Which of the following would be an appropriate and effective control self-assessment approach in an organization with an authoritative culture?
I. Facilitated meeting
II. Survey
III. Management-produced analysis
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Which sampling plan requires no additional sampling once the first error is found?
An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
1. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
4. Do nothing because management has agreed to address the problem.
An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:
"A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted." The auditor did not place any audit verification symbols on this workpaper. Which of the following changes would most improve the auditor's workpaper?
