• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Audt.internal control
 

Audt.internal control

on

  • 12,174 views

 

Statistics

Views

Total Views
12,174
Views on SlideShare
12,174
Embed Views
0

Actions

Likes
3
Downloads
362
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Audt.internal control Audt.internal control Document Transcript

    • Chapter 07 - Internal Control Chapter 07 Internal ControlTrue / False Questions1. Internal control is concerned with the reliability of financial information.True False2. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtainbusiness.True False3. Incompatible duties exist when an employee is in a position to perpetrate and conceal errorsor fraud.True False4. Internal auditors should preferably report to the chief accounting officer of the company.True False5. Well-designed internal control will prevent all fraud by top management.True False6. CPA firms may use written narratives to describe internal control in their audit workingpapers.True False7. The auditors communication of internal control significant deficiencies should beaddressed only to senior management of the company.True False 7-1
    • Chapter 07 - Internal Control8. If the auditors assessment of the design of internal control reveals that it cannot be reliedupon, the auditors are not required to prepare any documentation of internal control for theirworking papers.True False9. The relatively low number of types of transactions incurred by small firms makes thesegregation of duties impossible.True False10. In a financial statement audit, CPAs are required to assess the operating effectiveness ofmost significant accounting oriented controls.True FalseMultiple Choice Questions11. Which of the following matters would an auditor most likely consider to be a significantdeficiency to be communicated to the audit committee?A. Managements failure to renegotiate unfavorable long-term purchase commitments.B. Recurring operating losses that may indicate going concern problems.C. Evidence of a lack of objectivity by those responsible for accounting decisions.D. Managements current plans to reduce its ownership equity in the entity.12. In assessing the objectivity of a clients internal auditors, the CPA would be most likely toconsider internal auditor:A. Education levels.B. Experience.C. Organizational status within the company.D. Training and supervisory skills. 7-2
    • Chapter 07 - Internal Control13. In a financial statement audit performed following AICPA Professional Standards, howfrequently must an auditor test operating effectiveness of controls that appear to function asthey have in past years and on which the auditor wishes to rely upon in the current year?A. Monthly.B. Each audit.C. At least every second audit.D. At least every third audit.14. After obtaining an understanding of internal control and arriving at a preliminary assessedlevel of control risk, an auditor decided to perform tests of controls. The auditor most likelydecided that:A. Additional evidence to support a reduction in the assessed level of control risk is notavailable.B. An increase in the assessed level of control risk is justified for certain financial statementassertions.C. It would be efficient to perform tests of controls that would result in a reduction in plannedsubstantive procedures.D. There were many internal control deficiencies that would allow misstatements to enter theaccounting system.15. Which of the following is least likely to be evidence of operating effectiveness ofcontrols?A. Cancelled supporting documents.B. Confirmations of accounts receivable.C. Records documenting usage of computer programs.D. Signatures on authorization forms.16. Which of the following is not ordinarily a procedure for documenting an auditorsunderstanding of internal control for planning purposes?A. Checklist.B. Flowchart.C. Questionnaire.D. Confirmation. 7-3
    • Chapter 07 - Internal Control17. Tests of controls do not ordinarily address:A. By whom a control was applied.B. How a control was applied.C. The consistency with which a control was applied.D. The cost effectiveness of the way a control was applied.18. Which is most likely when the assessed level of control risk increases?A. Change from performing substantive procedures at year-end to an interim date.B. Perform substantive procedures directed inside the entity rather than tests directed towardparties outside the entity.C. Use the maximum number of dual purpose tests.D. Use larger sample sizes for substantive procedures.19. Which of the following must the auditor communicate to the audit committee?A. Significant deficiencies and material weaknesses.B. Only significant deficiencies.C. Only material weaknesses.D. Neither significant deficiencies nor material weaknesses.20. A clients internal control appears strong, but the CPA has elected not to perform any testsof controls. The planned assessed level of control risk is at what level?A. Zero.B. Low.C. Moderate.D. Maximum.21. Which of the following would be least likely to be regarded as a test of a control?A. Tests of the additions to property by physical inspection.B. Comparisons of the signatures on cancelled checks to the authorized check signer list.C. Tests of signatures on purchase orders.D. Recalculation of payroll deductions. 7-4
    • Chapter 07 - Internal Control22. Which of the following is not considered one of the five major components of internalcontrol?A. Risk assessment.B. Segregation of duties.C. Control activities.D. Monitoring.23. Which of the following statements is correct concerning the understanding of internalcontrol needed by auditors?A. The auditors must understand the information system, not the accounting system.B. The auditors must understand monitoring and all preliminary accounting controls.C. The auditors must have a sufficient understanding to assess the risks of materialmisstatement.D. The auditors must understand the control environment, risk assessment, and all controlactivities.24. The effectiveness of controls is not generally tested by:A. Inspection of documents and reports.B. Performance of analytical procedures.C. Observation of the application of accounting policies and procedures.D. Inquiries of appropriate client personnel.25. On financial statement audits, it is required that the auditors obtain an understanding ofinternal control, including:A. Its operating effectiveness.B. Whether it has been implemented (placed in operation).C. Performing tests of controls for all material controls.D. Its ability to provide reasonable assurance. 7-5
    • Chapter 07 - Internal Control26. A significant deficiency:A. Differs from a material weakness in that it involves internal control over operations ratherthan internal control over financial reporting.B. Involves an amount of discovered misstatements greater than the amount used as theplanning measure of materiality.C. Is identical to a material weakness except that it need not be communicated to thoseresponsible for oversight of the companys financial reporting.D. Is less severe than a material weakness.27. This organization developed a set of criteria that provide management with a basis toevaluate controls not only over financial reporting, but also over the effectiveness andefficiency of operations and compliance with laws and regulations:A. Foreign Corrupt Practices Corporation.B. Committee of Sponsoring Organizations.C. Cohen Commission.D. Financial Accounting Standards Board.28. Which of the following is most likely to be considered a risk assessment procedurerelating to internal control?A. Confirm accounts receivable.B. Perform a test of a control relating to payroll.C. Take test counts of the year-end inventory.D. Trace a transaction through the information system relevant to financial reporting.29. Which statement is correct concerning the definition of internal control developed by theCommittee of Sponsoring Organizations (COSO)?A. Its applicability is largely limited to internal auditing applications.B. It is recognized in the Statements on Auditing Standards.C. It emphasizes the effectiveness and efficiency of operations over the reliability of financialreporting.D. It suggests that it is important to view internal control as an end product as contrasted to aprocess or means to obtain an end. 7-6
