Which of the following should be the IS auditor’s NEXT course of action?

An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed.

Which of the following should be the IS auditor’s NEXT course of action?
A . Obtain a verbal confirmation from IT for this exemption.
B . Review the list of end-users and evaluate for authorization.
C . Verify management’s approval for this exemption.
D . Report this control process weakness to senior management.

View Answer

Answer: C