Search Header Logo

Scenario Based Lead Auditor Day#4

Authored by sudiyuwono wowo

Professional Development

1st Grade

Used 1+ times

Scenario Based Lead Auditor Day#4
AI

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

    Content View

    Student View

5 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What should have you taken into consideration, in addition to the audit evidence, when determining the audit findings?

Requirements of the audit client

Submission of corrective actions

Content of action plans

Answer explanation

When determining audit findings, the requirements of the audit client should be considered, among others.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have validated the action plans and the implemented corrective actions submitted by Company ABC. What type of audit have you conducted?

Surveillance audit

Audit follow-up

Internal audit

Answer explanation

The objective of an audit follow-up is to validate the action plans and the implemented corrective actions submitted by the auditee.

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following statements presents the best description of the observed nonconformity related to the first action plan submitted by Company ABC?

The process used to grant or deny access to systems and services that process sensitive information is not documented

There is no process in place to manage access to systems and services that process sensitive information

In a sample of 30 user accounts belonging to former employees of Company ABC, only 5 of them followed the formal user de-registration process

Answer explanation

Options A and C are incorrect because they refer to a user registration and de-registration process not being used properly. The key word “has been created used in the action plan indicates that Company ABC did not have such process in place.

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The auditee has submitted the following action plan, “A formal user registration and de-registration process to grant or deny access to systems and services that process sensitive information will be created.” Is this action plan acceptable?

No, because it does not address the root cause of the detected nonconformity

No, because a time frame for completing the action has not been included

No, because the required resources for the implementation have not been included

Answer explanation

The auditee is required to submit a general statement regarding the actions to be taken to treat nonconformities, including a time frame for completing the action.

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What type of audit finding does the second action plan resolve?

Anomaly

Major nonconformity

Minor nonconformity

Answer explanation

The second action plan shows that a security policy exists but does not include legal and regulatory requirements. Hence, the policy does fulfill the requirements partially and presents a minor nonconformity.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Google

Continue with Google

Email

Continue with Email

Classlink

Continue with Classlink

Clever

Continue with Clever

or continue with

Microsoft

Microsoft

Apple

Apple

Others

Others

Already have an account?