During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
A. Create a procedures document
B. Terminate the audit
C. Conduct compliance testing
D. Identify and evaluate existing practices
A. Create a procedures document
B. Terminate the audit
C. Conduct compliance testing
D. Identify and evaluate existing practices