CISSP · Question #523
CISSP Question #523: Real Exam Question with Answer & Explanation
The correct answer is A: Internal audit. Internal audit is considered the last line of defense in regard to a governance, risk management, and compliance (GRC) program. Internal audit is an independent and objective function that provides assurance and consulting services to the organization. Internal audit evaluates th
Question
Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?
Options
- AInternal audit
- BInternal controls
- CBoard review
- DRisk management
Explanation
Internal audit is considered the last line of defense in regard to a governance, risk management, and compliance (GRC) program. Internal audit is an independent and objective function that provides assurance and consulting services to the organization. Internal audit evaluates the effectiveness and efficiency of the GRC program, identifies gaps and weaknesses, and recommends improvements. Internal audit also reports to the senior management and the board of directors on the status and results of the GRC program.
Topics
Community Discussion
No community discussion yet for this question.