A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?
1.Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2.Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3.Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.
4.Include the incident in the next quarterly report to the audit committee.

An internal auditor noticed that employees with responsibilities for cash collection had recently issued an unusually large number of credit memos, indicating that the original charges had been made to the wrong customer accounts. From a control standpoint, the auditor would be concerned with the possibility that:

An auditor evaluating excessive product rejection rates should investigate:
I. Communication between sales and production departments on sales returns.
II. Volume of product sales year-to-date in comparison to prior year-to-date.
III. Changes in credit ratings of customers versus sales to those customers.
IV. Detailed product scrap accounts and accumulations.

Which of the following must an auditor establish in order to demonstrate that fraud has occurred?

In addition to the internal auditor, which of the following parties should be present at an exit or closing conference?
1. Audit committee members.
2. The external auditor.
3. The management responsible for the areas covered by the engagement.
4. The chief executive officer.