Mocktest on Internal Control, Governence, Risk Assessment etc
### Section 1: Fundamentals & Concepts (1–25)
1. Which of the following is NOT an objective of an internal control system?
A) Promote operational efficiency
B) Safeguard assets
C) Provide absolute assurance against fraud
D) Ensure reliable financial reporting
**Answer:
2. Internal controls are designed to provide:
A) Absolute assurance
B) Reasonable assurance
C) No assurance
D) Maximum benefit
**Answer:
3. Segregation of duties is a type of:
A) Preventive control
B) Detective control
C) Corrective control
D) Directive control
**Answer:
4. An example of a detective control is:
B) Password protection
C) Budget approval
D) Employee training
**Answer:
5. Which internal control component addresses the organization’s “tone at the top”?
A) Control activities
C) Monitoring
D) Information and communication
**Answer: *
6. Which of the following best describes “risk appetite”?
A) Amount of risk an organization is willing to accept
B) Probability of a system failure
C) Number of internal controls in place
D) The likelihood of collusion
**Answer:
7. What is the primary purpose of a code of conduct?
A) Ensure regulatory compliance
B) Guide employee ethical behavior
C) Limit communication
D) Reduce segregation of duties
**Answer:
8. Which of the following is not typically a control activity?
C) Information technology
D) Control environment
**Answer:
9. The Sarbanes–Oxley Act (SOX) primarily seeks to:
A) Standardize tax accounting
B) Improve financial reporting and internal control over financial reporting
C) Enhance product quality
D) Increase IT investments
**Answer:
10. Internal control weaknesses are most likely if:
A) One employee handles all aspects of a transaction
B) Rotation of duties is regular
C) Access to assets is restricted
D) There is periodic reconciliation
**Answer:
11. Which of these is NOT a control limitation?
A) Human error
B) Routine monitoring
C) Collusion among employees
D) Management override
**Answer:
12. COSO’s framework contains how many components?
A) 3
B) 5
C) 7
D) 8
**Answer: **
13. Which is NOT a COSO internal control component?
A) Control activities
B) Risk assessment
C) Governance and culture
D) Monitoring
**Answer: *
14. COBIT primarily focuses on:
A) Enterprise resource planning
B) Corporate IT governance and management
C) Financial reporting standards
D) Product lifecycle management
**Answer:
15. Effective internal controls are:
A) Cost-free
B) Valued by all stakeholders
C) Prohibitively expensive
D) Designed without regard to risk
**Answer: *
16. Which is a limitation common to all internal control systems?
A) Cost–benefit constraints
B) Automatic fraud detection
C) 100% effectiveness
D) Elimination of management fraud
**Answer:
17. Whose responsibility is it to assess the adequacy of internal controls?
A) Internal auditors
B) Management
C) Board of directors
D) Audit committee
**Answer:
18. Which of the following is not a type of internal control?
A) Preventive
B) Detective
C) Responsive
D) Corrective
**Answer:
19. Which of the following is an example of a detective control?
A) Supervisory approval
B) Logical access control
C) Exception reporting
D) Segregation of duties
**Answer:
20. Scenario: An employee prepares and approves payments. What control is most directly lacking?
A) Authorization
B) Segregation of duties
C) Physical controls
D) Documentation
**Answer: *
21. Risk that internal controls will not prevent or detect material misstatements is called:
A) Detection risk
B) Control risk
C) Inherent risk
D) Audit risk
**Answer: **
22. The initial step in risk assessment per COSO is:
A) Designing controls
B) Identifying risks
C) Communicating policies
D) Monitoring controls
**Answer: **
23. To strengthen internal controls, an organization should:
A) Centralize all authority
B) Separate authorization and custody of assets
C) Allow unrestricted access
D) Eliminate audits
**Answer:
24. A limitation of internal controls is:
A) They promote reliable reporting
B) They always prevent management fraud
C) They rely on human judgment
D) They optimize organizational efficiency
**Answer:
25. The FCPA requires:
A) SOX certification
B) Accurate books and records
C) Only U.S.-based companies
D) Tax compliance exclusively
**Answer:
***
### Section 2: Application & Techniques (26–50)
***
### Section 2: Application & Techniques (Questions 26–50)
26. Which is the best example of a corrective control?
A) Password protection
B) Backup data restoration
C) Monthly bank reconciliation
D) Pre-approval of expenditures
**Answer:
27. Routine review of operations to identify supply chain risks is an example of:
A) Risk assessment
B) Supervision
C) Control activity
D) Control environment
**Answer:
28. Which of the following must management provide under SOX Section 404?
A) Report on IT security
B) Attestation of effectiveness of internal controls
C) Documentation of payroll cycles
D) Annual financial budget
**Answer:
29. What is a key role of the internal audit function?
A) Implementing controls only in finance
B) Objectively assessing the effectiveness of the internal control system
C) Eliminating external audit
D) Approving transactions
**Answer:
30. A company restricts access to its server room with swipe cards—this is what type of control?
