An IS auditor is conducting a follow-up internal IS audit and determines that several recommendations from the prior year have not been implemented. Which of the following should be the auditor’s FIRST course of action?
A. Evaluate the recommendations in context of the current IT environment.
B. Continue the audit and disregard prior audit recommendations.
C. Request management implement recommendations from the prior year.
D. Add unimplemented recommendations as findings for the new audit.
A. Evaluate the recommendations in context of the current IT environment.
B. Continue the audit and disregard prior audit recommendations.
C. Request management implement recommendations from the prior year.
D. Add unimplemented recommendations as findings for the new audit.