CGEIT Question #211: Real Exam Question with Answer & Explanation

Question

Which of the following is the MOST important reason to include internal audit as a stakeholder when establishing clear roles for the governance of IT?

Options

• AInternal audit has knowledge and technical expertise to advise on IT infrastructure.
• BInternal audit is accountable for the overall enterprise governance of IT.
• CInternal audit implements controls over IT risks and security.
• DInternal audit provides input on relevant issues and control processes.

Explanation

Including internal audit in IT governance roles is crucial because they provide independent input on control processes and relevant IT risk issues.

Common mistakes.

• A. While internal auditors may possess some IT knowledge, their primary function is assurance and control evaluation, not advising on IT infrastructure design or technical solutions.
• B. Enterprise governance of IT is a responsibility of the board and executive management, not solely internal audit, which provides an assurance role.
• C. Internal audit assesses the effectiveness of controls over IT risks and security, but they do not implement these controls; that is the responsibility of management.

Concept tested. Internal audit role in IT governance

No community discussion yet for this question.