Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity's quality assessments?
Correct Answer:
B
Who is responsible for setting the risk appetite?
Correct Answer:
D
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
* 1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
* 2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
* 3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
* 4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.
Correct Answer:
A
Which of the following is most likely to enhance an internal auditor's objectivity?
Correct Answer:
D
An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. Which of the following best describes this risk strategy?
Correct Answer:
D