Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 98

According to IIA guidance,when performing a compliance audit of data security standards for a large e-commerce retailer, which of the following would represent the least likely area of risk exposure?

Answer options

• A. Operational risks.
• B. Change or configuration risks.
• C. Access risks.
• D. Physical security risks.

Correct answer: D

Explanation

Physical security risks are generally less of a concern for e-commerce retailers that primarily operate online, as their focus is more on digital security. In contrast, operational, change or configuration, and access risks are more directly tied to the integrity and security of their data systems, making them more significant areas of risk exposure.