Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 132

A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents.

Which of the following should the organization ensure in exchange for the employees' consent?

Answer options

• A. That those employees who do not consent to MDM software cannot have an email account.
• B. That personal data on the device cannot be accessed and deleted by system administrators.
• C. That monitoring of employees' online activities is conducted in a covert way to avoid upsetting them.
• D. That employee consent includes appropriate waivers regarding potential breaches to their privacy.

Correct answer: D

Explanation

The correct answer is D because obtaining consent must include clear waivers that inform employees about how their privacy may be impacted by the MDM software. Option A is incorrect as it imposes a penalty for non-consent that may not be legally justifiable. Option B is wrong because MDM typically has the capability to manage personal data. Option C is not appropriate because monitoring should be transparent to maintain trust and comply with legal standards.