What is the recommended initial step for an IS auditor to implement continuous-monitoring
systems?

A.
Document existing internal controls

B.
Perform compliance testing on internal controls

C.
Establish a controls-monitoring steering committee

D.
Identify high-risk areas within the organization

Explanation:
When implementing continuous-monitoring systems, an IS auditor’s first step is to
identify highrisk areas within the organization.