Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?
A. Use a revolving set of audit plans to cover all systems
B. Update the audit plan quarterly to account for delays and deferrals of periodic reviews
C. Regularly validate the audit plan against business risks
D. Do not include periodic reviews in detail as part of the audit plan
A. Use a revolving set of audit plans to cover all systems
B. Update the audit plan quarterly to account for delays and deferrals of periodic reviews
C. Regularly validate the audit plan against business risks
D. Do not include periodic reviews in detail as part of the audit plan