IIA Exam IIA-CIA-Part1 Topic 4 Question 42 Discussion

Actual exam question for IIA's IIA-CIA-Part1 exam

Question #: 42
Topic #: 4

A manufacturing organization's chief audit executive (CAE) was approached by the head of security from one of the manufacturer's third party suppliers The head of security requested internal audit records from a recent audit engagement involving the third-party supplier The head of security believed those records contained information that would enable to identify employees of the third-party supplier who may be involved m fraudulent activities What is the most appropriate course of action for the CAE?

AObtain approval from the manufacturer's audit committee regarding the release of audit records

BRelease the records but first remove all data regarding the manufacturing organization s internal actions and procedures

CDeny access to the records as the third party supplier s security learn should be able to investigate then own employees.

DConsult with the manufacturer's senior management to determine whether releasing tie records would be appropriate

Show Suggested Answer

Suggested Answer: D

by Erinn at Dec 25, 2023, 07:32 PM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part1 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lindy

2 days ago

I'm leaning towards Option D. The CAE should consult with senior management to determine the best course of action. Releasing the records could potentially compromise the organization's internal processes, but senior leadership might think it's worth the risk to assist the third-party supplier.

upvoted 0 times

...

Mitsue

2 days ago

I agree with Stefania. It's important to get approval before releasing the records.

upvoted 0 times

...

Stefania

5 days ago

I think the CAE should consult with senior management first.

upvoted 0 times

...

Sylvie

5 days ago

I agree with Brice. The CAE should deny access to the records to protect the organization's internal procedures and actions. The third-party supplier should handle their own employee investigations.

upvoted 0 times

...

Dalene

6 days ago

I believe the CAE should deny access to the records and let the third-party supplier's security team handle the investigation.

upvoted 0 times

...

Brice

6 days ago

Option C seems like the most appropriate choice. The internal audit records should remain confidential and not be shared with the third-party supplier's security team. They should investigate their own employees without accessing our sensitive information.

upvoted 0 times

...

Tracey

9 days ago

I agree with Earnestine. It's important to consider the potential impact of releasing the records.

upvoted 0 times

...

Earnestine

16 days ago

I think the CAE should consult with senior management before releasing the records.

upvoted 0 times

...