While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?
A) Remove the files containing the social security numbers and personal information.
B) Communicate the issue to the chief audit executive as well as IT and legal departments.
C) Change permissions to the shared drive to only allow access to human resources personnel.
D) Immediately review the audit logs to see if anyone has accessed this information and follow-up.
Correct Answer:
Verified
Q345: An auditor-in-charge is preparing her audit team
Q346: The internal audit activity performs the following
Q347: The internal audit activity of an organization
Q348: When interviewing an individual in relation to
Q349: The chief audit executive (CAE) of an
Q351: Which of the following tasks would be
Q352: While performing a follow-up of a concern
Q353: As part of a preliminary survey of
Q354: An internal auditor has been assigned to
Q355: Because of a new marketing initiative, an
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents