Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?

The most effective method of reporting engagement results to management and stimulating action is to:

Which of the following situations justifies the release of an interim report to management and the board?
The internal auditor is convinced that the audit observations require immediate attention.
The internal auditor would like to communicate a change in engagement scope for the activity under review.
The internal auditor notes that the engagement may extend over a longer time period.
The audit supervisor believes that issuing interim reports eases supervisory review and controls over working papers.

A recent survey indicated that residents of a small town take the train to a nearby city eight times per month, on average. The same survey showed that the number of train trips that a resident takes per month (y) is determined by the number of days per month that the resident works in the nearby city (x), according to the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:

In a review of an electronic data interchange application using a third-party service provider, the auditor should:
I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.
II. Determine whether an independent review of the service provider's operation has been conducted.
III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.