While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?
A. Remove the files containing the social security numbers and personal information.
B. Communicate the issue to the chief audit executive as well as IT and legal departments.
C. Change permissions to the shared drive to only allow access to human resources personnel.
D. Immediately review the audit logs to see if anyone has accessed this information and follow-up.
|
Download Printable PDF. VALID exam to help you PASS. |
 |