Certified Information Systems Auditor (CISA) — Question 50

An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor's BEST course of action?

Answer options

• A. Contact the incident response team to conduct an investigation.
• B. Advise management of the crime after the investigation.
• C. Examine the computer to search for evidence supporting the suspicions.
• D. Notify local law enforcement of the potential crime before further investigation.

Correct answer: A

Explanation

The best action for the auditor is to contact the incident response team to ensure a proper and thorough investigation is conducted, as they have the expertise to handle such situations. Advising management after the investigation may lead to mishandling of evidence, while examining the computer or notifying law enforcement prematurely could compromise the integrity of the investigation.