Which of the following actions should the audit committee take to promote organizational independence for the internal audit function?
A. Delegate final approval of the risk-based internal audit plan to the CAE.
B. Approve the annual budget and resource plan for the internal audit function.
C. Assist the CAE with hiring objective and competent internal audit staff.
D. Encourage the CAE to communicate and coordinate with the external auditor.

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit function?
A. Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization’s risk appetite.
B. Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.
C. Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.
D. Assess whether governance activities are aligned with the organization’s risk appetite and take into consideration emerging risks.

Which of the following is an example of a management control technique?
A. A budget.
B. A risk assessment.
C. The board of directors.
D. The control environment.

What is the primary purpose of internal auditing, as defined by the Global Internal Audit Standards?
A. To detect and investigate fraud within an organization.
B. To ensure compliance with external regulations and laws.
C. To develop and implement financial strategies for organizational growth.
D. To provide assurance and advisory services to improve an organization’s governance, risk management, and control processes.

Upon joining the internal audit function, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?
A. Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.
B. Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization’s operations.
C. Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.
D. Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.