nerdexam
IIA

IIA-CIA-PART2 · Question #36

IIA-CIA-PART2 Question #36: Real Exam Question with Answer & Explanation

The correct answer is B. 1 and 3. The chief audit executive (CAE) should meet with the chief IT officer to discuss the incident, the investigation, and any control improvements that will be implemented (1). Additionally, developing an appropriate audit program with the IT auditor to review the organization's Inte

Question

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take? 1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any. 2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident. 3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls. 4. Include the incident in the next quarterly report to the audit committee.

Options

  • A1 and 2
  • B1 and 3
  • C2 and 4
  • D3 and 4

Explanation

The chief audit executive (CAE) should meet with the chief IT officer to discuss the incident, the investigation, and any control improvements that will be implemented (1). Additionally, developing an appropriate audit program with the IT auditor to review the organization's Internet-based sales process and key controls (3) is a proactive approach to ensure future incidents are prevented and to enhance the organization's security posture.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full IIA-CIA-PART2 Practice