A) Preventive
B) Detective
C) Corrective
D) Oversight
**Answer:
31. Organizational attitude toward internal control is best reflected by:
A) Control environment
B) Information systems
C) Procedures manuals
D) Risk matrices
**Answer:
32. What is the main objective of performing tests of controls?
A) Ensure all transactions are error free
B) Assess effectiveness of controls to prevent or detect misstatements
C) Calculate tax liabilities
D) Reduce cost of audit
**Answer:
33. If two employees collude to override controls, this is considered:
A) Detective risk
B) Inherent limitation of controls
C) Design deficiency
D) Control activity
**Answer:
34. Which of the following is NOT an element of COSO’s internal control framework?
A) Risk assessment
B) Control environment
C) Strategic planning
D) Monitoring
**Answer:
35. The use of exception reporting is best classified as:
A) Preventive control
B) Detective control
C) Corrective control
D) Directive control
**Answer:
36. Management override of controls is best described as:
A) Permitted flexibility for staff
B) A limitation of any internal control system
C) Part of effective monitoring
D) Requirement under SOX
**Answer:
37. Who is responsible for determining the level of internal control in an organization?
A) Board of directors only
B) Internal auditor only
C) All employees
D) Senior management
**Answer: *
38. Which SOX requirement was originally NOT part of FCPA?
A) Accurate book and records requirements
B) Prohibition of bribery
C) Annual management assessment of internal control effectiveness
D) Compliance documentation
**Answer:
39. When is risk assessment most critical in internal control?
A) Quarterly, after year-end
B) During financial statement audit only
C) Continuously, as part of operations and planning
D) At tax filing
**Answer:
40. Scenario: Payroll clerk and payroll approver are the same person. This best represents a weakness in:
A) Supervisory controls
B) Segregation of duties
C) Audit trail
D) Physical security
**Answer:
41. The COBIT framework provides guidance primarily for:
A) IT governance and controls
B) Supply chain management
C) Inventory valuation
D) Manufacturing process
**Answer:
42. The risk that a material misstatement will not be caught by internal controls is:
A) Control risk
B) Detection risk
C) Inherent risk
D) Regulatory risk
**Answer:
43. The existence of written job descriptions is a control related to:
A) Physical controls
B) Authorization controls
C) Human resource controls
D) Preventive controls
**Answer:
44. COSO defines “Monitoring Activities” as:
A) Developing new policies
B) Ongoing evaluations and separate evaluations of controls
C) Performing risk assessments only
D) Performing fraud investigations only
**Answer:
45. Who should approve the company-wide internal control policy?
A) Line supervisors
B) External auditors
C) Senior management and board of directors
D) Department heads
**Answer:
46. Which action is least likely to result in effective monitoring?
A) Regular internal audits
B) Ignoring exception reports
C) Following up on reported deficiencies
D) Using key control indicators
**Answer:
47. If an organization relies too heavily on a single individual for transaction processing, this exposes the entity to:
A) Improved fraud detection
B) Increased risk of error and fraud
C) Reduced documentation needs
D) Enhanced regulatory compliance
**Answer: *
48. A flow chart of an internal control system primarily:
A) Illustrates understanding and documentation of the system
B) Is rarely used in auditing
C) Reduces the need for other documentation
D) Is required by SOX
**Answer: *
49. Information technology controls commonly focus on all EXCEPT:
A) Systems access
B) Data integrity
C) Compliance to SOX solely
D) Disaster recovery
**Answer:
50. Which of the following is the BEST example of a scenario-based control test for auditors?
A) Reviewing hiring policies annually
B) Simulating a breach in payroll approval process
C) Verifying purchase orders
D) Reconciling cash accounts monthly
**Answer:
### Section 3: Weaknesses & Limitations (Questions 51–75)
51. Which of these is an inherent limitation of any internal control system?
A) Rotating duties
B) Management override
C) Pre-numbering documents
D) Segregation of duties
**Answer: *
52. The control environment can be undermined by:
A) Setting a strong ethical tone
B) Willful negligence at any management level
C) Hiring competent staff
D) Documenting all policies
**Answer:
53. If monthly reconciliations are skipped, which control component is directly weakened?
A) Information and communication
B) Monitoring
C) Risk assessment
D) Control environment
**Answer:*
54. Which is NOT a control weakness?
A) Unrestricted access to assets
B) Collusion between multiple employees
C) Signed job descriptions
D) Lack of performance reviews
**Answer:
55. Most control activities are effective ONLY if:
A) Employees are rotated annually
B) Controls are monitored
C) Duties are not segregated
D) Management overrides are permitted
**Answer:
56. Scenario: The top sales staff submit expenses with non-allowable charges, and management approves to avoid conflict. Which control component suffers most?
