Many questionnaires are made up of a series of different questions that use the same response categories (for example: strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternate versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (for example: agree on the right and disagree on the left). The purpose of such questionnaire variations is to:

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels. A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of $1 million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's board if:
I. In the opinion of the CAE, the level of residual risk assumed by senior management is too high.
II. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales.
III. The cost of modifying the sales system to include a preventive control is less than $100,000.

A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:

An internal auditor compared the number of human resources professionals per employee with industry standards. This comparison would assist the auditor in evaluating which of the following areas?

Which of the following best illustrates the primary focus of a risk-based approach to control self- assessment?