Our only savior is our will power. Will is the switch that controls everything in this universe. If you don't exercise your will power, you will be a weakling, easily influenced by your environment. Development of the will is the secret of magnetism. Men of success are men of great will power. When you develop will, no matter how you are pounded down by life, you rise again and say, "I am successful. I can win." Regards from Prof Mahaley Head Gmsisuccess Your Career Mentor Gmsisuccess...

Thursday, April 2, 2026

Ethics and professionalism Mocktest Casebased with answers

🔹 Case-Based MCQs on Ethics & Professionalism

1. Independence vs Familiarity Threat

An internal auditor has been assigned to audit the procurement department where she worked until last year. She believes she can remain unbiased.

Question: What is the MOST appropriate action?

A. Accept the audit and proceed normally
B. Accept but avoid reviewing her past work
C. Disclose the conflict and request reassignment
D. Perform audit with supervision

Answer: C

Explanation: Independence in appearance is compromised → reassignment required.

2. Integrity under Pressure

A senior manager asks an internal auditor to remove adverse findings before submitting the audit report.

Question: What should the auditor do?

A. Remove findings to maintain relationship
B. Delay report submission
C. Refuse and report the matter to higher authority
D. Modify wording to make it less severe

Answer: C

Explanation: Integrity requires honesty and courage to report truth.

3. Objectivity in Audit Judgment

During an audit, an auditor discovers errors made by a close colleague.

Question: What should the auditor do?

A. Ignore errors to protect colleague
B. Report objectively without bias
C. Inform colleague privately and skip reporting
D. Report only if management asks

Answer: B

Explanation: Objectivity requires impartial evaluation of evidence.

4. An auditor shares audit findings with a friend outside the organization.

Question: Which principle is violated?

A. Competency
B. Confidentiality
C. Integrity
D. Independence

Answer: B

Explanation: Unauthorized disclosure breaches confidentiality.

5. An auditor owns shares in a company that is a major supplier to their organization.

Question: What is the BEST course of action?

A. Continue audit silently
B. Sell shares immediately
C. Disclose the conflict
D. Ignore as investment is personal

Answer: C

Explanation: Disclosure is mandatory to maintain objectivity.

6An auditor accepts an assignment involving advanced IT systems without sufficient knowledge.

Question: Which principle is at risk?

A. Integrity
B. Confidentiality
C. Competency
D. Objectivity

Answer: C

Explanation: Auditors must possess necessary skills or seek assistance.

7. Gifts and Hospitality

An auditor receives expensive gifts from a vendor during audit.

Question: What should the auditor do?

A. Accept as goodwill
B. Decline and report as per policy
C. Accept but disclose later
D. Share with team

Answer: B

Explanation: Gifts impair independence and objectivity.

8Audit findings are modified due to management influence.

Question: Which principle is MOST compromised?

A. Integrity
B. Independence
C. Competency
D. Confidentiality

Answer: B

Explanation: External influence affects independence.

9An auditor fails to detect fraud due to negligence in testing.

Question: Which principle is violated?

A. Integrity
B. Competency
C. Due Professional Care
D. Confidentiality

Answer: C

Explanation: Proper diligence is required in audit work.

10An auditor uses insider information for personal stock trading.

Question: This violates:

A. Integrity & Confidentiality
B. Competency only
C. Objectivity only
D. Independence only

Answer: A

Explanation: Misuse of information breaches both principles.

11. Organizational Independence

The internal audit function reports to the CFO instead of the Audit Committee.

Question: What is the risk?

A. Lack of competency
B. Reduced independence
C. Confidentiality breach
D. Inefficiency

Answer: B

Explanation: Functional reporting should be to the board/audit committee.

12Management restricts access to certain audit documents.

Question: What should the auditor do?

A. Accept limitation
B. Expand audit elsewhere
C. Report scope limitation
D. Ignore issue

Answer: C

Explanation: Scope restrictions must be disclosed.

13. Ethical Dilemma

An auditor finds fraud but lacks sufficient evidence.

Question: What is the BEST action?

A. Ignore issue
B. Accuse management immediately
C. Gather more evidence
D. Report incomplete findings

Answer: C

Explanation: Evidence-based reporting is essential.

14. Advocacy Threat

An auditor promotes a new system they helped design.

Question: Which principle is compromised?

A. Objectivity
B. Confidentiality
C. Competency
D. Integrity

Answer: A

Explanation: Advocacy creates bias.

15. Self-Review Threat

An auditor audits a system they implemented.

Question: What is the risk?

A. Confidentiality breach
B. Lack of independence
C. Competency issue
D. Integrity issue

Answer: B

Explanation: Self-review impairs independence.

Pl refer… Quick Concept Summary (Exam Focus)

Principle	Key Idea	Risk Example
Integrity	Honesty & truthfulness	Manipulating audit reports
Objectivity	Unbiased judgment	Personal relationships
Independence	Freedom from influence	Reporting line issues
Confidentiality	Protect information	Data leakage
Competency	Skills & knowledge	Lack of expertise

Assertion–Reasoning MCQs for CIA Part 1 (Ethics & Professionalism) based on the framework of the Institute of Internal Auditors.

🔥 How to Answer (Exam Pattern)

Each question has:

Assertion (A)
Reason (R)

Options:
A. Both A and R are true, and R is correct explanation
B. Both A and R are true, but R is NOT correct explanation
C. A is true, R is false
D. A is false, R is true

🔹 1–10 (Integrity & Ethical Conduct)

1.
A: Internal auditors must always be truthful in reporting.
R: Integrity requires auditors to disclose all material facts.