A) Monitoring
B) Control environment
C) Information & communication
D) Control activities
**Answer: *
57. Limitation of internal control in computerized systems is MOST likely due to:
A) Segregation of duties
B) Unauthorized access to data
C) Frequent equipment upgrades
D) Use of passwords
**Answer:
58. Management override risks are best addressed by:
A) Preventing all overrides
B) Implementing whistleblower policies and monitoring mechanisms
C) Rotating staff
D) Ignoring reporting lines
**Answer:
59. An internal auditor suspects collusion. The highest-risk area is usually:
A) Payroll processing
B) Petty cash handling
C) Inventory counting
D) Bank reconciliation
**Answer: *
60. Control effectiveness is BEST measured by:
A) Number of controls existing
B) Ability to prevent or detect material errors and fraud
C) Speed of transaction processing
D) Employees' seniority
**Answer: *
61. The best way to test effectiveness of physical inventory controls:
A) Analytical procedures only
B) Direct observation during inventory counts
C) Reviewing accounting records only
D) Reviewing purchase orders
**Answer: *
62. Which function provides the BEST segregation of duties for payroll?
A) HR creates payroll; accounting processes payroll; treasurer signs checks
B) Payroll clerk manages everything
C) HR hires/fires; payroll processes
D) Accounting and payroll share all tasks
**Answer:
63. Internal auditors deter fraud mainly by:
A) Investigating bribery only
B) Having strong written policies
C) Testing controls and monitoring fraud risks
D) Reviewing board minutes
**Answer: *
64. When controls are effective ONLY in specific contexts, it is due to:
A) Inherent limitations
B) Control design
C) Monitoring frequency
D) Directive controls
**Answer: *
65. Which of the following BEST addresses efficiency of internal controls?
A) Formal job descriptions
B) Cost-benefit analysis of controls
C) Annual external audits
D) Detailed policies
**Answer: *
66. Control risk is highest when:
A) Controls are regularly tested and updated
B) Management frequently overrides controls
C) Duties are strictly segregated
D) Control activities are automated
**Answer:
67. Which is a key sign of weak control in purchase order processing?
A) Use of pre-numbered forms
B) Rush orders by telephone without supporting documentation
C) Written approvals for every purchase
D) Restricted vendor list
**Answer:
68. A company lacks adequate documentation for all expenditures. The main risk is:
A) Efficient reporting
B) Unauthorized payments and fraud
C) Strong compliance
D) Effective budgeting
**Answer:
69. Monitoring control performance is mainly the responsibility of:
A) Board of directors
B) Senior management
C) Internal audit
D) IT department
**Answer:
70. Regarding payroll, what control can best prevent inclusion of fictitious employees?
A) Time cards and attendance records verified by HR
B) Payroll clerk authorized all changes
C) No authorization required for payroll changes
D) Clerk approves own payroll
**Answer:
71. When control activities focus only on detecting problems, what is missing?
A) Preventive controls
B) Monitoring
C) Authorization
D) Oversight
**Answer: *
72. Most frauds occur due to:
A) Lack of detective controls
B) Weak preventive controls and collusion
C) Efficient reconciliation
D) Proper segregation of duties
**Answer: *
73. Which control would most likely prevent unauthorized access to cash receipts?
A) Daily reconciliation by accounting
B) Prelisting incoming receipts (separate from cashier)
C) Open access for staff
D) Periodic external audit only
**Answer: *
74. When is control efficiency maximized?
A) When controls cost less than the value of risk reduction
B) When all risks are eliminated
C) When only senior management oversees controls
D) When all controls are physical
**Answer:
75. A purchasing agent who acquires items for personal use exploits a weakness in:
A) Segregation of duties and approval controls
B) Documentation only
C) Control environment only
D) External audit
**Answer: *
### Section 4: Advanced Scenarios & Assessment (Questions 76–100)
76. Which of the following best describes the role of internal audit regarding IT governance?
A) Selecting IT candidates
B) Ensuring IT governance aligns with organizational risk appetite
C) Developing IT policies
D) Operating IT systems
**Answer: **
77. Scenario: The sales team repeatedly submits expense claims with non-allowable charges that management approves. Which internal control component is most compromised?
A) Information and communication
B) Control environment
C) Monitoring
D) Risk assessment
**Answer:
78. Which of the following statements about risk appetite is correct?
A) It is the maximum level of risk the organization will accept in pursuit of objectives.
B) It refers to the likelihood of risk occurrence.
C) It is the probability of a financial loss.
D) It is the absence of risk.
**Answer:
79. Under COSO, which component ensures management evaluates whether controls are present and functioning?
A) Control environment
B) Monitoring
C) Information and communication
D) Control activities
**Answer: *
80. What is the purpose of the Foreign Corrupt Practices Act (FCPA)?
A) To prevent bribery of foreign officials
B) To regulate financial audits
C) To oversee employee hiring
D) To establish IT governance
**Answer:
81. Scenario: An auditor discovers unauthorized access to the accounting system by an employee with a terminated contract. Which control was most likely deficient?
A) Physical controls
B) Access controls
C) Segregation of duties
D) Authorization controls
**Answer:
82. Which of the following best describes the effectiveness of internal control?
A) Controls must eliminate all risks
B) Controls provide reasonable assurance to meet objectives
C) Controls are only monitoring tools
D) Controls guarantee 100% accuracy
**Answer:
83. Management override of controls is:
A) Prohibited and impossible
B) An inherent limitation of any internal control system
C) A monitoring control
D) A preventive control
**Answer:
84. An important preventive control for cash receipts includes:
A) Daily reconciliation by management
B) Restricting cash handling to authorized personnel
C) Periodic external audits
D) Surprise cash counts
**Answer: *
85. COBIT aligns IT goals with:
A) Sales targets
B) Corporate governance and enterprise goals
C) Stock market trends
D) Tax regulations
**Answer:
86. The primary focus of SOX Section 404 is to:
A) Enhance internal control over financial reporting
B) Require external audits
C) Limit executive compensation
D) Regulate tax filings
**Answer:
87. Scenario: An audit finds inconsistent application of controls across regional offices. This is a weakness in:
A) Control environment
B) Control activities
C) Monitoring
D) Communication
**Answer:
88. An effective whistleblower policy contributes to which internal control component?
A) Monitoring
B) Segregation of duties
C) Risk assessment
D) Information and communication
**Answer:*
89. Which of the following is best practice when applying COSO and COBIT frameworks together?
A) Using COSO for overall enterprise risk and COBIT for IT governance
B) Using both interchangeably
C) Applying only COSO for IT controls
D) Ignoring framework alignment
**Answer: *
90. Which action best supports the ethical tone in an organization?
A) Strong and enforced code of conduct
B) Flexible work hours
C) Minimum training
D) Light audit oversight
**Answer: **
91. Scenario: A company uses pre-numbered forms for sales but does not account for missing forms. This control weakness exposes the company to:
A) Unauthorized sales recording
B) Ineffective job descriptions
C) Cost-benefit imbalance
D) Lack of training
**Answer: **
92. Which audit procedure most effectively identifies control weaknesses?
A) Inquiry only
B) Inspection and observation
C) Casual conversation
D) Reviewing outdated reports
**Answer: *
93. Internal control risk assessment is crucial for:
A) Planning audit procedures
B) Tax compliance
C) Budget setting only
D) HR hiring
**Answer: *
94. Management’s responsibility for internal control includes:
A) Designing and maintaining effective controls
B) Approving external audit reports
C) Investigating fraud independently
D) Developing audit plans
**Answer: *
95. An auditor reviewing access logs and permissions of an IT system is performing:
A) Control testing procedures
B) Risk identification
C) Compliance review only
D) IT system design
**Answer:
96. Scenario: No independent verification is required for cash disbursements. This control weakness increases the risk of:
A) Unauthorized payments
B) System downtime
C) Tax penalties
D) Physical loss
**Answer:
97. Financial statement fraud is most likely prevented by:
A) Segregation of duties over accounting functions
B) Management override flexibility
C) Efficient IT infrastructure only
D) Informal document controls
**Answer:
98. Which of these is NOT a control activity?
A) Documented policies and procedures
B) Authorization of transactions
C) Risk assessment
D) Physical controls
**Answer:
99. A board of directors’ oversight role is critical for:
A) Ensuring internal audit independence
B) Preparing audit reports
C) Daily operational control
D) Payroll processing
**Answer:
100. Which of the following is a key benefit of implementing COSO framework controls?
A) Enhanced risk management and governance structure
B) Reduction in employee headcount
C) Increased leniency in financial reporting
D) Elimination of fraud risk
**Answer:
www.gmsisuccess.in
Answers:
