An internal auditor is assigned to conduct an audit of security for a local area network
(LAN) in the finance department of the organization. Investment decisions,including the use of hedging strategies and financial derivatives,use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

• A.Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
• B.The level of security of other LANs in the company which also utilize sensitive data.
• C.Investigation of the physical security over access to the components of the LAN.
• D.The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would not be a red flag for fraud?

• A.A manager has bragged about multiple extravagant vacations taken within the last year,which are excessive relative to the manager's salary.
• B.Several recent,large expenditures to a new vendor have not been documented.
• C.A weak control environment has been accepted by management to encourage creativity.
• D.New employees occasionally fail to meet established project deadlines due to staffing shortages.

Comment: *

Name: *

Email: *

Verification: *

In selecting an instructional strategy for developing internal audit staff, a chief audit executive should first review the:

• A.Department's budget constraints.
• B.Internal auditors' personal development needs.
• C.Content of potential training courses.
• D.Organization's objectives.

Comment: *

Name: *

Email: *

Verification: *

New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management's data and information provide:

• A.Evidence that the new credit policies do not meet the stated corporate objective to improve collections.
• B.A statistically valid conclusion about the impact of the new credit policies on customer goodwill.
• C.Feedback control data.
• D.Irrelevant and argumentative information.

Comment: *

Name: *

Email: *

Verification: *

In order to save time, an audit manager no longer required that a standard internal control questionnaire be completed for each audit engagement. Does this represent a violation of the Standards?

• A.Yes, because internal control should be evaluated on every engagement and the internal control questionnaire is the mandated approach to evaluate controls.
• B.No, because auditors are not required to complete internal control questionnaires on every engagement.
• C.No, because auditors may omit necessary procedures if there is a time constraint, based on audit judgment.
• D.Yes, because internal control should be evaluated on every engagement and the internal control questionnaire is the most efficient method to do so.

Comment: *

Name: *

Email: *

Verification: *