125 MCQ questions on topic Internal Control system control,Governence, Risk assessment,Control application.
Section A....
Internal Control and Risk Management
1. What is the primary objective of internal control?
A) To ensure profitability
B) To ensure compliance with laws and regulations
C) To provide reasonable assurance of achieving organizational objectives
D) To detect and prevent fraud
Answer:
2. Which of the following is a type of internal control?
A) Detective control
C) Corrective control
D) All of the above
Answer:
3. What are the components of internal control?
A) Control environment, risk assessment, control activities, information and communication, monitoring
B) Control environment, risk assessment, control activities, information and communication
C) Control environment, risk assessment, control activities, monitoring
D) Control environment, risk assessment, information and communication, monitoring
Answer:
Types of Internal Control and Components
4. What is the purpose of a control environment?
A) To identify and assess risks
B) To design and implement control activities
C) To establish a culture of control and ethics
D) To monitor and report on internal control
Answer:
5. What is a risk owner?
A) The person responsible for identifying and assessing risks
B) The person responsible for implementing control activities
C) The person responsible for monitoring and reporting on internal control
D) The person responsible for accepting and managing risks
Answer:
Internal Control Activation and Function
6. What is the first step in activating internal control?
A) Identifying and assessing risks
B) Designing and implementing control activities
C) Establishing a control environment
D) Monitoring and reporting on internal control
Answer:
7. What is the function of control?
A) To prevent errors and irregularities
B) To detect errors and irregularities
C) To correct errors and irregularities
D) All of the above
Answer:
Efficient Operation of Internal Control
8. When is internal control considered to be efficiently operating?
A) When it provides reasonable assurance of achieving organizational objectives
B) When it detects and prevents all errors and irregularities
C) When it is designed and implemented effectively
D) When it is monitored and reported on regularly
Answer:
Inherent Limitations of Internal Control
9. What is an inherent limitation of internal control?
A) Human error
B) Collusion
D) All of the above
Answer:
Types of Control and Risk Management
10. What is application control?
A) Control over the development and implementation of applications
B) Control over the processing of transactions
C) Control over the storage and retrieval of data
D) Control over the security of applications
Answer:
11. What is input control?
A) Control over the input of data into a system
B) Control over the processing of transactions
C) Control over the output of data from a system
D) Control over the storage and retrieval of data
Answer:
12. What is process control?
A) Control over the processing of transactions
B) Control over the input of data into a system
C) Control over the output of data from a system
D) Control over the storage and retrieval of data
Answer:
13. What is general control?
A) Control over the overall IT environment
B) Control over specific applications
C) Control over the development and implementation of applications
D) Control over the security of applications
Answer:
Design and Responsibility
14. Who designs control?
A) Management
D) Risk management
Answer:
15. Who is responsible for risk management?
B) Management
C) Risk management department
D) Internal audit
Answer:
Duties and Responsibilities
16. What is the duty of the board of directors?
A) To oversee the internal control system
B) To design and implement control activities
C) To monitor and report on internal control
D) To manage risk
Answer:
17. What is the responsibility of the audit committee?
A) To oversee the internal audit function
B) To design and implement control activities
C) To monitor and report on internal control
D) To manage risk
Answer:
Frameworks and Regulations
18. What is COSO?
A) A framework for internal control
B) A framework for risk management
C) A regulation for corporate governance
D) A standard for auditing
Answer:
19. What is COBIT?
A) A framework for IT governance
B) A framework for internal control
C) A regulation for corporate governance
D) A standard for auditing
Answer:
20. What is SOX?
A) A regulation for corporate governance
B) A framework for internal control
C) A framework for risk management
D) A standard for auditing
Answer:
21. What is FCPA?
A) A regulation for foreign corrupt practices
B) A framework for internal control
C) A framework for risk management
D) A standard for auditing
Answer:
Risk Management Concepts
22. What is risk tolerance?
A) The amount of risk an organization is willing to take
B) The amount of risk an organization can take
C) The amount of risk an organization should take
D) The amount of risk an organization must take
Answer:
23. What is risk appetite?
A) The amount of risk an organization is willing to take
B) The amount of risk an organization can take
C) The amount of risk an organization should take
D) The amount of risk an organization must take
Answer:
24. What is a risk map?
A) A tool for identifying and assessing risks
B) A tool for prioritizing risks
C) A tool for monitoring and reporting on risks
D) A tool for managing risks
Answer:
25. What is a risk maturity model?
A) A model for assessing the maturity of an organization's risk management process
B) A model for identifying and assessing risks
C) A model for prioritizing risks
D) A model for monitoring and reporting on risks
Answer:
Section B...
### Accounting Information Systems & Cycles
1. What is the primary function of an Accounting Information System (AIS)?
a) Process data to provide information to users
b) Record financial transactions only
c) Manage payroll only
d) Prepare financial statements only
**Answer:**
2. Which document initiates the revenue cycle?
a) Sales order
b) Purchase order
c) Invoice
d) Bill of lading
**Answer:**
3. What document is primarily used to authorize shipments in the revenue cycle?
a) Bill of lading
b) Purchase order
c) Receiving report
d) Sales invoice
**Answer:**
4. Which document starts the purchase cycle?
a) Sales order
b) Purchase requisition
c) Receiving report
d) Vendor invoice
**Answer:**
5. In payroll cycle, what is the primary source document for recording hours worked by hourly employees?
a) Time cards
b) Pay stub
c) Employee contracts
d) Payroll register
**Answer:**
6. Which control is important in the payroll cycle to prevent fictitious employees?
a) Segregation of duties
b) Matching purchase orders
c) Invoice verification
d) Inventory count
**Answer:**
### Risk Concepts and Management
7. Who is the primary risk owner in risk management?
a) The individual responsible for managing the risk
b) The auditor
c) Internal control personnel
d) External consultants
**Answer:**
8. Which of the following is a deliverable of a risk management process?
b) Financial statements
c) Payroll records
d) Audit invoices
**Answer:**
9. Risk appetite is best described as:
a) The amount of risk an organization is willing to accept
b) The actual level of risk faced
c) Risks identified in a risk assessment
d) Risks mitigated through controls
**Answer:**
10. Risk tolerance is defined as:
a) The acceptable level of variation around the risk appetite
b) The maximum loss possible
c) The number of risks an organization faces
d) Risks detected by audit
**Answer:**
11. What is a risk map used for?
a) Visual representation of risks by likelihood and impact
b) Listing controls
c) Identifying internal control weaknesses
d) Scheduling audits
**Answer:**
12. What does a heat map illustrate in risk management?
a) Severity of risks by color coding
b) Process flows
c) Audit findings
d) Employee responsibilities
**Answer:**
13. The risk maturity model assesses:
a) The level of development and effectiveness of risk management processes
b) Financial stability
c) Internal audit quality
d) IT system maturity
**Answer:**
### Types of Risks
14. Inherent risk is:
a) Risk before any controls are applied
b) Risk after controls are applied
c) Risk of controls failing
d) Risk undetected by auditors
**Answer:**
15. Control risk is:
a) Risk that controls will fail to prevent or detect a misstatement
b) Risk in the environment
c) Risk accepted by management
d) Auditor's risk
**Answer:**
16. Detection risk is:
a) Risk that audit procedures will not detect a material misstatement
b) Risk of fraud
c) Risk of operational loss
d) Risk of poor financial performance
**Answer:**
17. Residual risk is:
a) Risk remaining after controls are applied
b) Risk inherent to the process
c) Risk accepted by the board
d) Risk that is transferred
**Answer:**
### COSO and COBIT Frameworks
18. Which COSO component focuses on setting objectives and identifying risks?
a) Risk assessment
b) Control activities
c) Information and communication
d) Monitoring activities
**Answer:**
19. The role of COBIT in IT governance is to:
a) Provide a framework for IT management and governance
b) Conduct financial audits
c) Develop software
d) Manage human resources
**Answer:**
20. COSO’s five components include all except:
a) Risk assessment
b) Technology management
c) Control environment
d) Monitoring activities
**Answer:**
### Additional Questions on Cycles, Risk, and Controls
21. The primary goal of the revenue cycle is:
a) To deliver the right product at the right time to the right customer
b) To reduce purchase orders
c) To minimize payroll costs
d) To control financial reporting
**Answer:**
22. A purchase requisition is used to:
a) Request goods or services internally
b) Pay vendors
c) Ship products to customers
d) Record payroll
**Answer:**
23. Payroll register contains:
a) Details of employee wages and deductions
b) Purchase orders
c) Sales invoices
d) Inventory levels
**Answer:**
24. What is a key inherent limitation of any internal control system?
a) Human error and collusion
b) Technology failures only
c) Legislation compliance
d) Financial accounting standards
**Answer:**
25. Segregation of duties helps prevent:
a) Fraud and errors
b) Payroll processing
c) Risk appetite setting
d) COSO implementation
**Answer:**
26. Delivery documents in the purchase cycle include:
a) Receiving report
b) Sales invoice
c) Purchase order
d) Time card
**Answer:**
27. The term "control activities" in COSO refers to:
a) Policies and procedures that help ensure management directives are carried out
b) Financial statements
c) Risk transfer strategies
d) External audit reviews
**Answer:**
28. Which is an example of residual risk?
a) Risk remaining after implementation of anti-fraud controls
b) Risk that exists before controls are applied
c) Risk identified by the auditor only
d) Risk transferred through insurance
**Answer:**
29. A delivery note is used to:
a) Confirm goods received by the customer
b) Initiate purchase requisition
c) Record employee attendance
d) Authorize payment to vendors
**Answer:**
30. Which cycle includes activities involving hiring, payroll processing, and benefits administration?
a) Payroll cycle
b) Revenue cycle
c) Purchase cycle
d) Inventory cycle
**Answer:**
31. An example of operational risk is:
a) System failure causing business disruption
b) Stock market decline
c) Legal penalties
d) Currency exchange risk
**Answer:**
32. Risk appetite and risk tolerance are:
a) Related but risk tolerance is narrower than risk appetite
b) The same concept
c) Unrelated
d) Only relevant to auditors
**Answer:**
33. The main purpose of a risk heat map is to:
a) Prioritize risks for management focus
b) Document payroll transactions
c) Audit revenue transactions
d) Monitor purchase orders
**Answer:**
34. The COSO internal control framework was first released in:
a) 1992
b) 2001
c) 2013
d) 1985
**Answer:**
35. Which of the following is a component of the COSO ERM framework?
a) Governance and culture
b) Financial accounting
c) Human resources management
d) Supply chain management
**Answer:**
36. Directive controls focus on:
a) Encouraging desired behaviors within a process
b) Detecting errors after occurrence
c) Preventing entry of transactions
d) External audit controls
**Answer:**
37. Which of these is a preventive control?
a) Authorization requirements
b) Reconciliations
c) Audits
d) Reviews
**Answer:**
38. A detective control is designed to:
a) Identify errors or irregularities after they have occurred
b) Prevent fraud
c) Monitor employee performance
d) Mange IT security
**Answer:**
39. Who is responsible for defining risk appetite?
a) Board of directors or senior management
b) Internal auditors
c) Staff accountants
d) External auditors
**Answer:**
40. An example of a deliverable from a risk assessment process would be:
a) Risk register or risk report
b) Payroll summary
c) Purchase orders
d) Financial statements
**Answer:**
41. Which document controls the flow of goods coming into a company?
a) Receiving report
b) Sales invoice
c) Sales order
d) Purchase requisition
**Answer:**
42. The primary focus of COBIT is:
a) IT governance and management
b) Internal audit process
c) Payroll control
d) Inventory management
**Answer:**
43. The COSO control environment is best described as:
a) The foundation for all other components of internal control
b) A risk assessment procedure
c) An IT control framework
d) A compliance guideline
**Answer:**
44. Risk capacity refers to:
a) The maximum amount of risk an organization can bear
b) Risk detected by audit
c) External risk factors
d) Risk transferred to insurers
**Answer:**
45. Business continuity planning is a control designed to:
a) Ensure essential business operations during disruptions
b) Reduce payroll errors
c) Verify purchase orders
d) Manage financial reporting standards
**Answer:**
46. An example of financial risk is:
a) Credit risk from customer defaults
b) Employee fraud
c) IT system failures
d) Legal compliance risk
**Answer:**
47. Which of these is an example of a residual risk treatment?
a) Risk acceptance after controls are applied
b) Initial risk identification
c) Risk transfer prior to controls
d) Auditing the risk process
**Answer:**
48. What type of risk is most affected by changes in legislation?
a) Compliance risk
b) Operational risk
c) Strategic risk
d) Market risk
**Answer:**
49. The risk management process includes all except:
a) Auditing financial statements
b) Risk identification
c) Risk assessment
d) Risk monitoring
**Answer:**
50. A key characteristic of internal control is that it provides:
a) Reasonable, not absolute, assurance
b) Absolute assurance of risk elimination
c) Financial profitability
d) Continuous monitoring without gaps
**Answer:**
Section C...
๐ 1–10: Accounting Information Systems Basics
1. Which of the following best describes an Accounting Information System (AIS)?
A. A system for recording only financial transactions
B. A system combining people, procedures, data, and IT to process accounting information
C. A manual system used for bookkeeping only
D. A software used for payroll
✅ Answer:
---
2. The main output of an AIS is:
A. Financial statements and management reports
B. Data entry forms
C. Audit evidence only
D. Purchase orders only
✅ Answer:
---
3. The three major subsystems of AIS are:
A. Input, Process, Output
B. Transaction Processing, General Ledger/Reporting, and Management Reporting
C. Sales, Purchase, and Payroll
D. Hardware, Software, and People
✅ Answer:
---
4. Which of the following is not a function of AIS?
A. Data collection
B. Data processing
C. Data destruction
D. Information output
✅ Answer:
---
5. AIS supports internal control by:
A. Promoting segregation of duties
B. Encouraging data duplication
C. Allowing unauthorized access
D. Avoiding audit trails
✅ Answer:
---
6. The primary objective of an AIS is to:
A. Reduce labor cost
B. Provide accurate and timely information
C. Store large volumes of data
D. Eliminate human errors completely
✅ Answer:
---
7. Which document is used to record customer orders in AIS?
A. Invoice
B. Sales order
C. Purchase requisition
D. Goods receipt note
✅ Answer:
---
8. The audit trail in AIS helps auditors:
A. Modify transactions
B. Trace transactions from source to output
C. Delete old records
D. Create new transactions
✅ Answer:
---
9. Which of the following systems updates records immediately after each transaction?
A. Batch processing system
B. Real-time processing system
C. Periodic system
D. Sequential processing
✅ Answer:
---
10. In a transaction processing system (TPS), the first step is:
A. Storing data
B. Processing data
C. Capturing data
D. Generating output
✅ Answer:
---
๐งพ 11–20: Sales, Purchase, and Payroll Cycles
11. The first document prepared in the sales cycle is:
A. Invoice
B. Customer order
C. Bill of lading
D. Shipping notice
✅ Answer:
---
12. The last step in the sales cycle is:
A. Shipment
B. Billing
C. Cash collection
D. Order entry
✅ Answer:
---
13. In the purchase cycle, the process begins with:
A. Purchase order
B. Purchase requisition
C. Receiving report
D. Invoice
✅ Answer:
---
14. In the payroll cycle, which document authorizes the payroll process?
A. Payroll register
B. Time card
C. Personnel action form
D. Paycheck
✅ Answer:
---
15. Which document is used to verify goods received in the purchase cycle?
A. Goods receipt note (GRN)
B. Purchase order
C. Invoice
D. Material requisition
✅ Answer:
---
16. The sales invoice is prepared based on:
A. Purchase order
B. Shipping document
C. Credit memo
D. Journal voucher
✅ Answer:
---
17. Payroll cycle ends with:
A. Employee hiring
B. Distribution of paychecks
C. Recording journal entry
D. Time recording
✅ Answer:
---
18. The primary control in payroll is:
A. Budgetary control
B. Authorization of employee records and pay rates
C. Verification of sales orders
D. Supplier reconciliation
✅ Answer:
---
19. Which document triggers a payment to the supplier?
A. Invoice
B. Purchase order
C. Receiving report
D. Voucher package
✅ Answer:
---
20. The voucher package consists of:
A. Purchase order, receiving report, supplier invoice
B. Purchase requisition, time card, payroll register
C. Sales order, invoice, receipt
D. Invoice, GRN, delivery challan
✅ Answer:
---
๐ป 21–30: Documentation & Flowcharts
21. A data flow diagram (DFD) shows:
A. How data moves through a system
B. Physical movement of documents
C. Organizational hierarchy
D. Control flow in programming
✅ Answer:
---
22. A system flowchart represents:
A. The sequence of program instructions
B. The physical and logical flow of data in AIS
C. Payroll cycle only
D. Accounting records only
✅ Answer:
---
23. Document flowcharts focus on:
A. System controls
B. Movement of paper documents through departments
C. Data processing steps
D. Software code
✅ Answer:
---
24. A control flowchart highlights:
A. Input/output devices
B. Control points within a system
C. Storage locations
D. Network architecture
✅ Answer:
---
25. In a DFD, the symbol for a process is:
A. Rectangle
B. Circle or bubble
C. Arrow
D. Open-ended rectangle
✅ Answer:
---
26. In a system flowchart, an arrow represents:
A. Flow of data or control
B. A process step
C. A decision
D. A document
✅ Answer:
---
27. The triangle symbol in flowcharts often denotes:
A. Delay or storage
B. Decision
C. Process
D. Data input
✅ Answer:
