A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor.
Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet- based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.

In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be audited. What is the most likely result of that procedure?

While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4. Submit management's plan of action to the external auditors for additional review.

Which of the following represents appropriate evidence of supervisory review of engagement workpapers?
I.A supervisor's initials on each workpaper.
II.
An engagement workpaper review checklist.
III.
A memorandum specifying the nature, extent, and results of the supervisory review of workpapers.
IV.
Performance appraisals that assess the quality of workpapers prepared by auditors.

Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
I. Company A exhibits a higher standard of ethical behavior than does company B.
II. Company A has established objective criteria by which an employee's actions can be evaluated.
III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.