    • Chapter 07 - Internal Control30. The definition of internal control developed by the Committee of SponsoringOrganizations (COSO) includes controls related to the reliability of financial reporting, theeffectiveness and efficiency of operations, and:A. Compliance with applicable laws and regulations.B. Effectiveness of prevention of fraudulent occurrences.C. Safeguarding of entity equity.D. Incorporation of ethical business practice standards.31. Which statement is correct concerning the relevance of various types of controls to afinancial statement audit?A. An auditor may ordinarily ignore the consideration of controls when a substantive auditapproach is used.B. Controls over the reliability of financial reporting are ordinarily most directly relevant toan audit, but other controls may also be relevant.C. Controls over safeguarding assets and liabilities are of primary importance, while controlsover the reliability of financial reporting may also be relevant.D. All controls are ordinarily relevant to an audit.32. Which of the following is not a component of the control environment?A. Integrity and ethical values.B. Risk assessment.C. Commitment to competence.D. Organizational structure.33. Which of the following is not ordinarily considered a factor indicative of increasedfinancial reporting risk when an auditor is considering a clients risk assessment policies?A. Salaried sales personnel.B. Implementation of a new information system.C. Rapid growth of the organization.D. Corporate restructuring. 7-7
    • Chapter 07 - Internal Control34. The Sarbanes-Oxley Act of 2002 requires that the audit committee:A. Annually reassess control risk using information from the CPA firm.B. Be directly responsible for the appointment, compensation and oversight of the work of theCPA firm.C. Require that the companys CPA firm rotate the partner in charge of the audit.D. Review the level of management compensation.35. When tests of controls reveal that controls are operating as anticipated, it is most likelythat the assessed level of control risk will:A. Be less than the preliminary assessed level of control risk.B. Equal the preliminary assessed level of control risk.C. Equal the actual control risk.D. Be less than the actual control risk.36. Under which circumstance is it likely that the extent of substantive procedures will beexpanded beyond that anticipated in the audit plan?A. The auditors have determined that controls have been implemented (placed in operation)but, in accordance with the audit plan, have performed no tests of controls.B. Certain controls do not leave a trail of documentary evidence.C. Deviation rates were greater than zero and approached anticipated levels.D. The operating effectiveness of certain controls was found to be less than expected,although no material misstatements were identified.37. The provisions of the Foreign Corrupt Practices Act apply to:A. All U.S. corporations.B. All U.S. corporations that engage in foreign operations.C. All corporations that must file under the Securities Exchange Act of 1934.D. All U.S. partnerships and corporations.38. If the auditors do notperform tests of controls for certain assertions:A. They have performed a substandard audit.B. They are not required to communicate significant deficiencies relating to those accounts tomanagement and the board of directors.C. They must issue a qualified opinion.D. They must assess control risk at the maximum level for those assertions. 7-8
    • Chapter 07 - Internal Control39. During financial statement audits, the auditors consideration of their clients internalcontrol is integral to both assess the risk of material misstatement and to:A. Assess inherent risk.B. Design further audit procedures.C. Assess compliance with the Foreign Corrupt Practices Act.D. Provide a reasonable basis for an opinion on compliance with applicable laws.40. Which of the following comes closest to outlining the auditors responsibility forconsidering internal control in all financial statement audits?A. An understanding of the control environment, information and communication, riskassessment and monitoring is necessary; an understanding of control activities is onlynecessary for areas in which the auditor is performing tests of controls.B. The auditor must obtain an understanding of each of the five internal control componentssufficient to assess the risks of material misstatement for the audit.C. When tests of controls have been performed, control risk must be assessed at a level lessthan the maximum.D. An understanding of the control environment is necessary, but no understanding of theother components is necessary unless control risk is to be assessed at a level less than themaximum.41. Which of the following is not a primary procedure auditors use to obtain sufficientknowledge about the design of the relevant controls and to determine whether they have beenimplemented (placed in operation)?A. Previous experience with the entity.B. Inquiries of appropriate management personnel.C. Performance of substantive procedures.D. Inspection of document and records.42. A control deficiency that is less severe than a material weakness, but important enough tomerit attention by those responsible for oversight of the companys financial reporting isreferred to as a(n):A. Control deficiency.B. Inherent limitation.C. Reportable deficiency.D. Significant deficiency. 7-9
    • Chapter 07 - Internal Control43. For effective internal control, which of the following functions should not be assigned tothe companys accounting department?A. Reconciling accounting records with existing assets.B. Recording financial transactions.C. Signing payroll checks.D. Preparing financial reports.44. Which of the following is not a responsibility that should be assigned to a companysinternal audit department?A. Evaluating internal control.B. Approving disbursements.C. Reporting on the effectiveness of operating segments.D. Investigating potential merger candidates.45. Which of the following is true about the auditors consideration of internal control in afinancial statement audit?A. The auditors must assess control risk at a level lower than the maximum.B. The auditors must prepare a flowchart description of internal control for their workingpapers.C. The auditors must obtain an understanding of the steps in processing major types oftransactions.D. The auditors must perform tests of controls.46. Which of the following is an advantage of describing internal control through the use of astandardized questionnaire?A. Questionnaires highlight weaknesses in the system.B. Questionnaires are more flexible than other methods of describing internal control.C. Questionnaires usually identify situations in which internal control weaknesses arecompensated for by other strengths in the system.D. Questionnaires provide a clearer and more specific portrayal of a clients system than othermethods of describing internal control. 7-10
    • Chapter 07 - Internal Control47. Which of the following is least likely to be considered a risk assessment procedurerelating to internal control?A. Counting marketable securities at year-end.B. Inquiries of client personnel.C. Inspecting documents and reports.D. Observing the application of specific controls.48. Which of the following is least likely to be considered a risk assessment procedure?A. Analytical procedures.B. Inspection of documents.C. Observation of the counting of inventory.D. Observation of the performance of certain accounting procedures.49. Which of the following is not a factor that is considered a part of the clients overallcontrol environment?A. The organizational structure.B. The information system.C. Management philosophy and operating style.D. Board of directors.50. Which of the following would be least likely to be considered a benefit of effectiveinternal control?A. Eliminating all employee fraud.B. Restricting access to assets.C. Detecting ineffectiveness.D. Ensuring authorization of transactions.51. After documenting the clients prescribed internal control, the auditors will often performa walk-through of each transaction cycle. An objective of a walk-through is to:A. Verify that the controls have been implemented (placed in operation).B. Replace tests of controls.C. Evaluate the major strengths and weaknesses in the clients internal control.D. Identify weaknesses to be communicated to management in the management letter. 7-11
    • Chapter 07 - Internal Control52. The major components of internal control include all of the following, except:A. Risk assessment.B. The control environment.C. Internal auditing.D. Control activities.53. Which of the following is correct with respect to control deficiencies discovered during anaudit?A. Auditors must communicate and recommend corrections relating to all materialweaknesses in internal control to management.B. All material weaknesses in internal control should be reported to the audit committee.C. All such matters must be communicated to the audit committee and regulatory agencies.D. All control deficiencies are also significant deficiencies.54. After considering the clients internal control the auditors have concluded that it is welldesigned and is functioning as anticipated. Under these circumstances the auditors wouldmost likely:A. Cease to perform further substantive procedures.B. Reduce substantive procedures in areas where the internal control was found to beeffective.C. Increase the extent of anticipated analytical procedures.D. Perform all tests of controls to the extent outlined in the preplanned audit program.55. The use of fidelity bonds protects a company from embezzlement loses and also:A. Minimizes the possibility of employing persons with dubious records in positions of trust.B. Reduces the companys need to obtain expensive business interruption insurance.C. Allows the company to substitute the fidelity bonds for various parts of internal control.D. Protects employees who made unintentional errors from possible monetary damagesresulting from such errors. 7-12
    • Chapter 07 - Internal Control56. The independent auditors might consider the procedures performed by the internalauditors because:A. They are employees whose work must be reviewed during substantive testing.B. They are employees whose work might affect the independent auditors work.C. Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations.D. Their degree of independence may be inferred by the nature of their work.57. In the consideration of internal control, the operating effectiveness of controls is testedby:A. Flowcharts verification.B. Tests of controls.C. Substantive procedures.D. Decision tables.58. The auditors who become aware of an internal control significant deficiency are requiredto communicate this to the:A. Clients legal counsel.B. Compensation committee.C. Audit committee.D. Internal auditors.59. A material weakness involves an amount that could result in a misstatement that isA. Smaller than inconsequential.B. Larger than inconsequential.C. Tolerable.D. Material.60. At least what level of probability of a material misstatement is required for a controldeficiency to be considered a material weakness?A. More than remote.B. Probable.C. Reasonable possibility.D. Sufficient. 7-13
    • Chapter 07 - Internal Control61. A situation in which the design or operation of a control does not allow management oremployees, in the normal course of performing their assigned functions, to prevent or detectmaterial misstatements on a timely basis is referred to as a:A. Control deficiency.B. Material weakness.C. Reportable condition.D. Significant deficiency.62. To provide for the greatest degree of independence in performing internal auditingfunctions, an internal auditor most likely should report to the:A. Financial vice-president.B. Corporate controller.C. Audit committee.D. Corporate stockholders.63. Well-designed internal control that is functioning effectively is most likely to detect anfraud arising from:A. The fraudulent action of several employees.B. The fraudulent action of an individual employee.C. Informal deviations from the official organization chart.D. Management fraud.64. The program flowcharting symbol representing a decision is a:A. Triangle.B. Circle.C. Rectangle.D. Diamond.65. Controls are not designed to provide assurance that:A. Transactions are executed in accordance with managements authorization.B. Fraud will be eliminated.C. Access to assets is permitted only in accordance with managements authorization.D. The recorded accountability for assets is compared with the existing assets at reasonableintervals. 7-14
    • Chapter 07 - Internal Control66. The scope of substantive procedures as compared to the scope of tests of controlsgenerally vary:A. In a parallel manner.B. Inversely.C. Directly.D. Equally.67. Which of the following is least likely to be a factor that might indicate to an auditor thatan identified risk of misstatement requires special audit consideration?A. Complex calculations are involved.B. The rate of technological change is moderate in the industry.C. The potential for fraud seems high.D. Various subjective methods of application of a key accounting policy exist.68. Which of the following audit tests would be regarded as a test of a control?A. Tests of the specific items making up the balance in a given general ledger account.B. Tests confirming receivables.C. Tests of the signatures on canceled checks to board of directors authorizations.D. Tests of the additions to property, plant, and equipment by physical inspection.69. If the independent auditors decide that the work performed by the internal auditors mayhave a bearing on their own procedures, they should consider the internal auditors:A. Competence and objectivity.B. Efficiency and experience.C. Independence and review skills.D. Training and supervisory skills.70. In the consideration of internal control, the auditor is basically concerned that it providesreasonable assurance that:A. Management can not override the system.B. Operational efficiency has been achieved in accordance with management plans.C. Misstatements have been prevented or detected.D. Controls have not been circumvented by collusion. 7-15
    • Chapter 07 - Internal Control71. Which of the following is least likely to be considered an appropriate response relating torisks the auditors identify at the financial statement level?A. Assign more experienced staff.B. Incorporate additional elements of unpredictability in the selection of audit procedures.C. Increase the scope of auditor procedures.D. Emphasize the need to remain neutral, rather than to exercise professional skepticism.72. In assessing the competence of a clients internal auditor, an independent auditor mostlikely would consider theA. Internal auditors compliance with professional internal auditing standards.B. Clients policies that limit the internal auditors access to management salary data.C. Evidence supporting a further reduction in the assessed level of control risk.D. Results of ratio analysis that may identify unusual transactions and events.73. Which of the following factors would most likely be considered an inherent limitation toan entitys internal control?A. The complexity of the information processing system.B. Human judgment in the decision making process.C. The ineffectiveness of the board of directors.D. The lack of management incentives to improve the control environment.74. Proper segregation of duties reduces the opportunities to allow any employee to be in aposition to bothA. Journalize cash receipts and disbursements and prepare the financial statements.B. Monitor internal controls and evaluate whether the controls are operating as intended.C. Adopt new accounting pronouncements and authorize the recording of transactions.D. Record and conceal fraudulent transactions in the normal course of assigned tasks.75. Which of the following is intended to detect deviations from prescribed controls?A. Substantive procedures specified by a standardized audit program.B. Tests of controls designed specifically for the client.C. Analytical procedures as set forth in an industry audit guide.D. Computerized analytical procedures tailored for the configuration of the computerequipment in use. 7-16
