Management states that a recommendation made during a prior audit has been implemented, but the IS auditor doubts the effectiveness of the actions taken. Which of the following is the auditor’s MOST appropriate course of action?
A.
Report to audit management that the actions taken have not effectively addressed the original risk.
B.
Make an additional recommendation on how to remediate the finding.
C.
Perform testing or other audit procedures to confirm the status of the original risk.
D.
Recommend external verification of management's preferred actions.
When there is doubt about the effectiveness of actions taken in response to a prior audit recommendation, the IS auditor's most appropriate course of action is to perform testing or other audit procedures to confirm the status of the original risk. This involves verifying whether the implemented controls are working as intended and have effectively addressed the identified issues. It allows the auditor to gather evidence and assess the adequacy of the measures taken by management.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
FAGFUR
4 months ago