An internal auditor is conducting an assessment of the organization's fraud controls. Which of the following would not be considered a preventive control?
1.Daily report that identifies unsuccessful system log-in attempts.
2.Weekly management communication with tips on identifying possible fraud.
3.E-mail alert sent to management for checks issued over $100,000.00.
4.New hire training to explain fraud and employee misconduct.

According to HA guidance, the chief audit executive is directly responsible for which of the following?

Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?
1.Activities requested by management should be considered higher risk than those requested by the audit committee.
2.Activities with lower budgets can be as high risk as those with higher budgets.
3.The potential financial or adverse exposure should always be considered in the assessment of risk.

Which of the following conditions are necessary for successful change management?
1.Decisions and necessary actions are taken promptly.
2.The traditions of the organization are respected.
3.Changes result in improvement or reform.
4.Internal and external communications are controlled.

Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?