An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor’s NEXT step should be to:
A. evaluate the impact of the cloud application on the audit scope
B. revise the audit scope to include the cloud-based application
C. review the audit report when performed by the third party
D. report the control deficiency to senior management
A. evaluate the impact of the cloud application on the audit scope
B. revise the audit scope to include the cloud-based application
C. review the audit report when performed by the third party
D. report the control deficiency to senior management