INTERNAL CONTROL – 50 MCQs (US CMA PART 1)
1. Internal Control – Meaning & COSO
Q1. According to COSO, internal control is best described as a process designed to provide:
A. Absolute assurance regarding fraud prevention
B. Reasonable assurance regarding objectives
C. Legal compliance only
D. Risk elimination
Answer:
Q2. COSO defines internal control as a process effected by:
A. Only top management
B. Only auditors
C. Board of directors, management, and other personnel
D. External consultants
Answer:
Q3. Which of the following is NOT an objective of internal control under COSO?
A. Effectiveness and efficiency of operations
B. Reliability of financial reporting
C. Elimination of business risk
D. Compliance with laws and regulations
Answer:
2. COSO Components
Q4. Which COSO component establishes the foundation for all other components?
A. Risk assessment
B. Control activities
C. Information & communication
D. Control environment
Answer:
Q5. Management identifying and analyzing risks relevant to achieving objectives relates to:
A. Monitoring
B. Risk assessment
C. Control activities
D. Information systems
Answer:
Q6. Policies and procedures that ensure management directives are carried out are called:
A. Control environment
B. Monitoring
C. Control activities
D. Risk assessment
Answer:
Q7. Continuous evaluations of internal controls fall under:
A. Monitoring
B. Risk assessment
C. Information & communication
D. Control environment
Answer:
3. Types of Internal Controls
Q8. Which control is designed to stop an error before it occurs?
A. Detective
B. Corrective
C. Preventive
D. Compensating
Answer:
Q9. A bank reconciliation primarily serves as a:
A. Preventive control
B. Detective control
C. Corrective control
D. Application control
Answer:
Q10. Backup data restoration after system failure is a:
A. Preventive control
B. Detective control
C. Corrective control
D. Monitoring control
Answer:
Q11. A control that reduces risk when a primary control fails is called:
A. Detective
B. Corrective
C. Compensating
D. Monitoring
Answer:
4. Preventive, Detective & Corrective – Examples
Q12. Which is a preventive control?
A. Internal audit review
B. Authorization of transactions
C. Reconciliation of accounts
D. Error correction entry
Answer:
Q13. Which is a detective control?
A. Password policy
B. Segregation of duties
C. Exception reports
D. Access control
Answer:
Q14. Reprocessing rejected transactions represents a:
A. Preventive control
B. Detective control
C. Corrective control
D. Compensating control
Answer:
5. Complementary / Compensating Controls
Q15. Lack of segregation of duties in a small company is best addressed by:
A. Eliminating transactions
B. Hiring more staff
C. Owner’s independent review
D. Ignoring the risk
Answer:
Q16. Compensating controls are most commonly used when:
A. Risks are eliminated
B. Preventive controls exist
C. Ideal controls are not feasible
D. Auditors require them
Answer:
6. Inherent Limitations of Internal Control
Q17. Which is an inherent limitation of internal control?
A. Poor documentation
B. Human judgment errors
C. Lack of management support
D. Weak governance
Answer:
Q18. Internal control cannot provide absolute assurance mainly because of:
A. Technology failure
B. Cost-benefit constraints
C. External audits
D. Regulatory oversight
Answer:
Q19. Management override of controls is a risk related to:
A. Control activities
B. Monitoring
C. Inherent limitations
D. Risk assessment
Answer:
7. General Controls & Application Controls
Q20. General IT controls primarily relate to:
A. Specific transaction processing
B. Overall IT environment
C. Data input validation
D. Report accuracy
Answer:
Q21. Which is a general control?
A. Edit checks
B. User access security
C. Input validation
D. Batch totals
Answer:
Q22. Which is an application control?
