What should an IS auditor do FIRST when management responses to an in-person internal control questionnaire indicate a key internal control is no longer effective?
A.
Validate the overall effectiveness of the internal control.
B.
Determine the resources required to make the control effective.
C.
Verify the impact of the control no longer being effective.
D.
Ascertain the existence of other compensating controls.
The auditor should first comprehensively verify the overall effectiveness of internal controls. This includes the following steps:
Reassessment and testing
Scope of reassessment
Understand the impact
Therefore, verifying the overall effectiveness of internal controls is the first step for the IS auditor.
According to GPT4:
"In general, understanding the risk (impact) first and then assessing mitigating factors (compensating controls) is a common approach in risk management and auditing processes."
at first anyone will chek if there are any compensating controls.. in absence of these, then only they will go and check for the impact of not having such control
I think answer should be C because Impact analysis will be done first
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Swallows
4 months agobones1008
10 months agostarzuu
1 year, 3 months agojsalamba
1 year, 8 months agoDeeplaxmi
2 years, 2 months agoMunaM
2 years, 2 months ago