ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part2
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority? 1. Graded positive opinion. 2. Negative assurance opinion. 3. Limited assurance opinion. 4. Third-party opinion.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate option for the chief audit executive?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
According to an internal audit observation, the organization's rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
A code of business conduct should include which of the following to increase its deterrent effect? 1. Appropriate descriptions of penalties for misconduct. 2. A notification that code of conduct violations may lead to criminal prosecution. 3. A description of violations that injure the interests of the employer. 4. A list of employees covered by the code of conduct.
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?

Question 187 - IIA-CIA-Part2 discussion

Report
Export

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

A.
Solicit the services of a specialist information systems auditor
Answers
A.
Solicit the services of a specialist information systems auditor
B.
Obtain the most current approved copies of the organization's privacy policy
Answers
B.
Obtain the most current approved copies of the organization's privacy policy
C.
Consult with legal counsel about new privacy laws to establish appropriate criteria
Answers
C.
Consult with legal counsel about new privacy laws to establish appropriate criteria
D.
Consider the detection risk of noncompliance with the laws
Answers
D.
Consider the detection risk of noncompliance with the laws
Suggested answer: B

Explanation:

In the initial risk assessment phase, it is critical for the internal auditor to understand the current policies and procedures in place. By obtaining the most current approved copies of the organization's privacy policy, the auditor can assess whether these policies are in compliance with privacy laws and are effectively implemented. This approach provides a solid foundation for understanding the existing controls and identifying areas where there may be gaps or weaknesses. Consulting with legal counsel or a specialist can be subsequent steps if further expertise is needed, but understanding the internal policies is the primary and essential first step.

Reference:

Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2210 -- Engagement Objectives.

Show Answer
asked 18/09/2024
Jordan Fredriksz
33 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms