In an audit engagement, a group of internal auditors used an integrated test facility to test payroll processing.
The auditors identified the key controls and processing steps in the computer software, and then developed test data. Over the course of 24 months, they submitted test transactions on a regular basis but did not find any differences between payroll processing and integrated test facility results. Based on the data, what can the auditors conclude?
According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?
Which is the least effective form of risk management?
Which of the following actions by a chief audit executive is most likely to prevent exaggerated sales reports by division management?
I.Hire a new internal auditor who has fraud investigation credentials.
II.Assist the controller in developing and monitoring a series of business process indicators which are historically correlated with, but independent of, sales.
III.Announce a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
IV.Ask the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting.
Management has asked the chief audit executive (CAE) to provide assurance on the organization's automated control system related to financial data. The current audit staff does not have the expertise needed to conduct this type of engagement. Which of the following would be the best response by the CAE?