A. Disaster recovery plan
B. Program change control
C. Authorization checks
D. Logical access policy
Answer:
Q23. Application controls ensure:
A. Proper functioning of IT infrastructure
B. Accuracy and completeness of transactions
C. Segregation of IT duties
D. Data backup
Answer:
8. Corporate Governance & Internal Control
Q24. Primary responsibility for internal control rests with:
A. Internal auditors
B. Audit committee
C. External auditors
D. Management
Answer:
Q25. The audit committee enhances internal control mainly by:
A. Preparing financial statements
B. Overseeing financial reporting and controls
C. Managing daily operations
D. Approving transactions
Answer:
Q26. Strong corporate governance improves internal control by:
A. Eliminating risk
B. Increasing audit fees
C. Enhancing oversight and accountability
D. Reducing regulation
Answer:
9. Sarbanes–Oxley Act (SOX)
Q27. Section 302 of SOX requires:
A. Auditor attestation on controls
B. Management certification of financial reports
C. Mandatory internal audit
D. Risk elimination
Answer:
Q28. Under SOX Section 302, CEOs and CFOs must certify:
A. Audit opinion
B. Effectiveness of internal controls
C. Tax returns
D. Budget accuracy
Answer:
Q29. Section 404 of SOX focuses on:
A. Fraud prevention
B. Management assessment of internal control effectiveness
C. Corporate governance rules
D. Audit committee formation
Answer:
Q30. Section 404 requires:
A. Only management report
B. Only auditor report
C. Both management assessment and auditor attestation
D. No reporting
Answer:
10. Identifying Weaknesses in Internal Control
Q31. A material weakness indicates:
A. Minor error
B. Significant deficiency
C. Reasonable possibility of material misstatement
D. No risk
Answer:
Q32. Which is most likely a control weakness?
A. Independent review
B. Lack of segregation of duties
C. Authorization procedures
D. Monitoring activities
Answer:
Q33. Which tool helps identify control weaknesses?
A. Bank loans
B. Walkthroughs and testing
C. Budgeting
D. Forecasting
Answer:
11. Resolving Internal Control Issues
Q34. The best response to identified control deficiencies is to:
A. Ignore immaterial issues
B. Implement corrective actions
C. Delay until audit
D. Transfer risk
Answer:
Q35. Which action strengthens internal control?
A. Increasing transaction volume
B. Enhancing segregation of duties
C. Reducing documentation
D. Removing monitoring
Answer:
Q36. Training employees improves internal control by enhancing:
A. Fraud opportunity
B. Control environment
C. Risk elimination
D. Monitoring cost
Answer:
12. Integrated & Scenario-Based Questions
Q37. An organization with strong preventive controls but weak detective controls faces risk of:
A. Errors not occurring
B. Errors not being identified timely
C. Absolute assurance
D. No risk
Answer:
Q38. If management ignores known control weaknesses, this affects:
A. Risk assessment
B. Control environment
C. Monitoring
D. Application control
Answer:
Q39. Excessive reliance on manual controls increases risk of:
A. Automation errors
B. Human error
C. IT failures
D. Cyber risk
Answer:
Q40. Which control best mitigates management override risk?
A. Authorization
B. Audit committee oversight
C. Input validation
D. Backup systems
Answer:
13. Advanced CMA-Level Questions
Q41. A control that is effective but too costly violates which principle?
A. Reasonable assurance
B. Segregation of duties
C. Control activities
D. Monitoring
Answer:
Q42. Which COSO component is most impacted by unethical leadership?
A. Risk assessment
B. Control activities
C. Control environment
D. Monitoring
Answer:
Q43. Poor documentation primarily affects:
A. Preventive controls
B. Detective controls
C. Monitoring
D. Information & communication
Answer:
Q44. Unauthorized program changes indicate weakness in:
A. Application control
B. Input control
C. General control
D. Monitoring
Answer:
Q45. Batch totals are used to ensure:
A. System security
B. Data completeness
C. Disaster recovery
D. User authorization
Answer:
14. Final Conceptual MCQs
Q46. Which statement about internal control is TRUE?
A. It guarantees fraud prevention
B. It provides reasonable assurance
C. It eliminates business risk
D. It replaces management responsibility
Answer:
Q47. Internal audit primarily assists management by:
A. Managing operations
B. Designing strategy
C. Evaluating internal controls
D. Preparing financials
Answer:
Q48. Continuous monitoring of controls improves:
A. Risk elimination
B. Timely detection of issues
C. Audit independence
D. Cost reduction only
Answer:
Q49. Which factor most weakens internal control effectiveness?
A. Strong governance
B. Ethical culture
C. Management override
D. Automation
Answer:
Q50. The ultimate goal of an internal control system is to:
A. Reduce audit work
B. Prevent all fraud
C. Achieve organizational objectives
D. Increase compliance cost
Answer:
www.gmsisuccess.in
Got it 👍
Here are US CMA Part 1–style MCQs with answers on Corporate Governance, Board Duties, Audit Committee Duties, and Management Responsibilities for effective operations & internal control.
