An organization receives the most value from an internal audit activity's enterprise-wide risk assessment when the auditor:
An internal audit activity has made a preliminary determination that a division of the organization has employed improper accounting practices. Upon being informed, the head of the organization instructs the chief audit executive (CAE) to cease the investigation and to withhold the information from external auditors. Which course of action should the CAE follow?
An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December 31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
Which of the following statements is correct regarding corporate compensation systems and related bonuses?
I. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.
II. Compensation systems are not part of an organization's control system and should not be reported as such.
III. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.
An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?
