Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 52

To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first:

Answer options

• A. Review the open systems interconnect network model.
• B. Identify the network operating costs.
• C. Determine the business purpose of the network.
• D. Map the network software and hardware products into their respective layers.

Correct answer: C

Explanation

Determining the business purpose of the network (Option C) is essential as it helps prioritize which components are critical to operations and thus pose the greatest risk. Options A and D focus on technical models and mapping that, while useful, do not directly address risk assessment. Option B is about costs, which may indicate areas of concern but does not specifically highlight risk factors.