Answer A

2.
A: Auditor can omit minor findings to maintain relations.
R: Integrity allows flexibility in reporting.

Ans: D

3.
A: Integrity requires avoiding illegal acts.
R: Internal auditors must comply with laws

Ans: A

4.
A: Auditor may manipulate findings under pressure.
R: Management influence is acceptable in some cases

Ans: D

5.
A: Integrity includes honesty and courage.
R: Auditor must report even unfavorable results.

Ans: A

6.
A: Accepting bribes violates integrity.
R: It creates bias in audit judgment.

Ans: A

7.
A: Integrity applies only during reporting stage.
R: It is limited to audit documentation.

Ans: D

8.
A: Auditor should not knowingly be part of fraud.
R: Ethical standards prohibit illegal acts.

Ans: A

9.
A: Integrity allows selective disclosure.
R: Confidentiality restricts full reporting.

Ans: D

10.
A: Internal auditors must act in public interest.
R: Integrity builds trust in profession.

Ans: A

🔹 11–25 (Objectivity)

11.
A: Objectivity requires unbiased judgment.
R: Auditors must avoid conflicts of interest.

Ans: A

12.
A: Personal relationships do not affect objectivity.
R: Professional judgment overrides emotions.

Ans: D

13.
A: Objectivity is impaired when auditor audits own work.
R: This creates self-review threat.

Ans: A

14.
A: Auditor can accept gifts without disclosure.
R: Gifts do not influence decisions.

Ans: D

15.
A: Objectivity requires evidence-based conclusions.
R: Decisions must rely on audit evidence.

Ans: A

16.
A: Bias can arise from familiarity.
R: Long association reduces skepticism.

Ans: A

17.
A: Objectivity allows advocacy roles.
R: Auditor may promote systems they designed.

Ans: D

18.
A: Objectivity requires avoiding undue influence.
R: External pressure affects judgment.

Ans: A

19.
A: Auditor may ignore conflict if immaterial.
R: Small conflicts do not matter.

Ans: D

20.
A: Objectivity is compromised when incentives exist.
R: Financial interest affects decisions

Ans: A

21.
A: Internal auditors should disclose impairments.
R: Transparency supports objectivity.

Ans: A

22.
A: Auditor can audit family member’s department.
R: Professional ethics override relationships.

Ans: D

23.
A: Objectivity requires independence of mind.
R: Freedom from bias ensures fairness.

Ans: A

24.
A: Objectivity applies only to reporting.
R: It is not needed during planning.

Ans: D

25.
A: Objectivity is maintained by rotation of auditors.
R: Rotation reduces familiarity threat.

Ans: A

🔹 26–45 (Independence)

26.
A: Internal audit must be independent of management.
R: Reporting to audit committee ensures independence.

Ans: A

27.
A: Independence means freedom from all relationships.
R: Auditors cannot interact with management

Ans: D

28.
A: Functional reporting should be to board.
R: It enhances independence.

Ans: A

29.
A: Independence is only structural.
R: Mental independence is not required.

Ans: D

30.
A: Independence is impaired by undue influence.
R: Pressure affects decisions.

Ans: A

31.
A: Internal auditors can perform operational duties.
R: It improves efficiency.

Ans: D

32.
A: Independence requires no interference in scope.
R: Management should not limit audits.

Ans: A

33.
A: Auditor can audit own past work immediately.
R: Independence is unaffected by prior roles.

Ans: D

34.
A: Independence includes organizational status.
R: Proper reporting lines are necessary.

Ans: A

35.
A: Independence applies only to external auditors.
R: Internal auditors are part of management.

Ans: D

36.
A: Independence is enhanced by audit committee oversight.
R: Board-level support reduces bias.

Ans: A

37.
A: Independence allows ignoring policies.
R: Auditors are above rules.

Ans: D

38.
A: Independence includes freedom in reporting.
R: No alteration by management.

Ans: A

39.
A: Independence is not affected by incentives.
R: Bonuses do not influence auditors.

Ans: D

40.
A: Independence requires unrestricted access.
R: Full access ensures audit effectiveness.

Ans: A

41.
A: Independence is compromised by consulting roles.
R: Advisory services create bias.

Ans: B

42.
A: Independence requires objectivity.
R: Both are interrelated.

Ans: B

43.
A: Internal audit must be free from scope limitation.
R: Restrictions impair independence.

Ans: A

44.
A: Independence is strengthened by policies.
R: Clear guidelines reduce influence.

Ans: A

45.
A: Independence eliminates need for ethics.
R: Ethical codes are unnecessary.

Ans: D

🔹 46–65 (Confidentiality)

46.
A: Auditors must protect sensitive information.
R: Confidentiality is a core principle.

Ans: A

47.
A: Information can be shared freely.
R: Transparency overrides confidentiality.

Ans: D

48.
A: Confidentiality applies after audit also.
R: Obligation continues beyond engagement.

Ans: A

49.
A: Insider trading is acceptable for auditors.
R: Personal benefit is allowed.

Ans: D

50.
A: Disclosure allowed if legally required.
R: Law overrides confidentiality.

Ans: A

51.
A: Confidentiality prohibits reporting fraud.
R: Information must not be disclosed.

Ans: D

52.
A: Data misuse violates ethics.
R: Confidentiality protects information

Ans: A

53.
A: Auditor can share info with friends.
R: No harm in informal sharing.

Ans: D

54.
A: Confidentiality requires data security.
R: Protection prevents misuse.

Ans: A

55.
A: Confidentiality is optional.
R: Depends on situation.

Ans: D

56.
A: Information used for personal gain violates ethics.
R: It breaches confidentiality and integrity.

Ans: A

57.
A: Confidentiality applies only to financial data.
R: Non-financial data is irrelevant.

Ans: D

58.
A: Auditors must safeguard records.
R: Unauthorized access must be prevented.

Ans: A

59.
A: Confidentiality allows selective leaks.
R: Minor leaks are acceptable.

Ans: D

60.
A: Confidentiality builds trust.
R: Stakeholders rely on auditors.

Ans: A

61.
A: Disclosure requires authority.
R: Unauthorized disclosure is violation.

Ans: A

62.
A: Confidentiality conflicts with transparency.
R: Both cannot coexist.

Ans: D

63.
A: Confidentiality includes digital data.
R: Cybersecurity is relevant.

Ans: A

64.
A: Auditors can retain confidential files personally.
R: Ownership lies with auditor.

Ans: D

65.
A: Confidentiality continues after resignation.
R: Ethical obligations persist.

Ans: A

🔹 66–85 (Competency & Due Care)

66.
A: Auditors must possess required skills.
R: Competency ensures quality work.

Ans: A

67.
A: Auditor can accept any assignment.
R: Learning during audit is sufficient

Ans: D

68.
A: Due care requires diligence.
R: Proper planning improves audit.

Ans: A

69.
A: Competency includes continuous learning.
R: Professional development is essential.

Ans: A

70.
A: Negligence violates due care.
R: Lack of effort leads to errors.

Ans: A

71.
A: Auditor need not understand IT systems.
R: IT is not part of audit.

Ans: D

72.
A: Competency ensures reliable conclusions.
R: Skills improve judgment.

Ans: A

73.
A: Due care eliminates audit risk.
R: Proper care ensures no errors.

Ans: D

74.
A: Auditor must seek expert help when needed.
R: Lack of expertise affects audit.

Ans: A

5.
A: Competency is static.
R: Skills do not require updating.

Ans: D

76.
A: Due care includes supervision.
R: Review improves quality.

Ans: A

77.
A: Auditor can ignore minor risks.
R: Small risks are irrelevant.

Ans: D

78.
A: Competency includes analytical skills.
R: Data analysis supports audit.

Ans: A

79.
A: Due care requires documentation.
R: Evidence supports conclusions.

Ans: A

80.
A: Auditor need not follow standards.
R: Experience is enough.

Ans: D

81.
A: Competency improves efficiency.
R: Skilled auditors perform better.

Ans: A

82.
A: Due care requires skepticism.
R: Questioning mindset detects issues.

Ans: A

83.
A: Auditor can rely fully on management.
R: Management is always correct.

Ans: D

84.
A: Competency includes ethical knowledge.
R: Ethics is part of professionalism.

Ans: A

85.
A: Due care reduces audit risk.
R: Proper procedures minimize errors.

Ans: A

86.
A: Ethics code applies to all auditors.
R: It ensures uniform standards.

Ans: A

87.
A: Independence and objectivity are unrelated.
R: Both operate separately.

Ans: D

88.
A: Ethical behavior enhances credibility.
R: Trust improves stakeholder confidence.

Ans: A

89.
A: Auditor can override ethics for business needs.
R: Profit is priority.

Ans: D

90.
A: Ethics training improves compliance.
R: Awareness reduces violations.

Ans: A

91.
A: Internal audit adds value.
R: Ethical conduct improves effectiveness.

Ans: B

92.
A: Code of ethics is optional.
R: It is only guidance.

Ans: D

93.
A: Ethical lapses damage reputation.
R: Trust is critical in auditing.

Ans: A

94.
A: Auditors must avoid conflicts.
R: Conflicts impair objectivity.

Ans: A

95.
A: Ethical principles are universal.
R: Applicable across industries.

Ans: A

96.
A: Auditor may ignore unethical acts.
R: Reporting is optional.

Ans: D

97.
A: Ethics supports governance.
R: Strong ethics improves controls.

Ans: A

98.
A: Ethical culture reduces fraud.
R: Behavior influences controls.

Ans: A

99.
A: Internal auditors are role models.
R: They promote ethical behavior.

Ans: A

100.
A: Ethics is foundation of auditing.
R: Without ethics, audit loses value.

Ans: A

Ethics & Professionalism/Gmsisuccess

MCQ questions on investment accounting.answers

MCQs on Investment Accounting as per US GAAP covering trading, HTM, AFS, equity investments, associates, bonds, income recognition, unrealized gains/losses, etc.

📘 MCQs on Investment Accounting (US GAAP)

🔹 Section 1: Classification of Investments

1.

Under US GAAP, trading securities are primarily held for:
A. Long-term appreciation
B. Collection of contractual cash flows
C. Short-term profit from price changes
D. Strategic control

✅ Answer: C
👉 Trading securities are bought for short-term gains.

2.

Held-to-maturity (HTM) securities must be:
A. Equity instruments
B. Debt instruments only
C. Either equity or debt
D. Derivatives only

✅ Answer: B

3.

Which category allows both debt and equity securities?
A. HTM
B. Trading
C. Available-for-sale (AFS)
D. None

✅ Answer: C

4.

HTM investments are measured at:
A. Fair value
B. Historical cost
C. Amortized cost
D. Net realizable value

✅ Answer: C

5.

AFS securities are reported at:
A. Cost
B. Fair value
C. Amortized cost
D. Lower of cost or market

✅ Answer: B

🔹 Section 2: Unrealized Gains & Losses

6.

Unrealized gain on trading securities is recognized in:
A. OCI
B. Balance Sheet only
C. Net Income
D. Equity

✅ Answer: C

7.

Unrealized loss on AFS securities is recognized in:
A. Net Income
B. OCI
C. Retained Earnings
D. Cash Flow

✅ Answer: B

8.

Where are cumulative unrealized gains on AFS securities shown?
A. Income Statement
B. OCI (Equity section)
C. Cash Flow Statement
D. Notes only

✅ Answer: B

9.

HTM securities recognize unrealized gains:
A. In OCI
B. In Net Income
C. Not recognized
D. In Cash Flow

✅ Answer: C

10.

Which investment type causes income statement volatility?
A. HTM
B. AFS
C. Trading
D. Associates

✅ Answer: C

🔹 Section 3: Interest & Dividend Income

11.

Interest income on bonds is recognized using:
A. Straight-line method only
B. Effective interest method
C. Cash basis only
D. Market rate

✅ Answer: B

12.

Dividend income is recognized when:
A. Cash is received
B. Declared by investee
C. Earned proportionately
D. Share price increases

✅ Answer: B

13.

Interest income affects:
A. OCI
B. Net Income
C. Equity directly
D. Cash Flow only

✅ Answer: B

14.

Dividend income from equity investments is reported in:
A. OCI
B. Net Income
C. Equity
D. Balance Sheet

✅ Answer: B

15.

Premium on bond investment is:
A. Added to interest income
B. Amortized reducing income
C. Ignored
D. Expensed fully

✅ Answer: B

🔹 Section 4: Equity Investments

16.

Equity investments (<20% ownership) are generally measured at:
A. Amortized cost
B. Fair value through income
C. Cost only
D. OCI

✅ Answer: B

17.

If fair value is not readily determinable:
A. Must use OCI
B. Use cost minus impairment
C. Use market value
D. Ignore

✅ Answer: B

18.

Which method is used when significant influence exists?
A. Cost method
B. Equity method
C. Fair value method
D. Consolidation

✅ Answer: B

🔹 Section 5: Investment in Associates

19.

Significant influence is generally presumed at:
A. 5%
B. 10%
C. 20%
D. 51%

✅ Answer: C

20.

Under equity method, investor recognizes:
A. Dividends as income
B. Share of profits
C. Fair value changes
D. Nothing

✅ Answer: B

21.

Dividends received under equity method are treated as:
A. Income
B. Reduction of investment
C. OCI
D. Expense

✅ Answer: B

🔹 Section 6: Investment in Bonds

22.

Bond investment classification depends on:
A. Coupon rate
B. Intent & ability
C. Market price
D. Issuer type

✅ Answer: B

23.

Discount on bond investment is:
A. Added to interest income
B. Amortized increasing income
C. Ignored
D. Expensed

✅ Answer: B

24.

Carrying value of HTM bonds changes due to:
A. Market price
B. Amortization
C. Dividend
D. OCI

✅ Answer: B

🔹 Section 7: Conceptual & Application

25.

Which investment is best for liquidity?
A. HTM
B. Trading
C. Associates
D. Subsidiary

✅ Answer: B

26.

Which investment is best for stable income?
A. Trading
B. HTM
C. Equity speculative
D. Derivatives

✅ Answer: B

27.

AFS securities provide:
A. Only income
B. Flexibility & liquidity
C. Control
D. Fixed return only

✅ Answer: B

28.

Which investment affects OCI but not immediate income?
A. Trading
B. HTM
C. AFS
D. Associates

✅ Answer: C

29.

Investment for strategic influence is:
A. Trading
B. HTM
C. Associates
D. AFS

✅ Answer: C

30.

Which is NOT a feature of trading securities?
A. Fair value measurement
B. Income statement impact
C. Long-term holding intent
D. Frequent buying/selling

✅ Answer: C

📊 Bonus Concept Summary (Exam Revision)

Type	Measurement	Unrealized Gain/Loss	Income Impact
Trading	Fair Value	Net Income	High volatility
AFS	Fair Value	OCI	Moderate
HTM	Amortized Cost	Not recognized	Stable
Equity (<20%)	Fair Value	Net Income	Moderate
Associates	Equity Method	Share of profit	Strategic

www.gmsisuccess.in

MCQ questions on Investment Accounting

MCQs on Investment Accounting as per US GAAP covering trading, HTM, AFS, equity investments, associates, bonds, income recognition, unrealized gains/losses, etc.

📘 MCQs on Investment Accounting (US GAAP)

🔹 Section 1: Classification of Investments

1.

Under US GAAP, trading securities are primarily held for:
A. Long-term appreciation
B. Collection of contractual cash flows
C. Short-term profit from price changes
D. Strategic control

✅ Answer:

2.

Held-to-maturity (HTM) securities must be:
A. Equity instruments
B. Debt instruments only
C. Either equity or debt
D. Derivatives only

✅ Answer:

3.

Which category allows both debt and equity securities?
A. HTM
B. Trading
C. Available-for-sale (AFS)
D. None

✅ Answer:

4.

HTM investments are measured at:
A. Fair value
B. Historical cost
C. Amortized cost
D. Net realizable value

✅ Answer:

5.

AFS securities are reported at:
A. Cost
B. Fair value
C. Amortized cost
D. Lower of cost or market

✅ Answer:

🔹 Section 2: Unrealized Gains & Losses

6.

Unrealized gain on trading securities is recognized in:
A. OCI
B. Balance Sheet only
C. Net Income
D. Equity

✅ Answer:

7.

Unrealized loss on AFS securities is recognized in:
A. Net Income
B. OCI
C. Retained Earnings
D. Cash Flow

✅ Answer:

8.

Where are cumulative unrealized gains on AFS securities shown?
A. Income Statement
B. OCI (Equity section)
C. Cash Flow Statement
D. Notes only

✅ Answer:

9.

HTM securities recognize unrealized gains:
A. In OCI
B. In Net Income
C. Not recognized
D. In Cash Flow

✅ Answer:

10.

Which investment type causes income statement volatility?
A. HTM
B. AFS
C. Trading
D. Associates

✅ Answer:

🔹 Section 3: Interest & Dividend Income

11.

Interest income on bonds is recognized using:
A. Straight-line method only
B. Effective interest method
C. Cash basis only
D. Market rate

✅ Answer:

12.

Dividend income is recognized when:
A. Cash is received
B. Declared by investee
C. Earned proportionately
D. Share price increases

✅ Answer:

13.

Interest income affects:
A. OCI
B. Net Income
C. Equity directly
D. Cash Flow only

✅ Answer:

14.

Dividend income from equity investments is reported in:
A. OCI
B. Net Income
C. Equity
D. Balance Sheet

✅ Answer:

15.

Premium on bond investment is:
A. Added to interest income
B. Amortized reducing income
C. Ignored
D. Expensed fully

✅ Answer:

🔹 Section 4: Equity Investments

16.

Equity investments (<20% ownership) are generally measured at:
A. Amortized cost
B. Fair value through income
C. Cost only
D. OCI

✅ Answer:

17.

If fair value is not readily determinable:
A. Must use OCI
B. Use cost minus impairment
C. Use market value
D. Ignore

✅ Answer:

18.

Which method is used when significant influence exists?
A. Cost method
B. Equity method
C. Fair value method
D. Consolidation

✅ Answer:

🔹 Section 5: Investment in Associates

19.

Significant influence is generally presumed at:
A. 5%
B. 10%
C. 20%
D. 51%

✅ Answer:

20.

Under equity method, investor recognizes:
A. Dividends as income
B. Share of profits
C. Fair value changes
D. Nothing

✅ Answer:

21.

