Which of the following is an example of a risk avoidance strategy?
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.
Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?
Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization's control framework?
1. Appropriate levels of authority and responsibility.
2. Supervision of staff and appropriate review of work.
3. The seniority of management in the organization.
4. The ability to trace each transaction to an accountable and responsible individual.
With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?