Certified Ethical Hacker 312-50v10 – Question268

During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

Create a procedures document
B. Terminate the audit
C. Conduct compliance testing
D. Identify and evaluate existing practices

Correct Answer: D