The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The audit committee requests an assessment of regulatory compliance. According to IIA guidance, which of the following is the CAE's best course of action?
Which fraudulent act is designed primarily to benefit the organization?
The chief commodity trader for a large energy company learns from a friend that a competitor will likely fail its upcoming regulatory audit and will be forced to temporarily decrease production. If the information is true, the trader has short-term opportunities to make trades that will financially benefit the trader's company and will lead to a substantial increase in the trader's performance bonus. However, if the information is not true, making the trades will significantly increase the company's risk of being caught in a long position. From an ethical perspective, which of the following would be the most appropriate course of action for the trader to take?
The last quality assessment of the internal audit activity identified three areas for improvement: the achievement of audit engagement objectives, quality of work, and staff development. According to IIA guidance, which of the following should be the chief audit executive's primary focus to achieve these recommended improvements?
An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
