UL INTEGRATED CPA REVIEW AU-9

2ND SEM SY 2021-2022

UNIVERSITY OF LUZON
COLLEGE OF ACCOUNTANCY
CPA REVIEW CENTER

CONSIDERATION OF CLIENT’S INTERNAL CONTROL SYSTEM

PLANNING

Audit Process Model:

PHASE I: Client Acceptance
PHASE II: Planning the Audit
PHASE III: Testing and Evidence
PHASE IV: Evaluation and Reporting

PHASE II: PLANNING THE AUDIT

Objective Determine the amount and type of evidence and review required to give the auditor reasonable
assurance that there is no material misstatement of the financial statements (that is to reduce
audit risk to an acceptably low level).
Procedures 1. Perform audit procedures to understand the entity and its environment, including internal
control.
2. Assess the risks of material misstatements of the financial statements.
3. Determine materiality.
4. Prepare the planning memorandum an audit and audit program containing the auditor’s
response to identified risks

PHASE III: TESTING and EVIDENCE GATHERING

Perform further audit procedures 1. Test of controls
2. Substantive testing
a. Analytical procedures
b. Test of details

INTERNAL CONTROL

FOCUS NOTES:

Auditors Consider Internal Control in Performing Audit:

 The auditor should obtain an understanding of internal control relevant to the audit.
 The auditor uses the understanding of internal control:
 to identify types of potential misstatements,
 consider factors that affect the risks of material misstatement, and
 design the nature, timing, and extent of further audit procedures.

Concepts of Internal Control:

 Internal control is the process designed and effected by those charged with governance, management, and
other personnel to provide reasonable assurance about the achievement of the entity’s objectives with
regard to:
 reliability of financial reporting,
 effectiveness and efficiency of operations and
 compliance with applicable laws and regulations.
 The definition embodies 4 concepts:
 Internal controls is a process, not a single event
 Internal control is accomplished by people at every level in an organization
 Internal control is not an end in itself, but rather a means to achieve organizational goals
 Internal controls provide reasonable, not absolute, assurance
 Internal control consists of the following components:
a. The control environment.
1
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
b. The entity’s risk assessment process.
c. The information system, including the related business processes, relevant to financial reporting, and
communication.
d. Control activities.
e. Monitoring of controls.
 Control environment - Management’s and the board of director’s attitude, awareness, and actions toward
internal control concerning
 Integrity and ethical values
 Commitment and competence
 Board of directors or audit committee (participation of people charged with governance)
 Management’s philosophy and operating style
 Organizations structure
 Assignment of authority and responsibility
 Human resource policies and practices
 Entity’s Risk assessment Process
 Every entity faces risks, both external (such as technological developments) and internal (such as
employee pilferage)
 Management’s task is to identify the risks that bear on their operations, financial reporting, and
compliance objectives and to take the action necessary to manage them
 The information system, including the related business processes, relevant to financial reporting, and
communication.
 An information system consists of infrastructure (physical and hardware components), software,
people, procedures, and data.
 The information system relevant to financial reporting objectives, which includes the financial reporting
system, consists of the procedures and records established to initiate, record, process, and report entity
transactions (as well as events and conditions) and to maintain accountability for the related assets,
liabilities, and equity.
 Accordingly, an information system encompasses methods and records that:
 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit proper classification of
transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper monetary value
in the financial statements.
 Determine the time period in which transactions occurred to permit recording of transactions in
the proper accounting period.
 Present properly the transactions and related disclosures in the financial statements.
 Communication involves providing an understanding of individual roles and responsibilities pertaining
to internal control over financial reporting.
 Communication takes such forms as policy manuals, accounting and financial reporting manuals, and
memoranda. Communication also can be made electronically, orally, and through the actions of
management.
 Control activities
- the policies and procedures that help ensure that management directives are carried out, for example,
that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives.
- Generally, control activities that may be relevant to an audit may be categorized as policies and
procedures that pertain to the following:
 Performance reviews.
 Information processing.
 Physical controls.
 Segregation of duties.
 Monitoring of controls
- a process to assess the quality of internal control performance over time.
- it involves assessing the design and operation of controls on a timely basis and taking necessary
corrective actions.
- Monitoring is done to ensure that controls continue to operate effectively. For example, if the timeliness
and accuracy of bank reconciliations are not monitored, personnel are likely to stop preparing them.
- Monitoring of controls is accomplished through ongoing monitoring activities, separate evaluations, or a
combination of the two.