These are conceptual, exam-oriented, and slightly tricky, exactly how CMA likes them.
CORPORATE GOVERNANCE & INTERNAL CONTROL
MCQs (US CMA PART 1)
A. Corporate Governance – Concepts
Q1. Corporate governance primarily focuses on:
A. Day-to-day operations
B. Maximizing short-term profits
C. Accountability, fairness, and transparency
D. External audit procedures
Answer:
Q2. The primary objective of corporate governance is to:
A. Eliminate business risk
B. Protect stakeholder interests
C. Replace management decisions
D. Reduce operational costs
Answer:
Q3. Which of the following is a key mechanism of corporate governance?
A. Operational budgeting
B. Board of directors
C. Employee training
D. Internal audit planning
Answer:
Q4. Strong corporate governance is MOST likely to result in:
A. Increased fraud risk
B. Improved internal control effectiveness
C. Elimination of internal audits
D. Reduced regulatory compliance
Answer:
B. Board of Directors – Duties & Responsibilities
Q5. The board of directors’ PRIMARY responsibility is to:
A. Prepare financial statements
B. Manage daily operations
C. Oversee management and strategy
D. Perform internal audits
Answer:
Q6. Which of the following is NOT a duty of the board of directors?
A. Approving major policies
B. Hiring and evaluating the CEO
C. Performing transaction authorization
D. Overseeing risk management
Answer:
Q7. The board ensures ethical conduct primarily through:
A. Budget control
B. Code of conduct and tone at the top
C. External audits
D. Performance incentives
Answer:
Q8. Which board responsibility most directly supports effective internal control?
A. Selecting accounting methods
B. Establishing audit committee
C. Approving journal entries
D. Reconciling bank accounts
Answer:
Q9. The board’s oversight role reduces which risk most significantly?
A. Market risk
B. Management override risk
C. Currency risk
D. Liquidity risk
Answer:
C. Audit Committee – Duties & Responsibilities
Q10. The audit committee primarily serves as a link between:
A. Management and employees
B. External auditors and internal auditors
C. Board of directors and auditors
D. Regulators and management
Answer:
Q11. Which of the following is a key responsibility of the audit committee?
A. Preparing financial statements
B. Overseeing financial reporting integrity
C. Approving operational budgets
D. Managing company operations
Answer:
Q12. Audit committee members should be:
A. Company executives
B. Independent directors
C. Internal auditors
D. External consultants
Answer:
Q13. Which activity BEST supports audit committee independence?
A. Participation in daily operations
B. Direct communication with external auditors
C. Authorizing transactions
D. Designing control activities
Answer:
Q14. The audit committee is directly responsible for overseeing:
A. Strategic planning
B. Internal control over financial reporting
C. Marketing strategy
D. Employee performance
Answer:
Q15. Which function typically reports functionally to the audit committee?
A. Operations
B. Marketing
C. Internal audit
D. Human resources
Answer:
D. Management Responsibilities – Operations & Internal Control
Q16. Management is primarily responsible for:
A. Auditing internal controls
B. Designing and implementing internal controls
C. Approving audit opinions
D. Ensuring auditor independence
Answer:
Q17. Which management responsibility MOST directly affects operational effectiveness?
A. External audit coordination
B. Risk assessment and control design
C. Board evaluation
D. Regulatory enforcement
Answer:
Q18. Management demonstrates commitment to internal control by:
A. Delegating all control activities
B. Establishing clear policies and procedures
C. Eliminating detective controls
D. Reducing documentation
Answer:
Q19. Management override of controls is primarily a failure of:
A. Risk assessment
B. Control activities
C. Monitoring
D. Control environment
Answer:
Q20. Which action by management strengthens the control environment?
A. Ignoring minor violations
B. Promoting ethical values
C. Increasing transaction volume
D. Limiting audit access
Answer:
E. Effective Internal Control System – Integrated View
Q21. An effective internal control system provides:
A. Absolute assurance
B. Reasonable assurance
C. Guaranteed fraud prevention
D. Complete risk elimination
Answer:
Q22. Segregation of duties is MOST closely related to which COSO component?
