Learn the most efficient approach for a Chief Audit Executive to complete a cybersecurity audit engagement when faced with a skills gap on their internal audit team. Discover why enlisting internal IT support is often the optimal solution according to IIA-CIA-Part1 exam preparation material.
Table of Contents
Question
The chief audit executive (CAE) scheduled a cybersecurity risk engagement at the board’s request. However, the internal auditor with the relevant technical skills resigned shortly before the engagement was to begin. Which of the following is the most efficient option for the CAE to complete the engagement?
A. Defer the engagement until a new technical cybersecurity auditor can be hired.
B. Use the skills of an audit graduate who studied cybersecurity in college.
C. Provide intensive training to an existing member of the internal audit activity.
D. Enlist someone internally from the IT function to support the engagement.
Answer
The most efficient option for the Chief Audit Executive (CAE) to complete the cybersecurity risk engagement is to enlist someone internally from the IT function to support the engagement (Option D).
Explanation
When the internal auditor with the relevant technical cybersecurity skills resigns shortly before the engagement, the CAE faces a skills gap on the internal audit team. While deferring the engagement to hire a new auditor (Option A) would eventually provide the specialized skills needed, it is not the most time-efficient solution given the board’s request to conduct the audit.
Using an audit graduate who merely studied cybersecurity (Option B) or intensively training an existing team member (Option C) are also not ideal, as they do not guarantee the hands-on expertise required for this technical audit.
Enlisting an IT professional who is already familiar with the organization’s technology environment and has practical cybersecurity knowledge is the most efficient approach. This enables the CAE to leverage in-house expertise to support the audit engagement and meet the board’s timeline. The IT professional can work alongside the audit team, providing valuable technical insights to facilitate the assessment of cybersecurity risks and controls.
IIA-CIA-Part1 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IIA-CIA-Part1 exam and earn IIA-CIA-Part1 certification.