An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
A) The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.
B) The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.
C) The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.
D) The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.
Correct Answer:
Verified
Q418: According to IIA guidance, which of the
Q419: When creating the internal audit plan, the
Q420: An organization's internal audit plan includes a
Q421: According to IIA guidance, which of the
Q422: The internal audit activity of an investment
Q424: According to IIA guidance, which of the
Q425: According to IIA guidance, which of the
Q426: During an audit of the accounts receivable
Q427: According to IIA guidance, which of the
Q428: An internal auditor has been asked to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents