Certified Information Systems Auditor (CISA) — Question 174

An employee approaches an IS auditor and expresses concern about a critical security issue in a newly installed application. Which of the following would be the
MOST appropriate action for the auditor to take?

Answer options

• A. Discuss the concern with audit management
• B. Recommend reverting to the previous application.
• C. Immediately conduct a review of the application.
• D. Discuss the concern with additional end users.

Correct answer: A

Explanation

The most appropriate response for the auditor is to discuss the concern with audit management (A), as they are responsible for deciding on further actions. Reverting to the previous application (B) may not be feasible without proper assessment, immediately reviewing the application (C) may not be practical without management's guidance, and discussing with additional end users (D) does not address the immediate security concern effectively.