2016 Cengage Learning. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

Chapter 1—Auditing and Internal Control

TRUE/FALSE

• Corporate management (including the CEO) must certify monthly and annually their organization’s

internal controls over financial reporting.

ANS: F PTS: 1

• Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal

control adequacy.

ANS: F PTS: 1

• Both the SEC and the PCAOB require management to use the COSO framework for assessing internal

control adequacy.

ANS: F PTS: 1

• A qualified opinion on management’s assessment of internal controls over the financial reporting system

necessitates a qualified opinion on the financial statements?

ANS: F PTS: 1

• The same internal control objectives apply to manual and computer-based information systems.

ANS: T PTS: 1

• The external auditor is responsible for establishing and maintaining the internal control system.

ANS: F PTS: 1

• Segregation of duties is an example of an internal control procedure.

ANS: T PTS: 1

• Preventive controls are passive techniques designed to reduce fraud.

ANS: T PTS: 1

• A key modifying assumption in internal control is that the internal control system is the responsibility of

management.

ANS: T PTS: 1

(Information Technology Auditing, 4e James A. Hall) (Test Bank all Chpaters) 1 / 4

IT Auditing 4 th Ed—Test Bank, Chapter 1

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

• While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit

clients, they are not prohibited from performing such services for non-audit clients or privately held companies.

ANS: T PTS: 1

• The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors.

ANS: T PTS: 1

• Section 404 requires that corporate management (including the CEO) certify their organization’s internal

controls on a quarterly and annual basis.

ANS: F PTS: 1

• Section 302 requires the management of public companies to assess and formally report on the

effectiveness of their organization’s internal controls.

ANS: F PTS: 1

• Application controls apply to a wide range of exposures that threaten the integrity of all programs

processed within the computer environment.

ANS: F PTS: 1

• Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function.

ANS: T PTS: 1

• An IT auditor expresses an opinion on the fairness of the financial statements.

ANS: F PTS: 1

• External auditing is an independent appraisal function established within an organization to examine and

evaluate its activities as a service to the organization.

ANS: F PTS: 1

• External auditors can cooperate with and use evidence gathered by internal audit departments that are

organizationally independent and that report to the Audit Committee of the Board of Directors.

ANS: T PTS: 1

• Tests of controls determine whether the database contents fairly reflect the organization's transactions.

ANS: F PTS: 1

• / 4

IT Auditing 4 th Ed—Test Bank, Chapter 1

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

• Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that

are materially misstated.

ANS: T PTS: 1

• A strong internal control system will reduce the amount of substantive testing that must be performed.

ANS: T PTS: 1

• Substantive testing techniques provide information about the accuracy and completeness of an

application's processes.

ANS: F PTS: 1

MULTIPLE CHOICE

• The concept of reasonable assurance suggests that
• the cost of an internal control should be less than the benefit it provides
• a well-designed system of internal controls will detect all fraudulent activity
• the objectives achieved by an internal control system vary depending on the data

processing method

• the effectiveness of internal controls is a function of the industry environment

ANS: A PTS: 1

• Which of the following is not a limitation of the internal control system?
• errors are made due to employee fatigue
• fraud occurs because of collusion between two employees
• the industry is inherently risky
• management instructs the bookkeeper to make fraudulent journal entries

ANS: C PTS: 1

• The most cost-effective type of internal control is
• preventive control
• accounting control
• detective control
• corrective control

ANS: A PTS: 1

• Which of the following is a preventive control?
• credit check before approving a sale on account
• bank reconciliation
• physical inventory count
• comparing the accounts receivable subsidiary ledger to the control account

ANS: A PTS: 1

• / 4

IT Auditing 4 th Ed—Test Bank, Chapter 1

© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

• A well-designed purchase order is an example of a
• preventive control
• detective control
• corrective control
• none of the above

ANS: A PTS: 1

• A physical inventory count is an example of a
• preventive control
• detective control
• corrective control
• Feed-forward control

ANS: B PTS: 1

• The bank reconciliation uncovered a transposition error in the books. This is an example of a
• preventive control
• detective control
• corrective control
• none of the above

ANS: B PTS: 1

• Which of the following is not an element of the internal control environment?
• management philosophy and operating style
• organizational structure of the firm
• well-designed documents and records
• the functioning of the board of directors and the audit committee

ANS: C PTS: 1

• Which of the following suggests a weakness in the internal control environment?
• the firm has an up-to-date organizational chart
• monthly reports comparing actual performance to budget are distributed to managers
• performance evaluations are prepared every three years
• the audit committee meets quarterly with the external auditors

ANS: C PTS: 1

• Which of the following indicates a strong internal control environment?
• the internal audit group reports to the audit committee of the board of directors
• there is no segregation of duties between organization functions
• there are questions about the integrity of management
• adverse business conditions exist in the industry

ANS: A PTS: 1

• / 4