CISA Certified Information Systems Auditor – Question0032

In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:

A.
mark the recommendation as satisfied and close the finding
B. verify if management’s action mitigates the identified risk
C. re-perform the audit to assess the changed control environment
D. escalate the deviation to the audit committee

Correct Answer: D