CISA Certified Information Systems Auditor – Question0209

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor’s BEST course of action would be to:

A.
determine whether the alternative controls sufficiently mitigate the risk and record the results.
B. reject the alternative controls and re-prioritize the original issue as high risk.
C. postpone follow-up activities and escalate the alternative controls to senior audit management.
D. schedule another audit due to the implementation of alternative controls.

Correct Answer: A