Dividends received under equity method are treated as:
A. Income
B. Reduction of investment
C. OCI
D. Expense

✅ Answer:

🔹 Section 6: Investment in Bonds

22.

Bond investment classification depends on:
A. Coupon rate
B. Intent & ability
C. Market price
D. Issuer type

✅ Answer:

23.

Discount on bond investment is:
A. Added to interest income
B. Amortized increasing income
C. Ignored
D. Expensed

✅ Answer:

24.

Carrying value of HTM bonds changes due to:
A. Market price
B. Amortization
C. Dividend
D. OCI

✅ Answer:

🔹 Section 7: Conceptual & Application

25.

Which investment is best for liquidity?
A. HTM
B. Trading
C. Associates
D. Subsidiary

✅ Answer:

26.

Which investment is best for stable income?
A. Trading
B. HTM
C. Equity speculative
D. Derivatives

✅ Answer:

27.

AFS securities provide:
A. Only income
B. Flexibility & liquidity
C. Control
D. Fixed return only

✅ Answer:

28.

Which investment affects OCI but not immediate income?
A. Trading
B. HTM
C. AFS
D. Associates

✅ Answer:

29.

Investment for strategic influence is:
A. Trading
B. HTM
C. Associates
D. AFS

✅ Answer:

30.

Which is NOT a feature of trading securities?
A. Fair value measurement
B. Income statement impact
C. Long-term holding intent
D. Frequent buying/selling

✅ Answer:

📊 Bonus Concept Summary (Exam Revision)

Type	Measurement	Unrealized Gain/Loss	Income Impact
Trading	Fair Value	Net Income	High volatility
AFS	Fair Value	OCI	Moderate
HTM	Amortized Cost	Not recognized	Stable
Equity (<20%)	Fair Value	Net Income	Moderate
Associates	Equity Method	Share of profit	Strategic

www.gmsisuccess.in

Mocktest on Internal Control Governence Accounting Information System Technology and Data Analytics

GMSi Gmsisuccess <gmsi2022cia@gmail.com>

RAPID FIRE MOCKTEST CASEBASED ON INTERNAL CONTROL GOVERNENCE AIS

GMSi Gmsisuccess <gmsi2022cia@gmail.com>

Thu, Apr 2, 2026 at 9:00 AM

To: GMSi Gmsisuccess <gmsi2022cia@gmail.com>

Case-based questions and answers focused on Internal Control, Corporate Governance, Risk Assessment, and Technology/Data Analytics, based on real-world scenarios and professional auditing standards.

Case 1: Fraud and Internal Control Failure (Procurement)

Scenario: GlobalTech Solutions suffered a significant financial loss due to a procurement fraud perpetrated by a Senior Procurement Manager. The manager created fictitious vendors and approved payments over two years. An audit revealed that the manager was responsible for both vendor onboarding and payment approval. The company had no continuous monitoring system to detect duplicate payments or unusual vendor patterns.

· Q1.1: What are the primary internal control weaknesses in this scenario?

o Answer: (1) Lack of Segregation of Duties: The same individual was responsible for onboarding (authorization) and payment approval (custody/processing). (2) Inadequate Vendor Management Control: No independent verification of vendor legitimacy before adding to the Master Vendor File.

· Q1.2: Which Data Analytics tests could have detected this fraud earlier?

o Answer: (1) Vendor-Employee Matching: Matching vendor bank accounts or addresses with employee personal data. (2) Duplicate Payment Analysis: Searching for identical amounts, invoice numbers, or payment dates within a short period. (3) Benford’s Law Analysis: Testing for unnatural distribution of invoice amounts.

· Q1.3: How can the company remediate these control deficiencies?

o Answer: (1) Segregate duties: Implement a policy where vendor creation is done by a different department than vendor payment. (2) Implement Continuous Control Monitoring (CCM) tools to run daily checks on payments. (3) Perform a thorough risk assessment on procurement risks.

Risk Management Association of India +4

Case 2: IT Governance and Cybersecurity Risk

Scenario: Pinnacle Bank experienced a major data breach exposing customer financial information. It was found that a previous risk assessment identified vulnerabilities in the security system, but these were not addressed due to resource constraints. The Board of Directors had not reviewed IT security risks in the past 18 months.

Risk Management Association of India

· Q2.1: Identify the failures in the bank’s governance structure.

o Answer: (1) Weak Oversight: The Board failed to monitor IT risks effectively. (2) Ineffective Risk Management: The risk assessment process was not followed by remedial action.

· Q2.2: What are the key elements of a robust IT Governance framework?

o Answer: (1) Alignment of IT strategy with business objectives. (2) Clear policies and accountability for risk management. (3) Regular monitoring and reporting of security breaches and threats. (4) Dedicated Risk Committee.

· Q2.3: How can AI enhance this company's risk mitigation efforts?

o Answer: AI can be used to simulate cyber-attacks (penetration testing), analyze network behavior in real-time for anomalies, and automate compliance checks with data protection laws.

LinkedIn +4

Case 3: Data Analytics in Auditing (Inventory)

Scenario: An auditor is assessing the valuation of inventory for a client with over 100,000 SKUs across 50 locations. Historically, physical inventory counts at year-end are rushed, leading to inaccurate records.

· Q3.1: How can the auditor use data analytics to replace traditional sampling for inventory?

o Answer: The auditor can analyze the entire population of inventory data rather than just a sample. This includes checking for negative quantities, extreme high/low unit costs, and identifying items with no movement over a long period (slow-moving inventory).

· Q3.2: What specific analysis helps detect potential overstatement of inventory?

o Answer: (1) Disaggregated analysis of inventory: Comparing inventory quantities at current period with prior periods by class, location, or SKU. (2) Comparing Perpetual Records to Physical Counts: Using data analytics to match the two datasets and identify discrepancies.

Riskcue +3

Case 4: Risk Management & Corporate Governance (Fintech Startup)

Scenario: FintechPay, a rapidly growing P2P mobile payment startup, has experienced several compliance failures. The company focuses heavily on growth and has delayed the hiring of a Chief Risk Officer (CRO) and an Internal Audit team.