### Section 1: Fundamentals & Concepts (1–25)
1. Which of the following is NOT an objective of an internal control system?
A) Promote operational efficiency
B) Safeguard assets
C) Provide absolute assurance against fraud
D) Ensure reliable financial reporting
**Answer: C**
2. Internal controls are designed to provide:
A) Absolute assurance
B) Reasonable assurance
C) No assurance
D) Maximum benefit
**Answer: B**
3. Segregation of duties is a type of:
A) Preventive control
B) Detective control
C) Corrective control
D) Directive control
**Answer: A**
4. An example of a detective control is:
A) Bank reconciliation
B) Password protection
C) Budget approval
D) Employee training
**Answer: A**
5. Which internal control component addresses the organization’s “tone at the top”?
A) Control activities
B) Control environment
C) Monitoring
D) Information and communication
**Answer: B**
6. Which of the following best describes “risk appetite”?
A) Amount of risk an organization is willing to accept
B) Probability of a system failure
C) Number of internal controls in place
D) The likelihood of collusion
**Answer: A**
7. What is the primary purpose of a code of conduct?
A) Ensure regulatory compliance
B) Guide employee ethical behavior
C) Limit communication
D) Reduce segregation of duties
**Answer: B**
8. Which of the following is not typically a control activity?
A) Authorization
B) Performance reviews
C) Information technology
D) Control environment
**Answer: D**
9. The Sarbanes–Oxley Act (SOX) primarily seeks to:
A) Standardize tax accounting
B) Improve financial reporting and internal control over financial reporting
C) Enhance product quality
D) Increase IT investments
**Answer: B**
10. Internal control weaknesses are most likely if:
A) One employee handles all aspects of a transaction
B) Rotation of duties is regular
C) Access to assets is restricted
D) There is periodic reconciliation
**Answer: A**
11. Which of these is NOT a control limitation?
A) Human error
B) Routine monitoring
C) Collusion among employees
D) Management override
**Answer: B**
12. COSO’s framework contains how many components?
A) 3
B) 5
C) 7
D) 8
**Answer: B**
13. Which is NOT a COSO internal control component?
A) Control activities
B) Risk assessment
C) Governance and culture
D) Monitoring
**Answer: C**
14. COBIT primarily focuses on:
A) Enterprise resource planning
B) Corporate IT governance and management
C) Financial reporting standards
D) Product lifecycle management
**Answer: B**
15. Effective internal controls are:
A) Cost-free
B) Valued by all stakeholders
C) Prohibitively expensive
D) Designed without regard to risk
**Answer: B**
16. Which is a limitation common to all internal control systems?
A) Cost–benefit constraints
B) Automatic fraud detection
C) 100% effectiveness
D) Elimination of management fraud
**Answer: A**
17. Whose responsibility is it to assess the adequacy of internal controls?
A) Internal auditors
B) Management
C) Board of directors
D) Audit committee
**Answer: B**
18. Which of the following is not a type of internal control?
A) Preventive
B) Detective
C) Responsive
D) Corrective
**Answer: C**
19. Which of the following is an example of a detective control?
A) Supervisory approval
B) Logical access control
C) Exception reporting
D) Segregation of duties
**Answer: C**
20. Scenario: An employee prepares and approves payments. What control is most directly lacking?
A) Authorization
B) Segregation of duties
C) Physical controls
D) Documentation
**Answer: B**
21. Risk that internal controls will not prevent or detect material misstatements is called:
A) Detection risk
B) Control risk
C) Inherent risk
D) Audit risk
**Answer: B**
22. The initial step in risk assessment per COSO is:
A) Designing controls
B) Identifying risks
C) Communicating policies
D) Monitoring controls
**Answer: B**
23. To strengthen internal controls, an organization should:
A) Centralize all authority
B) Separate authorization and custody of assets
C) Allow unrestricted access
D) Eliminate audits
**Answer: B**
24. A limitation of internal controls is:
A) They promote reliable reporting
B) They always prevent management fraud
C) They rely on human judgment
D) They optimize organizational efficiency
**Answer: C**
25. The FCPA requires:
A) SOX certification
B) Accurate books and records
C) Only U.S.-based companies
D) Tax compliance exclusively
**Answer: B**
***
### Section 2: Application & Techniques (26–50)
***
### Section 2: Application & Techniques (Questions 26–50)
26. Which is the best example of a corrective control?
A) Password protection
B) Backup data restoration
C) Monthly bank reconciliation
D) Pre-approval of expenditures
**Answer: B**
27. Routine review of operations to identify supply chain risks is an example of:
A) Risk assessment
B) Supervision
C) Control activity
D) Control environment
**Answer: A**
28. Which of the following must management provide under SOX Section 404?
A) Report on IT security
B) Attestation of effectiveness of internal controls
C) Documentation of payroll cycles
D) Annual financial budget
**Answer: B**
29. What is a key role of the internal audit function?
A) Implementing controls only in finance
B) Objectively assessing the effectiveness of the internal control system
C) Eliminating external audit
D) Approving transactions
