The extent to which data will be collected during an IS audit should be determined based on the:

A.
availability of critical and required information.

B.
auditor’s familiarity with the circumstances.

C.
auditee’s ability to find relevant evidence.

D.
purpose and scope of the audit being done.

Explanation:
The extent to which data will be collected during an IS audit should be related directly to the scope
and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less
data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not
be constrained by the ease of obtaining the information or by the auditor’s familiarity with the area
being audited. Collecting all the required evidence is a required element of an IS audit, and
thescope of the audit should not be limited by the auditee’s ability to find relevant evidence.