Which of the following should be the IS auditor’s NEXT course of action?

CISA V2 0 Comments

An IS auditor is following up on prior period items and finds management did not address an audit finding.

Which of the following should be the IS auditor’s NEXT course of action?
A . Note the exception in a new report as the item was not addressed by management.
B . Recommend alternative solutions to address the repeat finding.
C . Conduct a risk assessment of the repeat finding.
D . Interview management to determine why the finding was not addressed.

Answer: D

Explanation:

If an IS auditor finds that management did not address a prior period audit finding, the next course of action should be to interview management to determine why the finding was not addressed, as this would help to understand the root cause, the impact, and the risk level of the issue. Noting the exception in a new report, recommending alternative solutions, or conducting a risk assessment are possible subsequent steps, but they should not precede interviewing management.

References: CISA Review Manual (Digital Version), Chapter 1, Section 1.6

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF    CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments