The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:

During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the museum's collection. The director of the museum informed the auditor that the upcoming replacement of the museum's inventory tracking system would address the auditor's concerns. What follow-up activity should the auditor propose?

Which of the following conclusions would be appropriate for a beginning auditor performing an audit of a payroll department?

While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?
----
Meet with the auditor-in-charge. Discuss with senior management. Monitor the result of the accepted risk. Report the matter to the board.

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of
90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?