Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 193

To assess the effectiveness of an organization's privacy program, which of the following approaches should an internal auditor take?

Answer options

• A. Conduct a series of employee interviews
• B. Conduct penetration tests
• C. Review privacy policies and procedures
• D. Analyze the life cycle of sensitive data

Correct answer: B

Explanation

The correct answer is B, as penetration tests identify vulnerabilities in the system that could compromise privacy. While interviews, policy reviews, and data lifecycle analyses are valuable, they do not directly test the security measures in place like penetration tests do.