If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do?

Posted by: Pdfprep Category: CISA Tags: , ,

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do?
A . Lack of IT documentation is not usually material to the controls tested in an IT audit.
B . The auditor should at least document the informal standards and policies. Furthermore, the IS auditor should create formal documented policies to be implemented.
C . The auditor should at least document the informal standards and policies, and test for a compliance. Furthermore, the IS auditor should recommend management that formal documented policies be developed and implemented.
D . The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should create formal documented policies to be implemented.

Answer: C

Explanation:

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, the auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented.

Leave a Reply

Your email address will not be published.