CISA Certified Information Systems Auditor – Question0120

While planning a security audit, an IS auditor is made aware of a security review carried out by external consultants. It is MOST important for the auditor to:

A.
re-perform the security review.
B. accept the findings and conclusions of the consultants.
C. review similar reports issued by the consultants.
D. assess the objectivity and competence of the consultants.

Correct Answer: D