Q: 11
A manufacturing organization's chief audit executive (CAE) was approached by the head of security
from one of the manufacturer's third party suppliers The head of security requested internal audit
records from a recent audit engagement involving the third-party supplier The head of security
believed those records contained information that would enable to identify employees of the third-
party supplier who may be involved m fraudulent activities What is the most appropriate course of
action for the CAE?
Options
Discussion
C/D? If the question said "most secure" instead of "most appropriate," would that change things given data confidentiality and third-party risk?
D imo, because the CAE isn't supposed to decide alone on releasing audit records to external parties. Senior management needs to weigh in, especially since this could impact confidentiality or violate company policies. Pretty sure that's the safest process.
Probably A, since the audit committee usually oversees these types of disclosures. Not 100 percent sure, but worth considering.
D , since the CAE should check with senior management before sharing any audit records externally. There's a risk of violating confidentiality or policy, so it's best not to act alone. Pretty sure that's the intent here, but open if anyone sees it differently.
Be respectful. No spam.
