Certified Information Systems Auditor (CISA) — Question 1168

While performing a data center audit, an IS auditor observes rack-mounted, water-chilled cooling systems with no leak detection monitoring, in violation of policy. What is the MOST appropriate action for the auditor to take?

Answer options

• A. Document the observation as a finding.
• B. Recommend that the data center remove these water-chilled systems.
• C. Recommend a system with proper leak detection monitoring.
• D. Notify the data owner of potential risk.

Correct answer: A

Explanation

The correct action is to document the observation as a finding, as it is essential to officially record any policy violations. While recommending improvements or notifying the data owner are important, the primary responsibility of the auditor is to ensure that findings are properly noted for future remediation actions.