nerdexam
ExamsSY0-701Questions#504
CompTIACompTIA

SY0-701 · Question #504

SY0-701 Question #504: Real Exam Question with Answer & Explanation

The correct answer is A: Policies and procedures. When conducting an audit of an organization's risk management program, the internal auditor should first review the policies and procedures. These documents form the foundation of the risk management program by outlining the organization’s approach, goals, roles, responsibilities

Submitted by satoshi_tk· Mar 6, 2026Security program management and oversight

Question

Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

Options

  • APolicies and procedures
  • BAsset management
  • CVulnerability assessment
  • DBusiness impact analysis

Explanation

When conducting an audit of an organization's risk management program, the internal auditor should first review the policies and procedures. These documents form the foundation of the risk management program by outlining the organization’s approach, goals, roles, responsibilities, and processes for managing risks.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-701 PracticeBrowse All SY0-701 Questions