ASSESSMENT OF CONTROL RISK

 The reason for the auditor's assessment of control risk

2
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022

A. PSA 315 requires auditor to obtain understanding of internal control.

B. PSA 315 requires auditor to assessed the risk of material misstatement (both at the overall FS
level and at assertion level)
C. Inherent risk and control risk are components of the risk of material misstatement at the assertion
level.
D. Control risk is a component of overall audit risk needed to calculate detection risk

 The auditor's approach to assessing control risk

A. Identify types of errors or fraud that could occur in the absence of controls
B. Determine controls necessary to prevent and/or detect.
C. Determine whether designed and in place.
D. Identify weaknesses.
E. Design substantive programs.
F. Communicate weaknesses to the audit committee.

 Steps in assessing control risk

A. Obtain an understanding of internal control policies and procedures relevant to financial

statement assertions

1. Understanding obtained during initial planning phase of the audit

a. Study of the organizational structure
b. Inquiry of management
2. Control points as an aid to understanding controls
a. A control point exists wherever:
(1) an error or fraud could occur in the capturing and processing of data; and
(2) assets need to be safeguarded
b. Two types of controls:
(1) Accuracy controls support valuation
(2) Safeguard controls support completeness
3. Look for compensating controls where accuracy or safeguard controls are missing
4. Risk assessment based on initial understanding
a. Assess at maximum-primarily substantive audit
b. Assess below maximum
(1) Not common based solely on initial understanding
(2) Must be able to evaluate operating effectiveness
(3) Difficult to evaluate operating effectiveness without actually testing
controls

B. Document understanding
1. Internal control memorandum
a. Advantage-rigor of analysis
b. Disadvantage-difficult for reviewer to follow

2. Internal control questionnaire and/or checklist

a. Advantage-easy to complete and covers all points

b. Disadvantage-tendency toward cursory review given ease of completion.

3. Internal control flowchart

a. Advantage-easy to review given graphic representation; strengths and
weaknesses highlighted
b. Disadvantage-lacks detail

4. Combination of the above forms of documentation is preferred by most auditors

C. Assess control risk and document conclusions

1. If assessed at maximum, auditor need only document understanding
2. If assessed below maximum, auditor must document basis for reduction

3
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
3. Cannot assess control risk below maximum without obtaining knowledge about operating
effectiveness
4. Auditors hesitate to assess control risk below maximum without performing control tests

D. Reduce the assessed level of control risk through control testing

1. Conditions warranting control testing
a. Controls are thought to be effective
b. Cost effective to test
(1) Cost of further testing less than
(2) Cost savings obtained by reduced substantive testing

2. Approaches to control testing

a. Inquiries of appropriate personnel.

b. Reprocessing (Reperformance) - introduce transactions into system and follow

through the processing stages (particularly useful, given CBIS applications)

c. Observation-observe control functions as performed during processing of

transactions
(1) Only way to test certain controls
(a) Separation
(b) Competence of personnel
(2) Useful where audit trail is lacking in complex CBIS systems

d. Document examination and testing (Inspection)

(1) Where extensive documentation exists
(2) Manual and batch processing systems
(3) Subject of attribute sampling

I. MULTIPLE CHOICE (SET A)

1. The quality of an organization's internal controls affects
a. the reliability of financial data.
b. the ability of management to make good decisions.
c. the ability to remain in business.
d. all of the above.

2. Internal control is a process designed to achieve objectives in which one of the following categories?
a. reliability of financial reporting
b. compliance with applicable laws
c. ineffectiveness of operations
d. both A and B

3. Which of the following is not a reason that the auditor must gain an understanding of the client’s internal
control system?
a. better understand the client, its risks, and how it manages those risks.
b. assess control risk and identify the types of financial statement misstatements that are most likely to
occur.
c. plan direct tests of account balances to determine if misstatements have occurred.
d. all are reasons why auditors must gain an understanding of the client’s internal control system.

