Certified Information Systems Auditor (CISA) — Question 538

During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

Answer options

• A. note the noncompliance in the audit working papers.
• B. determine why the procedures were not followed.
• C. issue an audit memorandum identifying the noncompliance.
• D. include the noncompliance in the audit report.

Correct answer: B

Explanation

The correct choice is B because understanding the reason behind the noncompliance is crucial for addressing the issue effectively. Simply noting it in the audit papers (A), issuing a memorandum (C), or including it in the report (D) does not resolve the underlying problem or prevent future occurrences.