Before concluding that internal controls can be relied upon, the IS auditor should:
A. discuss the internal control weaknesses with the auditee
B. document application controls
C. conduct tests of compliance
D. document the system of internal control
A. discuss the internal control weaknesses with the auditee
B. document application controls
C. conduct tests of compliance
D. document the system of internal control