PdfPrep.com

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity’s responsibility with regard to assessing an organization’s privacy framework?

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity’s responsibility with regard to assessing an organization’s privacy framework?
A . If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.
B . Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is
C . required to conduct privacy assessments.
D . The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.
E . The internal audit activity should have appropriate knowledge and competence to conduct an asses …….framework.

Answer: D

Exit mobile version