Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 222

An organization plans to upgrade its IT network to address a recent ransomware incident that hampered operations for weeks. The ransomware was the result of lapses in access to the network that exposed sensitive information. Which of the following is a risk that could significantly be impacted by the organization’s planned change to its IT network?

Answer options

• A. The organization lacks the necessary senior management to ensure that project objectives are met
• B. The organization’s recent hiring of additional staff to the IT department would create more scrutiny of end user activity
• C. The organization creates new processes and policies that employees feel are too burdensome
• D. The organization experiences continuing issues that hamper employees’ ability to provide quality customer service

Correct answer: C

Explanation

The correct answer is C because introducing new processes and policies can lead to employee resistance if they find them overly burdensome, potentially affecting morale and productivity. Options A and B do not directly relate to the impact of network changes on employee perceptions, while D addresses service quality issues, which may not be directly tied to the new IT network changes.