Reference: IIA Business Knowledge for Internal Auditing, Inventory Valuation section.

* Understanding Information Security Responsibilities:
* Executive management sets the overall strategy and ensures resources are allocated for information security.
* Internal auditors provide independent assurance on security effectiveness.
* The board provides oversight and ensures that security risks are managed appropriately.
* Line management is responsible for day-to-day operations, including the review and monitoring of security controls to ensure compliance with security policies.
* Why Reviewing and Monitoring Security Controls is a Line Management Function:
* Line management directly oversees operational security measures, ensuring that established controls are functioning effectively.
* They address security gaps, enforce security policies, and report issues to senior management when necessary.
* This aligns with IIA Standard 2120 - Risk Management, which requires management to implement and monitor risk mitigation controls.
* Why Other Options Are Incorrect:
* B. Dedicate sufficient security resources: This is the responsibility of executive management, as they control resource allocation.
* C. Provide oversight to the security function: The board and executive management provide oversight, not line management.
* D. Assess information control environments: Internal auditors assess control environments, ensuring compliance and effectiveness.
* IIA Standards and References:
* IIA Standard 2110 - Governance: Emphasizes the board's role in overseeing security.
* IIA Standard 2120 - Risk Management: States that management must monitor security risks.
* IIA GTAG (Global Technology Audit Guide) on Information Security (2016): Outlines that line management is responsible for monitoring security controls on a daily basis.
Thus, the correct answer is A: Review and monitor security controls.

Data cleaning (also called data cleansing or scrubbing) is a critical step in data analytics to ensure accuracy, consistency, and reliability. Removing duplicate records is a key data cleaning technique that improves data quality.
* Improves Data Integrity - Prevents misleading results caused by duplicate values.
* Enhances Data Accuracy - Ensures that analytics are based on unique and valid information.
* Optimizes Performance - Reduces redundancy, improving processing speed and efficiency.
* Prevents Reporting Errors - Ensures accurate insights for decision-making.
* A. Deploys data visualization tool - Visualization tools help interpret data but do not clean it.
* B. Adopt standardized data analysis software - Software tools support analysis but do not eliminate duplicate records automatically.
* C. Define analytics objectives and establish outcomes - This step is important for analysis strategy, but it does not clean data.
* IIA's GTAG on Data Analytics - Emphasizes the importance of data cleansing in ensuring reliable analytics.
* COBIT 2019 (Data Management Framework) - Highlights duplicate removal as a best practice in data governance.
* ISO 8000-110 (Data Quality Standard) - Recommends eliminating duplicate records for high- quality analytics.
Why Eliminating Duplicate Records is the Correct Answer?Why Not the Other Options?IIA References:# Final Answer: D. Eliminate duplicate records.

Before an external assessment of the internal audit activity, the CAE should agree with the board on the qualifications and independence of the external assessor or assessment team. This ensures credibility and compliance with the IIA's Quality Assurance and Improvement Program (QAIP) requirements.
Options A and B (specific audit areas or testing levels) are not matters for board approval in external assessments. Option D (specialized skills) is relevant but not as essential as overall qualifications and competence.
Reference:
IIA Standards - Standard 1312: External Assessments; Practice Advisory 1312-1.

Understanding the Contracting Process PhasesThe contracting process generally follows these phases:
Initiation Phase: Identifies the need for a contract and sets initial objectives.
Bidding Phase: Potential vendors or partners submit proposals, and negotiations begin.
Development Phase: Contracts are drafted, negotiated, and finalized before execution.
Management Phase: The contract is executed, monitored, and evaluated for compliance.
Why Option C is Correct?
The development phase is where contracts are formally drafted based on agreements made during bidding and negotiation.
This phase includes legal review, compliance verification, and risk assessment, ensuring the contract aligns with business objectives and legal requirements.
IIA Standard 2110 - Governance requires auditors to assess how contract risks are managed, ensuring formal contract development processes.
Why Other Options Are Incorrect?
Option A (Initiation phase):
This phase defines the business need but does not involve drafting contracts.
Option B (Bidding phase):
In this phase, businesses solicit proposals, but contracts are not fully drafted until vendor selection.
Option D (Management phase):
The management phase involves executing and monitoring the contract, not drafting it.
Contracts are drafted during the development phase after vendor selection and before execution.
IIA Standard 2110 supports governance over contract risk and formal agreement processes.
Final Justification:IIA References:
IPPF Standard 2110 - Governance (Contract Risk & Compliance)
COSO ERM - Risk Management in Contracting