CISA Certified Information Systems Auditor – Question0052

Before concluding that internal controls can be relied upon, the IS auditor should:

A.
discuss the internal control weaknesses with the auditee
B. document application controls
C. conduct tests of compliance
D. document the system of internal control

Correct Answer: C