An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions.
Which of the following should be considered outside the scope of this security audit engagement?
When performing benchmarking during the planning phase of a performance audit, an internal auditor should:
The work papers for an audit of hazardous-materials handling and disposal at an engineering research facility provide evidence that the following procedures were performed.
* Drums of hazardous waste not yet shipped off-site were inventoried. The physical count agreed with the company's inventory records.
* A sample of hazardous-waste shipments received at the disposal site was compared to bills of lading and company records. No errors were detected.
* The audit staff observed engineering personnel during the handling of hazardous materials. No company policy violations were noted.
The reconciliation of waste drums to the inventory records provides evidence that:
Which of the following would be an appropriate outcome of a quality assurance and improvement program in an internal audit activity?
Modification of resources.
Corrections to procedures.
Changes in processes.
Implementation of new technology.