**Answer: B**
30. A company restricts access to its server room with swipe cards—this is what type of control?
A) Preventive
B) Detective
C) Corrective
D) Oversight
**Answer: A**
31. Organizational attitude toward internal control is best reflected by:
A) Control environment
B) Information systems
C) Procedures manuals
D) Risk matrices
**Answer: A**
32. What is the main objective of performing tests of controls?
A) Ensure all transactions are error free
B) Assess effectiveness of controls to prevent or detect misstatements
C) Calculate tax liabilities
D) Reduce cost of audit
**Answer: B**
33. If two employees collude to override controls, this is considered:
A) Detective risk
B) Inherent limitation of controls
C) Design deficiency
D) Control activity
**Answer: B**
34. Which of the following is NOT an element of COSO’s internal control framework?
A) Risk assessment
B) Control environment
C) Strategic planning
D) Monitoring
**Answer: C**
35. The use of exception reporting is best classified as:
A) Preventive control
B) Detective control
C) Corrective control
D) Directive control
**Answer: B**
36. Management override of controls is best described as:
A) Permitted flexibility for staff
B) A limitation of any internal control system
C) Part of effective monitoring
D) Requirement under SOX
**Answer: B**
37. Who is responsible for determining the level of internal control in an organization?
A) Board of directors only
B) Internal auditor only
C) All employees
D) Senior management
**Answer: D**
38. Which SOX requirement was originally NOT part of FCPA?
A) Accurate book and records requirements
B) Prohibition of bribery
C) Annual management assessment of internal control effectiveness
D) Compliance documentation
**Answer: C**
39. When is risk assessment most critical in internal control?
A) Quarterly, after year-end
B) During financial statement audit only
C) Continuously, as part of operations and planning
D) At tax filing
**Answer: C**
40. Scenario: Payroll clerk and payroll approver are the same person. This best represents a weakness in:
A) Supervisory controls
B) Segregation of duties
C) Audit trail
D) Physical security
**Answer: B**
41. The COBIT framework provides guidance primarily for:
A) IT governance and controls
B) Supply chain management
C) Inventory valuation
D) Manufacturing process
**Answer: A**
42. The risk that a material misstatement will not be caught by internal controls is:
A) Control risk
B) Detection risk
C) Inherent risk
D) Regulatory risk
**Answer: A**
43. The existence of written job descriptions is a control related to:
A) Physical controls
B) Authorization controls
C) Human resource controls
D) Preventive controls
**Answer: C**
44. COSO defines “Monitoring Activities” as:
A) Developing new policies
B) Ongoing evaluations and separate evaluations of controls
C) Performing risk assessments only
D) Performing fraud investigations only
**Answer: B**
45. Who should approve the company-wide internal control policy?
A) Line supervisors
B) External auditors
C) Senior management and board of directors
D) Department heads
**Answer: C**
46. Which action is least likely to result in effective monitoring?
A) Regular internal audits
B) Ignoring exception reports
C) Following up on reported deficiencies
D) Using key control indicators
**Answer: B**
47. If an organization relies too heavily on a single individual for transaction processing, this exposes the entity to:
A) Improved fraud detection
B) Increased risk of error and fraud
C) Reduced documentation needs
D) Enhanced regulatory compliance
**Answer: B**
48. A flow chart of an internal control system primarily:
A) Illustrates understanding and documentation of the system
B) Is rarely used in auditing
C) Reduces the need for other documentation
D) Is required by SOX
**Answer: A**
49. Information technology controls commonly focus on all EXCEPT:
A) Systems access
B) Data integrity
C) Compliance to SOX solely
D) Disaster recovery
**Answer: C**
50. Which of the following is the BEST example of a scenario-based control test for auditors?
A) Reviewing hiring policies annually
B) Simulating a breach in payroll approval process
C) Verifying purchase orders
D) Reconciling cash accounts monthly
**Answer: B**
### Section 3: Weaknesses & Limitations (Questions 51–75)
51. Which of these is an inherent limitation of any internal control system?
A) Rotating duties
B) Management override
C) Pre-numbering documents
D) Segregation of duties
**Answer: B**
52. The control environment can be undermined by:
A) Setting a strong ethical tone
B) Willful negligence at any management level
C) Hiring competent staff
D) Documenting all policies
**Answer: B**
53. If monthly reconciliations are skipped, which control component is directly weakened?
A) Information and communication
B) Monitoring
C) Risk assessment
D) Control environment
**Answer: B**
54. Which is NOT a control weakness?
A) Unrestricted access to assets
B) Collusion between multiple employees
C) Signed job descriptions
D) Lack of performance reviews
**Answer: C**
55. Most control activities are effective ONLY if:
A) Employees are rotated annually
B) Controls are monitored
C) Duties are not segregated
D) Management overrides are permitted
**Answer: B**
56. Scenario: The top sales staff submit expenses with non-allowable charges, and management approves to avoid conflict. Which control component suffers most?
