ID-dependent entities are associated by a nonidentifying relationship

An internal auditor determines that the process is not designed adequately to reduce the underlying risks to an acceptable level. Which of the following should the internal auditor do next?

a) Postpone the engagement until the design inadequacy has been rectified. b) Test the existing key controls anyway to prove that, despite the design inadequacy, the process is still meeting the process objectives. c) Test compensating controls in other (adjacent) processes to see if the impact of the design inadequacy is reduced to an acceptable level. d) Write the audit report. There's no reason to test the operating effectiveness of controls that are not designed adequately.

The FTC may sue a company for an unfair act that is not deceptive

a. True b. False Indicate whether the statement is true or false