Generalized audit software (GAS) is specifically designed to assist auditors in performing various audit tasks, including extracting specific files and records from databases. GAS tools, such as ACL and IDEA, allow auditors to import data from various systems, query databases, perform data analysis, and generate reports.
This makes them ideal for tasks that require the extraction and examination of specific records or data sets within a database. Other options, such as expert systems or system utility programs, do not offer the same targeted capabilities for data extraction relevant to auditing tasks.
:
Institute of Internal Auditors (IIA), Global Technology Audit Guide (GTAG) - Generalized Audit Software (GAS).

Strengthening password policies and ensuring unique passwords are used within a specified period are key measures in preventing unauthorized access and reducing the risk of fraud. Password management is a critical aspect of IT security and can significantly mitigate the risk of cyber fraud. The other recommendations (Options B, C, and D) address operational issues but do not directly impact fraud prevention as effectively as enhancing password security does.
:
IIA Standard 2110: Governance.
IIA Practice Guide on IT Controls and Cybersecurity.

A compliance assurance engagement focuses on evaluating whether an organization is adhering to applicable laws, regulations, policies, and procedures. Assessing the design adequacy of controls related to consumer privacy and confidentiality is a prime example of such an engagement, as it ensures that the organization's controls are designed to comply with relevant privacy laws and regulations, thereby protecting consumer data and maintaining compliance.
:
The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard
2410 - Criteria for Communicating

* A. Book value per common share ratio is lower than that of the prior year:This represents year- over-year comparison, which is an example of historical benchmarking, not internal benchmarking.
* B. Staff turnover ratio is higher than the comparable organization in the same industry:This represents external benchmarking, as it involves comparing against a peer organization.
* C. Utilities expense of the sales unit is higher than that of the customer service unit:Correct. This is internal benchmarking, as it compares performance metrics within the same organization.
* D. Sales are significantly higher than the industry's average for five years:This is an example of external benchmarking against the industry standard.
CIA Exam Syllabus Reference:
Domain V: Performing Internal Audit Services - Benchmarking Techniques.

Generalized audit software (GAS) is designed to assist auditors in performing data analysis and testing the logical controls embedded within information systems. This type of software can help an IT auditor review access controls by analyzing user permissions, access logs, and other relevant data to ensure that access is granted according to the principle of least privilege and organizational policies. GAS tools are versatile and can handle large volumes of data, making them suitable for testing logical controls in an accounting application.
:
The Institute of Internal Auditors (IIA) - Global Technology Audit Guide (GTAG) 1: Information Technology Controls