During a change control audit of a production system, an IS auditor finds that the change
management process is not formally documented and that some migration procedures failed. What
should the IS auditor do next?

Which of the following would an IS auditor use to determine if unauthorized modifications were
made to production programs?

Which of the following would be the MOST effective audit technique for identifying segregation of
duties violations in a new enterprise resource planning (ERP) implementation?

Which of the following should an IS auditor use to detect duplicate invoice records within an invoice
master file?

After initial investigation, an IS auditor has reasons to believe that fraud may be present.
The IS auditor should:

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is
to:

While reviewing sensitive electronic work papers, the IS auditor noticed that they were not
encrypted. This could compromise the:

Though management has stated otherwise, an IS auditor has reasons to believe that the
organization is using software that is not licensed. In this situation, the IS auditor should:

Which of the following audit techniques would BEST aid an auditor in determining whether there
have been unauthorized program changes since the last authorized program update?

The PRIMARY purpose for meeting with auditees prior to formally closing a review is to: