To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following?
A . The business objectives of the organization
B . The effect of segregation of duties on internal controls
C . The point at which controls are exercised as data flows through the system
D . Organizational control policies
Answer: C
Explanation:
When evaluating the collective effect of preventive, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system.