Q: 14
Which of the following statements accurately describes the responsibility of the internal audit
activity regarding IT governance?
1.
The internal audit activity does not have any responsibility because IT governance is the
responsibility of the board and senior management of the organization.
2.
The internal audit activity must assess whether the IT governance of the organization supports
the organization's strategies and objectives.
3.
The internal audit activity may assess whether the IT governance of the organization supports
the organization's strategies and objectives.
4.
The internal audit activity may accept requests from management to perform advisory services
regarding how the IT governance of the organization supports the organization's strategies and
objectives.
Options
Discussion
Yeah, the fact that 'must' isn't in statements 3 or 4 rules them out. So A fits best since internal audit isn't required to assess IT governance by default. Pretty sure that's how exam wants this framed.
Its A, saw similar on a practice exam and the "must" wording excludes 3 and 4.
Option D looks tempting but if "must" is in the requirement, wouldn't that change it from "may" and impact which is correct?
Be respectful. No spam.