A) Monitoring
B) Control environment
C) Information & communication
D) Control activities
**Answer: B**
57. Limitation of internal control in computerized systems is MOST likely due to:
A) Segregation of duties
B) Unauthorized access to data
C) Frequent equipment upgrades
D) Use of passwords
**Answer: B**
58. Management override risks are best addressed by:
A) Preventing all overrides
B) Implementing whistleblower policies and monitoring mechanisms
C) Rotating staff
D) Ignoring reporting lines
**Answer: B**
59. An internal auditor suspects collusion. The highest-risk area is usually:
A) Payroll processing
B) Petty cash handling
C) Inventory counting
D) Bank reconciliation
**Answer: C**
60. Control effectiveness is BEST measured by:
A) Number of controls existing
B) Ability to prevent or detect material errors and fraud
C) Speed of transaction processing
D) Employees' seniority
**Answer: B**
61. The best way to test effectiveness of physical inventory controls:
A) Analytical procedures only
B) Direct observation during inventory counts
C) Reviewing accounting records only
D) Reviewing purchase orders
**Answer: B**
62. Which function provides the BEST segregation of duties for payroll?
A) HR creates payroll; accounting processes payroll; treasurer signs checks
B) Payroll clerk manages everything
C) HR hires/fires; payroll processes
D) Accounting and payroll share all tasks
**Answer: A**
63. Internal auditors deter fraud mainly by:
A) Investigating bribery only
B) Having strong written policies
C) Testing controls and monitoring fraud risks
D) Reviewing board minutes
**Answer: C**
64. When controls are effective ONLY in specific contexts, it is due to:
A) Inherent limitations
B) Control design
C) Monitoring frequency
D) Directive controls
**Answer: A**
65. Which of the following BEST addresses efficiency of internal controls?
A) Formal job descriptions
B) Cost-benefit analysis of controls
C) Annual external audits
D) Detailed policies
**Answer: B**
66. Control risk is highest when:
A) Controls are regularly tested and updated
B) Management frequently overrides controls
C) Duties are strictly segregated
D) Control activities are automated
**Answer: B**
67. Which is a key sign of weak control in purchase order processing?
A) Use of pre-numbered forms
B) Rush orders by telephone without supporting documentation
C) Written approvals for every purchase
D) Restricted vendor list
**Answer: B**
68. A company lacks adequate documentation for all expenditures. The main risk is:
A) Efficient reporting
B) Unauthorized payments and fraud
C) Strong compliance
D) Effective budgeting
**Answer: B**
69. Monitoring control performance is mainly the responsibility of:
A) Board of directors
B) Senior management
C) Internal audit
D) IT department
**Answer: B**
70. Regarding payroll, what control can best prevent inclusion of fictitious employees?
A) Time cards and attendance records verified by HR
B) Payroll clerk authorized all changes
C) No authorization required for payroll changes
D) Clerk approves own payroll
**Answer: A**
71. When control activities focus only on detecting problems, what is missing?
A) Preventive controls
B) Monitoring
C) Authorization
D) Oversight
**Answer: A**
72. Most frauds occur due to:
A) Lack of detective controls
B) Weak preventive controls and collusion
C) Efficient reconciliation
D) Proper segregation of duties
**Answer: B**
73. Which control would most likely prevent unauthorized access to cash receipts?
A) Daily reconciliation by accounting
B) Prelisting incoming receipts (separate from cashier)
C) Open access for staff
D) Periodic external audit only
**Answer: B**
74. When is control efficiency maximized?
A) When controls cost less than the value of risk reduction
B) When all risks are eliminated
C) When only senior management oversees controls
D) When all controls are physical
**Answer: A**
75. A purchasing agent who acquires items for personal use exploits a weakness in:
A) Segregation of duties and approval controls
B) Documentation only
C) Control environment only
D) External audit
**Answer: A**
### Section 4: Advanced Scenarios & Assessment (Questions 76–100)
76. Which of the following best describes the role of internal audit regarding IT governance?
A) Selecting IT candidates
B) Ensuring IT governance aligns with organizational risk appetite
C) Developing IT policies
D) Operating IT systems
**Answer: B**
77. Scenario: The sales team repeatedly submits expense claims with non-allowable charges that management approves. Which internal control component is most compromised?
