Page 10 of 13 AT-5910d. Reduce the extent of both substantive tests and tests of controls in areas where internalcontrol is strong17. To obtain an understanding of the relevant policies and procedures of internal control, the auditorperforms all of the following except:a. Make inquiries c. Make observationsb. Design substantive tests d. Inspect documents and records18. In an auditor’s consideration of internal control, the completion of a questionnaire is most closelyassociated with which of the following?a. Separation of duties c. Flowchart accuracyb. Understanding the system d. Tests of controls19. Before relying on the system of internal control, the auditor obtains a reasonable degree ofassurance that the internal control procedures are in use and operating as planned. The auditorobtains this assurance by performing planneda. Substantive tests c. Transaction testsb.Tests of controls d. Tests of trends and ratios20. After obtaining an understanding of a client’s controls, an auditor may decide to omit tests of thecontrols. Which of the following in not appropriate reason to omit tests of controls?a. The controls duplicate other controls.b. The controls appear adequate.c. Reportable conditions preclude assessing control risk below the maximum.d. The effort to test controls exceeds the effort saved by not performing substantive tests.21. In general, a material weakness in internal control may be defined as a condition in which materialerrors or irregularities may occur and not be detected within a timely period bya. An independent auditor during tests of controls.b. Management when reviewing interim financial statements and reconciling account balances.c. Employees in the normal course of performing their assigned functions.d. Outside consultants who issue a special-purpose report on internal control structure.22. Internal control procedures are not designed to provide reasonable assurance thata. Transactions are executed in accordance with management's authorization.b. Access to assets is permitted only in accordance with management's authorization.c. Irregularities will be eliminated.d. The recorded accountability for assets is compared with the existing assets at reasonableintervals.23. A secondary purpose of the auditor's consideration of internal control is to providea. A basis for assessing control risk.b. An assurance that the records and documents have been maintained in accordance withexisting company policies and procedures.c. A basis for constructive suggestions about improvements in internal control structure.d. A basis for the determination of the resultant extent of the tests to which auditing proceduresare to be restricted.24. The auditor's review of the client's internal control is documented in order to substantiatea. Conformity of the accounting records with GAAP.b. Adherence to requirements of management.c. Compliance with generally accepted auditing standards.d. The fairness of the financial statement presentation.25. A consideration of internal control made during an audit is usually not sufficient to express anopinion on an entity's controls becausea. Weaknesses in the system may go unnoticed during the audit engagement.b. A consideration of internal control is not necessarily made during an audit engagement.c. Only those controls on which an auditor intends to rely are reviewed, tested, and evaluated.d. Controls can change each year.

 Page 11 of 13 AT-591026. The accountant's report expressing an opinion on an entity's internal controls should state that thea. Objectives of the client's internal controls are being met.b. Consideration of the internal controls was conducted in accordance with generally acceptedauditing standards.c. Establishment and maintenance of internal control is the responsibility of management.d. Inherent limitations of the client's internal controls were examined.27. The primary objective of procedures performed to obtain an understanding of internal control is toprovide an auditor witha. Evidential matter to use in reducing detection risk.b. A basis from which to modify tests of controls.c. Knowledge necessary to plan the audit.d. Information necessary to prepare flowcharts.PSA 400 – Risk Assessments and Internal Control28. Which of the following is not part of the control environment?a. Management philosophy and operating style.b. Organizational structure and methods of assigning authority and responsibility.c. Information and communication systems.d. The function of the board of directors and its committees.29. When obtaining an understanding of the accounting and internal control system the auditor maytrace a few transactions through the accounting system. This technique is:a. Reperformance testc. Walk-through test b. Test of transactions d. Validity test30. Which of the following least likely affects the nature, timing, and extent of the proceduresperformed by the auditor to obtain an understanding of the accounting and internal controlsystems of an audit client?a. Materiality considerationsb. The auditor’s assessment of inherent riskc. The level of acceptable detection riskd. The size and complexity of the entity and of its computer system31. The evaluation of deviations that were observed upon completing tests of controlsa. May require the need for doing more extensive understanding of control.b. May require more extensive tests of controls.c. Always requires documentation of the basis of assessment of control risk.d. May require modification of the nature, timing, and extent of planned substantive procedures.32. The following statements are true about observation when used as tests of control

