Which of the following data sources would provide the least valid data for an audit of a retail store's customer service?

• A.A graph that compares staffing levels for selected times with store traffic (number of customers) over the same time period.
• B.A graph of customer service training across stores, comparing training with overall levels of service satisfaction.
• C.A random survey of customer satisfaction given to customers as they leave the store.
• D.Interviews of randomly selected service personnel regarding the quality of service that they provide.

Comment: *

Name: *

Email: *

Verification: *

An internal auditor noticed that employees with responsibilities for cash collection had recently issued an unusually large number of credit memos, indicating that the original charges had been made to the wrong customer accounts. From a control standpoint, the auditor would be concerned with the possibility that:

• A.The organization is selling a large number of defective items.
• B.Employees in this function are concealing a theft of cash collected from customers.
• C.Credit memos are not being submitted on a timely basis.
• D.The credit department has not been properly screening customers and, as a result, a large portion of the accounts receivable may not be collectible.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is true regarding roles and responsibilities in risk management processes?

• A.Setting strategic direction resides with senior management.
• B.Ownership of risks resides with the board.
• C.Identifying, assessing, mitigating and monitoring activities on a continuous basis rests with the internal audit activity.
• D.Acceptance of residual risk resides with executive management level.

Comment: *

Name: *

Email: *

Verification: *

Which of the following items should be addressed in an organization's privacy statement?
I.
Intended use of collected information.
II.
Data storage and security.
III.
Network/infrastructure authentication controls.
IV.
Data retention policy of the organization.
Parties authorized to access information.

• A.II, III, IV, and V only
• B.I and IV only
• C.I and II only
• D.I, II, and V only

Comment: *

Name: *

Email: *

Verification: *

During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the museum's collection. The director of the museum informed the auditor that the upcoming replacement of the museum's inventory tracking system would address the auditor's concerns. What follow-up activity should the auditor propose?

• A.Schedule an audit of the museum's security systems to determine if theft is a problem.
• B.Receive periodic feedback from museum staff regarding the status of the system implementation.
• C.Determine whether the items are indeed missing and assess the ability of the new system to remedy the problem.
• D.Monitor the system implementation and schedule a follow-up review once the new system is in place.

Comment: *

Name: *

Email: *

Verification: *