Multiple Choice
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
A) The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.
B) The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.
C) The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.
D) The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.
Correct Answer:
Verified
Correct Answer:
Verified
Q327: Many questionnaires are made up of a
Q328: Which of the following data collection strategies
Q329: Which characteristic of risk assessment makes it
Q330: A chief audit executive (CAE) received a
Q331: Which of the following does not represent
Q333: A large investment organization hired a chief
Q334: According to IIA guidance, which of the
Q335: Which of the following statements is false
Q336: Which of the following is a red
Q337: Which of the following would provide the