Certified Information Systems Auditor (CISA) — Question 1247

An IS auditor suspects a company-owned computer may have been involved in illegal trading activities. What is the BEST way for the auditor to proceed?

Answer options

• A. Notify law enforcement.
• B. Install monitoring tools on the computer.
• C. Isolate and save backups.
• D. Escalate the concern to audit management.

Correct answer: D

Explanation

The correct answer is D because escalating the concern to audit management ensures that the issue is handled by those with the authority to take appropriate actions while maintaining the integrity of the audit process. Options A, B, and C are not suitable first steps as they may compromise evidence or bypass necessary protocols for handling such sensitive situations.