4. Which one of the following groups is interested in an organization's control structure?

a. board members
b. lenders
c. auditors
d. all of the above

5. The tone of internal control typically originates internally with:

a. auditors.
b. employees.
c. management.
d. stockholders.

4
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022

6. The major components of an organization's internal control structure consist of all of the following except
a. control risk. c. risk assessment.
b. the control environment. d. control activities.

7. Which one of the following components of the system of internal controls sets the tone for the organization?
a. control risk assessment c. information and communication
b. control environment d. monitoring

8. Personnel policies and procedures are designed to ensure that the organization
a. hires the right people.
b. complies with federal and state laws in its hiring and retention decisions.
c. has employees that are properly trained and supervised.
d. performs all of the above.

9. All of the following are pervasive accounting controls except

a. adequate segregation of duties. d. understanding documented internal
b. physical controls to safeguard the assets. procedures.
c. authorization procedures.

10. The personnel department should be responsible for

a. authorization of new employees. c. timekeeping.
b. generation of payroll checks. d. signing payroll checks.

11. If the auditor of financial statements understands internal control and assesses control risk as low, it is
assumed that internal control:
a. will be tested to support the assessment.
b. is not required to be tested as it is considered strong.
c. is considered relatively weak and will not be tested.
d. has been assessed erroneously by the auditor.

12. To support an assessment that control risk is low, the auditor of financial statements must
a. achieve the same conclusion after appropriately testing internal control.
b. achieve the opposite conclusion after appropriately testing internal control.
c. perform increased substantive procedures in order to compensate for the lower rating.
d. perform limited substantive procedures as the assessment is justified.

13. Which of the following is an example of a type of control that may be tested?
a. Interest accrued on notes payable.
b. Cash surrender value of life insurance classified as long-term asset.
c. A spreadsheet used to create a pivot table for the summarization of accounts receivable.
d. Reconciliations performed monthly on accounts.

14. A graphic representation of an accounting application that normally identifies key controls that are effective
in achieving specific control policies and procedures is
a. an internal control questionnaire. c. an internal control narrative.
b. a flowchart. d. a walk-through.

15. Which of the following best represents a walk-through?

a. The controller reviews the bank reconciliation prepared by the accountant and its resulting journal
entries.
b. The auditor walks the production line to find inefficiencies in the inventory process and reports them to
management.
c. The controller takes a sample of write-offs to ensure they have been adequately documented and
recorded.
d. The auditor traces three purchasing transactions from the purchase order to the financial statement for
observation and understanding.

16. Which one of the following is considered adequate documentation in an internal control system?
a. electronically prenumbered records
b. a cathode ray screen used in input
c. verbal authorization

5
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
d. delayed preparation of documents

17. Physical controls to safeguard assets would include

a. hiring only trustworthy cashiers c. locks on the warehouse doors
b. separation of duties d. safety audits on the production-line

18. A financial statement auditor concludes that internal controls over cash are not functioning as designed. She
believes that material misstatements to the cash accounts are possible because of the deficiencies. What is
the course of action that the auditor will most likely take?
a. Report the audit to the regulatory agencies of the BIR and SEC.
b. Develop specific tests for cash balances to determine the extent of misstatement.
c. Explain to the client that the audit firm will not be able to complete the audit.
d. Test the internal control over cash.

19. Which one of the following is not a control activity implemented in most accounting systems?
a. segregation of duties
b. competent, trustworthy employees
c. authorization procedures
d. all of these activities are normally implemented.

20. The approach to control risk assessment consists of each of the following phases except
a. obtaining an understanding of the internal control structure.
b. making a preliminary evaluation of inherent risk and deciding whether to test controls.
c. performing tests of controls.
d. reconsideration of the preliminary assessment of control risk.

21. An auditor obtains evidence of the internal control over the accounting system by all of the following except
a. performing walk-throughs of the accounting system.
b. making inquiries of banks and attorneys.
c. reviewing system flowcharts.
d. taking plant and operational tours.

22. Which of the following will an auditor perform to better understand a client's internal control over
accounting systems?
a. An auditor will look over subsequent year working papers.
b. An auditor will review previous year working papers.
c. An auditor will copy previous year working papers.
d. An auditor will re-draft subsequent year working papers.

