Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 164

During an audit engagement, the internal auditor discovered that physical security of the data center did not meet the organization's established requirements. The chief information security officer stated he would implement new procedures to minimize security threats by the end of the quarter. Which of the following would be the best way to follow up on the audit finding?

Answer options

• A. Schedule thorough interviews with the personnel responsible.
• B. Analyze relevant expense reports and invoices related to physical security enhancements.
• C. Prepare a checklist of security issues and visit the site.
• D. Request a list of implemented improvements with formal confirmation by the chief information security officer.

Correct answer: C

Explanation

Option C is correct because preparing a checklist and visiting the site allows for direct observation of the implemented security measures, ensuring they meet the required standards. The other options, while useful, do not provide the same level of immediate verification and assessment of the security conditions as a site visit would.