IIA Exam IIA-CIA-Part2 Topic 4 Question 103 Discussion

Actual exam question for IIA's IIA-CIA-Part2 exam

Question #: 103
Topic #: 4

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

ASolicit the services of a specialist information systems auditor

BObtain the most current approved copies of the organization's privacy policy

CConsult with legal counsel about new privacy laws to establish appropriate criteria

DConsider the detection risk of noncompliance with the laws

Show Suggested Answer

Suggested Answer: B

by Candida at Jul 06, 2025, 08:35 PM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lisbeth

4 days ago

I agree with Annice, having the updated policy is crucial for assessing compliance.

upvoted 0 times

...

Janna

8 days ago

I think B is the way to go. You can't assess compliance without the actual policy, right?

upvoted 0 times

...

Annice

11 days ago

I think we should obtain the most current approved copies of the organization's privacy policy.

upvoted 0 times

...