A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1.Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2.Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3.Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4.Include the incident in the next quarterly report to the audit committee.

• A.2 and 4
• B.3 and 4
• C.1 and 3
• D.1 and 2

Comment: *

Name: *

Email: *

Verification: *

Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?

• A.Observe the process.
• B.Check for evidence of credit approval on a sample of customer orders.
• C.Ask the credit manager about the effectiveness of the function.
• D.Review the trend in receivables write-offs.

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

• A.The CAE's responsibility is not impaired by engaging an external expert.
• B.The expert should be directed by the objectives and scope of work.
• C.The audit report should not disclose the use of contracted services.
• D.The external expert could have a prior relationship with the audit client.

Comment: *

Name: *

Email: *

Verification: *

An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.
Which of the following is the most appropriate role that she should assume when facilitating the workshop?

• A.Express an opinion on the participants' inputs and conclusions as the assessment progresses.
• B.Provide appropriate techniques and guidelines on how the exercise should be undertaken.
• C.Evaluate and report on all issues that may be uncovered during the exercise.
• D.Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.

Comment: *

Name: *

Email: *

Verification: *

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

• A.Coordinating and managing the risk management process.
• B.Having no active role or involvement in the risk management process.
• C.Auditing the risk management process for reasonableness.
• D.Participating with management in identifying and evaluating risks.

Comment: *

Name: *

Email: *

Verification: *