Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?

Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
1. Computerized tests to assess transaction reasonableness and validity.
2. Review of log books to ensure that transactions are logged upon receipt.
3. Edit checks to identify unusual transactions.
4. Verification of limitations on the authority of users to initiate specific EDI transactions.

An audit department has received anonymous information that an employee has allegedly been able to steal and cash checks sent to the organization by customers. What is the most efficient way for an auditor to determine how this type of fraud could occur and who might be the perpetrator?

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete.
According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.

According to IIA guidance,when performing a compliance audit of data security standards for a large e- commerce retailer, which of the following would represent the least likely area of risk exposure?