Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 57
An internal auditor is assessing the risks related to an organization's mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal auditor be most concerned about?
Answer options
- A. Compliance.
- B. Privacy.
- C. Strategic.
- D. Physical security.
Correct answer: A
Explanation
The correct answer is A, Compliance, because allowing third-party devices can lead to violations of regulations and policies that protect sensitive information. While Privacy, Strategic, and Physical security risks are important, the immediate concern with third-party access revolves around ensuring compliance with established security protocols and legal requirements.