IIA IIA-CIA-Part2 Exam With Confidence Using Practice Dumps

Comprehensive and Detailed Explanation:

Data privacy principles — particularly under GDPR and similar frameworks — emphasize data minimization, purpose limitation, and lawful processing. Once a customer closes an account and the statutory retention period ends, the organization should destroy personal information (A) to prevent misuse. Sharing data with affiliates (B) without explicit consent violates purpose limitation. Retaining data for convenience (C) is not legally justified. Using personal information for external research (D) is only valid if explicit consent was granted, but this is not described. Thus, the correct approach is Option A — delete data when it is no longer needed or legally required, ensuring compliance with privacy laws.

When an internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step, the auditor is most likely to use this document to perform an assessment of the adequacy of process controls. This flowchart or process map helps the auditor understand the process, identify key control points, and evaluate whether the existing controls are sufficient to mitigate risks within the process.

IIA Standards: 2201 - Planning the Engagement

IIA Practice Guide: Internal Auditing and Fraud

During engagement planning, an internal auditor uses a flowchart to evaluate the design of controls. A flowchart visually represents the processes and controls within the organization, helping the auditor identify control points, weaknesses, and potential risks. This understanding is critical for planning the audit, as it allows the auditor to design tests that effectively assess whether the controls are properly designed and implemented to mitigate risks.

Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2210 – Engagement Objectives.