Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.

When interviewing an individual suspected of fraud, what type of questions would be asked after the introductory questions?

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Which two of the following considerations must an internal auditor take into account while planning an audit of an accounting system/application that has been in use for the last five
years?
The level and manner of linkages between the business' mission, objectives, and structure and the accounting system/application.
-
--
Presence or absence of computerized and manual controls that address risks.
Identification of risks at the application level, e.g. availability and security of the
system.
Testing of the system/application for bugs and errors.
-

Which of the following procedures would be most helpful in providing additional evidence when an auditor suspects that an unidentified employee is submitting and approving invoices for payment?