Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. IIA
  4. CIA
  5. IIA-CIA-Part2 Discussions
  6. IIA-CIA-Part2 Exam Topic 6 Question 43 Discussion
 IIA Discussions
Exam IIA-CIA-Part2 All Questions
Exam IIA-CIA-Part2 All Questions

View all questions & answers for the IIA-CIA-Part2 exam

Go to Exam

IIA CIA IIA-CIA-Part2 Question # 43 Topic 6 Discussion

IIA-CIA-Part2 Exam Topic 6 Question 43 Discussion:
Question #: 43
Topic #: 6

A healthcare organization's chief audit executive (CAE) noted that the organization's IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization's chief information officer (ClO) does not agree with the audit team's recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?
A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO's reasoning is acceptable.

Get Premium IIA-CIA-Part2 Questions
Actual exam question for IIA IIA-CIA-Part2 exam by Riven68326 at May 2, 2026, 4:28:18 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit