Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the CAE?

A.

Evaluate the proposed external auditor fee.

B.

Recommend criteria to be used in the selection process.

C.

Develop appropriate performance metrics.

D.

Monitor the work of the external auditors.

An organization is considering the outsourcing of its business processes related to payroll and information technology functions. Which of the following is the most significant area of concern for management regarding this proposed agreement?

A.

Ensuring that payments to the vendor are appropriate and timely for the services delivered.

B.

Ensuring that the vendor has complete management control of the outsourced process.

C.

Ensuring that there are means of monitoring the efficiency of the outsourced process.

D.

Ensuring that there are means of monitoring the effectiveness of the outsourced process.

Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management's duties with regard to this model?

A.

Ensure compliance with the model.

B.

Identify management functions.

C.

Identify emerging issues.

D.

Set goals for implementation.

Which mindset promotes the most comprehensive risk management strategy?

A.

Increase shareholder value.

B.

Maximize market share.

C.

Improve operational efficiency.

D.

Mitigate losses.

Within an enterprise, IT governance relates to the:

1) Alignment between the enterprise's IT long term plan and the organization's objectives.

2) Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3) Operational plans established to support the IT strategies and objectives.

4) Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

2, 3, and 4 only

In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

A.

The underlying causes of the risk.

B.

The impact of the risk on the organization's objectives.

C.

The risk levels of current and future events.

D.

The potential for eliminating risk factors.