CISA Certified Information Systems Auditor – Question2411

What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?

A.
Document existing internal controls
B. Perform compliance testing on internal controls
C. Establish a controls-monitoring steering committee
D. Identify high-risk areas within the organization

Correct Answer: D

Explanation:

Explanation:
When implementing continuous-monitoring systems, an IS auditor’s first step is to identify high-risk areas within the organization.