Certified Government Auditing Professional (CGAP) Practice Exam

Which primary audit technique is best for checking security measures in a building with classified operations?

• A. Inquiry
• B. Observation
• C. Inspection of documents
• D. Analytical review

The correct answer is: Observation

The primary audit technique that is most suitable for checking security measures in a building with classified operations is observation. This method allows the auditor to directly assess the physical security practices and procedures in place. By observing the security protocols, personnel behavior, access controls, and overall environment, the auditor can evaluate whether the security measures are effectively implemented and functioning as intended. Observation is particularly valuable in environments where classified operations are conducted because it provides real-time insights into the actual practices rather than relying solely on what is reported or documented. This technique helps in identifying any gaps or weaknesses in the security measures that could potentially compromise sensitive information or facilities. While inquiry, inspection of documents, and analytical review each have their own merits and are important in an auditing context, they do not offer the same level of direct evidence regarding the adequacy and effectiveness of security measures as observation does. Inquiry might provide some context, but without the direct visual and experiential elements that observation provides, it cannot fully capture the reality of security practices. Similarly, inspecting documents can reveal policies and procedures but may not reflect how they are enforced in practice. Analytical review focuses on examining data and trends, which is less applicable in assessing physical security protocols.