Question
7) In which situation does the internal auditor lack objectivity? A) The internal auditor recommends standards of performance for an outsourcing contract B) The internal
7) In which situation does the internal auditor lack objectivity?
A) The internal auditor recommends standards of performance for an outsourcing contract
B) The internal auditor discusses the status of a system implementation over lunch at a vendor conference
C) The internal auditor performs a review of internal controls over the treasury function eight months after being transferred from that department to internal auditing
D) The internal auditor reviews audit findings with the CAE prior to issuing the final audit report
E) All of the above
8) In the three lines of defense model, the primary responsibility for maintaining effective internal controls belongs to:
A) The audit committee
B) The CEO
C) Internal auditing
D) The risk management function
E) Operational management
21) Which of following is true about Governance, Risk Management and Compliance?
A) It should be implemented as a technology solution
B) Internal auditing has primary responsibility for ensuring the organization has implemented GRC
C) Each component of GRC has to be at the same level of maturity
D) Integrating GRC is a gradual process
E) All of the above are true
22) Based on the IPPF Standards which of the following does internal auditing not have responsibility for in the area of governance?
A) Assessing how well the organization promotes ethical values
B) Assessing information technology governance
C) Being a key sponsor of GRC
D) Making recommendations to ensure effective organizational performance management
E) All of the above are responsibilities of internal auditing
23) Which of the following is not an element of IT governance?
A) Risk management
B) Application controls
C) Resource Management
D) Performance management
E) None of the above
24) Which of the following would be considered a bad risk management practice?
A) Driven from the top down
B) Tailored to the organization
C) Primarily focused on hard controls
D) Integrated in the system of management
E) All of the above
25) It is always preferable to use quantitative techniques to assess risk.
A) True
B) False
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access with AI-Powered Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started