Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 223

During a visit to an oil production plant, an internal auditor was surprised to see the accounting employees shopping online using work computers. The auditor knew that the company's policy did not allow access to certain webpages, including those being used for online shopping. Which of the following should the auditor study next to explore the observation further?

Answer options

• A. The company’s training policy on social media
• B. The company’s firewall configuration rules.
• C. The company’s access point encryption settings
• D. The company’s software installation controls

Correct answer: B

Explanation

The correct answer is B because examining the company's firewall configuration rules will reveal if there are any restrictions in place that should prevent access to online shopping sites. The other options, while relevant to security and policy, do not directly address the specific issue of website access restrictions.