    • Chapter 07 - Internal Control76. An auditors purpose for performing tests of controls is to provide reasonable assurancethat:A. Controls are operating effectively.B. The risk that the auditor may unknowingly fail to modify the opinion on the financialstatements is minimized.C. Transactions are executed in accordance with managements authorization and access toassets is limited by a segregation of functions.D. Transactions are recorded as necessary to permit the preparation of the financial statementsin conformity with generally accepted accounting principles.77. Of the following statements about internal control, which one is not valid?A. No one person should be responsible for the custodial responsibility and the recordingresponsibility for an asset.B. Transactions must be properly authorized before such transactions are processed.C. Because of the cost/benefit relationship, a client may apply control procedures on a testbasis.D. Control activities reasonably insure that collusion among employees can not occur.78. Tests of controls are most likely to be performed when:A. Controls seem weak and must be properly documented.B. Inadequate substantive procedures exist to restrict audit risk to an acceptable level.C. The auditor wishes to assess control risk at the maximum.D. The clients control environment appears weak.79. Which of the following would be least likely to be included in an auditors tests ofcontrols?A. Inspection.B. Observation.C. Inquiry.D. Analytical procedures. 7-17
    • Chapter 07 - Internal Control80. The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to whichcompanies in the United States:A. All companies.B. SEC registrants.C. Only those companies included in the Fortune 500.D. All nonpublic companies.81. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addressesfinancial statements and:A. Compliance with laws.B. Internal control over asset safeguarding.C. Internal control over financial reporting.D. Suitable criteria.82. A report on internal control performed in accordance with PCAOB Standard No. 2includes an opinion on internal control for:A. The entire year.B. The prior quarter.C. The "as of date."D. The end of each quarter.83. When performing an audit of internal control under PCAOB requirements, auditorsevaluate control:A. Option AB. Option BC. Option CD. Option D 7-18
    • Chapter 07 - Internal Control84. When performing an internal control audit under PCAOB requirements, one or morematerial weaknesses in internal control that exist at year-end may result in what type ofreport(s):A. Option AB. Option BC. Option CD. Option D85. When performing an internal control audit under PCAOB standards, one or more materialweaknesses in internal control that exist at year-end may result in what type of report(s):A. Option AB. Option BC. Option CD. Option D 7-19
    • Chapter 07 - Internal ControlEssay Questions86. Independent auditors should consider the work of internal auditors in their assessment ofcontrol risk.a. Are internal auditors independent of management? Explain.b. What is the difference between the primary objective of the independent auditors and thatof internal auditors? Explain.c. Discuss the factors that should be considered by the independent auditors in deciding howmuch, if any, reliance should be placed on the work of the internal auditors.87. Auditors are required to consider a clients internal control.a. Describe the two purposes of the auditors consideration of a clients internal control.b. Even the best internal control has certain limitations. List three of those limitations.88. When considering a clients internal control, the auditors focus on its variouscharacteristics. For each of the following characteristics indicate the auditors responsibilityunder generally accepted auditing standards and the procedures used to meet thatresponsibility.a. The design of internal control.b. Controls have been implemented (placed in operation).c. The operating effectiveness of controls. 7-20
    • Chapter 07 - Internal Control89. Assume that you have assessed inherent risk for an audit area at a very high level. Whileobtaining an understanding of internal control, you have determined that it appears to be verystrong. Nonetheless, due to the large number of transactions involved, you have chosen not totest controls in the area.a. At what level will the planned assessed level of control risk be established?b. Describe the scope of tests of controls that will be performed.c. At what level will the assessed level of control risk be established?d. What must be documented in the working papers relating to internal control?e. At what level will detection risk be established?f. Describe the required scope of substantive procedures, if any. Make certain to discussdetails of likely nature, timing and extent. 7-21
    • Chapter 07 - Internal ControlChapter 07 Internal Control Answer KeyTrue / False Questions1. Internal control is concerned with the reliability of financial information.TRUEDifficulty: Easy2. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtainbusiness.FALSEDifficulty: Hard3. Incompatible duties exist when an employee is in a position to perpetrate and conceal errorsor fraud.TRUEDifficulty: Easy4. Internal auditors should preferably report to the chief accounting officer of the company.FALSEDifficulty: Medium5. Well-designed internal control will prevent all fraud by top management.FALSEDifficulty: Easy 7-22
    • Chapter 07 - Internal Control6. CPA firms may use written narratives to describe internal control in their audit workingpapers.TRUEDifficulty: Easy7. The auditors communication of internal control significant deficiencies should beaddressed only to senior management of the company.FALSEDifficulty: Easy8. If the auditors assessment of the design of internal control reveals that it cannot be reliedupon, the auditors are not required to prepare any documentation of internal control for theirworking papers.FALSEDifficulty: Medium9. The relatively low number of types of transactions incurred by small firms makes thesegregation of duties impossible.FALSEDifficulty: Easy10. In a financial statement audit, CPAs are required to assess the operating effectiveness ofmost significant accounting oriented controls.FALSEDifficulty: MediumMultiple Choice Questions 7-23
    • Chapter 07 - Internal Control11. Which of the following matters would an auditor most likely consider to be a significantdeficiency to be communicated to the audit committee?A. Managements failure to renegotiate unfavorable long-term purchase commitments.B. Recurring operating losses that may indicate going concern problems.C. Evidence of a lack of objectivity by those responsible for accounting decisions.D. Managements current plans to reduce its ownership equity in the entity.Difficulty: MediumSource: AICPA12. In assessing the objectivity of a clients internal auditors, the CPA would be most likely toconsider internal auditor:A. Education levels.B. Experience.C. Organizational status within the company.D. Training and supervisory skills.Difficulty: Medium13. In a financial statement audit performed following AICPA Professional Standards, howfrequently must an auditor test operating effectiveness of controls that appear to function asthey have in past years and on which the auditor wishes to rely upon in the current year?A. Monthly.B. Each audit.C. At least every second audit.D. At least every third audit.Difficulty: Medium 7-24
    • Chapter 07 - Internal Control14. After obtaining an understanding of internal control and arriving at a preliminary assessedlevel of control risk, an auditor decided to perform tests of controls. The auditor most likelydecided that:A. Additional evidence to support a reduction in the assessed level of control risk is notavailable.B. An increase in the assessed level of control risk is justified for certain financial statementassertions.C. It would be efficient to perform tests of controls that would result in a reduction in plannedsubstantive procedures.D. There were many internal control deficiencies that would allow misstatements to enter theaccounting system.Difficulty: HardSource: AICPA15. Which of the following is least likely to be evidence of operating effectiveness ofcontrols?A. Cancelled supporting documents.B. Confirmations of accounts receivable.C. Records documenting usage of computer programs.D. Signatures on authorization forms.Difficulty: Hard16. Which of the following is not ordinarily a procedure for documenting an auditorsunderstanding of internal control for planning purposes?A. Checklist.B. Flowchart.C. Questionnaire.D. Confirmation.Difficulty: Easy 7-25
    • Chapter 07 - Internal Control17. Tests of controls do not ordinarily address:A. By whom a control was applied.B. How a control was applied.C. The consistency with which a control was applied.D. The cost effectiveness of the way a control was applied.Difficulty: Hard18. Which is most likely when the assessed level of control risk increases?A. Change from performing substantive procedures at year-end to an interim date.B. Perform substantive procedures directed inside the entity rather than tests directed towardparties outside the entity.C. Use the maximum number of dual purpose tests.D. Use larger sample sizes for substantive procedures.Difficulty: Medium19. Which of the following must the auditor communicate to the audit committee?A. Significant deficiencies and material weaknesses.B. Only significant deficiencies.C. Only material weaknesses.D. Neither significant deficiencies nor material weaknesses.Difficulty: Medium20. A clients internal control appears strong, but the CPA has elected not to perform any testsof controls. The planned assessed level of control risk is at what level?A. Zero.B. Low.C. Moderate.D. Maximum.Difficulty: Hard 7-26
    • Chapter 07 - Internal Control21. Which of the following would be least likely to be regarded as a test of a control?A. Tests of the additions to property by physical inspection.B. Comparisons of the signatures on cancelled checks to the authorized check signer list.C. Tests of signatures on purchase orders.D. Recalculation of payroll deductions.Difficulty: Hard22. Which of the following is not considered one of the five major components of internalcontrol?A. Risk assessment.B. Segregation of duties.C. Control activities.D. Monitoring.Difficulty: Medium23. Which of the following statements is correct concerning the understanding of internalcontrol needed by auditors?A. The auditors must understand the information system, not the accounting system.B. The auditors must understand monitoring and all preliminary accounting controls.C. The auditors must have a sufficient understanding to assess the risks of materialmisstatement.D. The auditors must understand the control environment, risk assessment, and all controlactivities.Difficulty: Easy24. The effectiveness of controls is not generally tested by:A. Inspection of documents and reports.B. Performance of analytical procedures.C. Observation of the application of accounting policies and procedures.D. Inquiries of appropriate client personnel.Difficulty: Medium 7-27
    • Chapter 07 - Internal Control25. On financial statement audits, it is required that the auditors obtain an understanding ofinternal control, including:A. Its operating effectiveness.B. Whether it has been implemented (placed in operation).C. Performing tests of controls for all material controls.D. Its ability to provide reasonable assurance.Difficulty: Medium26. A significant deficiency:A. Differs from a material weakness in that it involves internal control over operations ratherthan internal control over financial reporting.B. Involves an amount of discovered misstatements greater than the amount used as theplanning measure of materiality.C. Is identical to a material weakness except that it need not be communicated to thoseresponsible for oversight of the companys financial reporting.D. Is less severe than a material weakness.Difficulty: Medium27. This organization developed a set of criteria that provide management with a basis toevaluate controls not only over financial reporting, but also over the effectiveness andefficiency of operations and compliance with laws and regulations:A. Foreign Corrupt Practices Corporation.B. Committee of Sponsoring Organizations.C. Cohen Commission.D. Financial Accounting Standards Board.Difficulty: Medium 7-28
    • Chapter 07 - Internal Control28. Which of the following is most likely to be considered a risk assessment procedurerelating to internal control?A. Confirm accounts receivable.B. Perform a test of a control relating to payroll.C. Take test counts of the year-end inventory.D. Trace a transaction through the information system relevant to financial reporting.Difficulty: Hard29. Which statement is correct concerning the definition of internal control developed by theCommittee of Sponsoring Organizations (COSO)?A. Its applicability is largely limited to internal auditing applications.B. It is recognized in the Statements on Auditing Standards.C. It emphasizes the effectiveness and efficiency of operations over the reliability of financialreporting.D. It suggests that it is important to view internal control as an end product as contrasted to aprocess or means to obtain an end.Difficulty: Hard30. The definition of internal control developed by the Committee of SponsoringOrganizations (COSO) includes controls related to the reliability of financial reporting, theeffectiveness and efficiency of operations, and:A. Compliance with applicable laws and regulations.B. Effectiveness of prevention of fraudulent occurrences.C. Safeguarding of entity equity.D. Incorporation of ethical business practice standards.Difficulty: Medium 7-29
    • Chapter 07 - Internal Control31. Which statement is correct concerning the relevance of various types of controls to afinancial statement audit?A. An auditor may ordinarily ignore the consideration of controls when a substantive auditapproach is used.B. Controls over the reliability of financial reporting are ordinarily most directly relevant toan audit, but other controls may also be relevant.C. Controls over safeguarding assets and liabilities are of primary importance, while controlsover the reliability of financial reporting may also be relevant.D. All controls are ordinarily relevant to an audit.Difficulty: Hard32. Which of the following is not a component of the control environment?A. Integrity and ethical values.B. Risk assessment.C. Commitment to competence.D. Organizational structure.Difficulty: Medium33. Which of the following is not ordinarily considered a factor indicative of increasedfinancial reporting risk when an auditor is considering a clients risk assessment policies?A. Salaried sales personnel.B. Implementation of a new information system.C. Rapid growth of the organization.D. Corporate restructuring.Difficulty: Medium34. The Sarbanes-Oxley Act of 2002 requires that the audit committee:A. Annually reassess control risk using information from the CPA firm.B. Be directly responsible for the appointment, compensation and oversight of the work of theCPA firm.C. Require that the companys CPA firm rotate the partner in charge of the audit.D. Review the level of management compensation.Difficulty: Medium 7-30
