An IS auditor, performing a review of an application?s
controls, discovers a weakness in system software, which
could materially impact the application. The IS auditor should:
A. Disregard these control weaknesses as a system software
review is beyond the scope of this review.
B. Conduct a detailed system software review and report the
control weaknesses.
C. Include in the report a statement that the audit was
limited to a review of the application?s controls.
D. Review the system software controls as relevant and
recommend a detailed system software review.
Answer Posted / guest
Answer: D
The IS auditor is not expected to ignore control weaknesses
just because they are outside the scope of a current review.
Further, the conduct of a detailed systems software review
may hamper the audit?s schedule and the IS auditor may not
be technically competent to do such a review at this time.
If there are control weaknesses which have been discovered
by the IS auditor, they should be disclosed. By issuing a
disclaimer, this responsibility would be waived. Hence, the
appropriate option would be to review the systems software
as relevant to the review and recommend a detailed systems
software for which additional resources may be recommended.
Is This Answer Correct ? | 13 Yes | 1 No |
Post New Answer View All Answers