IIA Exam IIA-CIA-Part2 Topic 8 Question 10 Discussion

Actual exam question for IIA's IIA-CIA-Part2 exam

Question #: 10
Topic #: 8

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

AThe matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

BThe deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

CThe incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

DThe incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Show Suggested Answer

Suggested Answer: D

by Mireya at May 08, 2022, 07:46 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!