An IS auditor notes that patches for the operating system used by an organization are deployed by the IT
department as advised by the vendor. The MOST significant concern an IS auditor should have with this
practice is the nonconsideration bylT of:

A.
the training needs for users after applying the patch.

B.
any beneficial impact of the patch on the operational systems.

C.
delaying deployment until testing the impact of the patch.

D.
the necessity of advising end users of new patches.

Explanation:
Deploying patches without testing exposes an organization to the risk of system disruption or failure. Normally,
there is no need for training or advising users when a new operating system patch has been installed. Any
beneficial impact is less important than the risk of unavailability that could be avoided with proper testing.