A. Risk assessment
B. Control activities
C. Monitoring
D. Information & communication
Answer:
Q23. Continuous evaluations of controls are part of:
A. Control environment
B. Risk assessment
C. Monitoring
D. Governance
Answer:
Q24. A strong internal control system is LEAST effective when:
A. Board oversight is weak
B. Controls are documented
C. Risks are assessed
D. Monitoring exists
Answer:
Q25. Which factor MOST enhances internal control effectiveness?
A. Increased automation only
B. Strong tone at the top
C. High transaction volume
D. External regulation
Answer:
F. Scenario-Based / CMA-Style Questions
Q26. If the board fails to challenge management decisions, the greatest risk is:
A. Market volatility
B. Management override of controls
C. Increased audit cost
D. Operational inefficiency only
Answer:
Q27. An audit committee that lacks financial expertise increases risk related to:
A. Strategic planning
B. Financial reporting reliability
C. Operational efficiency
D. Employee morale
Answer:
Q28. Management focusing only on financial controls but ignoring operational controls may result in:
A. Strong governance
B. Ineffective operations
C. Better compliance
D. Reduced risk
Answer:
Q29. Which action BEST demonstrates effective governance?
A. CEO dominance over board
B. Independent audit committee oversight
C. Limited internal audit access
D. Management-only risk assessment
Answer:
Q30. In an effective governance structure, internal audit should report:
A. Administratively to CFO and functionally to audit committee
B. Only to management
C. Only to external auditors
D. Only to regulators
Answer:
✅ Exam Tip (CMA Favorite Area):
- Board = Oversight
- Audit Committee = Financial reporting & internal control oversight
- Management = Design, implement & operate controls
- Internal Control = Reasonable assurance, not guarantee
www.gmsisuccess.in
RISK ASSESSMENT & INTERNAL CONTROL SYSTEM
MCQs (US CMA PART 1)
A. Risk Assessment – Core Concepts
Q1. Risk assessment under the COSO framework involves:
A. Eliminating all risks
B. Identifying and analyzing risks to achieving objectives
C. Detecting errors after occurrence
D. Implementing corrective controls
Answer:
Q2. Risk assessment is MOST closely related to which COSO component?
A. Control environment
B. Control activities
C. Risk assessment
D. Monitoring
Answer:
Q3. Which of the following BEST describes business risk?
A. Risk of audit failure
B. Risk of incorrect financial statements only
C. Risk that events will adversely affect achievement of objectives
D. Risk eliminated by internal controls
Answer:
Q4. Which risk arises from ineffective or failed internal controls?
A. Inherent risk
B. Residual risk
C. Control risk
D. Detection risk
Answer:
B. Risk Identification & Analysis
Q5. The FIRST step in risk assessment is to:
A. Design control activities
B. Identify relevant risks
C. Evaluate monitoring controls
D. Correct deficiencies
Answer:
Q6. Which factor MOST affects risk assessment?
A. Changes in business environment
B. Historical audit findings only
C. External audit opinion
D. Accounting policies
Answer:
Q7. Rapid growth in operations increases risk primarily due to:
A. Strong controls
B. Inadequate control adaptation
C. Improved governance
D. Reduced transactions
Answer:
Q8. Risk assessment should be performed:
A. Once at formation
B. Only during audits
C. Continuously and periodically
D. Only after control failure
Answer:
C. Inherent, Residual & Control Risk
Q9. Inherent risk is best described as:
A. Risk remaining after controls
B. Risk caused by auditors
C. Risk existing before controls
D. Risk eliminated by governance
Answer:
Q10. Residual risk refers to:
A. Total business risk
B. Risk before controls
C. Risk remaining after controls
D. Detection risk
Answer:
Q11. High inherent risk requires management to:
A. Ignore control design
B. Implement stronger controls
C. Eliminate monitoring
D. Reduce documentation
Answer:
D. Risk Assessment & Internal Control Relationship
Q12. Risk assessment helps management to:
A. Detect errors
B. Determine appropriate control activities
C. Eliminate fraud
D. Replace monitoring
Answer:
Q13. Failure to assess risk properly MOST likely results in:
A. Strong internal controls
B. Ineffective control activities
C. Reduced operational efficiency
D. Better compliance
Answer:
Q14. Which internal control component is directly influenced by risk assessment outcomes?
