Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company's board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?

During an audit engagement, an internal auditor finds that management is not complying with previous commitments made to the external auditors. However, the auditor determines management's actions to be justified due to significant changes in the business. The best course of action for the auditor to take would be to:

Risk within an internal audit engagement is defined as the:

Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I.Write detailed audit procedures.
II.
Identify client objectives, goals, and standards.
III.
Identify risks and controls intended to prevent associated losses.
IV.
Determine relevant engagement objectives.