An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
Correct Answer: D
The primary task of the internal auditor is to evaluate the security of the LAN specific to the finance department where sensitive financial data and models are managed. Examining the physical security, user access controls, and user feedback regarding the system's security are all relevant to this task. However, assessing the security levels of other LANs in the company falls outside the specific scope of auditing the LAN used by the finance department.
An audit of management's quality program includes testing the accuracy of the cost-of-quality reports provided to management. Which of the following internal control objectives is the focus of this testing?
Correct Answer: C
Testing the accuracy of cost-of-quality reports provided to management focuses on ensuring the reliability and integrity of information. It is essential that the information contained in such reports is accurate and trustworthy so that management can make informed decisions based on dependable data.
A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?
I. Recycling and reuse.
II. Elimination at the source.
III. Energy conservation.
IV. Recovery as a usable product Treatment.
Correct Answer: B
In the context of pollution prevention, the most effective approach is often elimination at the source, which involves modifying processes to reduce or eliminate waste production entirely. After elimination, recycling and reuse should be considered, as they prevent waste by turning it into usable materials again. The next step is recovery as a usable product, which involves processing waste to retrieve valuable components. Energy conservation can also play a role in minimizing waste indirectly by making manufacturing processes more efficient. Treatment and disposal are generally considered last resorts since they deal with waste only after it has been generated.
An organization's internal auditors are reviewing production costs at a gas-powered electrical generating plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the environmental regulatory agency, due to computer errors. The auditors should immediately report the concern to:
Correct Answer: B
The internal auditors should report the problem with the accuracy of carbon dioxide emissions to Plant management. Management is responsible for addressing and rectifying issues within the organization. Reporting to plant management ensures that the appropriate corrective actions can be taken promptly to correct the inaccuracies and comply with regulatory requirements.
Which of the following would be an appropriate improvement to controls over large quantities of consumable material that are charged to expense when placed in bins which are accessible to production workers?
Correct Answer: A
Relocating bins to the inventory warehouse would be an appropriate improvement to controls over large quantities of consumable material. This action ensures that the materials are stored in a controlled and secure environment, reducing the risk of misuse or unauthorized access by production workers. It also allows for better inventory management and monitoring, which can help in tracking usage and minimizing loss or waste.