Certified Information Systems Auditor (CISA) — Question 292

An IS auditor has identified potential fraud activity perpetrated by the network administrator.

What should the auditor do FIRST?

Answer options

• A. Review the audit finding with the audit committee prior to any other discussions.
• B. Share the potential audit finding with the security administrator.
• C. Perform more detailed tests prior to disclosing the audit results.
• D. Notify the audit committee to ensure a timely resolution.

Correct answer: C

Explanation

The correct answer is C because conducting more detailed tests allows the auditor to gather additional evidence before making any disclosures. Options A and D suggest informing others prematurely, which could jeopardize the investigation, while B involves sharing information with individuals who may not be directly involved in resolving the issue.