When a new application is being created for widespread use in a large organization, the principal liaison between the IT function and the rest of an organization is normally a(n):

Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1) The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2) The IAA must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3) The IAA may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4) The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's TMS strategies and objectives.

The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

An internal auditor for a large automotive parts retailer wishes to perform a risk analysis and wants to use an appropriate statistical tool to help identify stores that would be out of line compared to the majority of stores. The most appropriate statistical tool to use is:

Why have many European Union countries not adopted ISO 14000 standards?