Discuss the difference between an internal audit, external audit and management review in a compliance programme.

Question

Accepted Answer

An internal audit is conducted by the organisation’s internal staff or internal audit department to evaluate compliance and effectiveness of controls. An external audit is performed by an independent certification body or regulator to verify compliance with standards or laws (e.g., ISO 27001 certification audit). A management review is a periodic senior management meeting to assess ISMS performance, allocate resources and approve improvements. Understanding these roles and how they feed into each other demonstrates interview readiness for compliance and risk roles.

Master Interviews
Anywhere, Anytime

Discuss the difference between an internal audit, external audit and management review in a compliance programme.

Problem Statement

Explanation

Practice Sets

Related Questions

What does the CIA triad in cybersecurity stand for?

Which statement correctly describes a vulnerability?

Which type of malware replicates itself without user interaction?

What is the primary purpose of a firewall?

Which factor is an example of 'something you have' in multi-factor authentication?

More from Cybersecurity Basics

Master Interviews Anywhere, Anytime

Discuss the difference between an internal audit, external audit and management review in a compliance programme.

Problem Statement

Explanation

Practice Sets

Related Questions

What does the CIA triad in cybersecurity stand for?

Which statement correctly describes a vulnerability?

Which type of malware replicates itself without user interaction?

What is the primary purpose of a firewall?

Which factor is an example of 'something you have' in multi-factor authentication?

More from Cybersecurity Basics

Master Interviews
Anywhere, Anytime