Question: 1
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
Question: 2
According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?
Question: 3
An internal auditor provided the following statement about division A's performance during the month: "Because supplies of raw material X were scarce, division A's profits declined by 15 percent."
Which of the following can be validly concluded from the auditor's statement?
I . Division A's production level declined by 15 percent.
II . Division A could have sold more products than it produced.
III . Division A usually sells all of the products that it produces.
Question: 4
In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
Question: 5
An internal auditor's working papers should be reviewed by the
