No, determining the resources for the audit program is the responsibility of the Financial Department

No, determining the resources for the audit program is solely the responsibility of the top management

Yes, the individual managing the audit program can determine resources for the audit program

No, after establishing audit program objectives, audit program risks and opportunities should be determined and evaluated

Yes, it is not necessary to evaluate audit program risks and opportunities if the organization operates in a low-risk environment with minimal changes

No, the internal auditor must not establish audit program objectives as this responsibility is within the authority of the top management

Reviewing the allocation and utilization of resources within the company

Investigating customer complaints

Examining the company’s supply chain management

No, organizations should conduct a situation analysis before addressing a nonconformity

No, organizations should analyze one or more possible solutions for addressing the nonconformities before analyzing their root causes

Yes, organizations should analyze the root causes of nonconformities before determining the adequate corrective actions

Yes, Lisa issued the conclusions after reviewing the audit findings, taking into consideration the audit objectives

No, Lisa should have reviewed the audit findings in collaboration with the ISMS project manager of the company, and then issued the audit conclusions

No, Lisa should have submitted the audit findings to the top management, who then can issue the audit conclusions