23. Which of the following will an auditor use to document an understanding of internal control?
a. Checklists, disclosures and procedures.
b. The audit report, internal control opinions and confirmations.
c. Workpapers, engagement letters and management representation letters.
d. Questionnaires, narratives and flowcharts.

24. Which is clearly a test of control?

a. Walk-through of the expense cycle from performance of the service to the reporting in the balance sheet.
b. Examination of a sample of purchase order records for electronic, authenticated, authorization.
c. Observing the controller's use of company owned equipment.
d. Sending a letter to the client's attorney to determine litigation that is pending between plaintiff and the
defendant.

25. An auditor's test of transaction processing whereby the auditor is evaluating both the operation and
effectiveness of controls and the correctness and completeness of processing and posting to an account
balance is
a. a test of controls. c. a dual-purpose test.
b. a substantive test. d. an analytical review procedure.

26. An auditor of a client company that has multiple locations must

a. increase control risk to moderate or high.
b. conclude that independent business units of the consolidation are immaterial.
c. issue multiple audit reports for each segment of the company.

6
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
d. determine the universal application of controls across the company.

27. In order to further understand internal control, an auditor may use inquiry methods by:
a. interviewing key employees to gain further insight into the internal control environment.
b. observing the safeguarding of assets by checking locked doors and safes.
c. tracing a transaction from the boundary of the organization through to the final reporting.
d. documenting thoroughly the internal control through the use of narratives.

28. Which of the following is a detective control designed to detect the occurrence of a misstatement?
a. access controls. c. reconciliations.
b. edit controls. d. all of the above are detective controls.

II. MULTIPLE CHOICE (SET B)

1. Which of the following is not a component of internal control?
a. Monitoring.
b. Control environment.
c. Auditor’s business risk.
d. Information and communication.

2. Which of the following is the correct order for performing the procedures noted?
a. Test controls, perform substantive tests, understand the system of internal control.
b. Understand the system of internal control, test controls, perform substantive tests.
c. Test controls, understand the system of internal control, perform substantive tests.
d. Perform substantive tests, test controls, understand the system of internal control.

3. Which of the following audit tests is a test of controls?

a. Tests of the specific items making up the balance in a financial statement account.
b. Comparing inventory prices to vendors' invoices.
c. Comparing signatures on canceled checks to those of authorized check signers.
d. Tests of the additions to property, plant, and equipment by physical inspections.

4. After gaining an understanding and documenting internal control, the auditor may elect to perform tests on
a. Those controls that the auditor plans to rely on.
b. Those controls for which significant deficiencies have been identified.
c. Those controls that have a material effect on the financial statement balances.
d. A random sample of the controls that were reviewed.

5. Control risk and the reliance planned for the auditor’s substantive procedures have which of the following
types of relationship?
a. Direct. c. Inverse.
b. Unknown. d. Parallel.

6. Control activities include

a. The control environment. c. Authorization of purchases of new
b. Risks faced by the entity from new equipment.
technology. d. Market share data.

7. In an auditor's consideration of internal control, the completion of a questionnaire is most closely

associated with which of the following?
a. Separation of duties. c. Flowchart accuracy.
b. Understanding the system. d. Tests of controls.

8. Which of the following is part of risk assessment?

a. A foreign subsidiary does not adapt to changes in company procedures.
b. The client lacks written procedures for initiating sales transactions.
c. Lack of proper approval of payroll checks.
d. The client does not reconcile its bank accounts on a regular basis.

9. Which of the following is done by an auditor when gaining an understanding of an entity's internal controls?
a. Design the nature, timing, and extent of substantive tests.
b. Test depreciation for reasonableness.
c. Identify the types of potential misstatements that might occur.

7
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
d. Initially consider business risk.

10. The auditor is examining copies of sales invoices for the initials of the person checking the extensions. This
is an example of a
a. Test of controls. c. Dual-purpose test.
b. Substantive test. d. Test of balances.

11. After consideration of a client's internal control, an auditor might decide to

a. Increase the extent of substantive testing in areas where controls are strong.
b. Reduce the extent of tests of controls in areas where the controls are strong.
c. Reduce the extent of both substantive tests and tests of controls in areas where the controls are strong.
d. Increase the extent of substantive testing in areas where the controls are weak.

