Which of the following is an IS auditor's BEST course of action when the auditee indicates that a corrective action plan for a high-risk finding will take longer than expected?
A.
Determine if an interim compensating control has been implemented.
B.
Require that remediation is completed in the agreed timeframe.
C.
Accept the longer target date and document it in the audit system.
D.
Escalate the overdue finding to the audit committee.
When the auditee indicates that a corrective action plan for a high-risk finding will take longer than expected is to determine if an interim compensating control has been implemented. Implementing interim compensating controls is a common practice to mitigate risks while a more permanent solution is being developed and implemented. The auditor should assess whether such measures are in place to reduce the risk during the extended time frame.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
FAGFUR
5 months ago