Isaca Certified Information Systems Auditor CISA Question # 184 Topic 19 Discussion
CISA Exam Topic 19 Question 184 Discussion:
Question #: 184
Topic #: 19
An IS auditor is assigned to review the IS department s quality procedures. Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards Which of the following should be the auditor ' s NEXT action1?
A.
Make recommendations to IS management as to appropriate quality standards
B.
Postpone the audit until IS management implements written standards
C.
Document and lest compliance with the informal standards
The auditor’s next action after finding that there is an informal unwritten set of standards in the IS department is to document and test compliance with the informal standards. This is because the auditor’s role is to evaluate the adequacy and effectiveness of the existing controls, regardless of whether they are formal or informal, written or unwritten. The auditor should also assess the risks and implications of having informal standards, such as lack of consistency, accountability, or traceability. The auditor should not make recommendations, postpone the audit, or finalize the audit without performing the audit procedures. References:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit