A. True. Never, ever change the plan.
B. False. As information is uncovered, adjust procedures as appropriate.
A. False. Limited information gathering and procedures should be conducted to get an initial estimate of inherent risk and control risk so that planning can proceed.
B. True. Everything needs to be fully understood before a plan can be finalized.
A. Board
B. Internal Controls
C. Risk Management
D. Compliance
E. Information Security
F. Any and all of these roles can conduct assurance activities given the proper purpose and parameters.
G. Management
H. Operators
I. Senior Management
J. Internal Audit
A. Select, Assess, Monitor and Improve
B. Plan, Perform, Report and Follow-Up
A. NOT include the personnel who perform the work being assessed. They will pollute the process.
B. INCLUDE the personnel who perform the work being assessed. They will help to inform Assessment staff and help to adjust parameters if necessary.