Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 67

Which of the following is a detective control?

Answer options

• A. An organization requires certain employees who occupy sensitive positions to sign attestation to the code of conduct on an annual basis.
• B. A compliance specialist carries out quarterly reviews of an organization's compliance with regulatory requirements.
• C. A front desk officer in an organization requires that visitors are identified by the host before access is granted.
• D. An internal audit activity deploys audit management policies and procedures for team members.

Correct answer: B

Explanation

The correct answer, B, is a detective control because it involves actively monitoring and reviewing compliance with regulations to identify any issues. Options A and C are preventive controls as they aim to stop issues before they occur, while D is more about governance rather than detection.