---
28. Which type of documentation best helps identify control weaknesses?
A. System flowchart
B. Data flow diagram
C. Program code
D. Organization chart
✅ Answer:
---
29. DFD level 0 represents:
A. Context diagram
B. High-level system overview
C. Detailed process map
D. Flow of documents only
✅ Answer:
---
30. The context diagram in DFD shows:
A. Internal system only
B. System boundaries and external entities
C. File storage
D. Decision logic
✅ Answer:
---
⚙️ 31–40: Controls (Input, Process, Output, Application, General)
31. Input controls ensure:
A. Data is authorized, accurate, and complete before processing
B. Processing accuracy only
C. Data storage efficiency
D. System recovery after crash
✅ Answer:
---
32. An example of an input control is:
A. Hash total
B. Exception report
C. Check digit verification
D. Both A and C
✅ Answer:
---
33. Processing controls ensure:
A. Transactions are not lost or duplicated
B. Only valid data entered
C. Output is distributed correctly
D. Input data are accurate
✅ Answer:
---
34. A run-to-run total is an example of:
A. Input control
B. Process control
C. Output control
D. Application control
✅ Answer:
---
35. Output controls focus on:
A. Validity of printed or displayed information
B. Preventing unauthorized access to data
C. Backup and recovery
D. Input validation
✅ Answer:
---
36. Application controls include:
A. Input, process, and output controls
B. Network and system software controls
C. Firewall and antivirus
D. Backup power supply
✅ Answer:
---
37. General controls cover:
A. Overall IT environment controls
B. Specific application procedures
C. Payroll cycle only
D. Document authorization
✅ Answer:
---
38. Examples of general controls include:
A. Password policies and access controls
B. Input edit checks
C. Output reconciliations
D. Batch totals
✅ Answer:
---
39. A check digit is used to:
A. Verify data accuracy during input
B. Control report output
C. Record process flow
D. Validate document authorization
✅ Answer:
---
40. Limit and range checks are types of:
A. Input validation controls
B. Process controls
C. Output controls
D. General controls
✅ Answer:
---
๐ 41–50: System Security & Transaction Processing
41. The main purpose of transaction processing systems (TPS) is:
A. Decision making
B. Recording routine business transactions
C. Data mining
D. Forecasting
✅ Answer:
---
42. In batch processing, transactions are:
A. Processed immediately
B. Collected and processed together later
C. Deleted after entry
D. Verified manually
✅ Answer:
---
43. Real-time processing is most suitable for:
A. Payroll
B. Sales order entry
C. Month-end reports
D. Annual budgets
✅ Answer:
---
44. Audit trail is an example of:
A. Detective control
B. Preventive control
C. Corrective control
D. Process control
✅ Answer:
---
45. Backup procedures are part of:
A. Output control
B. General control
C. Application control
D. Input control
✅ Answer:
---
46. Encryption in AIS is primarily a:
A. Physical control
B. Logical access control
C. Input control
D. Output control
✅ Answer:
---
47. Exception reports are generated to:
A. Highlight unusual transactions
B. Show all transactions
C. Summarize payroll
D. Display all invoices
✅ Answer:
---
48. Segregation of duties is an example of:
A. Preventive control
B. Detective control
C. Corrective control
D. Manual control only
✅ Answer:
---
49. Hash totals help in detecting:
A. Omitted or duplicate transactions
B. Fraudulent journal entries
C. Unauthorized reports
D. Access violations
✅ Answer:
50. Disaster recovery plans (DRP) are designed to:
A. Ensure system recovery after major failures
B. Improve process speed
C. Eliminate user errors
D. Train new employees
✅ Answer:
www.gmsisuccess.in
