PrepAway - Latest Free Exam Questions & Answers

The IS auditor should:

During a security audit of IT processes, an IS auditor found that there were no documented
security procedures. The IS auditor should:

PrepAway - Latest Free Exam Questions & Answers

A.
create the procedures document.

B.
terminate the audit.

C.
conduct compliance testing.

D.
identify and evaluate existing practices.

Explanation:

One of the main objectives of an audit is to identify potential risks; therefore, the most proactive
approach would be to identify and evaluate the existing security practices being followed by the
organization. IS auditors should not prepare documentation, as doing so could jeopardize their
independence. Terminating the audit may prevent achieving one of the basic audit objectives, i.e.,
identification of potential risks. Since there are no documented procedures, there is no basis

against whichto test compliance.


Leave a Reply