    • Chapter 07 - Internal Control35. When tests of controls reveal that controls are operating as anticipated, it is most likelythat the assessed level of control risk will:A. Be less than the preliminary assessed level of control risk.B. Equal the preliminary assessed level of control risk.C. Equal the actual control risk.D. Be less than the actual control risk.Difficulty: Hard36. Under which circumstance is it likely that the extent of substantive procedures will beexpanded beyond that anticipated in the audit plan?A. The auditors have determined that controls have been implemented (placed in operation)but, in accordance with the audit plan, have performed no tests of controls.B. Certain controls do not leave a trail of documentary evidence.C. Deviation rates were greater than zero and approached anticipated levels.D. The operating effectiveness of certain controls was found to be less than expected,although no material misstatements were identified.Difficulty: Hard37. The provisions of the Foreign Corrupt Practices Act apply to:A. All U.S. corporations.B. All U.S. corporations that engage in foreign operations.C. All corporations that must file under the Securities Exchange Act of 1934.D. All U.S. partnerships and corporations.Difficulty: Medium38. If the auditors do notperform tests of controls for certain assertions:A. They have performed a substandard audit.B. They are not required to communicate significant deficiencies relating to those accounts tomanagement and the board of directors.C. They must issue a qualified opinion.D. They must assess control risk at the maximum level for those assertions.Difficulty: Medium 7-31
    • Chapter 07 - Internal Control39. During financial statement audits, the auditors consideration of their clients internalcontrol is integral to both assess the risk of material misstatement and to:A. Assess inherent risk.B. Design further audit procedures.C. Assess compliance with the Foreign Corrupt Practices Act.D. Provide a reasonable basis for an opinion on compliance with applicable laws.Difficulty: Easy40. Which of the following comes closest to outlining the auditors responsibility forconsidering internal control in all financial statement audits?A. An understanding of the control environment, information and communication, riskassessment and monitoring is necessary; an understanding of control activities is onlynecessary for areas in which the auditor is performing tests of controls.B. The auditor must obtain an understanding of each of the five internal control componentssufficient to assess the risks of material misstatement for the audit.C. When tests of controls have been performed, control risk must be assessed at a level lessthan the maximum.D. An understanding of the control environment is necessary, but no understanding of theother components is necessary unless control risk is to be assessed at a level less than themaximum.Difficulty: Medium41. Which of the following is not a primary procedure auditors use to obtain sufficientknowledge about the design of the relevant controls and to determine whether they have beenimplemented (placed in operation)?A. Previous experience with the entity.B. Inquiries of appropriate management personnel.C. Performance of substantive procedures.D. Inspection of document and records.Difficulty: Medium 7-32
    • Chapter 07 - Internal Control42. A control deficiency that is less severe than a material weakness, but important enough tomerit attention by those responsible for oversight of the companys financial reporting isreferred to as a(n):A. Control deficiency.B. Inherent limitation.C. Reportable deficiency.D. Significant deficiency.Difficulty: Medium43. For effective internal control, which of the following functions should not be assigned tothe companys accounting department?A. Reconciling accounting records with existing assets.B. Recording financial transactions.C. Signing payroll checks.D. Preparing financial reports.Difficulty: Medium44. Which of the following is not a responsibility that should be assigned to a companysinternal audit department?A. Evaluating internal control.B. Approving disbursements.C. Reporting on the effectiveness of operating segments.D. Investigating potential merger candidates.Difficulty: Hard 7-33
    • Chapter 07 - Internal Control45. Which of the following is true about the auditors consideration of internal control in afinancial statement audit?A. The auditors must assess control risk at a level lower than the maximum.B. The auditors must prepare a flowchart description of internal control for their workingpapers.C. The auditors must obtain an understanding of the steps in processing major types oftransactions.D. The auditors must perform tests of controls.Difficulty: Medium46. Which of the following is an advantage of describing internal control through the use of astandardized questionnaire?A. Questionnaires highlight weaknesses in the system.B. Questionnaires are more flexible than other methods of describing internal control.C. Questionnaires usually identify situations in which internal control weaknesses arecompensated for by other strengths in the system.D. Questionnaires provide a clearer and more specific portrayal of a clients system than othermethods of describing internal control.Difficulty: Medium47. Which of the following is least likely to be considered a risk assessment procedurerelating to internal control?A. Counting marketable securities at year-end.B. Inquiries of client personnel.C. Inspecting documents and reports.D. Observing the application of specific controls.Difficulty: Hard 7-34
    • Chapter 07 - Internal Control48. Which of the following is least likely to be considered a risk assessment procedure?A. Analytical procedures.B. Inspection of documents.C. Observation of the counting of inventory.D. Observation of the performance of certain accounting procedures.Difficulty: Hard49. Which of the following is not a factor that is considered a part of the clients overallcontrol environment?A. The organizational structure.B. The information system.C. Management philosophy and operating style.D. Board of directors.Difficulty: Medium50. Which of the following would be least likely to be considered a benefit of effectiveinternal control?A. Eliminating all employee fraud.B. Restricting access to assets.C. Detecting ineffectiveness.D. Ensuring authorization of transactions.Difficulty: Medium51. After documenting the clients prescribed internal control, the auditors will often performa walk-through of each transaction cycle. An objective of a walk-through is to:A. Verify that the controls have been implemented (placed in operation).B. Replace tests of controls.C. Evaluate the major strengths and weaknesses in the clients internal control.D. Identify weaknesses to be communicated to management in the management letter.Difficulty: Medium 7-35
    • Chapter 07 - Internal Control52. The major components of internal control include all of the following, except:A. Risk assessment.B. The control environment.C. Internal auditing.D. Control activities.Difficulty: Medium53. Which of the following is correct with respect to control deficiencies discovered during anaudit?A. Auditors must communicate and recommend corrections relating to all materialweaknesses in internal control to management.B. All material weaknesses in internal control should be reported to the audit committee.C. All such matters must be communicated to the audit committee and regulatory agencies.D. All control deficiencies are also significant deficiencies.Difficulty: Hard54. After considering the clients internal control the auditors have concluded that it is welldesigned and is functioning as anticipated. Under these circumstances the auditors wouldmost likely:A. Cease to perform further substantive procedures.B. Reduce substantive procedures in areas where the internal control was found to beeffective.C. Increase the extent of anticipated analytical procedures.D. Perform all tests of controls to the extent outlined in the preplanned audit program.Difficulty: EasySource: AICPA 7-36
    • Chapter 07 - Internal Control55. The use of fidelity bonds protects a company from embezzlement loses and also:A. Minimizes the possibility of employing persons with dubious records in positions of trust.B. Reduces the companys need to obtain expensive business interruption insurance.C. Allows the company to substitute the fidelity bonds for various parts of internal control.D. Protects employees who made unintentional errors from possible monetary damagesresulting from such errors.Difficulty: MediumSource: AICPA56. The independent auditors might consider the procedures performed by the internalauditors because:A. They are employees whose work must be reviewed during substantive testing.B. They are employees whose work might affect the independent auditors work.C. Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations.D. Their degree of independence may be inferred by the nature of their work.Difficulty: MediumSource: AICPA57. In the consideration of internal control, the operating effectiveness of controls is testedby:A. Flowcharts verification.B. Tests of controls.C. Substantive procedures.D. Decision tables.Difficulty: EasySource: AICPA 7-37
    • Chapter 07 - Internal Control58. The auditors who become aware of an internal control significant deficiency are requiredto communicate this to the:A. Clients legal counsel.B. Compensation committee.C. Audit committee.D. Internal auditors.Difficulty: MediumSource: AICPA59. A material weakness involves an amount that could result in a misstatement that isA. Smaller than inconsequential.B. Larger than inconsequential.C. Tolerable.D. Material.Difficulty: Medium60. At least what level of probability of a material misstatement is required for a controldeficiency to be considered a material weakness?A. More than remote.B. Probable.C. Reasonable possibility.D. Sufficient.Difficulty: Medium61. A situation in which the design or operation of a control does not allow management oremployees, in the normal course of performing their assigned functions, to prevent or detectmaterial misstatements on a timely basis is referred to as a:A. Control deficiency.B. Material weakness.C. Reportable condition.D. Significant deficiency.Difficulty: Medium 7-38
    • Chapter 07 - Internal Control62. To provide for the greatest degree of independence in performing internal auditingfunctions, an internal auditor most likely should report to the:A. Financial vice-president.B. Corporate controller.C. Audit committee.D. Corporate stockholders.Difficulty: MediumSource: AICPA63. Well-designed internal control that is functioning effectively is most likely to detect anfraud arising from:A. The fraudulent action of several employees.B. The fraudulent action of an individual employee.C. Informal deviations from the official organization chart.D. Management fraud.Difficulty: MediumSource: AICPA64. The program flowcharting symbol representing a decision is a:A. Triangle.B. Circle.C. Rectangle.D. Diamond.Difficulty: MediumSource: AICPA65. Controls are not designed to provide assurance that:A. Transactions are executed in accordance with managements authorization.B. Fraud will be eliminated.C. Access to assets is permitted only in accordance with managements authorization.D. The recorded accountability for assets is compared with the existing assets at reasonableintervals.Difficulty: MediumSource: AICPA 7-39
    • Chapter 07 - Internal Control66. The scope of substantive procedures as compared to the scope of tests of controlsgenerally vary:A. In a parallel manner.B. Inversely.C. Directly.D. Equally.Difficulty: MediumSource: AICPA67. Which of the following is least likely to be a factor that might indicate to an auditor thatan identified risk of misstatement requires special audit consideration?A. Complex calculations are involved.B. The rate of technological change is moderate in the industry.C. The potential for fraud seems high.D. Various subjective methods of application of a key accounting policy exist.Difficulty: Easy68. Which of the following audit tests would be regarded as a test of a control?A. Tests of the specific items making up the balance in a given general ledger account.B. Tests confirming receivables.C. Tests of the signatures on canceled checks to board of directors authorizations.D. Tests of the additions to property, plant, and equipment by physical inspection.Difficulty: MediumSource: AICPA69. If the independent auditors decide that the work performed by the internal auditors mayhave a bearing on their own procedures, they should consider the internal auditors:A. Competence and objectivity.B. Efficiency and experience.C. Independence and review skills.D. Training and supervisory skills.Difficulty: MediumSource: AICPA 7-40
    • Chapter 07 - Internal Control70. In the consideration of internal control, the auditor is basically concerned that it providesreasonable assurance that:A. Management can not override the system.B. Operational efficiency has been achieved in accordance with management plans.C. Misstatements have been prevented or detected.D. Controls have not been circumvented by collusion.Difficulty: MediumSource: AICPA71. Which of the following is least likely to be considered an appropriate response relating torisks the auditors identify at the financial statement level?A. Assign more experienced staff.B. Incorporate additional elements of unpredictability in the selection of audit procedures.C. Increase the scope of auditor procedures.D. Emphasize the need to remain neutral, rather than to exercise professional skepticism.Difficulty: Easy72. In assessing the competence of a clients internal auditor, an independent auditor mostlikely would consider theA. Internal auditors compliance with professional internal auditing standards.B. Clients policies that limit the internal auditors access to management salary data.C. Evidence supporting a further reduction in the assessed level of control risk.D. Results of ratio analysis that may identify unusual transactions and events.Difficulty: MediumSource: AICPA73. Which of the following factors would most likely be considered an inherent limitation toan entitys internal control?A. The complexity of the information processing system.B. Human judgment in the decision making process.C. The ineffectiveness of the board of directors.D. The lack of management incentives to improve the control environment.Difficulty: MediumSource: AICPA 7-41
    • Chapter 07 - Internal Control74. Proper segregation of duties reduces the opportunities to allow any employee to be in aposition to bothA. Journalize cash receipts and disbursements and prepare the financial statements.B. Monitor internal controls and evaluate whether the controls are operating as intended.C. Adopt new accounting pronouncements and authorize the recording of transactions.D. Record and conceal fraudulent transactions in the normal course of assigned tasks.Difficulty: EasySource: AICPA75. Which of the following is intended to detect deviations from prescribed controls?A. Substantive procedures specified by a standardized audit program.B. Tests of controls designed specifically for the client.C. Analytical procedures as set forth in an industry audit guide.D. Computerized analytical procedures tailored for the configuration of the computerequipment in use.Difficulty: MediumSource: AICPA76. An auditors purpose for performing tests of controls is to provide reasonable assurancethat:A. Controls are operating effectively.B. The risk that the auditor may unknowingly fail to modify the opinion on the financialstatements is minimized.C. Transactions are executed in accordance with managements authorization and access toassets is limited by a segregation of functions.D. Transactions are recorded as necessary to permit the preparation of the financial statementsin conformity with generally accepted accounting principles.Difficulty: MediumSource: AICPA 7-42
