Question: 1
When evaluating management of the organization's privacy framework, the internal auditor considers
Question: 2
Personal information may include
i. Medical status
ii. Social status
iii. Credit records
IV. Disciplinary actions
Question: 3
Which of the following statements is false with respect to information security?
A Internal auditors should determine that senior management and the board, audit committee, or other governing body have a clear understanding that information reliability and integrity is the responsibility of the internal audit activity.
B The chief audit executive should determine that the internal audit activity possesses, or has access to, competent auditing resources to evaluate information security and associated risk exposures.
C Internal auditors should periodically assess the organization's information security practices and recommend, as appropriate, enhancements to, or implementation of, new controls and safeguards.
D Internal auditors should assess the effectiveness of preventive, detective, and mitigative measures against past attacks, as deemed appropriate, and future attempts or incidents deemed likely to occur.
Answer : A
Show Answer
Hide Answer
Question: 4
The internal auditors' ultimate responsibility for information security includes
Question: 5
Which of the following is not a role of the internal audit activity in performing assurance services?