During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:

During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:
A . recommend an independent assessment by a third party
B . report the disagreement according to established procedures
C . follow-up on the finding next year
D . accept the auditee’s position and close the finding

Answer: A

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
1 Comment
Inline Feedbacks
View all comments
skorte.sk
skorte.sk
3 years ago

The auditee insists the risk has been addressed. This means that step B (report the disagreement according to established procedures) has already been passed. So the answer should be A.