· Q4.1: As an external consultant, what is the most critical risk that needs to be addressed?

o Answer: Compliance Risk & Regulatory Non-compliance. Fintech companies face stringent regulations regarding Know Your Customer (KYC), Anti-Money Laundering (AML), and data protection. Failure can lead to shut down.

· Q4.2: How should the board of FintechPay structure its risk management?

o Answer: (1) Establish a dedicated Risk Management Committee that reports directly to the board. (2) Implement a Risk-Based Internal Audit (RBIA) approach, focusing on key risks like cybersecurity and transaction monitoring.

· Q4.3: Mention a key control to be added to their P2P payment app.

o Answer: Real-time transaction monitoring AI that flags unusual peer-to-peer transfers or high-volume transactions to prevent fraudulent activities.

LinkedIn +4

Key Takeaways for Case Studies

· Internal Control (IC): Focus on segregation of duties, authorization, and safeguarding assets.

· Governance: Focus on board oversight, transparency, and accountability.

· Risk Assessment: Identify, analyze, and mitigate (Prob x Impact).

· Technology/Data Analytics: Use data to move from detective controls (after the fact) to preventive/continuous controls.

🔷 CASE 1: INTERNAL CONTROL WEAKNESS (Revenue Fraud)

A company allows sales staff to approve credit sales, record transactions, and handle collections. Recently, large receivables became uncollectible.

🔹 MCQ

Q1. What is the primary internal control weakness?
A. Lack of documentation
B. Lack of segregation of duties
C. Lack of audit trail
D. Lack of authorization

✅ Answer: B
👉 Same person handling authorization, recording & custody → high fraud risk.

🔹 Assertion–Reason

Q2. Assertion (A): Segregation of duties reduces fraud risk.
Reason (R): It ensures one person handles all stages of transaction.

A. Both true
B. Both false
C. A true, R false
D. A false, R true

Answer: C
👉 Segregation means dividing duties, not combining them.

🔹 True/False,WITH REASON

Q3. Internal controls are only necessary for large organizations.

❌ Answer: False
👉 Even small firms need controls.

🔹 Fill in the Blank

Q4. Separating authorization, custody, and recording is called ________.

✅ Answer: Segregation of duties

🔹 Odd Man Out

Q5. Identify the control element that does NOT belong:
A. Authorization
B. Custody
C. Recording
D. Profitability

✅ Answer: D
👉 Others are internal control components.

🔷 CASE 2: CORPORATE GOVERNANCE FAILURE

A listed company’s board is dominated by executive directors, and no independent audit committee exists. Financial misstatements go unnoticed.

🔹 MCQ

Q6. Which governance principle is violated?
A. Transparency
B. Accountability
C. Independence
D. Sustainability

✅ Answer: C
👉 Lack of independent oversight.

🔹 Assertion–Reason

Q7. Assertion: Independent directors improve governance.
Reason: They bring unbiased judgment.

A. Both true, R explains A
B. Both true, not explanation
C. A true, R false
D. A false, R true

✅ Answer: A

🔹 True/False WITH REASON

Q8. Audit committees should consist mainly of executive directors.

❌ Answer: False
👉 Should be independent.

🔹 Fill in the Blank

Q9. The audit committee ensures integrity of ________ reporting.

✅ Answer: Financial

🔹 Odd Man Out

Q10. Choose the non-governance element:
A. Board oversight
B. Risk management
C. Internal audit
D. Sales promotion

✅ Answer: D

🔷 CASE 3: RISK ASSESSMENT FAILURE

A bank fails to update its cybersecurity controls despite rising cyber threats, leading to data breaches.

🔹 MCQ

Q11. What type of risk is primarily involved?
A. Market risk
B. Credit risk
C. Operational risk
D. Liquidity risk

✅ Answer: C

🔹 Assertion–Reason

Q12. Assertion: Risk assessment should be continuous.
Reason: Business environment changes frequently.

A. Both true, R explains A
B. Both true, not explanation
C. A true, R false
D. A false, R true

A. Both true, R explains A
✅ Answer: A

🔹 True/False

Q13. Risk assessment is a one-time activity.

❌ Answer: False

🔹 Fill in the Blank

Q14. Identifying and analyzing risks is part of ________ component of COSO.

✅ Answer: Risk Assessment

🔹 Odd Man Out

Q15. Identify non-risk element:
A. Identification
B. Analysis
C. Mitigation
D. Marketing

✅ Answer: D

🔷 CASE 4: TECHNOLOGY & DATA ANALYTICS

An auditor uses data analytics to identify duplicate payments and unusual transactions in procurement.

🔹 MCQ

Q16. What is the main benefit of data analytics?
A. Reduce audit scope
B. Improve audit quality
C. Eliminate internal control
D. Replace auditors

✅ Answer: B

🔹 Assertion–Reason

Q17. Assertion: Data analytics helps detect anomalies.
Reason: It analyzes entire data population.

A. Both true, R explains A
B. Both true, not explanation
C. A true, R false
D. A false, R true

A. Both true, R explains A
✅ Answer: A

🔹 True/False

Q18. Data analytics can only be used in financial audits. FALSE

Data analytics is widely used across various types of audits and business functions, including:

· Internal Audit: For assessing risks, testing controls, and improving efficiency.

· Compliance Audit: To monitor for policy breaches (e.g., procurement fraud, travel records).

· Operational Audit: To identify inefficiencies, patterns of wasted resources, and improve processes.

· Forensic Audits/Investigations: To detect fraud, money laundering, and suspicious transactions.

· Information System Audits: To audit controls in IT systems

🔹 Fill in the Blank

Q19. Detecting duplicate invoices is an example of ________ analytics

✅ Answer: Diagnostic / Investigative analytics

🔹 Odd Man Out

Q20. Identify tool not used in analytics:
A. ACL
B. IDEA
C. Excel
D. Typewriter

✅ Answer: D

🔷 CASE 5: INTERNAL CONTROL OVER PAYROLL

An employee creates fake employees and processes salary payments.

