Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
1.There is a clear strategy and timeline to migrate risk management responsibility back to management.
2.The IAA has the final approval on any risk management decisions.
3.The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.
4.The nature of services provided to the organization is documented in the internal audit charter.

An internal audit activity is participating in the due diligence work for an acquisition that a
company is considering. One engagement objective is to determine if the acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

A large retail organization, which sells most of its products online, experiences a computer hacking incident.
The chief IT officer immediately investigates the incident and concludes that the attempt was not successful.
The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.