Free IMA CMA Part 1 (Financial Planning, Performance, and Analytics) Internal Controls Practice Questions

Internal Controls on CMA Part 1 covers the COSO Internal Control and Enterprise Risk Management frameworks, control activities and limitations, internal audit standards, systems controls and security measures, and the regulatory landscape including Sarbanes-Oxley §302 and §404, GDPR, and SOC reports. Risk identification and mitigation is the recurring theme.

121 Questions

45 Easy

50 Medium

26 Hard

2026 Syllabus

Sample Questions

Question 1 Easy

A compensating control is BEST described as a control that:

Solution

B is correct. A compensating control is a secondary control that mitigates risk when a primary control cannot operate as designed or is absent. For example, when a small accounting department cannot fully segregate cash receipts from recordkeeping, a daily supervisory review of the deposit slip against the cash receipts journal can serve as a compensating control that reduces the residual risk to an acceptable level.

Question 2 Medium

Which of the following is an example of an IT general control rather than an application control?

Solution

B is correct. IT general controls (ITGCs) operate across the IT environment and include logical access security, change management, and computer operations. Restricting programmer or user access to production systems is a logical access control, a classic ITGC that supports the integrity of every application running in that environment. The other items are embedded in the input or processing logic of a specific application, making them application controls.

Question 3 Hard

A manufacturer is implementing a new ERP system. The internal audit team is designing controls across the application layer (input, processing, output) and the general IT controls (GITC) layer. Which of the following mappings of control to category and objective is correct?

Solution

C is correct. A check digit is an algorithmic validation embedded in an input field (such as a customer or account number) that detects transposition and transcription errors at the point of data entry. It is an input application control whose objective is data accuracy at the application level.

Create a Free Account to Access All 121 Questions →

About FreeFellow

FreeFellow is an AI-native exam prep platform for actuarial (SOA & CAS), CFA, CFP, CPA, CAIA, GARP FRM, IRS Enrolled Agent, IMA CMA, and FINRA / NASAA securities licensing candidates — built around modern AI as a core capability rather than as a bolt-on. Every lesson ships with AI-narrated audio. Every constructed-response item has a copy-to-AI prompt builder so candidates can paste their answer into their own ChatGPT or Claude for self-graded feedback. Fellow members get instant AI grading on essays against the official rubric (currently CFA Level III, expanding to other essay-bearing sections).

The 70% you need to pass — question bank, written solutions, lessons, formula sheet, mixed practice, readiness tracking — is free forever, with no trial period and no credit card. Become a Fellow ($59/quarter or $149/year per track) to unlock mock exams, flashcards with spaced repetition, performance analytics, AI essay grading, and a personalized study plan.