🔹 MCQ

Q21. What type of fraud is this?
A. Asset misappropriation
B. Financial statement fraud
C. Corruption
D. Tax evasion

✅ Answer: A

These terms represent different categories of occupational fraud and financial crimes, often differentiated by the method used and the objective of the perpetrator. Asset misappropriation is the most common, while financial statement fraud is typically the most costly.

A. Asset Misappropriation

Asset misappropriation involves the theft, misuse, or unauthorized use of an organization's assets by employees, contractors, or insiders for personal gain. It is often referred to as "stealing" or "skimming from the top".

· Examples: Cash skimming, payroll fraud (ghost employees), fraudulent expense reimbursements, stealing inventory, or using company equipment for personal business.

· Key Characteristic: Direct theft of tangible or intangible company resources.

B. Financial Statement Fraud

Financial statement fraud is the deliberate misrepresentation, omission, or alteration of financial data to deceive stakeholders (investors, creditors) and make the organization appear more financially stable or profitable than it actually is. It is usually perpetrated by upper management.

· Examples: Overstating revenues (fictitious sales), understating expenses, inflating asset values, or hiding liabilities/debts.

· Key Characteristic: "Cooking the books" to create a false picture of financial health.

C. Corruption

Corruption is defined as the abuse of entrusted power for private gain, involving dishonest behavior by those in positions of authority. It involves using influence to secure improper advantages.

· Examples: Bribery (giving/accepting cash to influence decisions), kickbacks (receiving money for favorable business terms), conflicts of interest, and extortion.

· Key Characteristic: Misuse of influence to sway business or government decisions.

D. Tax Evasion

Tax evasion is the illegal, intentional act of not paying or underpaying taxes that are owed to tax authorities (government). It involves deliberate concealment of income or falsification of financial records.

· Examples: Underreporting income, inflating deductions, hiding money in offshore accounts, or keeping "double sets of books".

· Key Characteristic: Misrepresenting financial data specifically to avoid tax liability.

Key Differences at a Glance

Type	Main Perpetrator	Objective
Asset Misappropriation	Employees	Steal company assets.
Financial Statement Fraud	Management	Manipulate perception of company health.
Corruption	Influential Personnel	Misuse power for personal gain.
Tax Evasion	Entity/Individual	Avoid paying taxes.

Note: According to the ACFE (Association of Certified Fraud Examiners), these types of fraud are often interrelated; for example, corruption often facilitates asset misappropriation, and asset misappropriation can necessitate financial statement fraud to cover the theft.

🔹 Assertion–Reason

Q22. Assertion: Payroll controls prevent ghost employees.
Reason: Proper authorization & verification is required.

A. Both true, R explains A
B. Both true, not explanation
C. A true, R false
D. A false, R true

A. Both true, R explains A
✅ Answer: A

🔹 True/False

Q23. Payroll should be handled by one person for efficiency.

False.

While having one person handle payroll might seem faster, it is highly discouraged due to the risk of fraud, errors, and lack of internal controls. Segregation of duties—where one person authorizes payments and another processes them—is essential for security. Automated systems and specialized payroll teams are better for ensuring accuracy, compliance, and efficiency

🔹 Fill in the Blank

Q24. Fake employees are called ________ employees.

Fake employees are called ghost employees.

Key Details:

· A ghost employee is a fictitious or non-existent person listed on a company's payroll system.

· They are created to enable payroll fraud, allowing a fraudster to collect wages or benefits.

· The term can also refer to a former employee who is not removed from the payroll system after they have left the organization

🔹 Odd Man Out

Q25. Identify non-payroll control:
A. Employee verification
B. Bank reconciliation
C. Attendance tracking
D. HR approval

✅ Answer: B

SUMMARY OF KEY CONCEPTS

Internal Control: Segregation of duties, authorization, monitoring
Corporate Governance: Independence, transparency, accountability
Risk Assessment: Continuous, dynamic process
Technology & Analytics: Full data analysis, anomaly detection
Fraud Prevention: Strong controls + audit procedures

MCQs ON INTERNAL CONTROL WEAKNESSES (AIS)

A company’s AIS does not maintain logs of transaction edits or deletions.

Q1. What is the major control weakness?
A. Lack of authorization
B. Lack of audit trail
C. Lack of segregation
D. Lack of supervision

✅ Answer: B
👉 No tracking → fraud/errors cannot be detected.

🔹 CASE 2: Unauthorized Changes in Master Data

Employees can modify vendor master records without approval.

Q2. Which control is missing?
A. Input control
B. Processing control
C. Access control
D. Output control

✅ Answer: C
👉 Master data requires restricted access.

🔹 CASE 3: Incomplete Documentation

Invoices are processed without supporting purchase orders.

Q3. This indicates failure of:
A. Matching control
B. Authorization control
C. Reconciliation control
D. Backup control

✅ Answer: A
👉 3-way matching (PO, GRN, Invoice) missing.

🔹 CASE 4: Duplicate Payments

System lacks validation checks, leading to duplicate vendor payments.

Q4. Which control would prevent this?
A. Hash totals
B. Edit checks
C. Encryption
D. Batch control

✅ Answer: B
👉 Edit checks identify duplicates.

🔹 CASE 5: Weak Password Controls

Users share login credentials in AIS.

Q5. What risk arises?
A. Data redundancy
B. Lack of accountability
C. Data normalization
D. Processing delay

✅ Answer: B
👉 Cannot identify responsible person.

🔹 CASE 6: Missing Deliverables in System Development

System implementation completed without user acceptance testing (UAT).

Q6. Which deliverable is missing?
A. System design document
B. Test plan
C. User acceptance sign-off
D. Data dictionary

✅ Answer: C
👉 UAT approval is critical before go-live.

🔹 CASE 7: No Backup Policy

Company does not maintain backups of financial data.

Q7. This affects which control objective?
A. Confidentiality
B. Integrity
C. Availability
D. Authorization

✅ Answer: C

Financial reports are modified without tracking versions.