procedures,except.a. The auditor may supplement his observations with other tests of control capable of providingaudit evidence.b. Audit evidence obtained by doing observation pertains only to the point in time at which theprocedure was applied.c. Observation of who applies a control procedure is useful as a test of control procedures whenevaluating control effectiveness of both computerized and manual systemd. Ordinarily, making inquiries provides more reliable audit evidence than doing observationwhen testing segregation of functional responsibilities.33. Tests of controls may include the following, except:a. Reperformance of internal control proceduresb. Inquiries about, and observation of, internal controls which leave no audit trail.c. Inspection of documentary support for transactions evidencing authorizationd. Analytical procedures involving comparison of operating expenses with budgeted amount.34. Tests of controls are performed to obtain audit evidence about the effectiveness of thea. Operation of the internal controls at the time the tests are being applied.b. Operations of the internal controls in eliminating fraud and errors.c. Design of the internal controls in eliminating fraud and errors.d. Design of the accounting and internal controls systems.

 Page 12 of 13 AT-591035. The auditor should consider whether the assessment of control risk is confirmeda. Upon completion of understanding of internal control.b. Upon completion of tests of controlsc. Before the final audit program is completed.d. Upon the conclusion of the audit, based on the results of substantive procedures and otheraudit evidence obtained.PSA 402 – Audit Considerations Relating to Entities Using Service Organizations36. Which of the following is least likely considered by the auditor in determining the significance ofservice organization activities to the client and the relevance to the audit?a. Terms of contract and relationship between the client and the service organization.b. The material financial statement assertions that are affected by the use of the serviceorganization.c. Client's internal controls that are applied to the transactions processed by the serviceorganization.d. The control policies and procedures of the client of requiring that all payments for goods andservices be supported by receiving reports.37. When the auditor considers that the service organization activities are significant to the client andrelevant to the audit and he concludes that it would be efficient to obtain audit evidence from testsof control to support an assessment of control risk at a lower level. Such evidence may beobtained by, excepta. Performing tests of the client's controls over activities of the service organization.b. Obtaining a service organization auditor's report that expresses an opinion as to the operatingeffectiveness of the service organization's accounting and internal control systems for theprocessing applications relevant to the audit.c. Visiting the service organization and performing tests of control.d. Review the service contract between the client and the service organization.38. Which statement is incorrect regarding the client auditor’s use of service organization auditor’sreport?a. When using a service organization auditor’s report, the client auditor should consider thenature of and content of that report.b. The client auditor should consider the scope of work performed by the service organizationauditor and should assess the usefulness and appropriateness of reports issued by the serviceorganization auditor.c. When a Type B report is to be used as evidence to support a lower control risk assessment, aclient auditor would consider whether the controls tested by the service organization auditorare relevant to the client's transactions (significant assertions in the client's financialstatements) and whether the service organization auditor's tests of control and the results areadequate.d. Since Type A reports may be useful to a client auditor in gaining the required understanding ofthe accounting and internal control systems, an auditor may use such reports as a basis forreducing the assessment of control risk.39. Which of the following is the least concern of the client auditor in reviewing the report of serviceorganization auditor on suitability of internal control design of the service organization?a. The accuracy of description of the service organization's accounting and internal controlsystems, ordinarily prepared by the management of the service organization.b. The systems' controls have been placed in operation.c. The accounting and internal control systems are suitably designed to achieve their statedobjectives.d. The type of documentation of the understanding of the service organization’s control system.40. Which of the following is least likely entitled to the report of the service organization auditor on thesuitability of the design and operating effectiveness of the service organization?a. Service organization’s management c. Client’s auditorsb. Service organization’s customersd. Service organization’s stockholders