A. Control environment
B. Control activities
C. Monitoring
D. Governance
Answer:
E. Risk Response & Control Design
Q15. Which is NOT a common risk response?
A. Risk avoidance
B. Risk reduction
C. Risk acceptance
D. Risk elimination
Answer:
Q16. Implementing segregation of duties is primarily a response to:
A. Market risk
B. Control risk
C. Liquidity risk
D. Compliance risk
Answer:
Q17. Which control BEST addresses high fraud risk?
A. Detective controls only
B. Preventive controls
C. No controls
D. Monitoring only
Answer:
Q18. Compensating controls are MOST appropriate when:
A. Risks are eliminated
B. Primary controls are not feasible
C. Controls already exist
D. Auditors require them
Answer:
F. Risk Assessment in Operations & Reporting
Q19. Risk assessment related to financial reporting focuses on:
A. Market volatility
B. Accuracy and reliability of financial statements
C. Employee performance
D. Customer satisfaction
Answer:
Q20. Operational risk primarily affects:
A. Financial statement presentation
B. Efficiency and effectiveness of operations
C. Audit opinion
D. Compliance reporting
Answer:
Q21. Compliance risk arises from:
A. Operational inefficiency
B. Failure to follow laws and regulations
C. Weak segregation of duties
D. System downtime
Answer:
G. Monitoring Risk & Control Effectiveness
Q22. Continuous monitoring helps management to:
A. Eliminate risk
B. Identify control deficiencies timely
C. Replace risk assessment
D. Avoid governance oversight
Answer:
Q23. Which indicates a failure in risk assessment?
A. Controls not aligned with risk level
B. Strong governance
C. Regular monitoring
D. Ethical leadership
Answer:
H. Scenario-Based / CMA-Tricky Questions
Q24. Management identifies a high risk but implements weak controls. This indicates failure in:
A. Monitoring
B. Risk response
C. Information & communication
D. Control environment
Answer:
Q25. A company with outdated risk assessments is MOST exposed to:
A. Reduced audit cost
B. Emerging risks
C. Strong control environment
D. Low residual risk
Answer:
Q26. Excessive reliance on detective controls increases risk of:
A. Errors occurring
B. Late error detection
C. Strong prevention
D. Risk elimination
Answer:
Q27. Management override risk should be considered during:
A. Risk identification
B. Control design
C. Monitoring
D. All of the above
Answer:
I. Integrated COSO-Based Questions
Q28. Risk assessment interacts MOST closely with:
A. Control activities and monitoring
B. External audit
C. Budgeting
D. Financial reporting only
Answer:
Q29. A well-designed internal control system reduces:
A. Inherent risk
B. Residual risk
C. Business uncertainty
D. External risk
Answer:
Q30. The PRIMARY purpose of risk assessment in internal control is to:
A. Prevent all losses
B. Design effective and efficient controls
C. Reduce audit effort
D. Comply with regulations only
Answer:
✅ CMA Exam Quick Memory Aid
- Risk Assessment = Identify → Analyze → Respond
- Controls must match risk level
- Risk is dynamic → assessment must be ongoing
- Goal = Reduce residual risk to acceptable level
ACCOUNTING INFORMATION SYSTEMS (AIS) & INTERNAL Control
A. Accounting Information System – Basics
Q1. The primary purpose of an Accounting Information System (AIS) is to:
A. Eliminate accounting errors
B. Collect, process, and report financial information
C. Replace management judgment
D. Detect fraud only
Answer:
Q2. Which AIS component captures transaction data?
A. Output
B. Processing
C. Input
D. Storage
Answer:
Q3. An effective AIS should provide information that is:
A. Complex and detailed
B. Timely, accurate, and relevant
C. Only historical
D. Only for auditors
Answer:
B. AIS & Internal Control Relationship
Q4. Internal controls in AIS primarily ensure:
A. High profits
B. Data reliability and system integrity
C. Faster processing only
D. Reduced staffing
Answer:
Q5. Which COSO objective is MOST directly supported by AIS?
A. Operational efficiency
B. Reliability of financial reporting
C. Corporate governance
D. Compliance monitoring
Answer:
Q6. A weakness in AIS controls MOST directly affects:
A. Marketing decisions
B. Financial statement reliability
C. Employee morale
D. Customer satisfaction
Answer:
C. General Controls vs Application Controls
Q7. Controls that relate to the overall IT environment are called:
A. Application controls
B. Preventive controls
C. General controls
D. Detective controls
Answer:
Q8. Which of the following is a general control?
