Certified Information Systems Auditor (CISA) — Question 1223

During a financial accounting audit, an IS auditor finds that the IT general controls are deficient. Which of the following is the MOST effective course of action to complete the audit?

Answer options

• A. Conduct an IT risk assessment.
• B. Increase the substantive testing of the financial balances.
• C. Place greater reliance on the financial application controls.
• D. Place greater reliance on the framework of control.

Correct answer: B

Explanation

The correct answer is B because increasing substantive testing allows the auditor to gather more evidence regarding the accuracy of financial balances in the absence of reliable IT general controls. Options A, C, and D either do not directly address the deficiencies in IT controls or do not provide sufficient assurance for the audit's conclusions.