CISA Certified Information Systems Auditor – Question0285

Which of the following is an IS auditor’s BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls?

A.
Report the issue to management as the risk level has increased.
B. Recommend the implementation of preventive controls in addition to the other controls.
C. Verify the revised controls enhance the efficiency of related business processes.
D. Evaluate whether new controls manage the risk at an acceptable level.

Correct Answer: D