A. Input validation checks
B. User access security
C. Edit checks
D. Batch totals
Answer:
Q9. Which of the following is an application control?
A. Disaster recovery plan
B. Program change control
C. Authorization of transactions
D. Logical access policy
Answer:
Q10. Application controls primarily ensure:
A. IT infrastructure reliability
B. Accuracy, completeness, and validity of transactions
C. System availability only
D. Cybersecurity compliance
Answer:
D. Input, Processing & Output Controls
Q11. Which control ensures only valid data is entered into the system?
A. Output control
B. Processing control
C. Input control
D. General control
Answer:
Q12. Edit checks and reasonableness tests are examples of:
A. Output controls
B. Input controls
C. Processing controls
D. Monitoring controls
Answer:
Q13. Run-to-run totals help ensure:
A. Authorized access
B. Processing accuracy and completeness
C. Proper segregation of duties
D. Data backup
Answer:
Q14. Reviewing exception reports is primarily a:
A. Preventive control
B. Detective control
C. Corrective control
D. Compensating control
Answer:
E. Data Security & Access Controls
Q15. Restricting system access using passwords is a:
A. Detective control
B. Corrective control
C. Preventive control
D. Monitoring control
Answer:
Q16. Which control BEST reduces the risk of unauthorized data modification?
A. Backup files
B. Logical access controls
C. Error reports
D. Reconciliations
Answer:
Q17. Segregation of duties in AIS helps prevent:
A. System downtime
B. Fraud and errors
C. Data storage issues
D. Reporting delays
Answer:
F. AIS Risks & Control Weaknesses
Q18. Lack of program change controls increases risk of:
A. Data input errors
B. Unauthorized system modifications
C. Poor audit opinions
D. Late reporting
Answer:
Q19. Excessive reliance on automated controls without monitoring may lead to:
A. Stronger controls
B. Undetected system failures
C. Reduced risk
D. Better compliance
Answer:
Q20. Which situation indicates a weakness in AIS internal control?
A. Regular backup and recovery testing
B. Shared user IDs
C. Access logs review
D. Segregation of duties
Answer:
G. AIS & COSO Integration
Q21. AIS contributes MOST directly to which COSO component?
A. Control environment
B. Risk assessment
C. Information and communication
D. Monitoring
Answer:
Q22. Automated controls mainly strengthen which COSO component?
A. Control activities
B. Control environment
C. Risk assessment
D. Governance
Answer:
Q23. Inadequate AIS documentation primarily affects:
A. Control activities
B. Information and communication
C. Monitoring
D. Risk elimination
Answer:
H. Scenario-Based / CMA-Tricky Questions
Q24. If AIS processes transactions accurately but allows unauthorized access, the weakness is in:
A. Application controls
B. General controls
C. Output controls
D. Processing controls
Answer:
Q25. Management override of AIS controls MOST directly threatens:
A. Operational efficiency
B. Reliability of financial reporting
C. System availability
D. Data storage
Answer:
Q26. A strong AIS with weak governance is MOST exposed to:
A. Data redundancy
B. Fraud risk
C. Processing delays
D. System cost overrun
Answer:
I. Final Integrated Questions
Q27. An effective AIS internal control system provides:
A. Absolute assurance
B. Reasonable assurance
C. Guaranteed fraud prevention
D. Zero system risk
Answer:
Q28. Which control ensures completeness of batch processing?
A. Passwords
B. Batch totals
C. Firewalls
D. Backup files
Answer:
Q29. Internal audit’s role in AIS controls is to:
A. Operate the system
B. Evaluate system controls
C. Design transactions
D. Approve user access
Answer:
Q30. The PRIMARY goal of AIS controls is to:
A. Reduce IT costs
B. Ensure reliable financial information
C. Increase automation
D. Support external audit only
Answer:
✅ CMA Exam Quick Recall
- AIS + Internal Control = Reliable, timely, accurate data
- General controls → Overall IT environment
- Application controls → Transaction accuracy & completeness
- Control gives reasonable assurance, not guarantee.
No comments:
Post a Comment