12. Proper segregation of duties is separating the following functions:

a. Payment, execution, and authorization. d. Authorization, execution, and recording.
b. Custody, execution, and reporting.
c. Payment, recording, and authorization.

13. A flowchart of a client's internal controls

a. Provides documentation of the system of internal control.
b. Is typically obtained from the client’s internal auditors.
c. Serves as the audit program for testing of controls.
d. Illustrates the type of fraud, which may have occurred in the system.

14. The auditor has evaluated the system of internal control and has reached the conclusion that the system is
well designed and is functioning as designed. The next step for the auditor is to
a. Issue the opinion on the financial statements.
b. Increase analytical procedures that are planned in the audit program.
c. Remove substantive tests from the audit program.
d. Leave substantive testing as planned for in the audit program.

15. Evidence about segregation of duties is best obtained by

a. Studying a flowchart detailing who performs which duties.
b. Making inquiries of coworkers about which employees performs which duties.
c. Inspecting conflict of interest policies for segregation of duties procedures.
d. Observation of employees who perform control activities.

16. Which of the following statements about internal control is correct?

a. Poor internal control calls for more extensive control tests.
b. Establishing and maintaining internal control is the internal auditor's responsibility.
c. Strong control allows the auditor to eliminate substantive tests of details.
d. The cost-benefit relationship should be considered in designing internal controls.

17. A significant deficiency is best defined as

a. A violation of the entity's conflict-of-interest policies and code of ethics.
b. An attempt by the client to limit the scope of the auditor's work in conducting the financial statement
engagement.
c. A deficiency that adversely affects the ability to process transactions in accordance with generally
accepted accounting principles.
d. Fraud or illegal acts committed by management that have a material impact on the financial statements.

18. Which of the following is not true concerning control activities?

a. Control procedures are another term for control activities.
b. Transaction authorization is a control activity.
c. Control activities generally fall into the two categories of preventive controls and detective controls.
d. Information and communication is an important component of control activities.

19. Auditors trace a transaction through the system

a. Via an audit trail.
b. When making inquiries of the internal auditor.
c. By making inquiries of the audit committee.
d. Near the close of the engagement.

8
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022

20. Limiting access to assets and records might be accomplished by

a. Audit trails documenting who had authorization to access assets and records.
b. A control environment, which discourages access to assets and records.
c. Access codes for those parties with authorization to access assets and records.
d. Risk assessment of the parties with authorization to access assets and records.

21. When obtaining understanding of an entity’s control environment, an auditor should concentrate on the
substance of management’s policies and procedures rather than their form because:
a. The auditor may believe that the policies and procedures are inappropriate for that particular entity.
b. The board of directors may not be aware of management’s attitude toward the control environment.
c. Management may establish appropriate policies and procedures but not act on them.
d. The policies and procedures may be so weak that no reliance is contemplated by the auditor.

22. The auditor is studying internal control policies and procedures within the sales, shipping, and billing
subset of the revenue cycle. Which of the following conditions suggests a need for additional testing of
controls?
a. Internal control is found to be weak with regard to shipping and billing.
b. Internal control over sales, billing, and shipping appears strong, but 80% of the sales revenue is
attributable to three major customers.
c. Internal control over billing and shipping is thought to be strong and the auditor considers additional
testing of selected controls will result in a major reduction in substantive testing.
d. Internal control over the recording of sales is found to be weak and the sales are evenly divided among a
large number of customers.

23. The auditor’s understanding of internal control is documented in order to substantiate:

a. Conformity of the accounting records with GAAP.
b. Representation as to adherence to requirements of management.
c. Representation as to compliance with PSA.
d. The fairness of the financial statement presentation.

24. When considering internal control, an auditor must be aware of the concept of reasonable assurance which
recognizes that:
a. The employment of competent personnel provides assurance that the objectives of the internal control
will be achieved.
b. The establishment and maintenance of a system of internal control is an important responsibility of the
management and not of the auditor.
c. The cost of internal control should not exceed the benefits expected to be derived from internal control.
d. The segregation of incompatible functions is necessary to obtain assurance that the internal control is
effective.