A) Information and communication
B) Control environment
C) Monitoring
D) Risk assessment
**Answer: B**
78. Which of the following statements about risk appetite is correct?
A) It is the maximum level of risk the organization will accept in pursuit of objectives.
B) It refers to the likelihood of risk occurrence.
C) It is the probability of a financial loss.
D) It is the absence of risk.
**Answer: A**
79. Under COSO, which component ensures management evaluates whether controls are present and functioning?
A) Control environment
B) Monitoring
C) Information and communication
D) Control activities
**Answer: B**
80. What is the purpose of the Foreign Corrupt Practices Act (FCPA)?
A) To prevent bribery of foreign officials
B) To regulate financial audits
C) To oversee employee hiring
D) To establish IT governance
**Answer: A**
81. Scenario: An auditor discovers unauthorized access to the accounting system by an employee with a terminated contract. Which control was most likely deficient?
A) Physical controls
B) Access controls
C) Segregation of duties
D) Authorization controls
**Answer: B**
82. Which of the following best describes the effectiveness of internal control?
A) Controls must eliminate all risks
B) Controls provide reasonable assurance to meet objectives
C) Controls are only monitoring tools
D) Controls guarantee 100% accuracy
**Answer: B**
83. Management override of controls is:
A) Prohibited and impossible
B) An inherent limitation of any internal control system
C) A monitoring control
D) A preventive control
**Answer: B**
84. An important preventive control for cash receipts includes:
A) Daily reconciliation by management
B) Restricting cash handling to authorized personnel
C) Periodic external audits
D) Surprise cash counts
**Answer: B**
85. COBIT aligns IT goals with:
A) Sales targets
B) Corporate governance and enterprise goals
C) Stock market trends
D) Tax regulations
**Answer: B**
86. The primary focus of SOX Section 404 is to:
A) Enhance internal control over financial reporting
B) Require external audits
C) Limit executive compensation
D) Regulate tax filings
**Answer: A**
87. Scenario: An audit finds inconsistent application of controls across regional offices. This is a weakness in:
A) Control environment
B) Control activities
C) Monitoring
D) Communication
**Answer: B**
88. An effective whistleblower policy contributes to which internal control component?
A) Monitoring
B) Segregation of duties
C) Risk assessment
D) Information and communication
**Answer: D**
89. Which of the following is best practice when applying COSO and COBIT frameworks together?
A) Using COSO for overall enterprise risk and COBIT for IT governance
B) Using both interchangeably
C) Applying only COSO for IT controls
D) Ignoring framework alignment
**Answer: A**
90. Which action best supports the ethical tone in an organization?
A) Strong and enforced code of conduct
B) Flexible work hours
C) Minimum training
D) Light audit oversight
**Answer: A**
91. Scenario: A company uses pre-numbered forms for sales but does not account for missing forms. This control weakness exposes the company to:
A) Unauthorized sales recording
B) Ineffective job descriptions
C) Cost-benefit imbalance
D) Lack of training
**Answer: A**
92. Which audit procedure most effectively identifies control weaknesses?
A) Inquiry only
B) Inspection and observation
C) Casual conversation
D) Reviewing outdated reports
**Answer: B**
93. Internal control risk assessment is crucial for:
A) Planning audit procedures
B) Tax compliance
C) Budget setting only
D) HR hiring
**Answer: A**
94. Management’s responsibility for internal control includes:
A) Designing and maintaining effective controls
B) Approving external audit reports
C) Investigating fraud independently
D) Developing audit plans
**Answer: A**
95. An auditor reviewing access logs and permissions of an IT system is performing:
A) Control testing procedures
B) Risk identification
C) Compliance review only
D) IT system design
**Answer: A**
96. Scenario: No independent verification is required for cash disbursements. This control weakness increases the risk of:
A) Unauthorized payments
B) System downtime
C) Tax penalties
D) Physical loss
**Answer: A**
97. Financial statement fraud is most likely prevented by:
A) Segregation of duties over accounting functions
B) Management override flexibility
C) Efficient IT infrastructure only
D) Informal document controls
**Answer: A**
98. Which of these is NOT a control activity?
A) Documented policies and procedures
B) Authorization of transactions
C) Risk assessment
D) Physical controls
**Answer: C**
99. A board of directors’ oversight role is critical for:
A) Ensuring internal audit independence
B) Preparing audit reports
C) Daily operational control
D) Payroll processing
**Answer: A**
100. Which of the following is a key benefit of implementing COSO framework controls?
A) Enhanced risk management and governance structure
B) Reduction in employee headcount
C) Increased leniency in financial reporting
D) Elimination of fraud risk
**Answer: A**
www.gmsisuccess.in
No comments:
Post a Comment