    • Chapter 07 - Internal Control77. Of the following statements about internal control, which one is not valid?A. No one person should be responsible for the custodial responsibility and the recordingresponsibility for an asset.B. Transactions must be properly authorized before such transactions are processed.C. Because of the cost/benefit relationship, a client may apply control procedures on a testbasis.D. Control activities reasonably insure that collusion among employees can not occur.Difficulty: EasySource: AICPA78. Tests of controls are most likely to be performed when:A. Controls seem weak and must be properly documented.B. Inadequate substantive procedures exist to restrict audit risk to an acceptable level.C. The auditor wishes to assess control risk at the maximum.D. The clients control environment appears weak.Difficulty: Hard79. Which of the following would be least likely to be included in an auditors tests ofcontrols?A. Inspection.B. Observation.C. Inquiry.D. Analytical procedures.Difficulty: MediumSource: AICPA80. The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to whichcompanies in the United States:A. All companies.B. SEC registrants.C. Only those companies included in the Fortune 500.D. All nonpublic companies.Difficulty: Medium 7-43
    • Chapter 07 - Internal Control81. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addressesfinancial statements and:A. Compliance with laws.B. Internal control over asset safeguarding.C. Internal control over financial reporting.D. Suitable criteria.Difficulty: Medium82. A report on internal control performed in accordance with PCAOB Standard No. 2includes an opinion on internal control for:A. The entire year.B. The prior quarter.C. The "as of date."D. The end of each quarter.Difficulty: Hard83. When performing an audit of internal control under PCAOB requirements, auditorsevaluate control:A. Option AB. Option BC. Option CD. Option DDifficulty: Medium 7-44
    • Chapter 07 - Internal Control84. When performing an internal control audit under PCAOB requirements, one or morematerial weaknesses in internal control that exist at year-end may result in what type ofreport(s):A. Option AB. Option BC. Option CD. Option DDifficulty: Hard85. When performing an internal control audit under PCAOB standards, one or more materialweaknesses in internal control that exist at year-end may result in what type of report(s):A. Option AB. Option BC. Option CD. Option DDifficulty: Medium 7-45
    • Chapter 07 - Internal ControlEssay Questions86. Independent auditors should consider the work of internal auditors in their assessment ofcontrol risk.a. Are internal auditors independent of management? Explain.b. What is the difference between the primary objective of the independent auditors and thatof internal auditors? Explain.c. Discuss the factors that should be considered by the independent auditors in deciding howmuch, if any, reliance should be placed on the work of the internal auditors.a. No. However, internal auditors may achieve independence from departments they evaluateby reporting to a senior officer or the board of directors.b. The independent auditors objective is to express an opinion on the clients financialstatements. The internal auditors primary objective is to aid management in achieving themost efficient and effective administration of the business.c. In deciding the degree of reliance to be placed on the work of the internal auditors, theindependent auditors should consider the competence and objectivity of the internal auditors,and evaluate their work.Difficulty: Hard87. Auditors are required to consider a clients internal control.a. Describe the two purposes of the auditors consideration of a clients internal control.b. Even the best internal control has certain limitations. List three of those limitations.a. The auditors consideration of their clients internal control is integral to both (1) to assessthe risks of material misstatement in the financial statements and (2) to design the nature,timing and extent of further audit procedures.b. The limitations of internal control include (only three required):• Carelessness.• Misunderstanding of instructions.• Top management may override the system• Collusion among employees may circumvent controls dependent upon segregation of duties.• Cost considerations often limit the effectiveness of the design of the structure.Difficulty: Medium 7-46
    • Chapter 07 - Internal Control88. When considering a clients internal control, the auditors focus on its variouscharacteristics. For each of the following characteristics indicate the auditors responsibilityunder generally accepted auditing standards and the procedures used to meet thatresponsibility.a. The design of internal control.b. Controls have been implemented (placed in operation).c. The operating effectiveness of controls.a. The auditors have a responsibility to obtain an understanding of internal control that issufficient to plan the audit. An understanding of the design of the structure is obtained byinspecting control manuals, organization charts, and job descriptions, and by interviewingclient personnel.b. The auditors have a responsibility to determine whether significant internal control policiesand procedures are implemented (placed in operation) in every audit. The auditors maydetermine whether the controls have been implemented (placed in operation) by observation,inspection, and inquiry. Walk-through tests may also be used.c. The auditors have a responsibility to determine the operating effectiveness of controls thatprovide the basis for the auditors assessment of control risk at levels below the maximum.The auditors use observation, inspection, inquiry, and reperformance to test the operatingeffectiveness of controls.Difficulty: Medium 7-47
    • Chapter 07 - Internal Control89. Assume that you have assessed inherent risk for an audit area at a very high level. Whileobtaining an understanding of internal control, you have determined that it appears to be verystrong. Nonetheless, due to the large number of transactions involved, you have chosen not totest controls in the area.a. At what level will the planned assessed level of control risk be established?b. Describe the scope of tests of controls that will be performed.c. At what level will the assessed level of control risk be established?d. What must be documented in the working papers relating to internal control?e. At what level will detection risk be established?f. Describe the required scope of substantive procedures, if any. Make certain to discussdetails of likely nature, timing and extent.a. Maximum, High or Highest.b. None will be performed (because control risk is being assessed at the maximum level).c. Maximum, High or Highestd. Control risk assessed at maximum (or high or highest) level. The auditor need notdocument the reason for assessing control risk at the maximum (we delete points from scoresof students who state that the auditor needs to document the reason).e. Minimum, low, or lowestf. Nature--External sources rather than internal Timing--Year-end testing rather than interimtesting. Extent--Greatest extentDifficulty: Hard 7-48