25. Flowcharting as a means of internal control evaluation provides the following advantage over the use of
questionnaires and descriptive narratives:
a. Ease of preparation. c. Simplicity.
b. Comprehensive coverage of controls. d. Ease in following information flow.

26. Which of the following statements is correct concerning the understanding of internal control needed by
auditors?
a. The auditors must understand the information system, not the accounting system
b. The auditors must understand monitoring and all preliminary accounting controls
c. The auditors must have a sufficient understanding to assess the risks of material misstatement
d. The auditors must understand the control environment, risk assessment, and all control activities

27. The effectiveness of controls is not generally tested by:

a. Inspection of documents and reports
b. Performance of analytical procedures
c. Observation of the application of accounting policies and procedures
d. Inquiries of appropriate client personnel

28. On financial statement audits, it is required that the auditors obtain an understanding of internal control,
including:
a. Its operating effectiveness
9
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
b. Whether it has been implemented (placed in operation)
c. Performing tests of controls for all material controls
d. Its ability to provide reasonable assurance

29. Which of the following is most likely to be considered a risk assessment procedure relating to internal
control?
a. Confirm accounts receivable
b. Perform a test of a control relating to payroll
c. Take test counts of the year-end inventory
d. Trace a transaction through the information system relevant to financial reporting

30. Which statement is correct concerning the relevance of various types of controls to a financial
statement audit?
a. An auditor may ordinarily ignore the consideration of controls when a substantive audit approach is used
b. Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but
other controls may also be relevant
c. Controls over safeguarding assets and liabilities are of primary importance, while controls over the
reliability of financial reporting may also be relevant
d. All controls are ordinarily relevant to an audit

31. For effective internal control, which of the following functions should not be assigned to the
company's accounting department?
a. Reconciling accounting records with existing assets
b. Recording financial transactions
c. Signing payroll checks
d. Preparing financial reports

32. Which of the following is not a responsibility that should be assigned to a company's internal audit
department?
a. Evaluating internal control
b. Approving disbursements
c. Reporting on the effectiveness of operating segments
d. Investigating potential merger candidates

33. Which of the following is an advantage of describing internal control through the use of a standardized
questionnaire?
a. Questionnaires highlight weaknesses in the system
b. Questionnaires are more flexible than other methods of describing internal control
c. Questionnaires usually identify situations in which internal control weaknesses are compensated for by
other strengths in the system
d. Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of
describing internal control

34. Which of the following is not a factor that is considered a part of the client's overall control environment?
a. The organizational structure
b. The information system
c. Management philosophy and operating style
d. Board of directors

35. Which of the following would be least likely to be considered a benefit of effective internal control?
a. Eliminating all employee fraud
b. Restricting access to assets
c. Detecting ineffectiveness
d. Ensuring authorization of transactions

36. After documenting the client's prescribed internal control, the auditors will often perform a walk-through of
each transaction cycle. An objective of a walk-through is to:
a. Verify that the controls have been implemented (placed in operation)
b. Replace tests of controls
c. Evaluate the major strengths and weaknesses in the client's internal control
d. Identify weaknesses to be communicated to management in the management letter

10
UL INTEGRATED CPA REVIEW AU-9
2ND SEM SY 2021-2022
37. The major components of internal control include all of the following, except:

a. Risk assessment c. Internal auditing

b. The control environment d. Control activities

38. The program flowcharting symbol representing a decision is a:

a. Triangle c. Rectangle
b. Circle d. Diamond

39. Which of the following is least likely to be considered an appropriate response relating to risks the auditors
identify at the financial statement level?
a. Assign more experienced staff
b. Incorporate additional elements of unpredictability in the selection of audit procedures
c. Increase the scope of auditor procedures
d. Emphasize the need to remain neutral, rather than to exercise professional skepticism

40. Which of the following factors would most likely be considered an inherent limitation to an entity's internal
control?
a. The complexity of the information processing system
b. Human judgment in the decision making process
c. The ineffectiveness of the board of directors
d. The lack of management incentives to improve the control environment

41. If the auditor’s assessment of an internal control is that it is effective, what is the effect on the amount of
direct testing performed by the auditor?
a. increase in direct testing.
b. decrease in direct testing
c. no change in direct testing.
d. direct testing is not needed.

11