What does the following scatter gram suggest?

Which of the following statements is correct regarding the assessment of risk in the annual audit planning process:
Activities requested by management should be considered higher risk than those requested by the audit committee.Activities with lower budgets can be as high risk as those with higher budgets.
The potential financial or adverse exposure should always be considered in the assessment of risk.

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
I. Company A exhibits a higher standard of ethical behavior than does company B.
II. Company A has established objective criteria by which an employee's actions can be evaluated.
III.
The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.

A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?