It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?

A retail company uses a computer program that matches electronic vendor invoices with the applicable purchase orders and receiving information, which are also maintained electronically.
If an invoice does not match the other items within predefined ranges, a report is generated and sent to the accounts payable department for further investigation. All of the applicable documents are electronically marked, cross-referenced, and retained in open files. Both an integrated test facility and a systems control audit review file (SCARF) have been included in the system.
An auditor wants to determine the extent to which items are not matched at year end and to investigate the potential causes of the unmatched items. Which of the following audit procedures would be most effective in determining the items to investigate?

During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:

Which of the following is the most appropriate step for the chief audit executive to take in order to avoid defamation of character of the principal suspect in a fraud investigation?