CISA Certified Information Systems Auditor – Question0424

An IS auditor identifies key controls that have been overridden by management. The NEXT step the IS auditor should take is to:

A.
perform procedures to quantify the irregularities.
B. report the absence of key controls to regulators.
C. recommend compensating controls.
D. withdraw from the engagement.

Correct Answer: B