An organization’s internal audit team should do all of the following EXCEPT?

An organization’s internal audit team should not implement processes to correct audit failures, as this is the responsibility of the management or the privacy office. The internal audit team should only verify that technical measures are in place, review how operations work in practice, and ensure policies are being adhered to. Implementing corrective actions would compromise the independence and objectivity of the internal audit team. References: CIPM Body of Knowledge, Domain III: Privacy Program Operational Life Cycle, Section A: Assess, Subsection 1: Privacy Assessments and Audits.