Test Bank for Information Technology Auditing
4th Edition by James A. Hall –
Comprehensive Review and Practice Questions
,Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their organization’s
internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal
control adequacy.
ANS: F PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal
control adequacy.
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system
necessitates a qualified opinion on the financial statements?
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F PTS: 1
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
,9. A key modifying assumption in internal control is that the internal control system is the responsibility of
management.
ANS: T PTS: 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s internal
controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
processed within the computer environment.
ANS: F PTS: 1
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
, ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to examine and
evaluate its activities as a service to the organization.
ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that are
organizationally independent and that report to the Audit Committee of the Board of Directors.
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that
are materially misstated.
ANS: T PTS: 1
21. A strong internal control system will reduce the amount of substantive testing that must be performed.
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ANS: F PTS: 1
MULTIPLE CHOICE
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
4th Edition by James A. Hall –
Comprehensive Review and Practice Questions
,Chapter 1—Auditing and Internal Control
TRUE/FALSE
1. Corporate management (including the CEO) must certify monthly and annually their organization’s
internal controls over financial reporting.
ANS: F PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal
control adequacy.
ANS: F PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal
control adequacy.
ANS: F PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system
necessitates a qualified opinion on the financial statements?
ANS: F PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems.
ANS: T PTS: 1
6. The external auditor is responsible for establishing and maintaining the internal control system.
ANS: F PTS: 1
7. Segregation of duties is an example of an internal control procedure.
ANS: T PTS: 1
8. Preventive controls are passive techniques designed to reduce fraud.
ANS: T PTS: 1
,9. A key modifying assumption in internal control is that the internal control system is the responsibility of
management.
ANS: T PTS: 1
10. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit
clients, they are not prohibited from performing such services for non-audit clients or privately held
companies.
ANS: T PTS: 1
11. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.
ANS: T PTS: 1
12. Section 404 requires that corporate management (including the CEO) certify their organization’s internal
controls on a quarterly and annual basis.
ANS: F PTS: 1
13. Section 302 requires the management of public companies to assess and formally report on the
effectiveness of their organization’s internal controls.
ANS: F PTS: 1
14. Application controls apply to a wide range of exposures that threaten the integrity of all programs
processed within the computer environment.
ANS: F PTS: 1
15. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.
ANS: T PTS: 1
16. An IT auditor expresses an opinion on the fairness of the financial statements.
, ANS: F PTS: 1
17. External auditing is an independent appraisal function established within an organization to examine and
evaluate its activities as a service to the organization.
ANS: F PTS: 1
18. External auditors can cooperate with and use evidence gathered by internal audit departments that are
organizationally independent and that report to the Audit Committee of the Board of Directors.
ANS: T PTS: 1
19. Tests of controls determine whether the database contents fairly reflect the organization's transactions.
ANS: F PTS: 1
20. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that
are materially misstated.
ANS: T PTS: 1
21. A strong internal control system will reduce the amount of substantive testing that must be performed.
ANS: T PTS: 1
22. Substantive testing techniques provide information about the accuracy and completeness of an
application's processes.
ANS: F PTS: 1
MULTIPLE CHOICE
1. The concept of reasonable assurance suggests that
a. the cost of an internal control should be less than the benefit it provides
b. a well-designed system of internal controls will detect all fraudulent activity
c. the objectives achieved by an internal control system vary depending on the data processing method
d. the effectiveness of internal controls is a function of the industry environment
ANS: A PTS: 1
2. Which of the following is not a limitation of the internal control system?
a. errors are made due to employee fatigue
