Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity’s responsibility with regard to assessing an organization’s privacy framework?
A . If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.
B . Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is
C . required to conduct privacy assessments.
D . The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.
E . The internal audit activity should have appropriate knowledge and competence to conduct an asses …….framework.
Answer: D
Latest IIA-ACCA Dumps Valid Version with 604 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund