PECB Lead Implementer (ISO/IEC 27001) — Question 78

Which of the following traits is NOT associated with an external audit?

Answer options

• A. It is always conducted in a planned and timely manner
• B. It assesses the effectiveness and efficiency of ISMS
• C. It has no advisory role within the organization

Correct answer: C

Explanation

The correct answer, C, points out that an external audit does not take on an advisory role within the organization, focusing instead on assessment and compliance. Options A and B describe typical traits of an external audit, emphasizing its structured approach and its role in evaluating Information Security Management Systems (ISMS).