Absolute Free IIA-CIA-Part2 Exam Practice for Comprehensive Preparation 

To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

the workpapers:

"As a subsidiary of a multinational organization in this particular country, the entity is required to register

annually with the

respective ministry. However, the subsidiary did not submit the required documentation for registration

during the prior year. Failure

to comply with internal and external regulations could lead to penalties or fines from the respective

authorities. It is recommended

that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable

action, management

should register the subsidiary in the current year as soon as possible."

What part of this narrative represents a condition of the observation made by auditors in the final report?

resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in

the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to

a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to

limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?