Q8. Which document control is weak?
A. Document retention
B. Version control
C. Authorization
D. Encryption

✅ Answer: B

🔹 CASE 9: Unapproved System Changes

IT team deploys changes directly into production.

Q9. Which control is violated?
A. Change management control
B. Input control
C. Output control
D. Processing control

✅ Answer: A

🔹 CASE 10: Missing Reconciliation

Bank statements are not reconciled regularly.

Q10. This leads to:
A. Data redundancy
B. Undetected errors/fraud
C. Faster reporting
D. Improved accuracy

✅ Answer: B

🔹 Q11

Which of the following is the BEST control for ensuring completeness of input data?
A. Check digits
B. Sequence checks
C. Password controls
D. Encryption

✅ Answer: B

🔹 Q12

Absence of source documents primarily affects:
A. Accuracy
B. Authorization
C. Auditability
D. Confidentiality

✅ Answer: C

Auditability is the capacity of an organization's records, processes, or AI systems to be independently verified, traced, and reviewed for accuracy, compliance, and security. It requires structured logging, transparent documentation, and accessible data trails to ensure accountability, prevent fraud, and meet regulatory standards

🔹 Q13

Which control ensures transactions are processed only once?
A. Run-to-run totals
B. Validity checks
C. Reasonableness tests
D. Limit checks

✅ Answer: A

In the context of IT auditing and application controls, these terms refer to programmed procedures designed to ensure data integrity, accuracy, and completeness:

· Run-to-run totals: These are control totals (such as record counts, hash totals, or financial sums) calculated at one processing step and compared to totals at the next step to ensure no data was lost, added, or unauthorized changes occurred during processing.

· Validity checks: These controls compare data entered into a field against a list of pre-defined, acceptable values to ensure the data is legitimate (e.g., verifying a vendor code exists in the master file).

· Reasonableness tests: These verify if a data value is logical or plausible when compared to other related data fields (e.g., checking if an employee's $80/hour pay rate is "reasonable" for their specific job skill code).

· Limit checks: These ensure that numerical data falls within a predetermined upper or lower boundary (e.g., a check to ensure a "hours worked per day" field does not exceed 24).

🔹 Q14

Failure to segregate system development and operations leads to:
A. Increased efficiency
B. Higher fraud risk
C. Better control
D. Reduced cost

✅ Answer: B

🔹 Q15

Which document is MOST critical for understanding system flow?
A. Trial balance
B. Flowchart
C. Ledger
D. Journal

✅ Answer: B

🔹 Q16

Which weakness may result from lack of data validation?
A. Unauthorized access
B. Incorrect data entry
C. Data theft
D. System crash

✅ Answer: B

🔹 Q17

Which deliverable ensures system meets user needs?
A. Program code
B. User manual
C. UAT report
D. Backup file

ANSWER C A User Acceptance Testing (UAT) report summarizes final testing results by actual users to confirm software meets requirements before launch. It details testing efforts, pass/fail status of scenarios, identified defects, and provides a final recommendation (sign-off) for deployment, ensuring the product is fit for purpose

🔹 Q18

Which control prevents unauthorized program changes?
A. Access logs
B. Change approval process
C. Edit checks
D. Hash totals

✅ Answer: B

A. Access Logs

Access logs are digital files that record chronological events related to user interactions with a computer system, application, or network. They act as a "security camera" for digital assets, capturing who accessed a resource, when they accessed it (timestamp), the source IP address, the action taken, and whether the attempt was successful.

· Purpose: To monitor for suspicious activity, investigate breaches, and comply with security regulations (e.g., PCI-DSS, HIPAA).

B. Change Approval Process

This is a structured, authorized procedure within IT service management (ITIL) that ensures any change to a production system—such as software updates or hardware changes—is reviewed, evaluated, and approved before implementation.

· Key Elements: It involves assessing risk and impact, often requiring approval from a Change Advisory Board (CAB) or a designated manager to prevent unplanned downtime or security vulnerabilities.

C. Edit Checks

Edit checks are automated input controls (validation rules) integrated into a data processing system to ensure data is accurate, complete, and reasonable before it is processed. Examples include:

· Range Checks: Checking if an age field is between 0 and 120.

· Consistency Checks: Ensuring "not applicable" is not selected for pregnancy status in male patients.

· Format Checks: Ensuring valid date formats.

· Purpose: To detect data entry errors early and ensure data integrity.

D. Hash Totals

A hash total is a control total calculated by summing non-monetary, numeric fields (such as employee IDs, account numbers, or invoice numbers) to verify that all records have been processed correctly.

· Purpose: The sum itself has no financial meaning, but if the hash total calculated before processing does not match the hash total calculated after, it signals that records were lost, added, or changed maliciously.

🔹 Q19

Which is an example of poor output control?
A. Encryption of data
B. Report distribution without authorization
C. Input validation
D. Data backup

✅ Answer: B

🔹 Q20

Lack of proper documentation results in:
A. Better efficiency
B. Poor audit trail
C. Faster processing
D. Improved security

✅ Answer: B

🔷 CASE-BASED INTEGRATED QUESTION

A company processes payroll through AIS. One employee enters data, approves payroll, and distributes salary. No logs or documents are maintained.

🔹 Q21

Primary weakness:
A. Lack of audit trail
B. Lack of segregation of duties
C. Lack of encryption
D. Lack of backups

✅ Answer: B

🔹 Q22

Which fraud risk is highest?
A. Inventory theft
B. Ghost employees
C. Tax evasion
D. Insider trading

✅ Answer: B

🔹 Q23 Which document is missing?
A. Payroll register
B. Purchase order
C. Invoice
D. Ledger

✅ Answer: A

🔥 KEY EXAM INSIGHTS

AIS weaknesses mostly arise due to:

Lack of segregation of duties
Missing audit trail
Weak access controls
Poor documentation
Inadequate change management

Important AIS Controls:

Input → validation, completeness
Processing → run-to-run totals
Output → controlled distribution
Master data → restricted access
Documentation → audit trail

www.gmsisuccess.in

Casebased q & a internal control governence AIS .docx
131K View as HTML Scan and download
Gmsisuccess/casebased question answers