Final answer:
The false statement about information security is that internal auditors should determine senior management has a clear understanding that information reliability and integrity is their responsibility. It's management's role to ensure information security, with auditors providing independent assurance. The correct option is A.
Step-by-step explanation:
The statement that is false with respect to information security is: A. Internal auditors should determine that senior management and the board, audit committee, or other governing body have a clear understanding that information reliability and integrity is the responsibility of the internal audit activity.
The internal audit activity's role is to provide independent assurance that an organization's risk management, governance and internal control processes are operating effectively, not to take responsibility for information reliability and integrity; that is the role of management.
The board of directors, along with senior management, have the primary responsibility for establishing an appropriate culture and system for information security within the organization. The role of internal auditors is to assess and make recommendations for improving the effectiveness of governance, risk management, and internal controls.
The roles of the board of directors, the auditing firm, and outside investors are essential in maintaining corporate governance. The board is the first line of oversight, the audit firm provides an independent review of financial records, and investors should press for transparency.
However, as seen with Lehman Brothers, these governance mechanisms can fail, leading to significant negative impacts on stakeholders.