Certified Information Systems Auditor (CISA) — Question 55
During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations. What is the auditor's BEST course of action?
Answer options
- A. Retest the control.
- B. Notify the audit manager.
- C. Close the audit finding.
- D. Notify the chair of the audit committee
Correct answer: B
Explanation
The best course of action is to notify the audit manager, as they need to be aware of changes in management decisions regarding audit recommendations. Retesting the control or closing the finding without addressing the new management's stance would be premature and could overlook potential risks. Notifying the chair of the audit committee is less immediate than informing the audit manager.