An IS auditor assessing an organization’s information systems needs to understand management’s approach regarding controls. Which documentation should the auditor review FIRST?
When assessing an organization's information systems and understanding management's approach to controls, the IS auditor should review policies FIRST. Policies provide the overarching framework and high-level guidance for establishing controls within an organization. They define the organization's intent, objectives, and expectations regarding information security and control measures.
After reviewing policies, an auditor may then delve into more detailed documentation such as standards, guidelines, and procedures to understand how these policies are implemented and operationalized within the organization. Policies serve as the foundation for the development of more detailed control documentation.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
3008
1 month agoFAGFUR
1 month, 4 weeks ago