During a pre-implementation review, an IS auditor notes that some scenarios have not been tested. Management has indicated that the project is critical and cannot be postponed. Which of the following is the auditor's BEST course of action?
A.
Recommend project implementation be postponed until all scenarios have been tested.
B.
Perform remaining scenario testing in the production environment post implementation.
C.
Help management complete remaining scenario testing before implementation.
D.
Determine whether the tested scenarios covered the most significant project risks.
The CISA Review Manual (Chapter 3) emphasizes that auditors should prioritize risk assessment during pre-implementation reviews. If critical risks are adequately addressed in tested scenarios, residual risks from untested scenarios may be acceptable under time constraints.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
46080f2
3 days, 22 hours ago