ExamTopics Logo
Mail Us[email protected]
Menu
Pecb Discussions
exam questions

Exam Lead Auditor All Questions

View all questions & answers for the Lead Auditor exam
Go to Exam

Exam Lead Auditor topic 1 question 104 discussion

Actual exam question from PECB's Lead Auditor
Question #: 104
Topic #: 1
[All Lead Auditor Questions]

The data center at which you work is currently seeking ISO/IEC 27001:2022 certification. In preparation for your initial certification visit, several internal audits have been carried out by a colleague working at another data center within your Group. They secured their own ISO/IEC 27001:2022 certificate earlier in the year.
You have just qualified as an Internal ISMS auditor and your manager has asked you to review the audit process and audit findings as a final check before the external Certification Body arrives.
Which four of the following would cause you concern in respect of conformity to ISO/IEC 27001:2022 requirements? (Choose four.)

  • A. Although the scope for each internal audit has been defined, there are no audit criteria defined for the audits carried out to date.
  • B. Audit reports are not held in hardcopy (i.e. on paper). They are only stored as *.PDF documents on the organization's intranet.
  • C. The audit process states the results of audits will be made available to 'relevant' managers, not top management.
  • D. The audit programme does not reference audit methods or audit responsibilities.
  • E. The audit programme does not take into account the relative importance of information security processes.
  • F. The audit programme does not take into account the results of previous audits.
  • G. The audit programme has not been signed as 'approved' by Top Management.
  • H. The audit programme shows management reviews taking place at irregular intervals during the year.
Show Suggested Answer Hide Answer
Suggested Answer: ADEF 🗳️
by ROCTW at May 21, 2025, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ROCTW
3 weeks, 5 days ago
Selected Answer: ACDE
A. No audit criteria defined: ISO 27001:2022 Clause 9.2 a) 1) requires audit criteria. Without them, you can't properly assess ISMS conformity. C. Audit results not reported to top management: Clause 9.2 g) mandates reporting to relevant management, which includes top management (Clause 5.1). Failing to do so hinders their governance and review duties. D. Audit programme lacks methods or responsibilities: Clause 9.2 a) requires a well-defined audit program. Missing audit methods and responsibilities (as per ISO 19011) makes the program incomplete and ineffective. E. Audit programme ignores process importance: Clause 9.2 a) 1) explicitly requires considering the importance of processes. Overlooking this means the audit program isn't risk-based and might miss critical security areas.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel