Certified Information Systems Auditor (CISA) — Question 33

Which of the following would be an appropriate role of internal audit in helping to establish an organization's privacy program?

Answer options

• A. Designing controls to protect personal data
• B. Defining roles within the organization related to privacy
• C. Analyzing risks posed by new regulations
• D. Developing procedures to monitor the use of personal data

Correct answer: C

Explanation

The correct answer is C because analyzing risks posed by new regulations is a critical aspect of internal audit's role in ensuring effective compliance and risk management. Options A, B, and D involve execution and design tasks that are typically outside the scope of an internal audit's responsibilities, which focus more on assessment and oversight.