Which of the following is an appropriate scope statement for an assurance engagement?

a. Assess compliance with public procurement laws and regulations

b. Evaluate the design adequacy of purchasing procedures

c. Determine the operating effectiveness of inventory controls

d. Review cash disbursements processed during last year

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess managements compliance with privacy laws for safeguarding customer information stored on the organizations server. Which course of action is appropriate for this phase of the engagement?

a. Solicit the services of a specialist information systems auditor

b. Obtain the most current approved copies of the organizations privacy policy

c. Consult with legal counsel about new privacy laws to establish appropriate criteria

d. Consider the detection risk of noncompliance with the laws