CISSP Question #931: Real Exam Question with Answer & Explanation

The correct answer is D: Management is responsible for reading and acting upon the internal audit results. An internal audit is an independent evaluation conducted by an organization's own audit team to assess the effectiveness of internal controls, risk management practices, and compliance with policies and regulations. The key characteristic of an internal audit is that the manageme

Submitted by jaden.t· Mar 5, 2026Security Assessment and Testing

Question

Which of the following is a characteristic of an internal audit?

Options

AAn internal audit is typically shorter in duration than an external audit.
BThe internal audit schedule is published to the organization well in advance.
CThe internal auditor reports to the Information Technology (IT) department
DManagement is responsible for reading and acting upon the internal audit results

Explanation

An internal audit is an independent evaluation conducted by an organization's own audit team to assess the effectiveness of internal controls, risk management practices, and compliance with policies and regulations. The key characteristic of an internal audit is that the management of the organization is responsible for reading the results and acting upon the findings. This responsibility typically includes addressing any identified weaknesses, implementing corrective actions, and ensuring that necessary changes are made to improve processes and controls.

Topics

#internal audit#audit responsibilities#management oversight

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions