Certified Information Systems Auditor (CISA) — Question 946

Which of the following is an IS auditor’s BEST approach when low-risk anomalies have been identified?

Answer options

• A. Document the anomalies in audit work papers.
• B. Deprioritize further testing of the anomalies and refocus on issues with higher risk.
• C. Update the audit plan to include the information collected during the audit.
• D. Ask auditees to promptly remediate the anomalies.

Correct answer: B

Explanation

The correct answer is B because it emphasizes the importance of prioritizing resources and efforts on issues that pose a greater risk to the organization. While documenting or addressing anomalies is important, focusing on higher-risk areas is a more strategic use of the auditor's time and resources.