Certified Information Systems Auditor (CISA) — Question 1389

During an internal audit of automated controls, an IS auditor identifies that the integrity of data transfer between systems has not been tested since successful implementation two years ago. Which of the following should the auditor do NEXT?

Answer options

• A. Review previous system interface testing records.
• B. Document the finding in the audit report.
• C. Review relevant system changes.
• D. Review IT testing policies and procedures.

Correct answer: C

Explanation

The correct action is to review relevant system changes (C) because it is essential to understand any modifications that might affect data integrity. Reviewing previous testing records (A) or documenting the finding (B) does not address the current state of the system's integrity. While examining IT testing policies (D) is useful, it does not directly relate to the immediate issue of untested data transfer integrity.