors and the audit committee
ANS: C PTS: 1
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
9. Which of the following suggests a weakness in the internal control environment?
a. the firm has an up-to-date organizational chart
b. monthly reports comparing actual performance to budget are distributed to managers
c. performance evaluations are prepared every three years
d. the audit committee meets quarterly with the external auditors
ANS: C PTS: 1
10. Which of the following indicates a strong internal control environment?
a. the internal audit group reports to the audit committee of the board of directors
b. there is no segregation of duties between organization functions
c. there are questions about the integrity of management
d. adverse business conditions exist in the industry
ANS: A PTS: 1
11. According to COSO, an effective accounting system performs all of the following except
a. identifies and records all valid financial transactions
b. records financial transactions in the appropriate accounting period
c. separates the duties of data entry and report generation
d. records all financial transactions promptly
ANS: C PTS: 1
12. Which of the following is the best reason to separate duties in a manual system?
a. to avoid collusion between the programmer and the computer operator
b. to ensure that supervision is not required
c. to prevent the record keeper from authorizing transactions
d. to enable the firm to function more efficiently
ANS: C PTS: 1
13. Which of the following is not an internal control procedure?
a. authorization
b. management’s operating style
c. independent verification
d. accounting records
ANS: B PTS: 1
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their organization’s
internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal
control adequacy.
ANS: F PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal
control adequacy.
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system
necessitates a qualified opinion on the financial statements?
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F PTS: 1
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
9. A key modifying assumption in internal control is that the internal control system is the responsibility of
management.
ANS: T PTS: 1
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s internal
controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
processed within the computer environment.
ANS: F PTS: 1
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to examine and
evaluate its activities as a service to the organization.
ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that are
organizationally independent and that report to the Audit Committee of the Board of Directors.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that
are materially misstated.
ANS: T PTS: 1
21. A strong internal control system will reduce the amount of substantive testing that must be performed.
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ANS: F PTS: 1
MULTIPLE CHOICE
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data
processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
b. fraud occurs because of collusion between two employees
c. the industry is inherently risky
d. management instructs the bookkeeper to make fraudulent journal entries
ANS: C PTS: 1
3. The most cost-effective type of internal control is
a. preventive control
b. accounting control
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
c. detective control
d. corrective control
ANS: A PTS: 1
4. Which of the following is a preventive control?
a. credit check before approving a sale on account
b. bank reconciliation
c. physical inventory count
d. comparing the accounts receivable subsidiary ledger to the control account
ANS: A PTS: 1
5. A well-designed purchase order is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: A PTS: 1
6. A physical inventory count is an example of a
a. preventive control
b. detective control
c. corrective control
d. Feed-forward control
ANS: B PTS: 1
7. The bank reconciliation uncovered a transposition error in the books. This is an example of a
a. preventive control
b. detective control
c. corrective control
d. none of the above
ANS: B PTS: 1
8. Which of the following is not an element of the internal control environment?
a. management philosophy and operating style
b. organizational structure of the firm
c. well-designed documents and records
d. the functioning of the board of directors and the audit committee
ANS: C PTS: 1
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
, IT Auditing 4th Ed—Test Bank, Chapter 1
9. Which of the following suggests a weakness in the internal control environment?
a. the firm has an up-to-date organizational chart
b. monthly reports comparing actual performance to budget are distributed to managers
c. performance evaluations are prepared every three years
d. the audit committee meets quarterly with the external auditors
ANS: C PTS: 1
10. Which of the following indicates a strong internal control environment?
a. the internal audit group reports to the audit committee of the board of directors
b. there is no segregation of duties between organization functions
c. there are questions about the integrity of management
d. adverse business conditions exist in the industry
ANS: A PTS: 1
11. According to COSO, an effective accounting system performs all of the following except
a. identifies and records all valid financial transactions
b. records financial transactions in the appropriate accounting period
c. separates the duties of data entry and report generation
d. records all financial transactions promptly
ANS: C PTS: 1
12. Which of the following is the best reason to separate duties in a manual system?
a. to avoid collusion between the programmer and the computer operator
b. to ensure that supervision is not required
c. to prevent the record keeper from authorizing transactions
d. to enable the firm to function more efficiently
ANS: C PTS: 1
13. Which of the following is not an internal control procedure?
a. authorization
b. management’s operating style
c. independent verification
d. accounting records
ANS: B PTS: 1
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
