IIA-CIA-Part2 Exam Question 446
During the development of a purchasing system, an auditor reviewed the payment authorization program. Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is greater than the quantity received?
IIA-CIA-Part2 Exam Question 447
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
IIA-CIA-Part2 Exam Question 448
The chief audit executive (CAE) of a large retail operation believes that senior management has accepted a level of risk that exceeds the organization's current risk tolerance with respect to a major expansion. The CAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of the following would be an appropriate course of action in preparation for this meeting?
Understand management's basis for the decision.
Advise the board of the concern and upcoming meeting.
Ascertain which members of management have accepted the risk.
Determine if management has the authority to accept the risk.
Understand management's basis for the decision.
Advise the board of the concern and upcoming meeting.
Ascertain which members of management have accepted the risk.
Determine if management has the authority to accept the risk.
IIA-CIA-Part2 Exam Question 449
An auditor plans to analyze customer satisfaction, includinG.(1) customer complaints recorded by the customer service department during the last three months; (2)
merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?
merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?
IIA-CIA-Part2 Exam Question 450
A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.